Tag Archives: Risk Management

Chubb businesses honoured with duo of RoSPA Gold Awards for Occupational Health and Safety

Chubb Systems Ltd has received a Gold Award from the Royal Society for the Prevention of Accidents (RoSPA) for the sixth consecutive year, while Chubb Fire & Security Limited has won the Gold Award for the third time following its first such accolade in 2016.

RoSPA Gold Award winners are recognised for achieving a high level of performance while demonstrating well-developed occupational Health and Safety management systems and cultures, outstanding control of risk and low levels of error, harm and loss.

In addition to its award, Chubb Systems Ltd received a gold medal in recognition of achieving the top Gold Award for six consecutive years.

Nichola Maher, EH&S manager at Chubb Systems Ltd, explained to Risk Xtra that the award and medal are testament to a sustained commitment to the environment in addition to Health and Safety. “We continually assess all areas of behaviour and culture to ensure that the environment and Health and Safety are at the forefront of everything we do. The RoSPA awards are an important opportunity for us to celebrate the business’ achievements in ensuring that employees are working to Best Practice safety standards.”

ChubbRoSPAGoldawards2018

Left to Right: Mark Redding (head of EH&S at Chubb Fire & Security Limited), Ronnie Wineberg (service engineer for Chubb Systems Ltd), Nichola Maher (EH&S manager for Chubb Systems Ltd) and Paul Cosentino (EH&S manager at Chubb Fire & Security Limited)

This year, Chubb Systems Ltd’s trophy from RoSPA was accepted by service engineer Ronnie Wineberg who won the business’ own annual Recognition Award for going above and beyond the call of duty in support of Chubb’s Health and Safety practices.

“Having robust Health and Safety practices at work is essential,” said Wineberg. “As employees, by demonstrating our commitment to these practices, we’re all helping to ensure that we can go home safely at the end of a shift. I was proud to collect the award in recognition of Chubb’s Health and Safety practices and my own commitment to them.”

Mark Redding, head of environmental Health and Safety at Chubb Fire & Security Limited, added: “RoSPA is extremely important to the entire business. The awards demonstrate to outside bodies and customers alike Chubb’s overriding commitment to safe working practices. It’s an award the whole business should take ownership of and feel proud in achieving.”

By attaining a RoSPA Award, an organisation is proving its commitment to maintaining a well-balanced approach towards Health and Ssafety management, as well as demonstrating superior practices in areas like leadership and workplace contribution.

Advertisements

Leave a comment

Filed under Uncategorized

Newest version of UK Government’s G-Cloud set to include Advent IM

Advent IM has been part of the UK Government’s G-Cloud portal since its first release. It has now been announced that the newest iteration of the Crown Commercial Service (CCS) procurement platform will again provide direct public sector access to the company’s cyber security, risk management consultancy and training services.

Advent IM’s director, Julia McCarron, said: “Our long-standing relationship with the public sector has been consolidated by our availability over several iterations of the G-Cloud platform. The ability to procure cyber security and risk management services quickly and directly has been of great importance to our clients. We’re delighted to be listed on G-Cloud 10 and look forward to supporting more public sector bodies with high quality consulting and training.”

JuliaMcCarronAdventIM

Julia McCarron of Advent IM

The CCS is a commercial service for Government, acting on behalf of the Crown, to drive savings for the taxpayer and improve the quality of commercial and procurement activity across the public sector. CCS brings together, as one organisation, the Government Procurement Service – the commercial function of the Cabinet Office – as well as common goods and services procurement and commercial management currently undertaken by departments.

Its vision is to deliver value for the nation through outstanding commercial capability and quality customer service.

The CCS is an executive agency of the Cabinet Office and operates as a trading fund under the Government Trading Funds Act 1973.

*For further detail access https://www.digitalmarketplace.service.gov.uk/g-cloud/supplier/92582

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra

UK’s Security Commonwealth set to deliver presentation on ‘Grey Spaces’ at IFSEC International

The UK’s Security Commonwealth will be hosting its first public event on Tuesday 19 June at IFSEC International 2018 to introduce the concept of ‘Grey Spaces’ and discuss precisely why they should be secured.

‘Grey Spaces’ is the term used to label the undefended areas between security protected zones. In a grey space, a criminal or terrorist can prepare for their attack feeling unobserved, safe and with a low risk of detection.

The current threat Level from international terrorism in the UK is set at ‘Severe’. The 2017 terrorist attacks at the Manchester Arena, Westminster Bridge, Finsbury Park and Borough Market were initiated in ‘Grey Spaces’.

The conference session will consider how security design, security personnel and technology can help turn grey spaces into defensible spaces in order to create a perception of risk for a perpetrator planning an attack.

SecurityCommonwealthLogoWeb

Joe Connell, chair of The Security Commonwealth, said: “I’m delighted we’ve been able to host this event and I hope it will generate some keen interest among attendees. It’s also a great opportunity for us to raise awareness of The Security Commonwealth and its objectives in the wider security community”.

The Security Commonwealth is an umbrella organisation of independent membership bodies across the security profession. It provides a forum to consult and co-operate in the common interest and in the promotion of professionalism, Best Practice and information sharing to enhance UK security.

The Security Commonwealth aims to be the all-inclusive industry advocate on security issues in the UK, create lasting networks and alliances and promote and lead the security industry with a single voice.

There are currently 40 member organisations which include most of the major security membership bodies in the UK. For further information visit www.securitycommonwealth.org

Leave a comment

Filed under Risk Xtra

Linx International Group to deliver security management programmes at new SIRA Training Centre in Dubai

The Linx International Group has announced that it will be delivering its award-winning security management programmes from the new training centre of the Security Industry Regulatory Authority (SIRA) in Dubai.

SIRA was created in 2016 and is the Government department responsible for setting the regulations, training and enforcements of security within Dubai.

Training will be delivered to international students by expert tutors at SIRA’s new Training Centre, which includes state-of-the-art technical workshops designed in collaboration with Linx International Group company Tavcom Training.

Security professionals will study and complete internationally-recognised and fully-accredited (BTEC and City & Guilds) security management courses including: Security Management, Risk Crisis and Disaster Management, Managing Security Surveys, Managing Security Risks in the Oil and Gas Sector, Kidnap and Ransom Management and Sea Port Security Management.

LinxInternationalGroupSIRA

SIRA’s Training Centre director Ahmed Albalooshy commented: “Through partnership with the Linx International Group we are providing Best-in-Class training at SIRA’s new state-of-the art Training Centre. Together, we’re delivering an exceptionally high-calibre of training to create experts whose talents are in demand in Dubai, as well as the wider Middle East.”

David Gill CSyP, managing director of the Linx International Group, added: “Dubai is a major global hub and well respected as a Centre of Excellence, and particularly so in the areas of technology, security and policing. The Linx International Group is proud to be working with SIRA to provide security professionals and those seeking to develop a career in security management in the Middle East with the UK’s premier security management training.” 

Leave a comment

Filed under Risk UK News, Uncategorized

Bored and distracted employees “could be biggest data security risk” warns Centrify

Employees who become distracted at work are more likely to be the cause of human error and a potential security risk. That’s according to a ‘snapshot’ poll conducted by Centrify.

While more than a third (35%) of survey respondents cite distraction and boredom as the main cause of human error, other causes include heavy workloads (19%), excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%). Poor management is also highlighted by 11% of security professionals, while 8% believe human error is caused by not recognising data security responsibilities at work.

According to the survey, which examines how human error might lead to data security risks within organisations, over half (57%) of respondents believe businesses will eventually trust technology enough to replace employees as a way of avoiding human error in the workplace.

CentrifyDataSecurity

Despite the potential risks of human error at work, however, nearly three-quarters (74%) of respondents feel that it’s the responsibility of the employee, rather than technology, to ensure that the host company avoids a potential data breach.

“It’s interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology,” commented Andy Heather, vice-president and managing director at Centrify EMEA.

“It seems that we as employees are both responsible and responsible: responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular.”

Leave a comment

Filed under Risk UK News

“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

PaulGerman

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

Leave a comment

Filed under Risk UK News