data

Manned Guarding in Manchester

The content displayed in the Cylex Business Directory consists of information from third parties, among others from publicly accessible sources, or from customers, who have a presentation page in our directory. Cylex cannot be held responsible or liable for the accuracy, correctness, usefulness or reliability of the data. The brand names, logos, images and texts are the property of these third parties and their respective owners.

If you have any questions or suggestions regarding this matter, you are welcome to contact our customer support team.

The value of cyber risk assessments and how to reinforce your soft underbelly: your employees

Headlines revealing the latest cyber-attack have cropped up with concerning regularity in 2017. It will therefore come as little surprise to learn that the latest institutions to be found wanting in the cybersecurity department are universities, as reported recently in The Times . Following a Freedom of Information request, the paper discovered that the number of attacks experienced by leading universities has almost doubled in the past two years, with advances in military and energy technology being particularly targeted.

The director of cybersecurity research at the University of Warwick was reported as saying that lax cybersecurity was a problem at many universities. Another security expert claimed this was due to their use of open networks, insufficient investment in both software and staff to monitor security, and the difficulty of managing a range of different networks. While universities are an obvious target for cyber-attacks (many of which appear to be sponsored by nation states) due to their rich seam of research data and inadequate defences, every business should be aware of the damage cybercriminals can inflict by disrupting their operations. The ransomware attack on a range of organisations (including the NHS) demonstrated this only too clearly earlier this year. Protecting your networks from cyber-attacks Cybercriminals are always looking for the chink in the armour so every business must take cybersecurity seriously to avoid becoming a victim. The first step is to carry out a risk assessment to establish what personal data and other confidential data the company holds and how it is used, transmitted and stored. Once you have identified any weak spots where cybercrime poses a particular risk, the next step is to implement security measures to protect your networks from cyber-attacks. Employees are a weak spot It is right to acknowledge that one of your major weak spots is likely to be your employees. You need to put clear procedures in place, encapsulated in a company policy, to deal with the risk of cybercrime.

And all staff should be trained on what steps they can/should take to prevent it. You can insist that any memory sticks, tablets or mobile phones used by employees outside the workplace must be scanned before using them on company network systems. Indeed, you might even consider whether every employee should have permission to use portable media. Companies should bear in mind the reputational damage it might suffer if found to be excessively monitoring employees You can consider taking out insurance or engaging a third party to manage your cybersecurity where the risk of attack is high or the implications particularly severe. Employees use of social media can also compromise your cybersecurity unless you have a clear social media policy that sets out limits to social media use in the workplace. This is particularly relevant where employees work with, or have access to, sensitive information. Individuals right to privacy versus security Naturally, there are implications for companies which need to monitor and store employee information or data. Any such monitoring must be proportionate and carried out in accordance with the Data Protection Act 1998. Individuals rights regarding their data will be further strengthened by the introduction of the General Data Protection Regulation (GDPR) in May 2018.

The Employment Practices Code contains further guidance for businesses on monitoring employees at work. You need to inform employees that they may be monitored and it may be necessary to seek employees express consent in cases where employee communications are being intercepted. Failure to do so could mean a business facing a claim for damages from the sender, recipient or intended recipient of the communication. Employees also have a right to privacy under the Human Rights Act 1998. An employee can bring a claim for unfair dismissal where they believe their dismissal was based on evidence gathered about them through their employer s monitoring equipment that interfered with their right to privacy. Companies should also bear in mind the unquantifiable reputational damage that it might suffer if it is found to be excessively monitoring its employees. All businesses can be badly affected The bottom line, as university cybersecurity chiefs will attest, is to: Carry out a risk assessment Invest in security measures to keep your networks safe Train your staff to understand the risks to the business from cybercriminals Put clear policies in place so everyone knows what they can and cannot do in relation to portable devices and social media use Although cybercrime poses a particularly virulent threat to high-tech research, development and manufacturing organisations, everyone needs to be aware that a cyber-attack can have very serious financial implications for any business. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now Related Topics How to follow up sales leads following IFSEC and FIREX International How content marketing is boosting web traffic and engagement in the security industry Many engineers are far more valuable than their managers and their salaries should reflect this

The key to supply chain security: How to protect your data

The landscape of security and access control has changed markedly over the last decade with the introduction of technology that allows for traceability and time management of mechanical keys. This has changed the conversation and passkeys, cryptographic keys and encryption keys are all becoming more commonplace. By default, we ve become obsessed with cybersecurity and high-profile cases of data theft and loss are rife.

Research shows that 93% of large organisations and 87% of small businesses experienced a security breach in 2013, with affected companies experiencing roughly 50% more breaches than in 2012. Although keys provide access to critical assets, including servers that hold customer data, and offices where customers accounts are managed, we see many organisations that don t know how many keys they have in circulation, or where they are at any given time. The supply chain For organisations handling any kind of data, great importance must be placed on resilience within the supply chain. When considering exposure to risk, physical supply chain management presents a number of unique challenges. Add to this the complex risks that cybersecurity poses, and ensuring a safe supply chain environment can seem like an impossible task. How stable are your suppliers, do you know where they get their products from, how safe and protected are their assets, and how robust are their own relationships with their suppliers? Mitigating risk can involve identifying dependencies and vulnerabilities that can impact on supply chains. Increasing the visibility of these areas allows organisations to anticipate their impact and plan for contingencies. Data protection When it comes to the security of your data, areas that need to be considered include: What information are you sharing within your supply chain?

Where is the data located? What are your suppliers doing with that information? Are they reselling that data? Is there a data controller and processing agreement in place? Are they prepared enough to comply with the General Data Protection Regulation (GDPR)? Enforcement date: 25 May 2018. How would you deal with a data breach? The GDPR is a binding legislative act that will come into force across the EU (including the UK) next year. The regulation seeks to harmonise inconsistent data protection laws currently operating in the EU s member states and aims to facilitate the secure, free flow of data.

If an organisation fails to comply with the regulation it could be fined up to 4% of the company s global annual turnover and could severely damage its reputation. The secure option To combat these risks, Abloy UK offers a high level of both physical protection, with its high-quality locking solutions and data protection using only accredited software and infrastructure providers, compliant with European and National standards for physically secure key systems. PROTEC2 CLIQ, an electronic key system where all power is retained by the key or locks themselves, requires no wiring; users can change permissions, profiles, schedules and validity and revoke use at the CLIQ of a button; organisations can comprehensively track and audit who has access to which locations, when they had access and how often; and uses three factor authentications standard 256-bit encryption, advanced encryption and industry standard SHA-2 SSL certificates. When it comes to data security within your supply chain don t leave anything to chance, mitigate the potential risks in advance and only use suppliers you can be sure will keep your data secure. Free Download: Securing the UK s borders. Getting national security and Brexit right first time is crucial , we do not want to get this wrong. This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now Related Topics The pioneer behind the world s first unpickable lock: Abloy celebrates 110th birthday Abloy UK launches Smartair with keypad functionality IFSEC 2017 preview: Abloy UK on Cliq Connect, sustainability, and the benefits of electric locks

GDPR gives CCTV operators chance to tackle negative image head-on , says white paper

DATA PROTECTION A white paper exploring the implications for CCTV of the forthcoming GDPR has been published by cloud-based surveillance company Cloudview. The General Data Protection Regulation (GDPR) comes into force across the EU including the UK from 25 May 2018. The upper limit of possible penalties has been raised considerably: organisations found in breach of the law could be fined amounts up to 79 times greater than those levied under the existing data protection regime.

When installing a new system or upgrading an old system, any CCTV user or service provider will be expected to identify security risks and how those risks are to be addressed. Excerpt from Watching the Watchers Watching the Watchers: CCTV, the GDPR and the third wave of Data Privacy Regulation charts the history of data protection law, examines the changes introduced by the GDPR, identifies a shift from compliance to accountability , offers advice to CCTV operators and asks whether the new law might present an opportunity as well as a legal and administrative burden. Indeed, the white paper s introduction offers a positive take on a law that is causing great anxiety for organisations in most sectors: The CCTV industry has, almost from its inception, been portrayed in popular culture as the unofficial face of unaccountable surveillance overreach and invasion of privacy, it says. This position has been cemented by a popular perception of a lack of transparency and public engagement on the part of its users. More recently, it has become the unwilling poster child for the hazards of engaging with the Internet of Things. The General Data Protection Regulation (GDPR) thus provides a welcome opportunity for the CCTV industry and its users to tackle this negative image head-on. The paper has been written by Andrew Charlesworth, a reader in IT and Law and director of the Centre for IT and Law at the University of Bristol (CITL). Cloudview which commissioned the report, provides a service that mobilises cloud computing and IoT technology to centralise and store visual data from CCTV systems, meaning the data can be analysed like any other form of big data. Connected to analogue or IP cameras, Cloudview securely transports visual data to cloud servers that the company says are secure and resilient.

Once stored, it can be instantly accessed, used and managed from anywhere on any device. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now Related Topics

How public CCTV operators can avoid eye-watering fines under the GDPR

The General Data Protection Regulation (GDPR) comes into force across the EU including the UK from 25 May 2018. With fines for non-compliance potentially being a staggering 79 times greater than under the existing data protection regime, the stakes for organisations in a range of sectors are enormous. As security practitioners are well aware, a CCTV image featuring people counts as personal data just like a date of birth or someone s marriage status or political views.

Jean-Philippe Deby, business development director for Europe at Genetec, very kindly shared his thoughts on the implications for CCTV operators and the wider security industry with IFSEC Global. The conversation touched upon the importance of CCTV gap analyses, managing authorisations and privacy by design, as well as how the GDPR could accelerate adoption rates in the surveillance-as-a-service market. (How physical access systems will be affected by GDPR was also topic under discussion during IFSEC 2017.) IFSEC Global: What are the implications of the forthcoming GDPR on how organisations manage their CCTV systems? Jean-Philippe Deby: I ve heard that the UK was very vocal and implemented this regulation prior to Brexit. So even post-Brexit, from what I understand, the UK will still apply the regulation. Effectively, as this is a regulation and not a directive, all EU countries have agreed to apply it. A fundamental notion of the European Privacy Regulation is that you need to get explicit consent when you acquire people s data. On top of the way they collect information, there s now the notion of responsibility or accountability on how organisations hold this data. The regulation is telling them this is what you know you can or can t do . If they are irresponsible they will be fined.

If they are hacked and data is compromised, they have 72 hours to disclose it to the public authorities otherwise they will also be fined. Because of the lack of consent and the mass accumulation of data, public CCTV basically falls under the category of high-risk data As we speak, organisations as well as the industry as a whole, are reviewing the regulation to determine the steps that need to be taken in order to meet their obligations. How CCTV comes into play is especially interesting for public CCTV. As we know, it s impossible to get the explicit consent of people being filmed. You can obviously announce that you have CCTV in the train station or store, which is how it s done today, but the specific person being filmed can t say hey, I don t want you to record my images. As part of the regulation there s actually a notion that certain data constitutes a higher risk to a person s rights, where organisations need to make a data protection impact assessment test. Because of the lack of consent and the mass accumulation of data, public CCTV basically falls under high-risk data. GDPR Article 35 is where they mention the activities that make data high risk and the steps which an organisation needs to take. IG: What are the implications of being classified as high risk for CCTV operators?

JPD: As I mentioned earlier, it s a learning curve. There are so many different types of data that a lot of people are trying to understand how it s going to impact their organisations, but basically there are two things that come up. For high risk-data they will need what is called a DPO, a data protection officer, who will report directly to the CEO. It will be interesting to see how it impacts small and medium-sized businesses. The other big thing that comes out is that, de facto, they need to build a system which implements what is called privacy by design . For example, encryption is a recommended method of increasing privacy around the information that has been collected. Another area of focus should be the access to the information itself. Breaches don t necessarily come from hackers; they can be internal, either intentional or unintentional. So managing the process of identifying who is connecting to your system and who has access to the system is also key to privacy.

Who do you authorise, for example, to view live images or live recordings? IG: The fines sanctioned by the GDPR are pretty steep JPD : It s either a ‘ 20m fine or 4% of worldwide annual revenue whichever is higher. Many companies with retail branches have billions of dollars worth of revenue. I ve been talking recently to a company that has about $11bn in sales they could be fined $420m. Until now the argument for SaaS was around operational savings. With the GDPR it s really around helping people meet their compliance obligations There is a process in place which means companies will first be warned before being fined, but really, it s about good governance. Compare the cost of a breach or a company s reputation versus the cost of implementing a properly designed and executed solution. But I do believe that the EU will apply fines around data protection as they already apply large fines for other subjects. , Google was recently fined more than ‘ 2.7bn. If an organisation isn t careful about the way they handle data, I believe the EU will apply the full force of the regulation.

IG: It s not hard to imagine court cases where organisations dispute accusations that their cyber-defences were not robust enough JPD : That s true, but the onus will then be on the organisation to demonstrate the steps they have taken. Ultimately, it s all about responsibility. Under the GDPR, an organisation collecting personal information is the data controller and is responsible for handling the data. The GDPR also introduces another player called a data processor. These companies can help data controllers in managing the collection of information by providing adequate infrastructure or services. This is why companies like Microsoft are quite engaged with their cloud offering, because the data processor is almost synonymous with software as a service SaaS. Genetec has a solution called Stratocast, which is surveillance as a service. Small businesses can rely on our solution to encrypt their recorded CCTV, for example. It monitors their systems 24 hours a day to detect hacks or any unusual activity via our utilisation of Microsoft Azure.

It is really to help any businesses where video surveillance is not their core business and they either don t want, or don t have the resources to dedicate one of their employees to monitor the state of their CCTV systems. embedded content IG: So the GDPR could really be a spur for the software as a service market? JPD : Absolutely. Until now the argument was around operational savings. Here it s really around helping people meet their compliance obligations on top of helping them with their operation. It s an even stronger argument as to why they should be looking into those solutions. IG: How does Genetec see its role in preparing the industry for the GDPR? JPD : The GDPR is an incredible framework for something we ve been pushing now for a few years: the security of security. You cannot have trust without security.

Cameras have become IoT devices that connect to IP networks like PCs or other IP devices. So we re making sure tools and processes are available for customers to build the security policy they want to put in place, like encrypting information. A CCTV gap analysis is especially important for end users filming public areas. They are exposing themselves to high risk With certain partners like Bosch for example we even have the ability to encrypt from the camera. So it s all about protecting access to data. It s also about protecting the integrity of that data. And with the GDPR we have the European Commission and the British Government putting in a legal framework, with financial penalties, that ties in very well with what we ve already been pushing. IG: Any tips for how businesses can strengthen their systems before the GDPR comes into force? JPD : I think it s important for companies to do gap analyses of their systems not just CCTV but also how they are collecting information on their website, their CRMs and so forth.

A CCTV gap analysis is especially important for end users who are filming public areas. They are exposing themselves to high risk. But depending on what they have in place and who they talk to, they don t necessarily have to do a full upgrade of their systems. There are ways to simply strengthen systems, but this is where one vendor will differentiate from the other. Another thing is there s a lot of requests for proposals and requests for information happening as we speak. If you were about to invest a large sum of money to upgrade your analogue system to IP, for example, all the people who are going to participate in your project starting with the consultant, but also integrators and manufacturers should explain their take around cyber security. This is part of our security of security message. Again, if your system is monitoring public areas, there should be a chapter within your RFP to have a well explained position and solution to meet your compliance. Even outside GDPR, it is good practice in any case to ensure you utilise the tools available.

Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach?

This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Fixed cameras will account for less than 50% of surveillance footage in five years time

Bjorn Skou Eilertsen, CTO of Milestone Systems, was thinking big in the Security Management Theatre on day three of IFSEC International. Speaking on the topic of how hardware-accelerated video content analysis and the internet of things will transform surveillance , he reflected on the changes disrupting the industry now and the paradigm shift still to come. With 90% of the world s data created in the last two years, the term big data doesn t even begin to encapsulate the magnitude of the data revolution, he argues.

Is big data even enough now? Gigantic data might be better, said Eilertsen. Despite the ubiquity of fixed CCTV cameras, they account for a shrinking share of surveillance footage as mobiles, body-worn cameras and drones proliferate. We believe that in less than five years from now, more than 50% of streams managed by video management systems will not be from fixed cameras, he predicted. Aggregation, automation and augmentation A trinity of aggregation, automation and augmentation will equip the industry to accommodate the burgeoning volume of data, said Eilertsen, who joined Milestone in 2013 having worked for both IBM and Microsoft. Aggregation happens all around you, he explained. Only a few years ago it would be a fixed camera, fixed sensors, very rule-based. But now there are 285 million surveillance cameras in operation. That s only a fraction, because everything is being captured on mobile.

With neural networks we can start predicting behaviour. Bjorn Skou Eilertsen, CTO, Milestone Systems How do we automate these things? This is where our vision of intelligent data plays a role. Deep learning plays a role. Augmentation: how do we put these things together? So a vast amount of information is being gathered. This is why a lot is going to happen on the service side. People think it will be on the edge, out there on a single device. Eilertsen pointed out that Data is already being aggregated from multiple sources in an automated process deployed on assembly lines in manufacturing plants.

Aggregating forms patterns, but it s so much information petabyte after petabyte of video and sensor information. What will we do with it? Who is going to look at the patterns and figure out what the intelligence is? That is where the important changes are coming in terms of AI, deep learning and neural networks. For simple systems with only a few components, it s fairly easy to make rule-based analytics and go with the flow. However: When you start aggregating data so big and complicated that humans simply cannot operate them, that s where automation and augmentation come in. Neural networks The shackles are now off thanks to quantum leaps in technology. This has been difficult to do for a long time because conventional CPUs cannot compute fast enough. That s changing now with the introduction of the GPU, said Eilertsen.

The GPU is a multicore computer. It changes the way we can make models, neural networks. It makes a lot of different ways of working the data. The days of having one company try and do everything is over in my opinion. Bjorn Skou Eilertsen, CTO, Milestone Systems He refers to a prototype that can show 1,500 surveillance cameras, to full HD quality, continuously recording, including motion detection. For those who can t do the maths, that s 45,000 frames a second. It is very, very difficult to do on regular computer hardware. He says there is a big shift away from conventional, rule-based analytics to systems managed by neural networks. Neural networks, deep learning algorithms and artificial intelligence are not based on fixed outcomes.

The problem about today s analytics is it s a predetermined outcome. With neural networks we can start predicting behaviour, he says. However, human operators will still have a role to play. How do we make machine intelligence combine with human intelligence? The point is to enable people to make faster and better decisions. He says this new paradigm has huge potential in the field of body-worn video for law enforcement. You can take all the aggregated media from years back, days back, minutes back, and time-lapse it. They identify all different objects and put them into a sequence, so a one-hour video can be reviewed in one minute. That s a really good example of how we start adding human interaction based on machine learning.

It really makes it a lot easier to work with these systems. Collaboration Collaboration with partners has long been part of Milestone s modus operandi, but its importance is growing further still. The aggregation, automation and augmentation will transform the entire industry, says Eilertsen. But it s impossible to do alone. For a very long time it s been everyone on their own trying to make their own analytics a little bit better than the rest. But it s really holding back innovation. What Milestone and the Milestone community is really about is enabling everyone to participate. If he s correct about the industry s direction of travel then the changes ahead are nothing short of revolutionary. The days of having one company try and do everything is over in my opinion.

We all need to collectively move forward. I think in five years when we look back at the industry, we ll have two ways of looking at it. One person will say: Why did we miss it, why didn t we see what was happening? The other, more interesting way is: How did we use our imagination, how did we change the rules, set the agenda and change the industry? We need to think as a community. We need to start innovating together, and we can move a lot faster. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Online security threats you need to protect your business from

Cyber criminals are continually coming up with newer more sophisticated ways of attacking businesses, which can make it hard to stay protected from the latest threats. The role of the web in running a business is also increasing, giving criminals more potential targets. According to 2017 s Cyber Security Breaches survey, 85% of businesses now have websites, 59% have social media pages and 61% hold personal customer data electronically.

The survey found that nearly half of all UK businesses were hit by a cyber attack in the past year. The consequences of such attacks ranged from websites being taken down and software being corrupted, to loss of access to third party systems the businesses relied on. The data held by retailers is making them a prime target for hackers and the number reporting data breaches has doubled in the past year. While there are numerous types of online attacks, the following are some of the most common ones your business needs to be protected from. Fraudulent emails are the most common type of attack experienced by businesses in the UK Ransomware The cyber attack on the NHS in May brought ransomware to the attention of many people, who may previously never have heard of it. Such attacks either completely lock users out of their computers, or encrypt their information, and demand payment in order to restore access. For the attackers to gain access to your system, someone usually needs to download an infected attachment, or click on a link. How to protect yourself To begin with, employees need to be taught to be wary about emails from senders they don t recognise. It s impossible to guarantee you ll never fall victim to such an attack, so you also need to back up your data.

This means you won t have to experience significant downtime, which can affect your business operations. Phishing Phishing attacks send out emails designed to trick the sender into revealing sensitive information, such as passwords or personal details. Criminals then use these details for further crimes, like identity theft. Fraudulent emails are the most common type of attack experienced by businesses in the UK. How to protect yourself Employees need to be educated about the risk of sharing sensitive information online. Rather than calling the phone number given in such emails, or clicking the web address, it is best to find out such information yourself to ensure it is legitimate. CEO fraud/whaling Unlike other attacks which target users en masse, whaling or CEO fraud is designed to hit specific companies. The attackers spend time researching their victim and gathering information they can easily find online. Employees also need to learn to look out for telltale signs an email may not be genuine, such as a slight alteration in the format of the email address They use the information to impersonate senior executives at companies and send out emails in their name.

They ll then ask for large sums of money, or sensitive information. How to protect yourself Intelligent email security can be used to check if emails are from a genuine source. Employees also need to learn to look out for telltale signs an email may not be genuine, such as a slight alteration in the format of the email address. Hackers sometimes simply add an extra symbol or letter to the real email address. Sensitive requests should also be verified via another channel before they are authorised. Simply calling the email s sender to confirm the request is enough to identify such attacks and prevent huge losses to your business. Malware Malware is an umbrella term for several types of attacks including viruses, worms and trojans. Viruses can be sent via emails, or automatically downloaded when you visit an unsecure website. They replicate themselves and spread through computer networks where they cause damage to files, or even allow criminals to access your computer.

You may not know you ve been infected with a worm or virus until your computer begins to slow down or programs start to crash repeatedly Worms exploit security vulnerabilities in operating systems and can give attackers the ability to remotely control your computer. They can do this to several computers, which they then use to create a network to carry out further attacks like distributed denial-of-service attacks. DDOS attacks are used to overwhelm websites and cause them to crash. You may not know you ve been infected with a worm or virus until your computer begins to slow down or programs start to crash repeatedly. You can also be unwittingly infected by trojans which infect your computer by getting you to download software which appears to be legitimate. How to protect yourself Installing security updates and patches to operating systems and software is crucial to remaining protected from such attacks. Firewalls and anti-virus software can also be used to prevent criminals from infecting your computer. If you re unsure about a website, look for the HTTPS letters at the start of the URL, which indicates it meets certain security standards. It s best to have several layers of cybersecurity, which use a number of methods to protect your business Password attacks Guessing passwords is another incredibly common way attackers can gain access to your business.

Password cracking software can be used to go through all the words in the dictionary and any common combinations. It can run through thousands of combinations in seconds, which means even if you only disclose partial information you ll make their job easier. How to protect yourself Strong passwords need to make use of a combination of letters, numbers and symbols, which don t make up a word, or use an obvious date like a birthday. A good way to set a strong password you ll remember is to use the first letter of each word in a phrase. Always change the default password you get for any system and limit the number of unsuccessful login attempts someone can make. Security essentials Antiviral software, firewalls and backing up data are just some of the fundamental security measures you need in place. It s best to have several layers of cybersecurity, which use a number of methods to protect your business. In many cases, humans are the weakest link, so you can achieve a lot by training staff in cybersecurity. The Cyber Essentials scheme addresses the most common online threats, which use widely available tools and require little skill.

The government-endorsed scheme focuses on ways to protect yourself from hacking, phishing and password guessing and is a good way to ensure you have the essential security controls in place. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Ethernet over coax too often overlooked as a cost-effective migration path to IP, says AMG Systems

IP surveillance Organisations deterred from migrating to IP CCTV from analogue systems on cost grounds should consider leveraging existing coaxial cable, according to AMG Systems. The proportion of surveillance systems that are IP-based has been growing steadily for many years. However, our IDIS-sponsored Video surveillance report 2017 revealed that 21% of installed systems are still analogue-based and sales of analogue cameras still continue in surprisingly reasonable numbers.

AMG Systems is a UK-based manufacturer of edge-of-network transmission, including fibre, analogue, IP/ethernet, wireless and hybrid communication solutions. Ian Creary, AMG sales and technical support manager, says the reluctance to upgrade for cost reasons is understandable. They are worried that the migration to IP simply won t fit their budget, he says. And it can be a sizeable investment, particularly if you have previously poured resources into a substantial analogue cabling infrastructure. Labour requirements But Creary says that IP migrations need not be so expensive. There is a very large legacy install base of coaxial cable in existence, mainly related to analogue CCTV, and making use of this as a part of any analogue to IP system migration plan could certainly prove to be a cost-effective option, he explains. Without the requirement to install new cabling, labour requirements reduce dramatically. This can mean an ethernet over coax install can cost as little as 25% of the expense of a full IP upgrade. The advantages of an ethernet-over-coax solution are in the simplicity of its design and application: installation is easy and the data and images it provides are reliable, so everyone involved saves money.

Ethernet-over-coax products provide an easy-to-connect, transparent network that is very simple to use, reliable, and offers seamless integration between the existing coaxial cable and the ethernet backbone of the new system. Ian Creary, AMG sales and technical support manager Ethernet-over-coax products are invariably point-to-point: from a locally powered transceiver at the camera to a locally powered receiver at the control room. Adequate for smaller organisations, the point-to-point design needs strengthening where a large number of cameras are involved. A better solution for these larger systems that still want to benefit from utilising their existing analogue infrastructure is use a PoE switch, with four PoE ports and one coax uplink port at the camera, he says. This gives the user more leverage of their existing cabling system, and truly allows an easy and cost-effective upgrade to IP cameras. Ethernet cabling and devices powered over ethernet require the installation of additional networking products every 100 metres. This often means that power has to be sourced in locations that are difficult to access. This usually requires a lockable closet, cabinet or enclosure and units with power supplies inside, says Creary. Ethernet-over-coax devices, however, can be powered from a PoE switch, and deliver power over ethernet up to 300m.

There are no repeaters or other networking products required, so the distance issue is addressed without an impact on the project budget. Ethernet-over-coax should be as appealing to installers as it is to end users, suggests Creary. Ethernet-over-coax products provide an easy-to-connect, transparent network that is very simple to use, reliable, and offers seamless integration between the existing coaxial cable and the ethernet backbone of the new system. The solution itself can be a simple design, and application is even more straightforward. Importantly, the data carried over the EoC network is robust and reliable, allowing for the transmission of high quality images and other sensitive security content. Ethernet-over-coax technology will enable more installers to approach an IP migration project with a new set of financial and installation options. The end result is a high-performance system that saves all parties involved time, money, and concerns over flexibility and adaptability. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Breaking: NHS IT chaos as systems are infected by malware

Malware called Wanna Decryptor is being blamed by NHS Digital. At this stage we do not have any evidence that patient data has been accessed, the organisation said in a statement. We will continue to work with affected organisations to confirm this.

NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. The National Cyber Security Centre, which was only opened in February, is assisting NHS Digital. That East and North Hertfordshire has had to suspend all of their non-urgent activity and shut down A&E is a testament to how much they rely on their data to operate. Jason Allaway, VP UK and Ireland for RES Jason Allaway, VP UK and Ireland for RES, a specialist in digital workspace security, said: It s becoming more common an occurrence to see ransomware attacks against healthcare organisations; after all, they are a prime target for attackers due to the nature of the data they hold. It s not just a monetary loss when it comes to medical facilities: it s far more important. The fact that East and North Hertfordshire has had to suspend all of their non-urgent activity and shut down A&E is a testament to how much they rely on their data to operate. Education, vigilance and proven technology such as context-aware access controls, comprehensive blacklisting and whitelisting, read-only access, automated deprovisioning and adequate back-up need to be put in place by healthcare organisations to both prevent and combat this problem as efficiently as possible. Today s events are clear evidence that many healthcare organisations still need to invest in this integrated approach to security.

Wake-up call Dr Jamie Graves, CEO of ZoneFox, which specialises in combating insider threats, said: The large-scale cyber-attack on our NHS today is a huge wake-up call. The effects of this data breach include hospitals having to divert emergency patients, with doctors reporting messages from hackers demanding money, a clear signal of ransomware activity. It also highlights the ever-increasing importance of having a 360-degree visibility of activities and behaviour around business-critical data particularly for large organisations like hospitals. Because the NHS holds some of the most sensitive data of all individuals health records it s a goldmine for criminals. While we are still waiting to find out the scale of this attack, it could possibly have severe impacts on critical medical procedures not just a case of reputational damage and financial loss.

Fundamentally, the government needs to pool cyber security specialists together to tackle this growing threat to ensure this does not happen again.

2016 has been a boom year for state snooping laws here s how to fight back

2016 Has Been A Boom Year For State Snooping Laws   Here  S How To Fight Back

In 2016 internet privacy has experienced a string of shocks and abuses around the world starting with the Polish law that loosened spying restrictions for police and ending the year with the UK s controversial Investigatory Powers Bill, Rule 41 in the US and the TOR network s blocking in Belarus. Restricting internet privacy and interfering with people s lives by mass surveillance techniques brings fear to the society and dramatically increases the likelihood of criminal activity by giving new easy tools to access people s data not only to governments, but to whoever is able to hack, intercept or otherwise manipulate the new surveillance systems. Below is our review of the year in online privacy, and some suggestions about how people can protect themselves online.

In Germany , the new data retention act requires public telecommunication and internet providers to retain various call detail records (CDRs). These include phone numbers, the date and time of phone calls and texts, the content of text messages, and for mobile calls the locations of call participants. In addition, Internet providers are required to store user metadata such as IP addresses, port numbers, and the date and time of Internet access. Poland s law expands government access to digital data and loosens restrictions on police spying. Collected metadata will be kept for up to twoyears. One doesn t have to be an official suspect to be placed under surveillance for up to 18 months. In addition, the person being monitored will not be informed about it, compromising the protection of journalists sources and deterring potential whistleblowers. On 7 July, Russian president Vladimir Putin signed into Russian law several bills designed to help the government take measures against dissent online and demand unprecedented levels of data retention from the country s telecom companies. For instance, the legislation warrants tougher sentencing for online commentary deemed as an incitement to hatred or a violation of human dignity.

Such convictions now carry a minimum prison sentence of two years. The law requires service providers to monitor and store all calls, texts, chats and web browsing activity. The retained data can be accessed by several government agencies without a warrant. The UK s Investigatory Powers Act received the royal assent on 29 November, opening up the gate for a disturbingly intrusive surveillance system. Among other things, the so-called Snoopers Charter gives the state the ability to indiscriminately hack, intercept, record, and monitor the communications and Internet use of all of the UK population. The entire browsing history of every resident of the UK will be stored for one year. Almost 50 police forces and government departments, ranging from the Metropolitan Police Service and GCHQ to the Food Standards Agency are authorized to access the data In the US , a new amendment to the Rule 41 of the US Federal Rules of Criminal Procedure quietly went into effect on 1 December. It allows the FBI to secretly use malware to hack into thousands of computers with one warrant. There is no need to identify specific computers to be searched.

That means FBI can hack into as many computers as they wish, whether their owners are suspected of some criminal activity or not. New surveillance laws have also been passed and/or enacted in Belarus, China, Turkey, Ethiopia and elsewhere this year. For detailed information, visit our extensive coverage on those laws in our recent ‘2016 Privacy Review blog post. Dangers of surveillance states Citizen control and surveillance, especially suspicionless surveillance, whether physical or digital, has not proved to be an effective way to control criminal activity history tells us it has always turned out to be counter-productive, endangering lives and causing fear and insecurity. For example, when the government opens a backdoor to citizen s data, it means that this backdoor could potentially be used by anyone else, and can fall into the hands of hackers. Once the information is in the wrong hands, it can be used to steal people s identities and rob them of their bank accounts, for example. Data can also get misplaced, systems can crash and everyone can get endangered. Solution There are solutions to bypass some of these restrictive laws, the most reliable being a VPN service . A VPN sends your data through a securely encrypted tunnel before accessing the Internet this protects any sensitive information about your location by hiding your IP address.

Connecting through a VPN tunnel hides your online activity from your Internet service provider (ISP). The only information visible to the ISP is that you are connected to a VPN server, while all other information is encrypted by the VPN s protocol. This prevents ISPs from collecting potentially sensitive data and passing it onto any third parties. It s also important to use a VPN service that does not store activity records to ensure your data is not logged and forwarded to any agencies. NordVPN has a strict no-log policy and could not supply any information on your online activities even if requested. Besides VPNs, it s also crucial to use anti-spyware software, to make sure to use a Firewall, not to install unapproved programs on the computer that might contain bugs, and to be generally vigilant about the kind of information one shares and opens online. Download: The Video Surveillance Report 2016 This exclusive report covers the security needs of surveillance systems as shaped by the physical environment including: What do security professionals think about plug-and-play systems Challenges like low-light conditions or large spaces and the threats posed in various sectors Which cutting-edge features such as mobile access, PTZ smart controls or 4K resolution are most important to security professionals What are the most important factors driving upgrades and would end users consider an upgrade to HD analogue Download the full report here.