Clock starts ticking on GDPR compliance

One year to go The rights of EU citizens over how their personal data is used will be strengthened when the General Data Protection Regulation (GDPR) goes into effect one year from now. The consequences of non-compliance demand companies that collect, store or process personal data overhaul their data strategies. Companies and organisations need to be fully aware of the regulation and its implications, as non-compliance can lead to significant fines.

The European Commission is implementing GDPR, but the implications go beyond the borders of the EU, as they do apply to some companies outside of the zone. Many UK businesses are underprepared for the GDPR, which is cause for concern. An organisation is only exempt if it categorically does not collect or process any personal data drawn from the European market, offers goods or services nor tracks or creates profiles of European citizens. In addition, GDPR expands liability beyond the current directive to include data processors as well as data controllers. The key things the GDPR does include increasing the individual s expectation of data privacy and an organisation s obligation to follow established cybersecurity practices. Fines Any violation of GDPR, such as poor data security leading to public exposure of sensitive personal information, could result in a fine in the millions or even billions of dollars depending on the size of the organisation and its income. GDPR also imposes detailed and demanding breach notification requirements. Companies that need to comply in America that are accustomed to US state data breach reporting may need to adjust their breach notification policies and procedures. The regulation also requires many organisations to appoint a data protection officer (DPO), if core activities, as either a data controller or data processor, involve regular and systematic monitoring of data subjects on a large scale.

According to Dr Jamie Graves, CEO at ZoneFox, the GDPR is a game changer in every way, from bolstered rights for individuals through to a daunting new fine structure designed to hit companies exactly where it hurts their bottom line. It is the sort of overhaul that gives even the most seasoned executive team sleepless nights, due to its complexity and how it touches on every aspect of their business. The starting gun has officially been fired and one thing is for sure: from day one, the EU will not be accepting excuses. They believe organisations have had more than enough time to prepare. Those companies that haven t started to unravel what GDPR means for them need to get proactive. GDPR is all about data. It is imperative that organisations have a full, 360-degree view of data entering, leaving and being stored within their business. This visibility can then be used as a foundation to assess and restructure processes in order to ensure compliance, advises Graves. Though complicated, GDPR also presents companies with an opportunity.

With data breaches becoming increasingly common and personal, by being compliant companies can demonstrate their commitment to data security and privacy. After all it s not just money companies have to lose their reputations are also on the line, he says. Visit Europe s only large-scale security event in 2017 Taking place in London, 20 22 June 2017, IFSEC International gives you exclusive hands-on access to over 10,000 security solutions, live product demonstrations, and networking with over 27,000 security professionals.

Covering every aspect of security, from access control and video surveillance to smart buildings, cyber, border control and so much more.

Time is running out, register now to avoid missing out

Do you know your access control system s weakest link?

How aware are you of the weakest link in your access control system? In this download Nedap outlines the key components of an access control system. Test how aware you are of the weakest link.

When it comes to access control, Nedap has set the bar for the industry. Nedap developed AEOS end-to-end security in which principles of encryption and strong authentication for IT security are applied to achieve secure communication between and storage in all elements of the access control system. Simply complete the short form to download this free report.

Fire alarm and detection qualifications: FIA reveals more details on pioneering training

skills crisis The FIA, in conjunction with the new awarding organisation for the fire industry, the FIA AO, is going to be releasing not one, but four new formal qualifications in fire detection and alarm systems later this summer. The new qualifications in fire detection and alarm systems will be officially launched at FIREX this year (20-22 nd June, ExCel, London). There will be a range of seminars and workshops to help you understand more about what is actually involved, as well as a large FIA networking bar, where you will be able to meet with FIA staff and ask questions 1:1 (over a beverage, if you like).

But before we talk about the actual content of the qualifications themselves what actually is the FIA AO? The FIA AO (Fire Industry Association Awarding Organisation) is a nationally regulated organisation that is externally quality assured by OFQUAL, QIW and CCEA specifically for the purpose of setting qualifications. The same regulators are responsible for the standards adhered to by the awarding bodies of GCSE s, A Levels and vocational qualifications studied through schools and colleges nationwide. Therefore, learners and business owners looking to embark on the new qualification pathway can be assured of the quality mark of the new qualifications and that the qualifications on offer are validated and properly approved with the relevant government authorised qualification bodies. Ian Gurling, Manager to the new FIA AO, explained how the qualifications were initialised: To get the qualifications off the ground, we started off with gaining recognition for the FIA with the regulators to be an awarding body an awarding organisation as they call us to essentially set up a new company within the FIA. The regulators wanted us to set it up outside of the FIA with its own offices, but I managed to persuade them through proving our integrity, and our corporate governance, that we could do this within the organisation and still have a training arm as well. Ian Gurling of the FIA Composition of the courses As for the qualifications themselves, the FIA AO has developed four qualifications each for the job roles of installer, maintainer, designer, and commissioner of fire detection and alarm systems. Each qualification is made up of four units, all of which have to have a pass recorded against them in order to achieve the qualification. The first unit is a foundation unit, which is covers the common aspects of fire safety across all four roles including legislation and guidance, technology and how they relate to each other.

we ve also tailored them to account for regional variations so if you re in Ireland for example we include IS 3218, and so on and so forth for the various standards and requirements, explained Gurling. Once you ve completed the foundation you can complete the other units in any order you want. We have a Health & Safety unit, and an environmental unit so in that the environmental unit we re covering the environmental impact of a fire alarm system; for example, how to transport and handle ionisation detector heads how to handle gaseous systems if you re working on them in any way. We ve also got the role specific advanced unit for the design, install, maintain, and commission. Once you ve got all four units recorded as a pass, you ve got your qualification. So what level of detail do the qualifications go into and what sort of technical content can we expect? The qualifications call for an in-depth technical knowledge, so it s not just a simple matter of knowing BS5839 or IS 3128 or 7671 actually say (or any other number of standards on the syllabus for the qualifications) technicians will have to be able to apply that knowledge. So it s not just a matter of knowing them and being able to read them, it s understanding how to interpret them as well. The qualifications also explore many other areas such as legislation and the different technologies involved in a fire detection and alarm system.

How does a point detector work? How does a beam detector or an aspirating detector work? What are the effects of a sound alarm system? What about the difference between bells and sounders? Voice alarm how does that work? A lot of depth of knowledge is going to be involved in the qualifications, said Gurling. The implications of the system as it is attached to the fabric of a building how does it affect passive protection, fire stopping? How does it affect or is affected by evacuation strategies? All of that is brought out in the new qualifications.

embedded content Knowing why as well as what and how The difference here is that technicians will be able to develop professionally much further than before, because of the level of thinking required for the qualification. No longer will technicians simply be able to perform the various tasks that they need to carry out they will be able to use their knowledge of standards and legislation to know why certain things need to be done a certain way. No longer is it a case of knowing what to do it is 2017 and it is all about knowing why you re doing it. The important thing to note here is that the study required for the qualification is much wider and the examinations are set externally by the Awarding Organisation, so it will be impossible to teach to the test , meaning that candidates undertaking the exam must really have absorbed the knowledge and understanding in order to pass. Unlike during any other form of training, where assessments are just a test, the qualification examinations are a much more formal process. The benefit here is clear: a formal exam means that candidates must demonstrate not just that they can parrot out the information they have been given ad nauseum , but be able to analyse, apply, and answer the examination questions correctly. Hopefully, this will mean that technicians will be able to do the same once they are out working in the field, using their new knowledge and deeper understanding to analyse and solve problems. We ve developed a system now, where the formal examinations going to be conducted electronically, said Gurling. Learners are going to be provided with a tablet, and they re going to be asked to log-in to their own assessment paper online.

That assessment paper will then be conducted live and the learner will receive a pass/fail result at the end of it. That pass/fail result is provisional only on possible necessity that I need to investigate the conduct of the exam, in which case, learners will be notified. Otherwise, after 2 weeks, that result is confirmed. Other FIA training If you re wondering about other forms of training currently available from the FIA, and whether it is still relevant, be in no doubt that it absolutely still is as beneficial to technicians in the fire industry as it ever was. The existing FIA units are incredibly valuable, said Gurling. They serve the industry very very well and they remain just as relevant and current as they ever have done. Technicians undertaking current FIA training courses will still gain indispensable knowledge that will help them on the road to success, and whilst they might receive a certificate of completion, that unfortunately doesn t make them qualified technicians . This is a phrase that gets bandied around a lot within the fire industry, but as from the launch of the new qualifications, only those that have actually undertaken the qualifications and passed successfully will be able to use the above moniker as a badge of proficiency and professionalism. Current FIA training courses remain popular due to their high level of technical knowledge and recognition within the industry among employers and technicians across the board.

The standard is high and well respected but the qualifications go one step further, increasing the amount of content delivered, and the amount of time spent in the classroom developing that knowledge and understanding. From now on, a higher bar has been set for the industry to increase the level of professionalism throughout. However, if you re still wondering whether the new qualifications will be right for you, the FIA are exhibiting at FIREX International (20-22 nd ) June this year, with a full programme of seminars and workshops where you can listen to presentations about the new qualifications, pick up a brochure, or drop by the FIA s networking bar to ask FIA staff a few questions in an informal setting. For more information, go to the FIA website or find us on our brand-new Facebook page. Visit FIREX International for cutting-edge solutions, essential knowledge and the ability to grow your business by getting direct access to the whole fire safety industry. It is the perfect place to get your product in front of thousands of buyers, across a multitude of featured areas. From the brand new Drone Zone, the ARC Village, ASFP Passive Protection Zone, the Engineers of Tomorrow competition and more, it s all under one roof so you ll never miss a beat.

Click here to register your place now to join us at London Excel on 20 22 June

BSIA responds to cash courier shooting in London

Walthamstow shooting The trade body representing the private security industry in the UK has issued the following statement relating to the recent shooting of a cash-in-transit courier in Walthamstow, north-east London. The cash-in-transit courier was injured from the shooting ambush. James Kelly, chief executive of the British Security Industry Association (BSIA) said in a statement: Every day, cash-in-transit couriers perform a vital public service, transporting cash around the country and supporting banks, retailers and businesses by facilitating millions of financial transactions across the UK.

However, in doing so, they place themselves at risk of extreme violence, as today s incident sadly reminds us. Kelly goes on to point out that the number of attacks on cash-in-transit couriers remains at an all-time low. There were 76 injuries to cash-in-transit crew members, police and the wider public in 2016. However, the risk of violence and injury remains a very real threat to couriers. This is something that the private security industry together with its partners in police and government is continually working to reduce through initiatives like SaferCash, which shares intelligence about attacks and suspicious incidents between couriers and the police, continued Kelly. Our thoughts are with the injured courier and his family who have made a very personal sacrifice for the sake of our nation s economic security and we wish him a full and speedy recovery. The BSIA is a longstanding and valued partner of, and exhibitor at, IFSEC International, Europe s biggest fire and security trade show taking place 20-22 June 2017, London ExCeL. Get your free badge now. Take your security knowledge to the next level at IFSEC International 2017 Experts from across all areas of the industry will attend to share their expertise on critical topics on 20 22 June 2017.

Choose from over 80 hours of seminars to attend across four theatres, the Panasonic Security Management Theatre, TDSI Tavcom Training Theatre, Smart Theatre, Genetec Borders & Infrastructure Theatre.

Time is running out to get involved: Register today to avoid missing out

More than half of UK business owners unaware of incoming data protection law

GDPR Some 84% of small business owners and 43% of senior executives of large companies in the UK are unaware of the forthcoming General Data Protection Regulation (GDPR), according to a study by Shred-it. From May 2018 the GDPR will replace existing European data protection laws. The purpose of the law is to bring greater strength and consistency to the data protection given to individuals within the EU.

Shred-it s Security Tracker survey, conducted by Ipsos, also found that only 14% of small business owners and 31% of senior executives knew the fine associated with the new regulation, which is up to ‘ 20 million or 4% of global turnover, even despite 95% of senior executives and 87% of small business owners claiming to have some understanding of their industry s legal requirements. If businesses breach the forthcoming legislation and fail to grasp its implications they not only risk severe financial penalties, but also any reputational damage. Research shows that 64% of executives agree that their organisation s privacy and data protection practices contribute to reputation and brand image. Only 40% of senior executives, claiming to be aware of the law, have begun to prepare for the GDPR. This is in spite of 60% agreeing that the change in legislation would put pressure on their organisation to change information security policies. Robert Guice, senior vice president Shred-it EMEAA, says: From implementing stricter internal data protection procedures such as staff training, internal processing audits and reviews of HR policies, to ensuring greater transparency around the use of personal information, businesses must be aware of how the legislation will affect their company to ensure they are fully compliant. According to Guice, governmental bodies such as the Information Commissioner s Office (ICO), must take a leading role in supporting businesses to get GDPR ready, by helping them to understand the preparation needed. We recently reported on how the Minister for Digital and Culture offered reassurances over the impact of a data protection law coming into force next year on the use of facial recognition technology for crime-fighting purposes. Check out the findings of the Shred-It survey in infographic form below Attend IFSEC International 2017 to stay protected As systems and software become increasingly connected, the consequences of a cyber-attack become greater every day, with the average breach costing businesses up to $3.8 million, do not leave it until tomorrow to act.

Visit and see the latest product developments from leading suppliers, live hacking demonstrations, and education from the best in the industry, Cyber & IT Security at IFSEC is an area you can t afford to miss.

Register right now.

Physical security professionals: do you really need to care about cybersecurity too?

So we all know that cybersecurity is important. It s mentioned in the national news on almost a daily basis, whether it be about the government vulnerabilities, cyberterrorism, or major retailers letting criminals steal millions of customer s credit card details. But, like securing physical spaces, it s one of those things that only becomes newsworthy when it fails.

For a long time, physical security was strictly analog, and it s only connection to the IT network was at its end point. And therefore, those responsible for physical security didn t need to concern themselves with worrying about network security, while at the same time, the IT department didn t need to be concerned with any undue exposure from cameras etc. Game-changer Sure hacks have always occurred even in analogue systems (the prototypical breach through a baby monitor or garage door opener being well known examples). But now that IP-based security systems are becoming the norm, with all the associated benefits, both sides need to be aware that the game has changed. The challenge, as we see it, is that the physical security team and the IT team have, on the face of it, very different outlooks and priorities, and often don t really understand each other. Physical security is from Mars and the IT department is from Venus! Often it can simply be a language/jargon barrier, where neither side truly gets what the other one is talking about. But in many cases, it can also be more akin to a border dispute, or a custody battle for an unwanted child: the physical security team don t consider cybersecurity to be part of their job, and the IT department may not even be aware of the potential vulnerabilities from a variety of devices that appear to have no obvious users or owners. One phrase stuck in my head after a recent conversation about cybersecurity with a customer: We are glad Axis is thinking about this stuff, and it s interesting, but we are pretty relaxed about it right now, they said.

And if they haven t been attacked (or at least don t know if they have been attacked), then that response is often followed by Cybersecurity is something that the IT department is worried about I just have to make sure this building is secure. At the same time, when I have talked to the IT department, they have sometimes been unaware of the potential exposure of unsecured IP cameras. So, how do we, as an industry, get the physical security manager to take IT security seriously? And conversely, how do we help the IT security team to talk to their physical security colleagues in a language that they understand? Actually, it s not that complicated. The best way is to use the terminology that they are both familiar with: IT Team Physical Team Don t use default passwords, make them hard to guess and change them often Install decent locks and make sure the keys are hard to copy Make sure to have proper user management tools in place Don t give out more keys than you absolutely have to instead put in some access controls Make sure devices lock themselves if not being used Lock the doors! Detect network breaches Detect intruders Don t leave any backdoors open, just in case Don t prop open that fire escape just in case Put up a firewall around your network to stop people casually wandering in Put a fence up around your perimeter to stop people casually wandering in However, not all organisations and businesses are the same, and some already have good communication between these two departments, and a good awareness of the threats they need to tackle together. What I have seen is that organizations tend to fit into one of three broad categories depending on their understanding of the threat they face. From enterprise-level to small businesses: how cybersecurity approaches compare At the top are those whose brand, business or credibility is based around trust and security for example banks.

By and large, they place security very high up their list of priorities, be it physical or computer-related, and it is ingrained within their corporate culture. They are often cautious about embracing new technologies until they can be sure that their security won t be compromised. This is especially true of new devices being connected to their network, such as cameras, access control points, etc. So their IT departments are highly unlikely to allow any new IP-based equipment to be connected without ensuring they have been properly sourced, tested and set-up. Next there are those who are aware that they may be vulnerable to cyber-attacks, but may not have the specific expertise in-house to properly analyse their risks, nor how to mitigate them. However, they are at least willing to get advice, even if it s not a critical priority for them. These companies probably are the most at risk with enough complexity in their networks to make management a full-time job, but possibly without sufficient resources to properly police every device that gets connected. Lastly, there are those, usually smaller businesses, who have very little understanding of cybersecurity at all, and even less idea that devices such as cameras need to be properly secured before being connected to a network. They rarely have a full-time IT manager, let alone a person with sole responsibility for physical security.

For these businesses, a very simple, automated set-up is ideal, with all security being taken care of out of the box. For example, the Axis Companion provides cameras, recorders, memory cards and a video management system all in one package. Lessons from major camera hacks In the end, though, both the IT and physical security departments need to care about the problem enough to want to engage with each other, and not just pass the buck back and forth until an attack actually happens. So how to do that? Unfortunately, the case has already been made for us, on several recent occasions. It was only a few months ago, that the Mirai BotNet attack demonstrated how vulnerable IoT devices can be, how ubiquitous they are, and how these two facts make for a highly attractive opportunity for hackers. Over several months, cybercriminals infected multiple millions of devices, including IP cameras, DVRs, home routers, etc. Then, in September 2016, it was first used to run a massive DDoS (Distributed Denial of Service) attack on the website of a prominent security journalist, A month later, it was followed by the largest DDoS attack in history, going after, one of the key parts of the US internet backbone, upon which services such as Netflix, Spotify and Amazon rely.

Now, some may say that not being able to watch the latest episode of Orange is the New Black may not be a huge threat to Western civilization, but this just goes to show the potential of what can be done with physical security devices that haven t been properly hardened against cyber-attack. The majority of the devices infected had easy-to-guess default passwords that had never been changed or even worse, could not be changed at all. Or there were the devices with backdoors built into them to make it easier for the manufacturer to debug them during development, but were never closed again before production. In December 2016, 80 plus cameras from a major manufacturer were found to have backdoor accounts. A month later, it was reported in the Washington Post that for three days the Washington DC Police were unable to record video from their security cameras due to 70% of their storage devices being hacked. So, we know that this won t be the last time. The internet of things is currently an easy target, and even more so because there are very few human beings in the loop, so there is almost no-one to notice when an attack has occurred until too late. As the Mirai BotNet attack showed, an attack might not even directly affect the host, so there is even less chance of spotting an infection unless you are paying close attention. Attend IFSEC International 2017 to stay protected As systems and software become increasingly connected, the consequences of a cyber-attack become greater every day, with the average breach costing businesses up to $3.8 million, do not leave it until tomorrow to act.

Visit and see the latest product developments from leading suppliers, live hacking demonstrations, and education from the best in the industry, Cyber & IT Security at IFSEC is an area you can t afford to miss.

Register right now.

FIA launches fire detection and alarm engineering qualifications

skills crisis The Fire Industry Association (FIA) has revealed that it s launching four new engineering qualifications for the fire detection and alarm sector. Open for applications from early July the qualifications will equip students to become system designers, installers, maintainers or commissioners. The FIA has consulted extensively with employers, recruiters and member organisations in designing the four new courses.

Years in the making the qualifications are suited to both anyone who want to join the sector as well as those already working in the industry. Professional in-depth knowledge The courses, says the FIA, will provide a professional in-depth knowledge of each specialist field. They sit at level 3 on the regulated qualifications framework (RQF), equivalent to an A-Level or NVQ Level 3. They arealso equivalent to level 4 on the European qualifications framework, a level higher than that specified in EN 16763, the newly released services standard that specifies the minimum level of education for those working in the fire and security services sectors. Our members and learners have very much guided us in the process of designing these new qualifications, said Ian Gurling, training manager for the FIA. Through surveys and feedback, we ve kept an open dialogue with the industry to create qualifications that will be hugely beneficial to both learners and employers. It became important early on to us to design new qualifications that cover a wide range of theory, but in a way that is relevant to each individual job role within the fire detection and alarms sector. Best practice The course begins with a foundation unit, which provides a thorough understanding of relevant standards and industry best practice. Learners can then progress through other units before choosing a final unit from a choice of four on design, installation, maintainence or commissioning.

In order to create these qualifications, we had to set up an awarding organisation, to formally recognise the qualifications, and register the new qualifications with Ofqual, continues Gurling. The new awarding organisation, I m proud to reveal, is called the FIA AO: the Fire Industry Association Awarding Organisation. The qualifications will be available nationwide at multiple education centres in England, Scotland, Wales and Northern Ireland and are approved by the relevant government bodies for official qualifications in each country. The FIA recently put together this video and this infographic about the skills crisis besetting the industry. The FIA will officially launch the qualifications on their stand at FIREX International (20-22 June, ExCel London ). Anyone visiting FIREX Europe s largest annual trade show for the fire sector ( get your free badge now ) can pick up a brochure, ask questions or listen to one of the FIA s seminars to find out more about the new qualifications. Monitor the FIA website for further announcements about the qualifications or sign up to their newsletter to receive more updates straight to your inbox. Visit FIREX International for cutting-edge solutions, essential knowledge and the ability to grow your business by getting direct access to the whole fire safety industry. It is the perfect place to get your product in front of thousands of buyers, across a multitude of featured areas.

From the brand new Drone Zone, the ARC Village, ASFP Passive Protection Zone, the Engineers of Tomorrow competition and more, it s all under one roof so you ll never miss a beat.

Click here to register your place now to join us at London Excel on 20 22 June

Why electronic access control is seen as an expensive luxury by many small firms

Many small businesses see electronic access control as an exorbitant expense that offers little in the way of benefits. However, this couldn t be further from the truth. Investing in access control provides many benefits for any business not to mention, it s not nearly as expensive as many people who are uninformed on the truth of the industry would have you believe.

To understand why so many small firms think access control is an overpriced asset that is not worth their time, effort, and money, it is important to first understand the reason for this misconception. Why access control is viewed as expensive When many organisations think of security and in particular access control, they think of an over-the-top security system that is (A) unnecessary, as they are unlikely to ever encounter a security breach, and (B) has a hefty price tag. In short, they are thinking of access control measures that have failed to consider risk assessment. The purpose of carrying out regular risk assessments is to determine exactly which types of breaches your business is most likely to be vulnerable to, and consequently safeguard your business against those risks through use of the proper measures. Otherwise, by protecting against vastly unlikely or nonexistent risks, you will be investing in equipment that is unnecessary, ineffective and expensive. By analysing what you are at risk of and protecting against those scenarios, you are ensuring that your business is well-secured, staff and assets are protected and making sure that any investment is spent in the right areas. Does access control have to be expensive? No, not at all. Access control is a reasonably-priced and wise investment as it gives the user full flexibility and with on-going technologies in place, the security levels associated with this are only going to get better.

To make sure that you are not overspending or purchasing the wrong system there are a few things to keep in mind during the implementation process. You need to review the physical, personnel and information security aspects and the risks associated to each element. Despite what you might see or read about the sky-high costs of investing into access control, you will be happy to know that the financial commitment is not actually out of the realm of possibility for most businesses. When starting out your research it is always advisable to speak to a reputable provider of systems and equipment (such as Digital ID) who can fully assess the project and advise on the best approach. Is access control worth it? It is but only when done correctly. This includes everything from researching the right products, installing the system and daily usage. Don t put safety on the backburner; the benefits of having proper security measures in place go on and on, even aside from simply preventing tragedy from striking. Consider some of these unexpected benefits that many businesses experience from implementing access control on their premises that go far beyond simple security.

Enhanced productivity Believe it or not, having higher security measures in place makes employees feel safer in a business and allows them to get much more done in an average day. In short, your business environment can become more productive overall by the simple act of investing in access control. Higher employee loyalty If you have a system in place that is intended to protect both your business and the people who work in it, your employees will take notice that you are concerned about their wellbeing and ensure that their place of work is a safe and protected one. Take our word for it they will appreciate your gesture, and the overall effect will make the office a much happier place to work. Establishes credibility Let s face it, access control being executed in a business just looks downright professional. Anyone who visits your location and sees these security measures will trust that the space is one that is worthy of their trust. Consider investing in access control today As you can see, there are many reasons to give access control a try despite security alone although that is a huge benefit as well. Don t waste any more time not having these measures in place in your business, and start the process of deciding the type of access control that is right for your company today. Visit Europe s leading security event in June 2017 Register here to attend IFSEC International where you will be able to take advantage of our meetings service, allowing you to select and meet with the manufacturers you want to see and with 600 companies exhibiting you are not short on choice.

There are also discounts of up to 20% across a large range of products at the show, helping you to get the best value for your money.

Click here to register your place now to join us at London Excel on 20 22 June 2017.

95% of life safety installers say fire industry is falling short over training provision

The fire industry is fuelling the skills crisis in engineering by neglecting training provision, according to 95% of life safety installers. A study by Hochiki Europe, which polled hundreds of fire safety and emergency lighting installers from around Europe, also found that only 39% of installers work for a company that offers an apprenticeship programme. Just 17% reported that their employer offers a graduate programme to attract university leavers.

The Federation of Master Builders (FMB) recently released figures showing that the shortage of skills in the construction sector, which includes fire engineering, is at a four-year high. The skills gap both in our own sector and across the built environment has been a pressing concern for a number of years but, as the survey shows, our industry is doing too little to address the issue, said Ray Turner, general manager of operations at Hochiki Europe. If the industry is to continue to grow into the future, it is imperative that manufacturers and installers create the training opportunities necessary to equip the next generation with the skills they need to build a fulfilling career as life safety professionals. Lack of enthusiasm The study also identified a lack of enthusiasm among school leavers for the life safety sector as a potential career. Some 78% of respondents felt that young people know too little about what jobs are available in the industry, with 68% concerned that they don t view the sector as a desirable vocation. And 93% agreed that the sector had a responsibility to educate secondary school pupils on the range of life safety roles available and their merits in order to change perceptions. At the same time as creating great apprenticeship and graduate programmes to attract people to the sector, we need to do more to reach out to students while they are still at school and thinking about their future careers, and highlight the benefits of working in the industry, continued Ray Turner. Working closely with schools and universities as individual companies and in partnership with others in the industry will be crucial to help promote the array of career options, and the paths into the sector. Taking this kind of action now, we can ensure we have the expertise we need not just to thrive today, but to face new challenges tomorrow.

Visit FIREX International for cutting-edge solutions, essential knowledge and the ability to grow your business by getting direct access to the whole fire safety industry. It is the perfect place to get your product in front of thousands of buyers, across a multitude of featured areas. From the brand new Drone Zone, the ARC Village, ASFP Passive Protection Zone, the Engineers of Tomorrow competition and more, it s all under one roof so you ll never miss a beat.

Click here to register your place now to join us at London Excel on 20 22 June

The security of security is our top priority in the IoT era

With data protection laws being tightened and internet of things hacks proliferating, physical security vendors are talking a lot more about cybersecurity than they used to. For Genetec, whose systems are popular in the enterprise space and installed in 70% of airports in the Middle East, safeguarding systems against cyberattack is a particularly urgent priority. We spoke to Simon Cook, sales engineering manager EMEA and APAC, about the company s defining mantra: the security of security.

Genetec has just been confirmed as sponsor for Borders & Infastructure Expo, which debuts at IFSEC 2017 in June. IFSEC Global: Why is cybersecurity such a big priority for Genetec right now? Simon Cook: The security of security should be high on every physical security professional s priority list. A large part of this is the recent growth in DoS, or denial-of-service, attacks that took place last year, targeting internet of things devices from cameras to campus vending machines. But these things aren t new; DoS attacks have been happening since the start of the internet and cybercrime. The 21 st Century has been characterised by a large growth in the IoT. This is great for business efficiency and personal communication, but the more devices that come online, the more vulnerabilities there are for cybercriminals to exploit, especially seeing as pretty much everything can be connected to the internet these days even fridges! What we want to do is be sure that whatever is connected to our solutions via our customers networks is pure , or safe It s pretty terrifying when you think about the potential of DoS attacks, which is only growing with the number of connected devices. Think about it: when you get 1.5 million devices generating over 600-odd gig of traffic, aimed at a handful of organisations, the result is going to be quite a serious attack.

The world that Genetec operates in seems, on the surface, to be largely physical as we deal with CCTV, access control and automatic number plate recognition (ANPR) to name a few. But, it s important to recognise, which we do, that crime is moving away from the physical world and into the cyber. This is why the surveillance market should be thinking more carefully about security from a cyber threat angle, rather than purely from the physical. (Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500. Get your free badge now.) This issue is also now consumer as well as commercial. More and more we see people with cameras at home that can be turned into a node and hacked, which in a way is even more worrying as they will lack the awareness and training to ensure their devices are protected that professionals in the security industry have. What we want to do is be sure that whatever is connected to our solutions via our customers networks is pure , or safe. The vital thing is to work to continuously build up that level of security in response to the rapid development of cyber-crime. We call this the security of security .

We have a lot of high level enterprise customers so a lot of banks, airports, big businesses etcetera so access into their networks could open up some critical issues for customers. We need to make sure that whatever connects to our system does not open a door for potential attacks. embedded content IG: So what measures do you take to ensure connected systems are as robust against cyber-attacks as Genetec solutions? When we develop our software we ask ourselves the important questions from the outset to ensure our tech is secured against anything which may try to attack it. Penetration testing, regression testing, adding devices and having them tested is all part of the development of the software rather than relying on just reacting to cyber-crime by retrofitting after an attack. We ve done a number of regression tests on our software so we know our platforms are as secure as they can be. But, the cleverer you make the tech, the more sophisticated the attackers become so it is a constant battle. Another problem for us is that we want to be more open platform, so we don t just connect cameras but access control, body-worn cameras, other third-party systems. So, in the unified space, when we try to build up one holistic platform, we have to do a lot of testing to ensure we can still call ourselves secure.

The way we counter this is through authorisation, authentication and encryption. We start by using certificate-based authentication. This may sound complex, but if you use online banking, you have a certificate between yourself and the third-party so the browsers share certificates to verify you are who you say you are, and the banks are who they say they are. Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices In terms of encryption, we used to use SSL. But, a quick google will now tell you that SSL can be hacked quite easily. There are even wiki pages about how to hack SSL within 20 minutes! So we had to evolve and now use TLS, or transport layer security, which is a cryptographic protocol that provides communications security over a computer network , which is much more advanced. The thing with hacking, it is company to company, person to person, government to government, and it can be used in many ways. It s not always just the case that cybercriminals want to break in and steal your information or credit card.

Sometimes DoS attacks aim to bring websites or companies down for a period of time. In the 50s, 60s and 70s we wanted to protect against bank robberies and attacks on people and property. But these days you can bring a company down without leaving your house. So, we have to get smarter. Some hardware we work with has a good level of security built in; some of the more traditional stuff is more legacy, and we have to compensate for these devices. I m sure you can see now why the security of security is something that always has to be top of mind for Genetec! The industry already has to collaborate to make sure these devices connect to each other presumably collaboration is just as important where cyber is concerned Absolutely. And it s not just between manufacturers. Whether it s end users, integrators or consultants, to a lot of our customers we are trusted advisors.

We don t just sell kit and software and then move on to the next customer, and there is a gap of knowledge in the industry for this level and kind of security. So we are trying to work with other manufacturers to collaborate with our systems integrators, consultants and end users so that best practice is followed. Genetec has always been very IT-focused and we work with IT departments too. We want everyone that works with us to know that they can trust our solutions to be secure, and that we can offer them advice on security if they ever feel any confusion or worry about the security of their technology. Many of our customers are more enterprise level, so you can see how a breach could not only put company data at risk, but even people s lives in some instances Is there any trade-off with convenience and the user experience when you tighten up cybersecurity? We try and make the system as user-friendly as possible. When we talk about certificates and TLS, it s all done at installation level. So the customer will work with one of our certified installers, who will be familiar with our product, and the operator shouldn t notice any difference to their user experience. They just type the username and password on their client machine and the security is all done on set up.

Once they are logged in, what they do and don t have access to has already been set up according to company policy. All the clever stuff happens under the hood. Cybersecurity is presumably a particularly high priority in critical national infrastructure? Of course, many of our customers are more enterprise level, so airports, train stations, cities, high end retail, mid-tier retail you can see how a breach could not only put company data at risk, but even people s lives in some instances. Airports, for example, are one of our largest sectors: at last count, 85 of the world s largest airports use Genetec systems, and 70% of all airports in the Middle East one of our fastest growing markets are protected by Genetec Security Center systems. As well as this, when it comes to urban security, we have worked with a lot of blue light services in city centres and they want us to do a lot of regression testing. This is not something we re doing just because it s a buzzword or because of the DOS coverage last year. It s to keep up to speed with developments to make sure we are in line with best practice. It goes back to building this into the core rather than being a retrofit after an event or attack.

And it s equally important to encourage our partners and customers to be vigilant. Now we re starting to look at cybercrime insurance. As more devices come online, there are more data points and we need to be more cautious about what we are adding to the system. We also need to continue our core precautions of regression and security testing to make sure that security devices don t expose holes into our customers networks. Presumably cybersecurity will be a big talking point on your stand at IFSEC 2017? This will all be very much a focus when our customers end users, integrators and consultants visit the booth. See you at stand F500! Check out the latest solutions from Genetec at IFSEC International, 20-22 June 2017, London ExCeL. You can find Genetec on stand F500.

Get your free badge now. Visit Europe s leading security event in June 2017 Register here to attend IFSEC International where you will be able to take advantage of our meetings service, allowing you to select and meet with the manufacturers you want to see and with 600 companies exhibiting you are not short on choice. There are also discounts of up to 20% across a large range of products at the show, helping you to get the best value for your money.

Click here to register your place now to join us at London Excel on 20 22 June 2017.