IOPC confronts ever-evolving demands of digital evidence management

The Independent Office for Police Conduct (IOPC) has been searching for a new Digital Evidence Management System (DEMS) and recently concluded that search with the selection of the NICE Investigate solution following a robust procurement process.

The IOPC exists to oversee the police complaints system in England and Wales. The organisation investigates the most serious matters, including deaths following police contact, and ultimately sets the standards by which the police service should handle complaints. Learning derived from its work is used to influence changes in policing.

The IOPC is an independent body and, as such, makes its decisions entirely independently of the police service and central Government.

An important aspect of the work of the IOPC is to make it as easy as possible for involved parties, specifically police forces, to share information and evidence with case investigators as quickly and efficiently as possible. To this end, the IOPC had been looking for better ways in which to handle the ever-evolving and increasing demands of digital evidence management, with COVID-19 and remote working only serving to accelerate that search.

Keith Tagg, the IOPC’s delivery manager, explained to Security Matters: “When we start an investigation, digital material and evidence needs to be transferred to the IOPC by police forces. In the past, we’ve relied on disks, USBs or delivery by hand. By introducing a DEMS, we knew that we could make it easier and quicker to share information with police forces or other bodies. Not only would the process take less time, but it would also be more secure and, what’s more, of a high evidential standard.”

NICE Investigate

The IOPC spoke to a number of police forces and bodies to inform its decisions and the procurement procedure. NICE Investigate was selected to provide the DEMS in the wake of what’s described as a “robust” procurement process.

One of the factors which led to the IOPC choosing NICE Investigate was the feedback from police forces, in addition to the system’s ability to play back different formats of CCTV footage.

On that point, Keith Tagg explained: “Not being able to watch CCTV footage because it isn’t in a playable format is a problem shared by police forces and the IOPC. It can prolong and impede the progress of our investigations and introduce frustration at the point when a quick decision is needed for a referral or appeal. This issue was exacerbated still further during the pandemic when investigators working from home would need to travel to the office to watch the footage or otherwise request that the footage be uploaded to the network. With DEMS, any CCTV footage is automatically transcoded, so an investigator can instantly play it back with no delay.”

Less physical material

The introduction of DEMS has also meant that the IOPC is now handling less physical material, which woud take significant storage space and is less secure.

“DEMS means that we have consistent control of content,” asserted Tagg. “It’s more secure and we have a detailed audit trail. The assets don’t deteriorate over time and they can be retained and accessed a lot more easily. Most importantly, the assets are preserved to a high evidential standard.”

According to Tagg, the feedback so far suggests that police forces like DEMS. “Moving to more electronic sharing is a shared commitment across the whole criminal justice sector and so far this has been a positive experience.”

The next step is to share material via DEMS with the Crown Prosecution Service (CPS). “There’s a shared commitment across the criminal justice sector to move towards online management,” concluded Tagg. “Working with the CPS, DEMS means that we can share a link to information residing on our system rather than actual files or physical material. This is more efficient, more secure and also removes a major pain point from the disclosure process. We’re looking forward to making ongoing improvements,”

*Additional information on the work of the IOPC is available online at www.policeconduct.gov.uk

“IP address key in countering brute force cyber attacks” asserts Verizon

Verizon’s 2020 Data Breach Investigations Report shows that 80% of the breaches caused by hacking involve brute force tactics or the use of lost or stolen credentials. Content Management Systems (CMS) are the usual targets of brute force attacks as over 39% of all websites run on WordPress, the most popular CMS of all.

Cyber criminals choose to attack pages built on CMS because they usually have the same admin page URL across websites and the default login credentials are identical, making these pages a vulnerable target. However, developers and admins can mitigate the risk by reducing IP access to the admin site login page. 

A brute force attack (sometimes referred to as brute force ‘cracking’) is a method of trying various possible passwords until the right one is found. Despite being old, the method is still widely used by hackers who attempt to gain access to a valid account. It allows bad actors to compromise the whole website and use it as a part of their network.

With more people now working remotely amid the ongoing Coronavirus pandemic, the number of brute force attacks against remote desktops via Windows’ Remote Desktop Protocol (RDP) has soared. Indeed, that number reached nigh on 100,000 attacks each day during last April and May.

In the worse case scenario, criminals can steal important data, such as passwords, pass phrases, e-mail addresses or PINs. They also use compromised websites for various fraud schemes, whereas pages themselves can be included in Google’s #blacklist’ and, as such, become invisible in search results.

Failed authentications

“Developers and admins can indicate an ongoing brute force attack by looking at failed authentications,” explained Juta Gurinaviciute, CTO at NordVPN Teams. “If the same IP address unsuccessfully tries to login to various accounts or different IP addresses are attempting to access one account in a short period of time, this is a clear sign of a data breach attempt.”

As the IP address is one of the indicators of a cyber attack, it can also be a cure. On that basis, it’s wise for companies to reduce the ‘surface area’ available for attack and limit access to the login page. This can be done by making use of IP allowlist, blocklist and fixed IP techniques.

Previously known as whitelist, IP allowlist is a set of IP addresses that have access to a specific website. The developer can specify which IP addresses are allowed to reach an admin login page and perform actions there. It’s also possible to indicate a range of IP addresses that can obtain authorised access. The latter solution is useful within bigger organizations or if numerous people require access to the website. 

However, Internet Service Providers may be changing IP addresses frequently and, as a result, the allowlist might constantly become outdated. This solution only works, then, if there’s a pool of limited IP addresses in use or the changes take place within the specific range.

Intrusion prevention frameworks

Also known as blacklist, IP blocklist is the exact opposite of the previously mentioned IP address directory as it blocks access to websites from the specified IP addresses. As this is difficult to do on a manual basis, admins and developers may employ intrusion prevention frameworks such as Fail2Ban. The framework automatically blocks IP addresses after a few unsuccessful authorisation attempts.

On the other hand, website owners can block the particular IP addresses as well as the whole IP address range. If a company notices that suspicious attacks from specific IP addresses persist, the management team should consider adding them to the blocklist.

Further, IP blocklist can also be used for geo-blocking as the IP address carries the information about where the request was sent from in the first instance. 

The third solution for minimising unauthorised access is the fixed IP method. As already mentioned, developers can limit availability of the login page to a set of trusted IP addresses. With fixed IP, they reduce the risk of IP sharing when a number of devices use the same IP address. This often leads to the ‘bad neighbour effect’ as, due to the deeds of other users, IP addresses end up in various blocked or spam lists.

The fixed IP method can be offered by Internet Service Providers and VPN services alike, but the latter ensures browsing privacy as an additional benefit.

UK and US businesses call for improvement as employee education pinpointed to be biggest cyber security weakness during lockdown

Hardware-encrypted USB drives developer Apricorn has announced the findings from a Twitter poll designed to explore the data security and business preparedness aspects around remote working during the pandemic. More than 30% of respondents singled out employee education as being the biggest area where companies need to make changes to improve cyber security.

The poll ran across six days and targeted employees in both the UK and the US. In addition to concerns about employee education, respondents also flagged updates to hardware (29%), endpoint control (21%) and enforcing encryption (19%) as areas of weakness where organisations need to make changes to strengthen their cyber security posture.

Given that almost 30% of respondents admitted to using unencrypted devices during the pandemic this raises many concerns, and particularly so at a time when we’re seeing a dramatic increase in the volume of data being downloaded along with the potential for more data on the move.

Kurt Markley, director of sales at Apricorn, commented: “Employees have a critical role to play in cyber security processes, from recognising the tools required through to understanding and enacting the policies in place to protect sensitive data. Whether it be through the delivery of awareness programmes or ongoing training, establishing a culture of security within the workforce is now absolutely essential.”

Markley added: “Endpoint security is critical. Deploying removable storage devices with built-in hardware encryption, for example, will ensure that all data can be stored or moved around safely offline. Even if a given device is lost or stolen, the information contained will be unintelligible to anyone not authorised to access it.” 

Not fully prepared

In addition, more than 40% of respondents admitted that, as an individual, they were not fully prepared to work at home securely and productively. Almost a fifth (18%) said they lacked the right technology to do so, 16% were not sure how to and just over 20% stated that they were still not able to work remotely.  

“Many businesses will now have witnessed the positive productivity and financial impact of a remote workforce, but without the right tools, processes and security in place, this can very easily backfire,” continued Markley. 

With the poll results showing that more than 60% of respondents are planning to work remotely either all or some of the time following the pandemic, the threat to corporate data is only going to burgeon. Almost 20% admitted that the experience of working from home has duly highlighted major gaps in their employer’s cyber security strategy/policies.

When questioned as to whether their company had experienced a data breach as a result of remote working during the pandemic, over 20% replied in the afformative, but a further 22% said they didn’t know if they had suffered a breach.

Scrambling to respond

Jon Fielding (managing director for the EMEA at Apricorn) commented: “IT and security teams had to scramble to respond to this crisis and, in doing so, left a lot of companies wide open to breaches. Nine months into employees working remotely, some already know that they’ve been attacked. Others think they may have been, but cannot be certain.”

Fielding concluded: “In the same way that we had to learn how to protect ourselves from illness and modify our behaviour, we also had to learn how to protect our data outside of the firewall and, more importantly, to remain vigilant about it.”

The Apricorn Twitter poll comprised six question and answer options and realised 23,537 responses.

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Vanderbilt builds on security market success with duo of senior management appointments

Vanderbilt International, the state-of-the-art security systems developer, has strengthened its senior management team with two key appointments. Peter Mueller has joined the company as its new Chief Information Officer (CIO) and executive committee member, while Rickard Hammarberg will take on the role of sales hub head for Sweden.

Mueller’s impressive career spans over 30 years in business, where he was a management consultant for international blue chip companies including Deloitte, Arthur D Little and IBM. A graduate of the University of Münster, for the last seven years he has served as Professor in MBA Programs at the Ho Chi Minh University of Technology and Adjunct Professor at Beijing Normal University as well as being a visiting Professor at universities throughout India.

Mueller will now facilitate a strong alignment with Vanderbilt’s Information Technology, business and management functions.

Commenting on his new role, Mueller told Risk UK: “As CIO, I’m looking forward to identifying areas where we can use technology to make our overall operation more efficient and cost-effective and improve the service we offer to our ever-growing customer base. This will ensure that we maximise our competitive potential in what is a highly competitive market, while at the same time delivering value and adapting to changing working practices such as remote working.”

Peter Mueller

For his part, Rickard Hammarberg brings a wealth of experience to Vanderbilt gained over 20 years of working in the security industry, during which time he has amassed considerable knowledge about the technology and trends within the CCTV and access control sectors.

His previous positions include a variety of national and international roles, among them a two-year stint in the UK as team leader at Bewator. Hammarberg’s most recent position was regional sales manager for the Nordics at Lenel Systems International. He has also worked for BIAB Larm and YIT Sweden.

Hammarberg is now tasked with increasing the company’s profile in Sweden and the wider Nordic region, as well as setting the strategic business plan and sales strategy to build the brand and develop long-term relationships with its customers.

He commented: “I’m convinced that Vanderbilt’s ranges of access control, intrusion alarm and video surveillance products offer unrivalled levels of performance, flexibility and user-friendliness. This all makes them perfect for the Swedish market, and I’m now looking forward to playing my part in the company’s growth strategy and taking myself and my team to new levels of success.”

Welcoming Mueller and Hammarberg on board, Joseph Grillo (Vanderbilt’s managing director) stated: “Since acquiring Security Products from Siemens in April 2015, Vanderbilt has reinforced its position as a global leader in state-of-the-art security systems. Having Peter and Rickard on our senior management team will really help us in our mission to expand our presence in the security business sector and provide a level of service that’s agile, flexible and always meets our customers’ needs.”

“Remote working places business data at risk” reveals Imation Corporation Survey

According to new research initiated by global data storage and information security company Imation Corporation, poor security and impugned responsibility are placing business data at risk for those working remotely. Staff are taking confidential information away from the office, often without the knowledge of their employer, and losing unsecured and unencrypted business data in places such as pubs, on trains and in hotels.

According to the survey of 1,000 office workers* from the UK and Germany, nearly two-in-five of respondents (or someone they know personally) have lost or had a device stolen in a public place. Three quarters of these devices – among them laptops, mobile phones and USB sticks – contained work-related data. This included confidential e-mails (37%), confidential files (34%) and customer data (21%).

Around one-in-ten interviewees had lost financial data or access details such as login and password information, potentially exposing even more confidential information to the risk of a data breach.

What makes these findings even more concerning is that a large proportion of data removed from the workplace isn’t adequately secured. As many as three quarters of respondents said they had taken digital files with them outside of work, yet many do not use standard security measures such as encryption, password protection or remote wiping to protect that data from unauthorised access.

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

Nearly half (44%) of respondents said that data is never encrypted when taken out of the office. Three out of every ten respondents admitted they don’t protect their data with passwords, while nearly one-in-ten workers who take digital files outside of the office do not secure them at all.

Office workers, it seems, are not losing any sleep over losing confidential business data when they take work home, with only one-in-16 worrying about this massively important issue.

Lack of understanding around corporate data security

“Companies may not be aware of the amount of data that’s leaving offices unsecured,” said Nick Banks, vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions. “In addition, half of respondents said that, at least some of the time, nobody would notice if they were to take data away from the office and lose it. It’s obvious that poor security and lack of understanding of what happens to corporate data are placing organisations at risk of a data breach.”

Even though eight-in-ten of the employees interviewed read or write work e-mails on the move, and around seven-in-ten work on electronic documents away from the office, businesses are failing to provide their employees with secure tools for remote working and not putting the right security policies in place.

Fewer than six out of every ten respondents said their organisation had a remote working policy in place. Of those employees working for companies that do have a policy, more than a quarter of interviewees admitted they’d broken that policy in order to work remotely. Of those staff questioned, 8% had knowingly broken the policy and a further 18% say they’d unknowingly broken it.

Equally, of those individuals who do secure data that they take outside of the office, just over half said that their employer or a third party supplier provides the remote working security measures. One-in-five respondents reported that just they themselves provide the security measures.

“These figures emphasise the urgent need for businesses to ensure that their employees have the necessary systems in place to work flexibly and securely without further hindering productivity,” asserted Banks. “The reality is that people are working in cafes, on aeroplanes, in their GP’s waiting room and even while they take their children to the park. Organisations are tasked with a monumental challenge of providing secure access to corporate networks and data. Data protection is now a huge concern for employers who are battling to manage security and privacy for employees on the move.”

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Key highlights of the research

Other research highlights are as follows:
• As many as 41% of interviewees suggested that they either do not have the right tools available to work remotely or that their solutions for doing so could be improved
• Three-in-five respondents would tell their boss if they lost a storage device with company data on it. However, nearly one-in-ten would do nothing. Less than one third of survey respondents said they have policies that dictate who should be notified depending upon the type and sensitivity of the data lost
• Almost a quarter of respondents have looked over the shoulder of someone working on a laptop/tablet in a public place or noticed someone looking over their shoulder while 6% would let someone else use their work laptop, tablet or smart phone outside of the office
• Around half (48%) of respondents that take digital files with them outside of the office do not fully separate their work and personal data, in turn placing their personal data at risk of being wiped when business data is compromised
• Only 70% of respondents report that they protect their data with passwords and only 36% encrypt their data. A small proportion of respondents are using biometric technology (14%) or remote wiping (7%) to secure their data
• Public areas such as pubs, cafes and restaurants (22%) and public transport (29%) are some of the most common locations for respondents to read or write work e-mails when outside of their home

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

*The research consisted of 1,000 online interviews carried out this summer and involving office workers in businesses of at least 250 employees and covering a range of industry sectors. 500 respondents emanate from the UK and 500 respondents work in Germany. 80% of respondents were required to work remotely for at least part of their working week. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate