SASIG warns cyber security profession to meet growing social media threat

The Security Awareness Special Interest Group (SASIG) is calling on cyber security professionals to strengthen procedures surrounding the use of social media. The warning about the growing threat posed by social media to the integrity of data and network security emerged during this week’s conference entitled ‘Cyber Security: The Implications of Social Media’ that was organised by SASIG in conjunction with The University of Surrey.

The audience of cyber security specialists explored the implications of the far-reaching change brought about by social media and how people interact on different platforms such as Facebook, Instagram, YouTube, Twitter, WeChat and others, highlighting the consequences of casual Internet surfing and posting.

Martin Smith MBE, founder and chairman of SASIG, informed upwards of 200 delegates that social media networks have become one of the biggest gateways for cyber criminals targeting individuals and businesses to gain access to sensitive information and data networks.

Smith stated: “Social media activity has boomed during the last decade and is now an integral part of communications for commercial and personal users. It creates many challenges for both business and personal use and can expose users to unintended risks.”

He continued: “Social media and Internet users often give up a considerable amount of personal data. However, if such information falls into cyber criminals’ hands, they can easily build a profile that gives them the capability to access sensitive personal and financial information.”

Further, Smith observed: “The new Online Safety Bill could prove to be a vital tool in the challenge to tackle the criminal gangs who target unsuspecting individuals and businesses. We strongly recommend that all organisations should take steps to strengthen their cyber security systems against attacks via social channels. Using a combination of education about threats and introducing stringent protocols can protect against misuse.”

Cyber Security Skills Festival

Career opportunities, skills and resources that protect commerce, industry and public services from cyber attacks will feature at the third annual Cyber Security Skills Festival being organised by SASIG in partnership with the UK Cyber Security Council. The event runs on Tuesday 22 February. 

Established back in 2004, SASIG is a peer networking forum for cyber security professionals who represent hundreds of organisations of all sizes here in the UK and emanate from both the public and private sectors.

SASIG boasts more than 6,000 members including Chief Information Security Officers and other decision-makers and influencers with responsibility for information security, as well as academics and Government agencies.

Annually, SASIG curates more than 150 information webinars and in-person events covering topical cyber security issues impacting business, commerce, Government agencies and other public sector organisations.

*Further information is available online at www.thesasig.com 

CHAS makes three key appointments designed to strengthen operations

Supply chain risk management expert CHAS (the Contractors Health and Safety Assessment Scheme) has appointed Alex Minett as head of products and markets and Elaine Bailey and Peter Hepworth, both of whom become non-executive directors at the trusted Health and Safety compliance advisor.

Alex Minett brings in-depth knowledge of the SHEQ sector in the UK and internationally from a contracting and consulting perspective having established SHEQ strategies for multiple businesses (including blue chip companies) across diverse sectors.

He also has extensive knowledge of construction Best Practice and compliance having worked for 20 years in the construction sector, including on iconic projects such as the London 2012 Olympic and Paralympic Games and the Battersea Power Station where he advised on safety measures for the demolition and re-erection of the four iconic chimneys.

In addition, Minett was responsible for establishing the initial SHEQ strategy for Transport for Wales and supported the procurement team within the wider provision of the multi-billion pound franchise with pre-qualification of the bids.

Alex Minett

Further afield, Minett worked closely with the World Bank and other funders on one of the world’s largest solar farms in Benban and initiated a zero harm approach to safety at the Facebook Data Centre in Lulea. He was also responsible for embedding safe working practices for the construction and delivery of the Saudi Aramco Petroleum Polytechnic in Saudi Arabia.

Now, Minett has overall responsibility for all of the CHAS products both current and new and is closely involved in the strategic position of CHAS within the marketplace and identifying opportunities for growth.

CHAS managing director Ian McKinnon stated: “Alex is an excellent addition to the CHAS team and we’re delighted to have him on board. His insight and experience will be invaluable as we continue to expand our service offer.”

Minett himself commented: “I’m excited to be joining CHAS at a time of marked growth for the organisation. As the founder of contractor prequalification, CHAS enjoys a first class reputation and I’m looking forward to helping build on this as the business evolves and grows.”

Extensive experience

Elaine Bailey became a non-executive director at CHAS with effect from Wednesday 1 July. Bailey has worked extensively across the construction, criminal justice, Government services and housing sectors in the private, public and not for profit sectors and brings 15 years of executive Board experience to the role.

From 2014 to 2019, Bailey served as CEO of London-based Housing Association The Hyde Group where, as well as significantly improving financial and operating performance, she drove a major change programme designed to simplify, automate and improve service delivery.

Bailey also sits on the Industry Safety Steering Group chaired by Dame Judith Hackitt which is charged with scrutinising proposals and progress towards culture change within the construction industry following the tragic Grenfell Tower fire.

Elaine Bailey

Previously, Bailey held senior positions at FTSE 250 outsourcer Serco and is a trustee of Catch 22 and the Greenslade Family Foundation, as well as a Board member of the Andium Housing Association.

Speaking about Bailey’s appointment, Ian McKinnon stated: “Elaine’s successes at The Hyde Group, along with her knowledge and experience of good governance, make her an excellent addition to the CHAS Board. We also welcome Elaine’s commitment to driving cultural change within the construction industry following the Grenfell Tower tragedy through her work as part of Dame Judith Hackitt’s Steering Group.”

Bailey responded: “I’m delighted to be joining an organisation which plays a key role in improving occupational Health and Safety performance in UK workplaces. I’m looking forward to working with CHAS to continue to raise Health and Safety standards right across the UK.”

Digital transformation

Peter Hepworth formerly oversaw a portfolio of businesses while serving as executive officer of the Professional Services division at Capita plc, where his achievements included rationalising 14 separate learning businesses into one organisation and executing the digital transformations of Constructionline and Parking Eye.

He simultaneously served as CEO of AXELOS.com, a joint venture between Capita and the Cabinet Office and the publisher of global Best Practice guidance for IT, project and risk management. In fact, Hepworth was responsible for founding the operation in 2013. He grew the business internationally, expanding the product range and launching a cyber resilience portfolio while regularly liaising at ministerial level. Hepworth also transitioned AXELOS to become a Content-as-a-Service subscription model.

Previously, Hepworth served as managing director of Activision Blizzard UK where he was responsible for transitioning the business to meet the digital future. He has also held senior positions at L’Oréal, Sara Lee and BDO Stoy Hayward. His additional board experience includes having served as a non-executive director of The Fire Service College, Fera Science and eve Sleep. Hepworth is a Chartered Accountant by background.

Peter Hepworth

“We’re very happy to welcome Peter to the CHAS Board,” enthused Ian McKinnon. “He brings a wealth of experience in digital transformation which will prove invaluable as we continue to navigate the challenges and opportunities of the digital age.”

Hepworth informed Security Matters: “I’m excited to be joining the Board of CHAS as it continues its strong growth trajectory. The company has an excellent reputation with an impressive portfolio of digital products and services that can help businesses transform their risk management processes. I’m delighted to have this opportunity to support the further success of both CHAS and its extensive customer base.”

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

RISCO Group introduces “pioneering” RISCO Stars Partners Programme

RISCO Group, the manufacturer of end-to-end solutions for the professional security market, has announced the launch of its RISCO Stars Partners Programme – described as a “pioneering rewards scheme” that’s designed to help the company’s loyal distribution and installation partners grow their businesses and enhance their marketing activities.

Participants simply collect ‘Stars’ through the purchase of eligible RISCO Group products and redeem them against a wide selection of activities that will help increase visibility and sales.

Being part of RISCO Stars couldn’t be easier. By downloading the free RISCO Group HandyApp from the Apple App Store or Google Play, individuals simply register their details and then, after every purchase, scan the QR code on the packaging. RISCO Stars are then added to their account, which can be reviewed online at any time. Not only that, but each product that’s scanned receives an automatic six-month warranty extension, with an additional 12 months for RISCO Stars members.

Once sufficient RISCO Stars have been collected, they can then be redeemed for rewards. These rewards comprise a range of tried and tested marketing activities that are proven to increase business exposure and help reach potential customers.

The rewards have been carefully chosen and include the development of a business Facebook page, bespoke e-mail marketing templates, printed company literature, a third party website audit with an improvement strategy, branded videos, Google AdWords and branded workwear.

Commenting on the company’s latest initiative, Greg Smith (marketing manager for the UK and Ireland at RISCO Group) commented: “RISCO Stars is a totally new and unique rewards scheme that’s designed to offer our valued distribution and installation partners genuine ways in which to improve their levels of business activity. We’ve now made gaining access to first class specialist marketing support as easy as possible through the purchase of our innovative products and training, so that there’s always something for everyone to save for.”

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

• Only 34% of 18-24 year olds say they learned about online security when they were at school
• 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
• Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Bloodstock’s heavy metal fans united and protected thanks to Showsec’s event management expertise

In many respects, Bloodstock Open Air is one big family reunion. The great success of this year’s event in the picturesque Derbyshire setting of Catton Park in Walton on Trent portrayed once again why the gathering continues to enhance its reputation for being the United Kingdom’s largest dedicated heavy metal festival.    

Founded and organised by the Gregory family, Bloodstock plays host to a ‘metal family’ of 15,000 fans in tandem with a Showsec family of staff who have become familiar faces at the festival due to their enjoyment of the working experience.

As well as the heavy metal band line-up – headlined this year by Within Temptation, Trivium and Rob Zombie – one of the other big attractions was an art exhibition featuring the work of the festival’s co-founder, Paul Raymond Gregory. This included Gregory’s work-in-progress dubbed ‘Mordor Festival’ which made another appearance in the RAM Gallery by the Main Stage, along with many other fantasy artwork pieces including a unique design of the festival’s popular logo.

The ‘Mordor Festival’ is inspired by Tolkien and has a unique frame, which now features the Showsec logo along with many other partners of Bloodstock Open Air.

“Our support of the art exhibition is a good example of how we’ve worked closely with the Gregory family to help develop the very unique and special festival community at Bloodstock Open Air,” explained Showsec’s operations executive Darren Evans, himself a heavy metal fan who used to attend the festival before he began working for the business.

“We have a great relationship with all who work at Bloodstock,” continued Evans. “Everyone knows everyone and this all adds to the success of the event. It’s like a big family gathering with a real sense of togetherness and community spirit which ensures the festival is enjoyed by all attendees. A large number of our staff really look forward to working at Bloodstock. So much so, in fact, that staff from as far afield as Wales are willing to travel to Catton Park to work there.”

Interaction with the fans

In praising the contribution of Showsec, Bloodstock director Adam Gregory cited an example of interaction with the fans which highlights the important role that’s played in creating such a good-natured and friendly atmosphere.

“Showsec provides a pivotal team to help with Bloodstock each year,” enthused Gregory. “The staff are friendly and welcoming to all while at the same time ensuring that the fans’ safety is their top priority throughout the festival. Bloodstock fans have embraced the Showsec team and consider them very much a part of the family.”

Gregory continued: “Walking through the crowds on the Saturday, I personally heard one of the fans asking a Showsec staff member for his name and he said: ‘Great to meet you’, which I thought was a really nice gesture. It goes to show exactly how the working relationship between Bloodstock and Showsec has grown. Showsec’s staff understand how to be in control without being aggressive in any way. We look forward to a continued partnership with the business.”

This was the 15th year that Bloodstock has been staged and, for the last six of those years, Showsec have been influential in developing the event’s special atmosphere.

Although some of the sights were pretty scary, including Predator, Zombies, Judge Dredd and a clown sporting a gas mask, you cannot fail to see that the environment is a huge metal family primarily there to ‘rock out’ and have fun.

Experienced team in the pit

One metal fan wrote on the festival’s Facebook page: “I love the Showsec personnel. They’re all really nice people, a lot of whom seemed to love the music as well. Maybe that’s why the same personnel seem to sign up for working at the event every year.”

While the good nature of its followers and the community spirit generate a special atmosphere, there’s nevertheless an important role for Showsec to fulfil in terms of ensuring Bloodstock is an enjoyable experience for all in attendance.

An important element of that operation is having an experienced pit team in place to manage the enthusiasm and sheer energy within the crowd.

For the fifth year in a row, Bloodstock partnered with the Teenage Cancer Trust. Since beginning that relationship in 2011, over £21,000 has been raised for the charity, with the money going to help the UK’s teenagers and young adults who have cancer.

Cheshire Fire and Rescue Service keeps public informed thanks to CrowdControlHQ’s social media platform

Cheshire Fire and Rescue Service is using a social media risk management and compliance platform from CrowdControlHQ to monitor and govern its corporate social media accounts including Twitter and Facebook. More than 30 users across the Cheshire Fire and Rescue Service access corporate social media accounts via the platform’s central dashboard.

There has been an increase in engagement witnessed across all accounts in the last two years which has seen the number of Twitter followers double to over 17,000.

Cheshire Fire and Rescue Service uses social media for two-way communication with residents and county stakeholders, including other Fire and Rescue Services and local Government officials businesses as well as schools in the area.

CrowdControlHQ was selected for the central management of the Fire and Rescue Service’s social media activity following research and a presentation from the company.

Caroline Jones, digital and media services manager at Cheshire Fire and Rescue, explained: “We chose CrowdControlHQ for the level of control and analytics that the company’s solution provides. We wanted a platform where we could allow multiple people to post to corporate accounts. CrowdControlHQ does that safely and securely and it gives a history of all activity, for example who has posted to what and where. Information like that is important for audit purposes.”

Management from a single point

Using CrowdControlHQ makes it possible to manage corporate social media accounts from a single point. Cheshire Fire and Rescue Service chose to have just one account for each social media channel rather than each fire station or areas of the service posting to individual accounts. This means it’s easier for the public and other stakeholders to receive updates by finding, following and commenting on corporate accounts rather than multiple social media accounts for different fire stations across the region.

Jones continued: “Social media is a great way to communicate with the public. Where there are incidents throughout the day it’s really easy, thanks to the central control in CrowdControlHQ, to publish a Tweet or post a message on Facebook and to then plan Tweets for the weekend. Recently, in just 28 days we had 437,000 impressions and posted 168 Tweets. The management team takes social media very seriously and fully supports it as a communications channel.”

Cheshire Fire and Rescue Service also promotes other Fire and Rescue Services’ campaigns and champions national safety initiatives such as the annual road safety campaign using Twitter and Facebook, with links to a web page. CrowdControlHQ is used to plan Tweets and posts in advance and then measure the success of campaigns using the analytics generated.

James Leavesley, CEO at CrowdControlHQ, commented: “We have seen a variety of social media strategies emerging across Emergency Services providers tasked to drive communications objectives. For some, the emphasis is on single channel or multi-responders while others may adopt a multi-channel or in some cases a partnership-style approach.  However, what consistently underpins all the strategies we see is the need for more brand representatives to become involved in delivering messages to the public, raising the reputation risks associated with delivering complex public engagement. Using a risk and compliance platform gives organisations the confidence that they can manage and respond to social media communications effectively, consistently and in a timely manner.”

About Cheshire Fire and Rescue Service

The Cheshire Fire and Rescue Service is led by the Chief Fire Officer and the Service Management Team.  It has 25 fire stations, four community safety centres, three community fire protection offices and a headquarters based in Winsford.

The Fire and Rescue Service responds to emergency incidents – known as Emergency Response (ER)  – across the four unitary council areas of Halton, Warrington, Cheshire East and Cheshire West and Chester.

*For more information visit: www.cheshirefire.gov.uk

About CrowdControlHQ

CrowdControlHQ is one of the UK’s leading social media risk management and compliance platforms built for enterprise. It’s web-based software used by public and commercial organisations to support employees wishing to optimise their social media engagement delivery.

CrowdControlHQ provides tiered access and specialist control features to help manage the reputation risk associated with the delivery of social media in complex, multi-user, multi-campaign and generally busy customer service environments.

It’s a venture capital-backed British business servicing over 125 clients with over 10,000 users. Clients include Experian, Serco, Welsh Water, the Greater Manchester Police and Arriva.

*Additional information is available at: www.crowdcontrolhq.com

Ninth consecutive year of ACS audit improvement recorded by Showsec

Event and venue security solutions specialist Showsec has achieved year-on-year improvement in the Security Industry Authority’s Approved Contractor Scheme ratings for the ninth time in succession. An extensive assessment of all aspects of the company’s operation resulted in the award of a hugely impressive audit score of 132.

Assessing body the National Security Inspectorate (NSI) commended Showsec for its performance across all elements of the business and singled out several examples of good practice. Significantly, the company was successful in undergoing assessment for CCTV and close protection in readiness for the introduction of business licensing in 2015.

Showsec aimed for Improvement Scope in the Approved Contractor Scheme (ACS) assessment process with the prime objective of gaining British Standard accreditation across all aspects of the company’s work.

“This excellent result highlights once again the progress made by the company year-on-year and places us in a strong position should business licensing be implemented,” enthused Showsec’s managing director Mark Harding. “One of the prime objectives of this proposed business regulation for the security industry is to ensure that everyone complies with the British Standards in whatever line of security work they undertake. We now have approval for both CCTV and close protection duties in addition to door supervision and security guarding.”

Harding continued: “The ACS provides a clear benchmark of the standards we achieve in the delivery of our product. We’re constantly striving to raise the bar even higher in terms of the services we offer to our clients and members of the public, and also in relation to being at the forefront of industry-wide progression. Everyone within the company can be extremely proud of this latest achievement. I know this result will provide further encouragement for our staff to work even harder in the pursuit of excellence and continued improvement.”

Showsec provided security management and stewarding solutions for the recent Kasabian gig at Victoria Park in Leicester

Event stewarding and crowd management

The NSI assessment was conducted by Joanne Fox who visited two venues – in Manchester and Leeds – at which Showsec operate before spending two days at Head Office in Leicester. In her report, Fox asserted: “I cannot believe the number of things the company has done in the last 12 months. It’s a great achievement.”

Among the five examples of good practice highlighted in the report are the introduction of a specific training module for SIA staff to ensure all supervisors have a clear understanding of the necessary requirements when supervising employees and casual workers, as well as the formation of Facebook accounts managed by members of the team at Head Office which enable employees and casual staff to communicate on specific events and activities.

On top of that, the NSI report also draws attention to the fact that Showsec has worked diligently alongside the UK Crowd Management Association to develop a specific qualification for event stewarding and crowd management.

Other examples of good practice include the company conducting a number of Human Resources Forums as a means towards even better communication and the identification of any pressing issues.

Showsec has also introduced e-Briefings for a number of events to provide employees and casual workers with detailed and specialist information ahead of them reporting for duty.

“These are just some of the ways in which we’ve endeavoured to improve our product over the past year,” concluded Harding, “but just as significant is the fact that there were no improvement needs identified in the report. That’s an extremely rare occurrence in this process and reflects the extent to which we’ve gone to make improvements across the board.”

CrowdControlHQ: “IT directors ignore social media risks at their peril”

Marc Harris (Chief Technical Officer at CrowdControlHQ) examines the issues facing IT directors from the use of social media.

Many IT directors operate their own personal Facebook and LinkedIn accounts. However, when it comes to corporate social media they pass responsibility for management of same to the Marketing Department. Are they doing so at their peril?

Let me start with the elephant in the room, namely the role of the IT director. After an extensive IT career in the media, telecommunication and technology sectors recent experience has led me to conclude that social media needs to be firmly at the top of the priority list of every IT director.

In my current role, I see at first hand the impact of reputational damage realised by both internal and external sources through the use of social media, and find it surprising how few IT directors are willing to discuss the issues or attend conferences on the subject. Perhaps they feel an unwelcome interference or ‘elbowed out’ by this new communication channel which has evolved extensively under the umbrella of marketing?

In future, the organisations succeeding in the social media space will have Marketing and IT Departments working seamlessly together to tackle the issues. The ‘DNA’ of IT makes it the most qualified department to deal with some of the risk issues that surround social media, so why isn’t it more involved?

Today, social media is being used in every aspect of business, from the Boardroom right through to the delivery of customer service. By its very nature, social media is a collective responsibility. Not surprisingly, its reliance on ‘collaboration’ has in some instances manifested itself as ‘sharing’ responsibility for posting of content… and even the sharing of passwords!

New rules now apply

I once overheard a social media officer quite gleefully boasting the fact that they had the Twitter login to hand for their company chairman. When challenged, the officer admitted that he was ‘The Chosen One’. If he was off sick that was it – no tweets or updates! Worse still, if he left the organisation he had the power to bring the place down tweet by tweet.

This is the stuff that would have kept me awake at night as an IT director, yet in a world powered by social engagement new rules seem to apply.

Marc Harris: CTO at CrowdControlHQ

Recent research also reported that a scarily large number of employees still use the dreaded Post-It note to record their login usernames and passwords, stuck to walls, desks and even the computer screen. Apparently, we’re not coping well with the need to access everything online from social media to our weekly shop and fear our mobile devices could be pinched. We’re reverting to pen and paper, it seems.

This practice can only end in tears. There have now been too many examples of ‘rogue’ tweets, no audit trail of who posted them (or why) and organisations – who, frankly, should have known better – being left rosy cheeked, so why is this practice still so rife?

Why would an employee, with their job on the line, ‘fess up’ when they know that at least 15 other people had access to the account that day?

I also believe that few IT Departments have a handle on the number of users across their ‘official’ social media accounts, let alone a log of which password protocol they are using, how they are accessing the site or posting.

Need to look both ways

We cannot just blame the employees. Even organisations with the most robust and celebrated IT protocols let themselves down when it comes to simple issues such as data storage. I suspect very few IT directors are crystal clear about where their marketing communications teams are storing their social media campaigns, let alone harbour an understanding of the conversations from the past that they may need to reference in the future or where they keep their notes about their customers linked to these campaigns.

I would hazard a guess that many IT Departments are breaking their own compliance and governance issues when it comes to social media.

Today, there’s no need to share passwords. The social media ‘savvy’ have cottoned on to tiered password access, with both the IT and Marketing Departments having an ‘on/off’ switch to give them instant control in times of crisis. If IT is involved in the installation of a Social Media Management Solution (SMMS) they can see exactly who is plugged into the system, where accountability lies and who they need to train and develop to uphold the security protocols needed in order to keep an organisation’s reputation intact.

Within the scope of most IT budgets a SMMS will be a drop in the ocean but will address these major issues. Any smart IT director will already be looking at a SMMS if there isn’t already one in place. Such a system gives control back to the organisation. All passwords are held in one place such that accounts are not owned by individuals but by the company. The right system gives an organisation the ability to moderate content at a senior level. In turn, the risk of misuse or mistakes can be eradicated.

A SMMS also takes care of the practical management issues. I fear that some organisations are taking a step backwards in terms of their technological evolution, reverting to time-wasting, ineffective manual processing of social media (eg multiple logins to different social media platforms rather than using readily available tools for automation and effectiveness).

The message is clear. IT directors ignore social media at their peril. When it comes to corporate social engagement, it’s time for them to wake up, check and challenge.

Office of Surveillance Commissioners issues warning over social media snooping

The Office of Surveillance Commissioners (OSC), led by Chief Surveillance Commissioner The Rt Hon Sir Christopher Rose, has published its Annual Report for 2013-2014. Emma Carr (director of Big Brother Watch) highlights some of the main points.

*Intrusive surveillance authorisations have increased from 362 to 392
*Directed surveillance by law enforcement agencies (LEAs) has increased from 9,515 to 9,664
*Directed surveillance by public authorities (PAs) has decreased from 5,827 to 4,412
*Active LEA covert human intelligence sources: 4,377 were authorised, 3,025 remain authorised
*Active covert human intelligence sources (non-LEA): 53 were authorised

The Commissioner notes that the information included in the 2013-2014 Annual Report is for 100% of LEAs and 96.6% of all other PAs. However, Sir Christopher Rose notes: “I am once again slightly disappointed that a few public authorities appear to treat my request for statistical returns as an option” and that: “I have therefore decided that, as from next year, those public authorities which have failed to respond within the set deadline will be named in my Annual Report.”

The Commissioner also raises the fact that there have been a number of occasions where senior officers have failed to meet with inspectors. These comments would therefore indicate that among some LEA and PAs there’s a potential problem of the OSC not being taken seriously.

The Commissioner also notes that, since the Protection of Freedoms Act 2012 was introduced, there has been a “downward trend” in the number of applications made and authorisations granted which “may or may not be attributable to this enactment.”

Emma Carr: director of Big Brother Watch

The Commissioner raises concerns about the lack of a common approach from councils towards the authorising process now that it’s controlled by Magistrates. He goes on to warn that “the knowledge and understanding of RIPA among magistrates and their staff varies widely.” The Commissioner notes that there’s certainly a need for “adequate training or magistrates” and their colleagues.

Worryingly, the Commissioner cites two examples of inappropriate authorisations: one having granted approval for activity retrospectively, and another having signed a formal notice despite it having been erroneously completed by the applicant with details of a different case altogether.

Social media and covert investigations

One of the most interesting sections of the report relates to the use of social media for covert investigations by PAs. The Commissioner states that he “strongly” advises all public bodies to put in place proper policies designed to deal with social media investigations due to a lack of demonstrable understanding of the law from some workers involved in investigations.

The report states that: “In cash-strapped public authorities, it might be tempting to conduct online investigations from a desktop as this saves time and money and often provides far more detail about someone’s personal lifestyle, employment and associates, etc, but just because one can does not mean one should.”

While long overdue, the Commissioner is absolutely right to acknowledge that many PAs around the country may well be covertly gathering intelligence from social media sites on an illegal basis.

RIPA 2000 was created while Google was still in its infancy and social media sites like Facebook and Twitter didn’t exist. It would therefore be ridiculous to expect that the legislation would allow the use of the Internet to proportionately investigate crimes while ensuring that safeguards are in place to protect the public’s privacy.

A far more open discussion about what data should be monitored – as well as whether the legal framework is truly fit for the digital age – is now required.