Risk UK July 2013 by Western Business Media Limited

Cover June13_Layout 1 02/07/2013 16:52 Page 1

July 2013

Risk management, loss prevention and business continuity

Social media delivers risks and benefits Data protection â&#x20AC;&#x201C; encryption is not enough Contracted personnel should not be chosen on price Essential news for risk mitigation professionals

Project2_Layout 1 04/06/2013 13:22 Page 1

comment_riskuk_Dec12 03/07/2013 16:21 Page 1

Comment

Editorial Comment here has been a somewhat surreal edge to the reaction following the revelations that resulted from Edward Snowden’s now wellpublicised and much-debated intelligence leaks. Whether Snowden’s actions amount to espionage or are a whistleblowing act designed to reveal the true extent of communications monitoring in the modern world will no doubt be argued over, long and hard. There is unlikely to ever be a definitive answer. Initially, the divulgence of Operation Prism seemed to indicate that the US was busy monitoring the telephone calls and electronic communications of all and sundry, with the help of many of the largest and supposedly most trusted on-line brands. Depending on which version of the story you read, this was either done with or without their consent. As the story grew it was suggested that GCHQ was involved in using data obtained through Prism. This claim then escalated to include GCHQ tapping into global communications data carried over fibre optic networks. Further claims then appeared, which included the alleged hacking of networks in China by the US, along with the bugging of EU offices in the US. Later it was indicated that offices and embassies both in the US and other locations had been subject to espionage, and had been listed by the US as ‘targets’. There are, no doubt, more revelations to come, and claims and counter-claims will be met with outrage, indignation and discussion about international law. Whilst the indignation is somewhat justified, those expressing it do show one other interesting emotion ... or lack of it. There’s plenty of rhetoric, but no one seems genuinely shocked. There were two reactions to the news that probably showed a deeper sense of reality to the various plots and subplots hitting the headlines. The first came from Professor Eric Groves – a full member of the Research Centre for European Security – who intimated during an interview that everyone was spying on everyone else, and they all know that they’re

Whilst the mainstream news seems to have a never-ending supply of stories about spies, spooks and state-sponsored hacking, some of the responses do contain valuable information for those involved in risk mitigation... doing it! Further comments from Carl Bildt, the Swedish foreign minister, pointed out that those involved in diplomatic missions expected such attention from other parties and states. He summed up the acceptance of such matters by stating, ‘That's why we have measures to stop it’. There are clearly political motives that will drive this issue forwards, and to the average person in the street the idea of having communications monitored might seem shocking and offensive. However, we live in a world where data of all types has a value. As technologies become more advanced, so the possibility that we will all trade off privacy and security for other benefits such as ease of use and speed of communications increases. The point here is not to become obsessed with trying to prevent anyone from ever accessing your data. It will be a futile task, and will inevitably lead to increased investments which make systems slower and clumsier. Instead, maybe businesses and organisations should heed the words of Bildt, and accept that their data will be infiltrated, stolen or passed on to unauthorised individuals. Maybe it’s time to realise that communications are being intercepted and monitored. As awkward as it might feel, it is only once the business community follows the lead of diplomatic missions and state-run agencies and accepts that everything is being read or listened to that it can take appropriate action. With such an understanding, the emphasis can switch to ensuring that the data is useless to outside agents or third parties. Protecting the data has to be more effective than protecting the networks. The latest round of scandals prove that! Pete Conway Editor – Risk UK

Whilst the indignation surrounding the claims about Operation Prism and other spying incidents is somewhat justified, those expressing it do show one other interesting emotion ... or lack of it. No one seems genuinely shocked. December 2012

www.risk-uk.com

contents_riskuk_Dec12 03/07/2013 16:23 Page 2

Evacuate everyone

Sonos Pulse EN54-23 Fire Beacons In a fire, everyone matters. Sonos Pulse fire beacons and sounder beacons ensure that all personnel are notified of fire emergencies. With Pulse Alert Technology, buildings are evacuated quicker, evacuation requirements are unambiguous and everyone is made to feel safe and secure. Visit our new dedicated fire website for more information: www.klaxonsignals.com/fire

Signalling Solutions

contents_riskuk_Dec12 03/07/2013 16:23 Page 3

July 2013 Signalling Solutions

Sonos Pulse Ceiling EN54-23 Coverage: C-3-15

Contents 3 Comment The news coverage of Operation Prism and the associated hacking of communications data and bugging of EU offices does raise some points for risk mitigation professionals.

6 News News stories relevant to risk management professionals

12 The Cost of Retail Crime

Sonos Pulse Wall EN54-23 Coverage: W-3.1-11.3

Many consider that retail crime is committed by opportunists and forgetful elderly people. However, it is a serious drain on business resources for many organisations. Risk UK considers its impact on the retail sector.

17 Retail and Security Personnel For many retailers, security officers are core to an overall loss reduction strategy. However, considering contracts with an eye on price can result in false economies.

24 Social Media Social media is an all-pervasive force, and for businesses it represents an excellent marketing tool. However, it can be something of a double-edged sword. Risk UK considers the risks associated with using these platforms.

28 Data Protection When many consider Data Protection Act compliance, the focus is on information security. However, compliance with the law entails much more than merely encrypting data.

FEATURING:

35 Cyber and Data News News of interest to data security professionals

38 Next Issue Risk UK looks ahead to the August 2013 issue

39 Risk UK Directory ŕ EN54-23 compliant beacon technology ŕ Wall and ceiling mount light orientations ŕ Wide coverage pattern - one device can protect most rooms ŕ 20mA beacon current @ 0.5Hz flash rate

ISSN 1740-3480 Risk UK is published 12 times a year and is aimed at risk management, loss prevention and business continuity professionals within the UK’s largest commercial organisations. © Pro-Activ Publications Ltd, 2013 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without the written permission of the publisher. The views expressed in Risk UK are not necessarily those of the publishers.

Risk UK is currently available for an annual subscription rate of £78.00 (UK only)

Editor Pete Conway Tel: 0208 295 8303 E-mail: pete.conway@risk-uk.com Design & Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 4292015 E-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 0208 295 1919 E-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 0208 295 1919 E-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton

RISK UK PO Box 332, Dartford DA1 9FF

Tel: +44 (0)1706 233879 www.klaxonsignals.com/fire

Chairman Larry O’Leary

Editorial: 0208 295 8303 Advertising: 0208 295 8307

5 www.risk-uk.com

news jul13_riskuk_jul13 03/07/2013 16:56 Page 2

News

SIA reveal further non-compliance

Hyper U takes control of site management French retail chain Hyper U is using an access control solution from ACT at one of its largest stores, a 20,000 square metre property with 200 full-time personnel at the western town of Savenay in the Loire Estuary. Hyper U wanted to control and log movement of staff around the shop floor, office block, delivery areas, car parks, lifts, stock rooms and perimeter. The client also needed a hierarchical rights management system so that staff would only access certain groups of doors associated with their job function at appropriate times of day according to their shift. Hyper U found the flexibility they needed in ACT’s devices and ACTWin software. The software’s graphical interface simplifies database management for Hyper U and has allowed supervisors to create 71 user groups, so promoting complete visibility of staff movement and enhancing health and safety at a store with long opening hours where there is activity 24 hours a day. While the human resources department can intervene if workers are not in the right place when they should be, the access control system also contributes to staff welfare by creating an audit trail. This ensures that workers do not become stranded in remote areas or spend excessive amounts of time in locations such as refrigeration rooms. The access control also ensures that customers remain on the shop-floor and are denied entry to areas where high-value items are stored. French supermarket retailers make extensive use of the concession system whereby there is a gallery of ‘boutique’ suppliers of items such as smart phones and tablet computers on site. Areas that are commercially sensitive (cashier’s office, luxury electrical goods, etc.) as well as loading bays where the presence of vehicles puts a premium on safety have a twin level of security with both keypads and proximity readers being used.

www.risk-uk.com

An unlicensed door supervisor was found working illegally without a Security Industry Authority licence during checks in Maidenhead in June 2013. In a joint operation Thames Valley Police, SIA investigators and licensing officers from the Royal Borough of Windsor and Maidenhead Council conducted checks in the town centre. In total, 20 security operatives were checked across seven venues including pubs and off-licences. Whilst the majority of those inspected were correctly SIA-licensed, a small number of offences were found. SIA investigators found a door supervisor working in a pub with a revoked SIA licence and a bar owner who did not hold the correct SIA licence. Enquiries are on-going. Additionally, a warning was issued to a door supervisor for failing to notify the SIA of a change of his address, which is a breach of SIA licensing conditions. SIA Head of Investigation, Darren Woodhouse, stated, ‘Compliance with the Private Security Industry Act is important at all times, no more so than when there is an influx of people in to pubs in the area when a major event, such as Royal Ascot, is taking place. Although there were some licensing issues, I am pleased to have worked alongside the police and the council during such a high profile local event.’

Power continuity during adverse conditions VTT Technical Research Centre has developed a tool that can be used to shorten power cuts caused by storms and to reduce the resulting costs and damage, such as faults in household electrical appliances and frozen water pipes. The tool can be used to simulate mutual dependencies between mobile communication networks and electrical grids in different fault scenarios, including damage caused by storms. This information assists in evaluating the length of power cuts experienced, improving the reliability of networks, and thereby shortening outages. The simulation tool evaluates the interdependence of mobile communication networks and electrical grids in the case of failure, permitting study of how a storm damages infrastructure. Loss or quality degradation of telecommunications links makes remote control, maintenance and repair of the electrical grid more difficult. Impaired mobile communication networks interfere with automation, slow down repair works and lengthen power cuts significantly.

news jul13_riskuk_jul13 03/07/2013 16:56 Page 3

News

Vasco acquires Cronto Vasco Data Security International, a software security company, has announced its acquisition of Cronto, a provider of secure visual transaction authentication solutions for online banking. Vasco acquired all of the stock of Cronto in exchange for an initial cash consideration of Euro 15 million and a contingent cash consideration in the form of an earn-out of up to a maximum of Euro 2 million. The acquisition was financed from existing cash balances. The acquisition is expected to be dilutive in 2013, due in large part to the amortisation of purchased intangible assets. The acquisition is expected to be accretive in 2014. Cronto was founded in 2005 as a University of Cambridge spin-out and is active in the field of secure visual transaction authentication and signature solutions for online banking applications. The CrontoSign solution has been chosen to secure transactions of customers of German and Swiss banks such as Commerzbank AG and Raiffeisen Switzerland. CrontoSign technology is a simple and user friendly way to withstand sophisticated attacks by Trojan malware, targeting online banking services. CrontoSign protects against such attacks as it allows the bank to establish a secure optical communication channel with the client. Account holders can simply scan a CrontoSign image displayed on their bank’s website and verify the details of the payment on a trusted display. They can choose between the CrontoSign mobile application or a dedicated CrontoSign hardware device. Vasco will add the patented products to its offerings for the global banking market. ‘The acquisition of Cronto is a strong example of Vasco investing in its future growth’, stated T Kendall Hunt, Vasco’s Chairman and CEO. ‘Through our make-orbuy strategy for new technologies, we will keep scanning the market for suitable companies.’ Jan Valcke, Vasco’s President and COO, added, ‘Our objectives are to reinforce our leadership position in the banking authentication market and to become a successful business-to-consumer authentication services provider. The acquisition of Cronto is a significant step forward in helping us achieve both objectives.’

Promat acquires C3S Securiglass

Promat has acquired the operations of Yorkshire-based C3S Securiglass, a supplier of fire-resistant safety, security and blastresistant glazing. It offers a wide range of glass and related products for safety and security applications, including products that are resistant to attack by fire, ballistics and explosion. These include laminated glasses for integrity and insulation applications, as well as its Smokestream glazed smoke curtain system. Promat’s Strategic Business Development Manager, Ian Cowley, stated, ‘This is excellent news for Promat as it really enhances our existing offering in fire-related glazing. Securiglass has earned an enviable reputation based on its ability to offer products which deliver outstanding and reliable performance, backed by impartial technical advice and first-class customer support. Those qualities will now be added to Promat’s existing offering in fire-rated glazing.’ Securiglass has been supplying products to Promat for some time, and the move should see Promat increase the level of technical and commercial support, as well as the efficiency of service and delivery.

www.risk-uk.com

news jul13_riskuk_jul13 03/07/2013 16:57 Page 4

News

Digital triage system aids disaster management Anoto, a digital writing technologies provider, and NTTData have announced the availability of NTTData’s Triage Tag System. It has been designed by NTTData and Anoto strategic partner Dai Nippon Printing for use during disaster situations, where triage teams need to send vital patient information to hospitals in order to determine appropriate care paths immediately for patients. The Triage Tag System digitises handwritten patient notes through the use of digital writing technologies. By turning handwritten information from first responders into typed data, the information can be quickly relayed from an ambulance or a scene of a disaster to the hospital, so that doctors can prepare for patients. The greater insight from the data allows doctors to better prepare and plan for triage space and treatment, before a patient is delivered to the hospital. The system was developed by NTTData and Mr Koichi Tanigawa, professor of Hiroshima University, Department of Emergency and Critical

Halcrow implements flood mitigation solution Halcrow has implemented risk analysis software from Palisade as an element in its programme to mitigate the consequences of severe flooding in the UK. The package is used to quantify the uncertainties in Halcrow’s process that determines the risk faced by critical assets such as water treatment works and pumping stations, and weighs it up against the cost of appropriate preventative measures. Halcrow identifies the likelihood that a site will be subject to fluvial flooding and quantifies the vulnerability and consequence of failure for each asset. Recommendations to improve flood resilience may include adaptive solutions, such as designing structures to reduce the consequences of flooding by facilitating recovery from it. Alternatively, resistance, which aims to prevent flooding in the first place, might be more appropriate for some sites. The @Risk solution plays a key role in quantifying the certainty with which forecasts can be made. Rectifying the consequences of a flooded water treatment plant can be very expensive. Physical damage to pumps and equipment needs to be repaired, and there are additional costs that may be incurred, such as bottled water supply while the plant is out of action, and customer compensation for lack of

www.risk-uk.com

Care Medicine. More than 20 triage training units are trialling the Anoto digital pen solution. The Triage Tag System has been implemented at major medical organisations and government authorities in Japan. The solution has been designed to save essential time during a disaster situation, where the number of patients is high and doctors need to have all the relevant information to hand before patients are delivered to the hospital. During a disaster, it is essential that first responders provide accurate information about victims, their injuries, where they are, where they need to be taken to for care and what care path they require to treat injuries. The information collected is automatically transmitted to a hospital network. ‘Rapid response is paramount in emergency and disaster situations,’ stated Kenji Yahagi of NTTData’s healthcare division. ‘Having the ability to accelerate the placement and treatment of patients in disaster zones with trained staff at local emergency centres will help save lives, as well as speed up the ability of emergency staff to prepare for inbound patients.’ service. Working out the costs of these consequences helps determine the right solution for the individual site. However, it is difficult to quantify the exact costs so @Risk is used to quantify the variations in the figures. The software is also used to measure levels of uncertainty for other key aspects that have a bearing on the eventual outcome. For example, there are uncertainties around the direct damage costs and the expense of responding to customer contacts associated with the incident. At the same time it is important to understand the level of uncertainty in the costs of intervention, such as building a floodwall. Fluctuations in the cost of borrowing money must be accounted for as these may have a significant impact on the final expenses. Using @Risk, Halcrow can demonstrate how decisions on the best course of action to take for a critical water industry asset can be informed by quantifying the uncertainty. ‘Serious flooding having a major impact on water services is a very real possibility in some areas in the UK – and this has been demonstrated in recent years,’ stated Alec Yeowell, asset management engineer at Halcrow. ‘We set out to understand what it was realistic to mitigate against and achieve in terms of the costs and benefits of improving the current levels of resilience. The nature of the task means that each stage of the calculation is subject to uncertainty.’

Project3_Layout 1 03/07/2013 13:46 Page 1

Knowledge. Students at the world-leading Warsash Maritime

Academy in the UK hone their seafaring skills through a realistic engine room simulator. Teachers use Milestone XProtect® Professional software to monitor and listen to students from a separate room. These recorded two-hour training É»ÉÉ¿ÅÄÉ ¾»ÂÆ ÉÊËº»ÄÊÉ ½È·ºË·Ê» Í¿Ê¾ · ŰÈÉÊƖ class education. Proving again Milestone can solve problems that are more than security.

Milestone XProtect® is the world’s leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as video analytics. Which means your possibilities are unlimited and you can keep your security options open. See our new products and the new ways to use XProtect at: www.milestonesys.com

Milestone Systems UK Tel: +44 (0) 1332 869380

news jul13_riskuk_jul13 03/07/2013 16:57 Page 6

News

Siemens claims widespread support for surveillance Pan-European research commissioned by Siemens has found that a majority of consumers do not believe that the widespread use of video surveillance infringes on people’s civil liberties. In addition, the survey revealed overwhelming support for the use of surveillance in reducing crime. The study – carried out by YouGov – questioned over 6,000 adults in France, Germany, Spain, Sweden and the UK about their views on video surveillance and its role in society. ‘Over the last 20 years or so CCTV systems have been introduced across the length and breadth of Europe, and a cursory glance around any town or city will usually result in a camera or two being spotted,’ stated Peter Hawksworth, CEO of Security Products from Siemens. ‘The use of CCTV elicits strong feelings, either for or against, and Siemens has concluded that most of the figures quoted and statements made are based on the type of conjecture and misinformation that suits a particular argument. Therefore, we wanted to find out what the public really thinks about its ability to reduce crime and whether it infringes upon civil liberties.’ Respondents were asked to agree or disagree with two statements. The first statement read, ‘I believe that the widespread use of CCTV cameras infringes on people’s civil liberties’. In Sweden 69 per cent said that they felt that CCTV does not curtail freedom, followed by the UK (65 per cent), France (57 per cent) and Germany (45 per cent). In Spain, however, the figure was much lower and only 33 per cent said it doesn’t invade privacy. The second statement read, ‘I agree that CCTV cameras are useful in reducing crime and providing evidence to the police’. Despite the negative perception in Spain regarding privacy issues, 89 per cent of respondents there answered positively. It was closely followed by Sweden (88 per cent), France (83 per cent), the UK (81 per cent) and Germany (77 per cent).

www.risk-uk.com

Certalarm certificate issued to alarm manufacturer Intruder alarm manufacturer Texecom has announced that it has achieved System 5 Certalarm accreditation from Intertek. ISO67 System 5 accreditation is awarded to manufacturers that have appropriate quality control and production procedures. This ensures that all products manufactured are identical in design, performance and construction to any units which have been submitted to third-party accredited test houses. This reassures users that the products being specified have not changed from those tested to the relevant standards. Jim Ludwig, Managing Director of Texecom, stated, ‘We have always been obsessive about the quality and reliability of our products, and achieving System 5 officially recognises our manufacturing capabilities. Intertek have excelled by delivering a detail-orientated audit project so quickly.’ Daniel Griffin, Business Development Director at Intertek, added, ‘Our ability to rapidly assess, advise and review Texecom’s quality and manufacturing processes has been critical in enabling Texecom to achieve System 5 in record time.’

Cardinal Security appoints account manager Cardinal Security has appointed Tanya Marrington as Account Manager, joining its existing team to ensure the provision of service to new and existing customers. Marrington will be responsible for building relationships with clients whilst ensuring contracts are managed to industry standards. Additional responsibilities will include working with the operations department as well as the sales department, providing support and assisting with business growth opportunities. Following a career spanning 29 years in the security industry, Marrington initially specialised in loss prevention then moved into management of manned guarding contracts. Working in-house for Selfridges and The Burton Group, she later joined national security companies managing a variety of retail, corporate and events contracts for organisations such as Transport for London, Coca Cola Enterprises and Sainsbury’s. Marrington stated, ‘Having worked in a variety of sectors within the security industry, joining Cardinal Security will be a great opportunity to draw on my experience and add value to existing contracts.’

Project3_Layout 1 03/07/2013 13:46 Page 1

FREEDOM TO...

At Apollo we have been protecting lives and property worldwide for more than 30 years. As industry leaders we use our experience to provide customers with the latest technology to meet the challenges of the most demanding environments.

We are the world’s largest independent smoke detector manufacturer offering unrivalled choice and giving customers the Åexibility to choose solutions that Ät their unique needs. Our entire range, certiÄed to key international standards, offers a 10 year product guarantee and we are proud to have trusted partnerships with more than 70 panel manufacturers. Apollo offers open digital protocol and forwards and backwards compatibility, giving customers complete freedom to choose a solution that’s right for them.

To Änd out more visit: www.apollo-Äre.co.uk +44 (0)23 9249 2412

UkGeneric_210x297_UK.indd 1

marketing@apollo-Äre.co.uk

14/06/2013 12:35

retail intro jul13_riskuk_jun13 03/07/2013 15:37 Page 2

The cost of retail crime The cost of retail crime is significant, with attempts to reduce losses incurred as a result of criminal activity appearing to be akin to King Kanute’s efforts to hold back the ocean. The problem with retail crime is that to trade successfully a retail outlet must appear welcoming, and have the most appealing goods on show during opening hours. These two factors combine to create a situation where criminals will always seek out different ways to get their hands on items of value. etail crime is a massive business, costing over £1.6 billion per year according to the latest figures from the British Retail Consortium. The fact that retail crime costs more and more each year may sound like the sector is losing the fight against the criminals. However, this is much too simplistic a view to hold. The problem with crime in th retail sector is that it comes in many different guises, and is affected by several factors which can change rapidly. Often, the reason for change comes from outside of the retail market, and can be impacted by economical or political reasons, as well as by peer pressure or growing demand for certain goods. Most retail outlets have to be welcoming and have the most eye-catching (and often higher valued) goods on display. Such easy access to valuable items is likely to attract the attentions of criminals as well as legitimate shoppers. The problem here is that the precise offences committed are hard to predict. Indeed, losses to the retail sector through crime include theft by both customers and staff, violence against staff, burglary, robbery, fraud, vandalism and arson. Just as the types of crime suffered by the retail sector vary, so do those perpetrating such acts. Criminals could be targeting a business, be legitimate customers who exploit an opportunity when it arises, or even members of staff. They might operate alone or in gangs. They could employ deception methods or use intimidation through violence of threats. They could be young or old, male or female; evidence has shown they may even be very wealthy or have celebrity status. For these reasons, predicting a criminal event and acting accordingly to prevent it from occurring is very difficult. However, as reports on criminal activity in the retail sector show, there are successes – with instances of crime falling in some sectors, or with levels not

www.risk-uk.com

increasing in line with other trends. Equally, there are areas where the number of incidents has risen or where new trends result in more expensive items being targeted, both accounting for the increase in the cost of crime. One other issue, which must be considered, is that as margins come under greater pressure, so many retail environments are reducing staffing levels. This creates greater demand for customer service on those available staff, meaning that windows of opportunity for criminals increase. Additionally, as violence or threats of violence against staff increase, so some personnel will be more inclined to turn a blind eye, or to avoid confrontation, based upon fear of retaliation from a criminal.

Incidents and values Reports show that there has been a rise in crime figures in a number of specific areas, notably in the field of customer theft, which accounted for 83 per cent of all offences recorded over the survey’s 12 month period. The British Retail Consortium’s annual report also notes that only 12 per cent of customer theft incidents are reported, citing a lack of confidence in the police as the main reason. This trend spreads across all areas of crime, with only 22 per cent of employee theft, 79 per cent of robberies, 25 per cent of cases of criminal damage, 44 per cent of burglaries and 35 per cent of fraud incidents being reported. Whilst customer theft made up 83 per cent of all incidents, it only accounted for 28 per cent of crime-related losses. The average value of customer theft is estimated to be £109.19 per incident. It is also estimated that 56 per cent of customer theft goes undetected, which shows that it probably has a much larger impact than most retailers might imagine. Employee theft represented just four per cent of losses, and one per cent of incidents. However, the average cost of employee theft is £1,577. The report also notes that once an employee has committed a crime which is undetected, they are then likely to repeat that crime many times, typically until caught. Robbery has become a significant issue for retailers; the sector has seen this type of incident increase in recent years. Retail establishments are often seen as a soft target when compared with traditional robbery targets such as banks, building societies and post offices, which have invested over the

retail intro jul13_riskuk_jun13 03/07/2013 15:39 Page 3

Retail Crime

years in systems designed to ensure the identification and conviction of criminals. It is interesting to note that the security teams at such businesses rarely set out to prevent crime. They accept that the cash-handling nature of the businesses will attract robbery attempts. Their goal is ensure that anyone who commits such a crime is both arrested and convicted. The average retail robbery costs the sector £3,004. However, more worrying is the violence used or threatened against staff. This is on the increase, and has been slowly but surely becoming a more significant issue with retailers. The fact that businesses have a duty of care towards staff also means that such risks must be taken very seriously. The number of burglaries against retail environments is low, but a recent blip has seen the numbers spike in the past 12 months. Whilst the average loss attributed to burglaries fell, the number of incidents increased by 90 per cent! The average loss attributed to an incident of burglary was £1,730.06.

Taking the initiative Security for retailers should not be considered a grudge purchase, as the

research indicates losses are likely to increase further over the next few years as the economic downturn continues to affect the consumer. The dilemma over how much to spend on upgrading security is all too frequently considered after a crime has taken place, or following a spate of incidents. This reactive approach is obviously not ideal. Acting in advance to deter the criminal fraternity is far and away a better approach to take. Trends also indicate that where a business is considered vulnerable, criminals will target it, and during a short period of time – often too short for action to mitigate incidents to be fully implemented – significant losses can occur. Another issue with the targeting of certain sites is that threats against staff are also increased, with an onus on the business to take definitive steps to protect individuals. Whilst many retailers might consider the impact of crime on the bottom line as part of

The dilemma over how much to spend on upgrading security is all too frequently considered after a crime has taken place, or following a spate of incidents. This reactive approach is obviously not ideal. 13

www.risk-uk.com

retail intro jul13_riskuk_jun13 03/07/2013 15:42 Page 4

Retail Crime

the retail landscape, correct investment can pay dividends. Increasingly, businesses looking to enhance their security profile also profit from other benefits that modern technology can deliver â&#x20AC;&#x201C; such as business intelligence through video analytics. This allows tangible functionality to be employed in roles that can earn the business revenue, via enhanced marketing, footfall analysis, queue management, hotspot monitoring, people counting, etc.. Whilst the main motive for such investments might be to enhance security and to protect people and property, the investment can be offset with funding from marketing and sales divisions, as the tools can then be made available to them during working hours. Management can identify traffic trends as customers pass through stores, helping to maximise the impact of displays. Queues and POS areas can be managed to enhance the customer experience, and staff can be quickly redeployed to maximise efficiencies. All of these benefits can be realised without any negative impact on the security role of the solution. To maximise the impact of solutions, a different approach to security might be required. The research conducted by the British Retail Consortium highlights the areas which retailers are increasing investment in, along with those that are seeing spending reduced. Interestingly, a number of retailers are reducing or ceasing funding for store detectives, and the

www.risk-uk.com

use of uniformed security officers is also being reduced by some outlets. This could be partly due to the emergence of new technologies, allowing a reduced number of security officers to be used in more effective and efficient ways. The areas enjoying higher levels of spending are predominantly technology-based. These include tagging, especially with RFID technologies and source tagging. Other areas of increased investment are video surveillance, with increases in the use of live visible CCTV, video surveillance linked to point of sale devices, and IP-enabled video surveillance. For many retailers, the rising level of crime, coupled with increased losses, is putting their businesses under increasing pressure as times for high street stores in particular become ever more challenging. The lack of confidence in the police, as outlined by the low figures relating to reported crimes, means that retailers are looking towards more flexible and obvious solutions to enable them to better fight back against criminals, and to take charge of the risks they face. For many, security systems are their last form of empowerment. In many cases, the flexibility and costeffectiveness of networked surveillance is attractive to retailers, coupled with the fact that they can enjoy remote viewing, reduced investments in infrastructure and peripheral devices, and also realise a wider range of management benefits. As an understanding of the capabilities of analytics grows, so retailers are using the technology for business tasks, thus justifying increased levels of investment.

In summary Criminal trends in the retail sector are hard to predict, but one thing seems certain; recent rises in the costs associated with crime are set to continue. Clearly some applications, such as those selling tobacco products or alcoholic beverages, will always be at a higher level of risk. Those retailers who serve their community for extended periods, such as convenience store chains, may well be particularly vulnerable as there is more chance of these outlets being manned by few staff. Retailers should also concerned about rises in the level of violence â&#x20AC;&#x201C; or threats of violence â&#x20AC;&#x201C; against staff, and with confidence in the police on a decline, technologies that offer protection and security represent a valuable investment. If specified correctly to ensure performance, surveillance solutions, tagging and integrated systems are all ideal for the modern retail sector.

Project1_Layout 1 03/07/2013 23:35 Page 1

Simply Brilliant Setting new standards for Access Control, Security and Automation SCALABLE True Enterprise solution delivering 1000's of controllers, 1000's doors and 1000's of zones POWERFUL State of the art electronics designed to give many years of seamless operation RESILIENT Designed with high level of self-protection EFFORTLESS Simple "Plug & Play" system expansion

ARRANGE A DEMO Call the Integriti team on 0845 470 5000 or email integriti@innerrange.co.uk

FLEXIBLE Range of Controllers & LAN modules designed to meet simple or complex access control, intruder detection and automation specifications FAST Streamlined installation and commissioning

â&#x20AC;&#x153;Integriti is a true Enterprise solution controlling thousands of doors and zones across multicontroller IP networksâ&#x20AC;?

Project1_Layout 1 04/07/2013 10:43 Page 1

Your cashierâ&#x20AC;&#x2122;s sweetheart is first in line.

Be the first to know.

It pays to know when your cashier is giving away merchandise. Now you can use network video to combat sweethearting, point-of-sale fraud and other employee theft. Itâ&#x20AC;&#x2122;s all made possible with high quality video feeds, real time alarms and other smart features in Axisâ&#x20AC;&#x2122; leading network video solutions for retailers.

This is just one way Axisâ&#x20AC;&#x2122; IP solutions help retail stores minimize loss and maximize profits. Be the first to know how to stay one step ahead.

Get the Axis picture. Stay one step ahead. Visit www.axis.com/retail

Axis network video solutions for retail integrate our leading network cameras with URGEKCNN[ FGUKIPGF CRRNKECVKQPU HTQO QWT RCTVPGTU Ĺ§ 1WVUVCPFKPI *&68 KOCIG SWCNKV[ Ĺ§ +PVGITCVKQP VQ [QWT GZKUVKPI 215 '#5 CPF +2 U[UVGOU Ĺ§ 5ECNCDNG HWVWTG RTQQH solutions from standardized equipment

retail personnel jul13_riskuk_may13 03/07/2013 15:44 Page 1

Security Personnel

The human touch

odern retail businesses increasingly operate in a risk-focused environment. Whilst it is unarguable that the issues faced by retailers are becoming more varied, it also must be accepted that the sheer depth of solutions available are equally diverse. As the liabilities faced by many retailers develop, so the potential solutions also evolve. Every subsequent alteration in the risk landscape inevitably leads to the introduction of enhanced and ever more effective tools in the arsenal of those responsible for risk management and loss prevention in the retail world. Whilst the more conventional retail-based problems such as customer and staff theft still exist, and must be met and handled on a daily basis, the core requirements of risk management in modern retail environments are increasingly becoming more challenging. Thankfully, the flexibility on offer to today's retail-based risk management professionals

For many years, security officers have been a pivotal part of retail security and loss prevention. While research shows that some retailers are reducing spending in this area, the reality is that a well trained operative can offer much more than a basic manned presence in a retail environment! also reflects this. Retailers face an ever increasing range of risks with varying levels of complexity, so the task of selecting an appropriate and efficient solution is often not a straightforward choice. It is increasingly foolhardy to think that there is anything approaching a 'one-size-fits-all' solution. If such a thing did exist, then the retail sector could focus on its core activity of meeting consumer demands and delivering servicerelated performance! One element of retail security that has become very well established over the years is

www.risk-uk.com

retail personnel jul13_riskuk_may13 03/07/2013 15:45 Page 2

Security Personnel

the security officer. Often a manned presence is considered as being at the core element of retail security, but increasingly the changing risk landscape is highlighting the need for a more holistic approach. This ensures that security officers are better enabled to offer a higher degree of performance. Whilst such an approach does often mean that fewer officers may be required as efficiencies can be realised with communications and personnel management, this should not be seen as an opportunity to cut costs. Indeed, without an appropriate investment in all elements of a solution, a holistic approach is doomed to failure.

Paying the price In the past, a number of manned guarding providers battled for market share, with the inevitable result that price became a primary focus for them. For retailers, this may have seemed to be a positive at the time, as the costs associated with the provision of security officers fell. This meant that security became a smaller drain on the bottom line. Sadly, many of those providers fixated with the lowest prices inevitably became involved in something of a spiral of fighting competitorsâ&#x20AC;&#x2122; cost cutting with price cuts of their own. Margins decreased, corners were cut and standards fell. The outcome was lower wages, longer hours and poor working conditions. Disquiet over the price-conscious end of the market spread, and this also impacted on the more professional companies who were still making investments in the right personnel, training and adherence to quality standards. The move to licensed staff, following the passing of the Private Security Industry Act, meant that end users could be assured of receiving trained and vetted personnel when taking out service contracts with guarding providers. Despite many of the security officer providers undergoing significant change, introducing better training, and delivering a higher calibre of personnel, a large number of retailers still place too much emphasis on the cost of contracting security personnel. There are still too many contract decisions made with an eye on the cost, with awards going to those with the lower figures. The provision of security officers is considered as a low cost option. However, most price-based decision are a false economy. In retail risk mitigation, just as is the case in a plethora of other businesses, the old adage that 'you get what you pay for' stands true. Indeed, it could be argued â&#x20AC;&#x201C; and should be argued â&#x20AC;&#x201C;

www.risk-uk.com

Project1_Layout 1 02/07/2013 12:34 Page 1

He just installed the world’s leading primary intrusion detection software on 40 systems in 4 countries. In 1 hour.

ADPRO® IntrusionTrace™ Primary Intrusion Detection Software Remote conﬁguration of advanced video content analysis for perimeter protection—anywhere, anytime. Setup

in 3 easy steps—done False alarms—eliminated Fewer operators, more sites monitored—efﬁcient The industry’s most advanced outside motion detection technology— now i-LIDS-approved

See IntrusionTrace in action! XtralisIntrusionTrace.com

retail personnel jul13_riskuk_may13 03/07/2013 15:45 Page 4

Security Personnel

that often the most cost-effective approach is not the one that carries the lowest price-tag. Many of those providing ‘low cost’ personnel simply cannot offer the right personnel – or the appropriate support services and systems – to deliver a holistic approach. As developments in risk management strategies and solutions continue to advance, so the gulf between genuine holistic solutions utilising security officers and low cost guardingonly operations will expand. If you consider the security officer in a retail environment, it is common to see such a role as pivotal in a loss prevention strategy. In this very competitive sector, there are companies that differentiate themselves solely on price. Some will do this because it's the way they've always operated, others because they think that retailers will always opt for the lowest cost solution. There are also some companies that charge a very low cost because that is the true value of what they are providing!

www.risk-uk.com

However, spend a few minutes considering what your business actually requires. Are you looking for a deterrent value, someone in a uniform to deliver an illusion of security and little else? Do you require a degree of vigilance, and a recognisable presence to offer support should an incident occur, thus taking pressure off staff? Alternatively, do you require a welltrained and disciplined individual who can enhance security, offer assistance should an emergency occur (such as a fire, first aid incident, evacuation of staff and customers), deliver support and assistance to those visiting the site and represent the core values of your business when in customer-facing environments? Do you also require that individual to be able to interact with systems or technologies to deliver a seamless and wideranging service that adds value to the manned guarding contract? With a low cost provider, an individual in a uniform with an SIA licence (denoting basic training and a criminality check) often might be the full extent of what you're receiving. If the individual guards have received minimal training, and also receive the minimum wage, they are – at best – going to require a lot of management and a high degree of motivation if they are to offer credible performance. Even with a high level of support, you will still end up with a number of people performing relatively basic tasks. The term 'manned guard' might seem limited in its scope, but that is a fair description of what you could end up with if your contract decisions are based predominantly on price. More worryingly, the personnel element of the security structure may be disjointed from the overall risk management solution, or even be operating in isolation from other elements of a solution.

Adding value Moving up from the lowest price-point option, the more you invest in supplied personnel, the more you can expect in return. A well-trained operative will not only offer you the 'guarding' element, but could also act as a qualified firstaider, a fire marshall, or even a point of customer service! Many providers of on-site personnel will be able to provide staff with a number of skills and qualifications, but they're never going to be the lowest cost option. However, when you consider that with many sites there is a legal responsibility for the site owner or operator to ensure that first-aiders and fire marshalls are in place, the use of well-trained security officers can be a cost-effective option.

dycon ad risk jun13_Layout 1 04/06/2013 13:41 Page 1

Dycon have 12 & 24Vdc

Dycon only re manufactu in Wales

solutions from 1 to 10A

Boxed or PCB

– all switched mode

only options

technology

for maximum

p.s Dycon have only

flex ibilit y

ever made switched mode!

Purchasing Dept, we need new, greener PSUs now! We need energy-efficient PSUs. We don’t want to be at the mercy of Far East delivery schedules so please look for a hi-tech UK manufacturer. Can you find a single source for all our needs, Intruder, Fire, CCTV, Access and PoE!

Each Dycon PSU saves at least £20 electricity p.a. compared to old conventional linear PSUs.

Dycon

It’s a no brainer then!

call DYCO N today

01443 471060

m info@dyconsecurity.co

They even have spec circuits that can

ial

extend battery life

by up to 12 months,

how much will that

save us each year service calls??

retail personnel jul13_riskuk_may13 03/07/2013 15:46 Page 6

Security Personnel

Such roles are usually fulfilled by staff from the business itself. By covering the legal obligations, a better qualified officer simplifies such requirements. A typical approach to overall site protection will include a number of technological elements to a solution, with video surveillance, audio communications, security alarms, access control and dedicated retail systems. The workflow between these elements of a solution and the security personnel on the front line cannot be disjointed if the solution is to be effective. Again, with quality personnel who have been trained to interact with such systems, this need not be the case. Modern technology makes it a simple task to ensure that the security officers can receive, manage and utilise all of the data (or whatever level of data they require) generated by such systems, in real-time, on portable devices. Often, on-site personnel will have a much better understanding of the intricacies of a building's or site's layout than an operator in a remote control room. It is therefore far more efficient – and undoubtedly safer – if personnel on the ground can have full and complete situational awareness when dealing with any risk-based incident. There are also other benefits to replacing the traditional control room in larger retail sites, instead delivering the information directly to security officers. For many modern retailer, one of the most valuable resources is real estate. Control room environments can often be reduced in terms of size, allowing more space to be given to stock-holding or retailing, if riskrelevant data is delivered directly to those who require it! Some businesses have found that such an approach has allowed them to eliminate the control room altogether, with data distributed between their contracted security and safety personnel, as well as those responsible for risk management within their own organisation. Others have retained smaller, more streamlined control rooms. When properly considered and implemented, such an approach will also deliver enhanced levels of operational efficiency as well as delivering the retailer more operational space.

www.risk-uk.com

Obviously, every retail site will be different, even where a chain follows a formulaic approach to design and layout in every store. Social, economic and cultural differences will occur in different geographical locations, and the solutions pertinent to one set of circumstances may not be ideal for another. That aside, one thing can be said with certainty. Viewing any element of a retail risk management solution in isolation – whether that be security officers, video surveillance, alarm systems or any other element – can only lead to a flawed solution. Another fact is that a flawed solution will never be the most costeffective.

In summary When considering the role of security officers in the retail sector, contracting in individuals based upon which supplier carries the lowest possible costs is never going to deliver the best solutions. If you opt for a price-driven service, then a very basic offering is pretty much the sum of what you've got! However, investment in the right people and delivery of the data they required will give a much improved chance of achieving a relevant and effective solution. If a provider is pushing their services based solely upon the lowest cost, take that as a cue to question what the actual benefits on offer will (or will not) be. How specific is the training of personnel for the retail environment? How does the supplier assess performance of personnel while they are on your site? What roles will the contracted personnel carry out? Will the contracted personnel be trained and supported to ensure that they fit in with the ethos of your business? If you do not receive appropriate responses, or if the inference is that you'll only need their one element – security officers – to manage your risks, then walk away! Research from the British Retail Consortium has indicated that risks faced by retail businesses are likely to become increasingly complicated and challenging in the future. However, solutions are becoming increasingly effective, as well as being simpler to integrate and employ. The mitigation of risks has moved to a higher level, with potential solutions delivering more protection for retailers, especially where a holistic approach is employed. For retailers, it is imperative to ensure that all elements are optimised to fully realise the potential of any risk management solution.

risk web__RiskUK_dec12 31/01/2013 14:47 Page 2

In an increasingly volatile world, Risk UK is essential reading for risk management, loss prevention and business continuity professionals Increasingly, businesses and organisations need to operate in a risk-conscious world. The external threats to business are manifold and diverse. Issues range from security of people and property, loss prevention, health and safety, cyber threats, environmental issues and human resources management, through to terrorism, extortion and arson. Threats develop rapidly, and must be faced. Whilst the risks faced are complex, so too are the potential solutions. These need very careful consideration if the benefits on offer are to be fully realised. Risk UK delivers essential updates, advice and guidance to ensure that modern businesses are able to take proactive steps towards mitigating risk.

Risk UK offers a full web site and regular electronic newsletter, alongside its print publication, to help those who are active in risk management to better address external threats.

@riskukmagazine

www.risk-uk.com

social media jul13_riskuk_jun13 03/07/2013 15:49 Page 2

Social security? For many businesses and organisations that deal with the general public, it makes sense to be where the customers are, sharing information, listening to feedback and commenting on issues that the customer-base is interested in. In the past, such a marketing presence was expensive and difficult to manage. In today’s world, social media can simplify the process. However, it can represent something of a double-edged sword. Risk UK – with the help of Nigel Miller – considers the risks of the social media circus. Nigel Miller is a commerce and technology partner at law firm Fox Williams LLP.

www.risk-uk.com

he popularity of social media has undergone a significant rise in recent years, to the point that often it is assumed people use one or more of the many varieties that are out there. Increasingly, social media is not just the preserve of the general public. Businesses and organisations have also embraced what the services offer.

For many companies, social media has created new opportunities to engage with customers, develop sales and add value to brands. However, it has also created new challenges, dangers with regard to brand reputation and legal liabilities. It is therefore imperative that businesses and organisations understand the legal risks, and comply with the best practices to manage risks and avoid brand damage. Social networks can be unforgiving if policies and procedures are not followed. What may seem like a good marketing idea at the time can backfire and rapidly inflict serious brand damage as the ‘blogosphere’ seizes on – and highlights to the world – the slightest social media faux-pas. The sources of problems vary. A backlash might occur due to the posting of an ill-judged message or campaign, or because of a misjudgment of public feeling. It might me a throwaway comment, an accidental posting or the statement of an unthinking or hostile employee. Reported high profile cases of reputational damage via social media have occurred for a variety of reasons, ranging form those posting comments mistaking a corporate account for their own private one, through to attempts to hijack non-relevant subjects to gain wider coverage. In the early days of Twitter, Habitat thought it would be a good idea to include unrelated trending hashtags in promotional tweets to try and gain wider readership. These included #iPhone, #Apple, and a references to popular television shows and even the Iranian elections! The reaction was immediate and negative: ‘Moneygrabbing furniture outlet. Bad bad bad. Now I’m glad I can’t afford your overpriced Ikea replicas’ and ‘Spamming news of important events. You must be so proud!’. Habitat removed the Tweets and eventually apologised. Of course, whilst it could remove its original tweets, such is the nature of the on-line world that many of the deleted items are simple to find today! More recently, Waitrose invited its followers to finish the sentence, ‘I shop at Waitrose because… #WaitroseReasons’; it perhaps did

social media jul13_riskuk_jun13 03/07/2013 15:55 Page 3

Social Media

not anticipate the subsequent number of replies which poked fun at the supermarket’s image (‘I shop at Waitrose because… I think food must automatically be better if it costs three times as much’ and ‘I shop at Waitrose because… I once heard a dad say “Put the papaya down, Orlando”’). The responses were highlighted and repeated across many social media streams, and Waitrose prevented a potentially damaging escalation by engaging in good humour about the comments. Earlier this year, things didn’t turn out so well for Virgin Media after the company was publicly vilified on Facebook following the issuing of a bill – and a late payment penalty – to a deceased customer, even though the bill stated the reason that the direct debit had been refused was because of the customer’s death. In brief, social media can be a doubleedged sword.

A question of law Some people feel that the almost throwaway nature of social media means that statements made through it do not carry the same implications with regard to law. Indeed, given some of the statements that regularly wash up in the social media streams, it can seem too casual, unregulated and almost anarchistic at times. However, businesses and organisation must be very careful. Indeed, some recent high profile cases show that there is some debate over the interpretation of comments made. Some libel cases have hinged on how comments would be interpreted in the context of social media rather than in other written applications. Recently, a court in Australia decided that comments on Facebook by Leah Madden, the designer of swimwear label White Sands, about rival swimwear manufacturer Seafolly, amounted to misleading and deceptive conduct under trade practices legislation. Madden had created a Facebook album entitled ‘The most sincere form of flattery?’ which contained a series of photographs of swimwear she had designed alongside similar items from Seafolly's collection. Madden added comments which implied that her designs had been copied, and that subterfuge had been used to gain photographs of her products. The comments which led to the legal case were quickly removed, but the legal action still went ahead. The case highlights that laws that apply to businesses generally also apply to their social media activities. Businesses must be careful that statements made on social media are correct and can be substantiated.

Given the way in which tongue-in-cheek comments are often used via social media, businesses must ensure that they do not simply join in with individuals making such comments, as the same laws that cover advertising, libel and business procedures still apply.

Who’s who? It is not difficult to set up a social media account that impersonates a brand, and consumers can be easily misled; jokers, scammers or counterfeiters might do this. The negative impact on a brand can grow exponentially if false offers, scams, malicious information, spoofs or jokes get shared on social media networks. Even using a third party’s trade mark as a hashtag could result in trade mark infringement if it creates a likelihood of confusion or association with the third party’s products. If the third party trade mark is a very well-known one, such use could be claimed to take ‘unfair advantage’ of the mark. Brand owners need to monitor this, but also pick their battles carefully. In some cases action is needed, but in other cases wading in with defensive or threatening comments may do more harm than good. Often, if a battle between a genuine brand and a spoof account is tackled because the fake account is indulging in humour at the brand’s expense, public opinion might well fall with the fake account! Keeping account details secure is also key. Tom Watson, a Labour MP, had his private Twitter account hijacked by a female intern who, while he was in a meeting, tweeted to his 65,000 followers, ‘I should log out of my twitter so that my intern doesn't twit-rape me...’. Afraid that the intern would be fired, the hashtag #savetheintern then trended. In cases of account or brand spoofing the starting point is to use the social media stream’s own resolution processes which might either suspend the account or take other action to clarify the situation to those viewing the data. In serious cases where those providing the social media stream do not take action, brand-owners can take legal action to force the service-provider to remove the account or to reveal the identity of the account owner.

Some people feel that the almost throwaway nature and casual attitude of social media means that statements made through the various streams do not carry the same implications with regard to compliance with law. 25

www.risk-uk.com

social media jul13_riskuk_jun13 03/07/2013 15:55 Page 4

Legal compliance Unfair trading regulations prohibit using media to promote a product where the trader has paid for the promotion without making that clear. In addition, the regulations prohibit traders posting content which falsely creates the impression that the information or comment has come from a customer. In 2011, the Advertising Standards Authority’s powers were extended to cover online advertising, including use of social media. The ASA have already upheld a number of complaints concerning misuse of social media. A recurring issue is complaints that social media activity can breach the requirement that ‘marketing communications must be obviously identifiable as such’. For example, the ASA ruled that a Twitter campaign for Nike featuring Wayne Rooney and Jack Wilshere breached the Committees of Advertising Practice Codes because the messages were not sufficiently recognisable as advertising. Nike had the dubious privilege of being the first organisation to have its Twitter campaign banned by the ASA. Given the 140 character limit for a tweet it can be a challenge to both promote the product and identify the tweet as a marketing communication. Following the Nike complaint, the ASA stated that adding the #ad hashtag could ensure that those reading the Tweets

www.risk-uk.com

could easily identify them as an advertising message. Freedom of expression is a core value of modern society. The European Court of Human Rights has said that freedom of expression includes the right to say things that ‘offend, shock or disturb’. However, it is not an unfettered right. Under the Communications Act it is an offence to send a communication (including via social media) that is grossly offensive or indecent, obscene or of a menacing character. Social media tests the boundaries of freedom of expression. Does a message merely offend (in which case it may be okay) or is it grossly offensive (in which case it may be criminal)? Those overstepping the mark with an ill-judged tweet can find themselves in prison. Even if not criminal, an offensive tweet sent by a member of staff in an unthinking moment of recklessness can become widely publicised and cause substantial brand damage. Companies need to ensure that employees do not share company confidential information on social networks, even in error. Cases exist where information relating to a board meeting caused issues with regard to stock trading, and sensitive technical information has been pout into the public domain when comments have inadvertently highlighted privileged information. Such a breach of confidentiality could breach an employee’s legally implied

social media jul13_riskuk_jun13 03/07/2013 16:18 Page 5

Social Media

duties to an employer or express confidentiality clauses in service contracts. That could lead to disciplinary action or, in serious cases, dismissal for gross misconduct. Some recruiters use social media to qualify or disqualify candidates. There are issues under employment and data protection laws in using information on social networks to carry out background checks, as the candidates may not be aware this is happening, and the information may be unreliable.

Social policy Businesses must manage the risks of social media. A good starting point is to identify the specific risks for the business and then formulate a specific plan. There is no ‘one-sizefits-all’ policy, as every business uses social media in varying ways. In formulating a social media policy there are a number of factors that need to be considered. It’s important to then provide training to those members of staff who are engaged in social media to ensure that they understand the risks and how to protect the business’s brand.

An effective policy should ensure that brands and usernames are protected on the main social media platforms, by setting up official sites. Companies should use verified accounts where available (such as the blue verified badge on Twitter). It is also important to set up terms of use on the company’s own sites where user-generated content can be posted. This will prohibit inappropriate content, and reserves the right to remove content which is offensive or damaging. Businesses should allocate responsibility, and implement procedures, for monitoring social networks. This should include anything adverse to the brand, including reputational damage, infringers of intellectual property, impersonators or others intent on causing brand damage. A policy should be implemented to decide what – if any –action is taken should such a risk develop. Businesses must also educate staff about the risks, and should use using disciplinary action to enforce breaches of the policy. If something does go wrong, businesses must deal with it promptly, openly, honestly and sensitively.

data protection jul13_riskuk_jun13 03/07/2013 22:47 Page 2

How secure must secure data be? When considering data protection, within the confines of the Data Protection Act, the main emphasis for many businesses and organisations falls onto the requirements for any data held to be appropriate, legally obtained and managed, and processed for appropriate purposes. At first glance, the principles of the Act seem to demand this, and some organisations might see fulfilling these obligations as the end of the matter. However, some of the principles require a little more effort for compliance!

www.risk-uk.com

brief glance at the eight principles of the Data Protection Act reveal nothing unexpected. These stipulate that personal data must be processed fairly and lawfully, can be obtained only for specified and lawful purposes and must not be further processed. The data should be relevant and not excessive for the purpose, and must be accurate and, where necessary, kept up to date. Data also must not be kept longer than required for the processing, and must be processed in accordance with the rights of data subjects. Data processors need to take appropriate technical and organisational measures to prevent unauthorised processing, accidental loss, destruction or damage to data. Finally, data cannot be transferred to a country or territory outside the European Economic Area unless that country ensures an adequate level of protection for the rights of data subjects. The data protection principles are relatively straightforward, and for many businesses compliance is easily met. However, discussions with many organisations have highlighted a weakness when it comes to understanding the full requirements of Principle 7. Principle 7 states, ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.’ The ICO gives further guidance on Principle 7. It states, ‘In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to: design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach; be clear about who in your organisation is responsible for ensuring information security; make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and be ready to respond to any breach of security swiftly and effectively.’ Further guidance predominantly focuses on information security, and for many businesses and organisations, this is presumed to cover the needs of the Principle. By way of an example, it is worth considering the recent fine of £150,000 imposed on Glasgow City Council after two laptops containing unencrypted data were stolen. Following the announcement of the

data protection jul13_riskuk_jun13 03/07/2013 22:48 Page 3

Data Protection

punishment by the ICO, many companies in the information technology security sector were quick to point out that the data could have easily been encrypted, and that the failure to do so had led to the monetary punishment. Whilst the failure to ensure that personal data – including, in this case, financial information and bank details – was encrypted does indicate poor management and a failure to comply with best practice and the council’s own policies on data handling, the reality is that the lack of encryption was not solely a breach of the DPA principles.

Degrees of protection In the case of Glasgow City Council, it could be claimed that encryption of the data on the stolen laptops could have added a degree of protection for the data subjects whose information was stored on the devices. However, to put the situation in context, it must be remembered that the DPA Principles apply not only to electronic data, but also to paper documents and records, photographs, video, even hand-written notes. If the information is capable to identifying an individual, then it is classed as personal data. This identifies the flaw with thinking that data encryption is sufficient to fulfill the DPA’s requirements. Obviously, paper-based data and records, notes, photographs and certain types of recordings cannot be encrypted. Whilst the DPA requires ‘appropriate’ measures to be taken, it does not define what represents appropriate measures. It could be argued that data encryption is appropriate, and therefore necessary. However, there’s more to the measures taken than mere encryption. The laptops were stored overnight on a site where renovations were taking place. It would be reasonable to consider that if a site is open to a number of contractors, delivery staff and other visitors, then it is not appropriately secure to ensure the data will not be compromised. Also, complaints had already been made about thefts at the site, and the lack of overall security. This clearly shows that the council was aware of the risks inherent in storing data at the premises, but didn’t act to either increase security or make alternative arrangements. Finally, the laptops were stored in drawers. One drawer was locked, but the key was stored in another drawer, along with the second laptop. The latter drawer was not locked. What this case clearly illustrates is that there was a need to introduce several layers

of protection to meet the requirements of the Act. The ICO does not prescribe the type of system or policies that must be implemented, allowing businesses to assess risks as per the site’s requirements. However, businesses and organisations should be under no illusion that obligations can be simply met by using some form of data encryption. If you consider the theft of – or unauthorised tampering with – physical devices containing data, whether they be computers, storage devices, record files or other physical items, the first degree of protection must be to physically restrict who may access where they are stored. How you do this will very much depend upon the scale of the data storage, the number of people authorised to access the data, the number of locations used to store data, and whether anyone is authorised to enter the storage area for other reasons.

Businesses and organisations should be under no illusion that simply deploying data encryption or another information security technology will cover their obligations under Principle 7 of the Data Protection Act. 29

www.risk-uk.com

data protection jul13_riskuk_jun13 03/07/2013 23:00 Page 4

Data Protection

Modern access control solutions can allow a range of parameters to be set with regard to accessing restricted areas. By setting strict criteria concerning who can gain access and when, a high degree of control can be established. Businesses could even stipulate that access is forbidden if a person is alone, even if they authorised. Criteria could be that staff may only access the area if there are two authorised members of staff, with an option that they need to be given specific clearance to be there. The criteria could be used across multiple areas if data is stored in more than one location. Any attempts to gain access that create violations – lone staff, staff not authorised for access, access requests made outside permitted times, etc. – would be flagged by the system as alarm events. This could also trigger video devices to capture evidence of the attempt, or could generate an activation which either sounds an alarm or sends a notification to authorised personnel, maybe with a snapshot of the perpetrator. The physical location of the data storage should be robust. There is no point in investing in advanced systems if door locks are weak, or windows can be forced.

Where systems are implemented, it is vital to ensure that policies are in place to make certain that the solution functions as expected, and that any operational failures are notified to management. Such a system might sound advanced, but the functionality described is available in even many basic systems. Therefore, this makes such a solution ‘appropriate’ as prescribed by the DPA. It is also vital that where data, or the devices that contain data, are no longer required or appropriate to retain, secure and certified destruction is employed. The recovery of data from discarded devices has embarrassed many organisations, and therefore appropriate destruction is a legal obligation.

In summary Data protection and DPA compliance does require that information security is taken seriously. There will be cases where data simply cannot be secured in this way. Whether electronic or hard copy, the ability to access the storage media must be secure. Even if a thief does not use the data, only wanting the device, you will have breached the DPA!

Advertising Feature

Over 60% of all fines issued by the Information Commissioner’s Office (ICO) relate to the use of un-encrypted email, often being sent to the wrong recipient. n-encrypted e-mail can be viewed a bit like a postcard where the content is immediately available to anyone who can see it - including the postman or nosey neighbour, or the wrong recipient! Insecure email is also about to get a lot more expensive with the European Data Protection Framework (EDPF), which is expected to come into force in 2014, carrying penalties of up to 2% of annual turnover for those found not to have taken the necessary action to prevent the data loss by establishing the necessary procedures and technical infrastructure. A further issue that results in data loss is

www.risk-uk.com

that email does not handle large attachments at all well, causing users to send large files, those carrying the most data, via ever more insecure, and often much more expensive methods such as couriers, USB, consumer grade cloud services and USB sticks or DVDs. But how can we operate without e-mail. It’s our favorite tool, we’re all used to it, it’s universally available and it’s easy to use. We can even receive it on our mobile devices so we have access to it wherever we are. Solve the security and file attachment problems and e-mail is an effective tool rather than a major vulnerability. Cryptshare enables users to exchange fully encrypted emails and file attachments of unlimited size with anyone and from within existing email solutions such as MS Outlook and IBM Notes. Furthermore Cryptshare complies with all existing ICO requirements. Simply put, in addressing both issues, Cryptshare makes e-mail better. To find our more or start a free trial go to www.cryptshare.com and click Risk UK

Project1_Layout 1 03/07/2013 23:22 Page 1

Project1_Layout 1 03/07/2013 23:23 Page 1

RADIO LOOP MODULE

Project1_Layout 1 03/07/2013 23:23 Page 1

Project1_Layout 1 03/07/2013 23:24 Page 1

cyber news jul13_riskuk_jul13 03/07/2013 16:26 Page 1

Cyber News

Enhanced FIPS-certified embedded security announced Inside Secure has announced that its SafeZone encryption toolkit has received Federal Information Processing Standard (FIPS) 140-2 certification from the US National Institute of Standards and Technology (NIST). The certification expands the company’s portfolio of FIPS-certified hardware security modules and secure microcontrollers to include software offerings for securing data in transit over SSL/DTLS and IPSEC, as well as data at rest on Android devices. With these additional FIPS-certified offerings, it delivers OEMs and application developers even greater ability to secure appliances, applications, mobile devices and servers in accordance with stricter government security requirements. ‘Security is now a basic requirement for every device and at every point where data is touched, stored or transmitted. Even beyond government-mandated applications, many industries in the commercial sector are adopting FIPS because it has become a globally recognised standard for security,’ stated Simon Blake-Wilson, executive vice president for embedded security solutions at Inside Secure. ‘Using software development tools that incorporate this pre-validated module, manufacturers can meet current and future security requirements, avoid the lengthy and expensive FIPS validation process, stay focused on their core competency and get their products to market more quickly.’ The enhancements are claimed to illustrate how the recent Embedded Security Systems acquisition is supporting the company’s strategy to provide customers with an assortment of hardware- and software-based security solutions. FIPS 140-2 is a globally recognised US government security standard for securing commercial, government and defence applications. US and Canadian government telecommunications systems already are required to use FIPS 140-2 validated cryptographic modules to secure data. As more industries are categorised as critical infrastructure and become targets of cyber-attacks, their applications, devices and communications networks will also be required to meet these stricter government mandates and recognised standards. Recent directives in the US and Europe seek to expand this requirement to more industries including finance, manufacturing, healthcare, transportation, communications and other utilities.

Cyber and Data Security News Bundesdruckerei acquires shares in Cryptovision Bundesdruckerei is to acquire a 25.1 per cent share in Cryptovision, headquartered in Gelsenkirchen. With this move, the Berlin-based company is expanding its expertise in the field of high-efficiency encryption techniques and strengthening its market standing as a full-service provider of ID security systems. ‘Protection of personal and other confidential information plays a central role in our digital society. The security requirements placed on electronic ID solutions are increasing continuously,’ stated Ulrich Hamann, CEO of Bundesdruckerei. ‘With our investment in Cryptovision, we are expanding our range of solutions and products along the entire ID process chain.’ Cryptovision is a provider of secure electronic identity and digital information protection solutions. Founded as a spin-off of Essen University, the company specialises in modern cryptography methods and public key infrastructures for government authorities and private commercial sectors. Cryptovision was commissioned by the German Federal Office for Information Security to participate in developing the EAC (Extended Access Control) standard for electronic passports. Among its products is the ePasslet suite, a comprehensive collection of applications for sovereign electronic documents. It is used for the eID cards of Rwanda and Armenia and electronic passports of Moldova and Ecuador. The solutions offered by the two companies complement each other, as has already been demonstrated in a number of joint projects. ‘In view of our excellent cooperation in the past, we are happy to welcome Bundesdruckerei as one of our shareholders,’ stated Markus Hoffmeister, Cryptovision’s CEO. ‘Now we will be able to exploit further synergy effects in future, particularly in the field of cutting-edge eID technology.’

Bank users are leading target for phishing Kaspersky Lab has stated that 20.64 per cent of phishing attacks registered between May 2012 and late April 2013 targeted users of banks and other financial organisations. The figure emerged from research into phishing threats carried out using data from the cloud-based Security Network. The data is indirectly confirmed by the banks - according to the results of a global survey conducted in Spring 2013, about 37 per cent of all banks surveyed were affected by phishing attacks at least once over the previous 12 months. The organisation claims it is no surprise that banking and e-commerce has attracted unwanted criminal attention. With an attack on other sources that yields personal data, cyber criminals must then find buyers for the information. However, successfully using fake online banking or shopping pages leads directly to earnings for the criminals. Despite the widespread dangers of phishing attacks, simply installing a security product with the necessary functionality to protect financial operations will protect even the most inexperienced users when conducting transactions online.

www.risk-uk.com

cyber news jul13_riskuk_jul13 03/07/2013 16:26 Page 2

Cyber News

PenMetrics offers advanced writing analysis Paragon Software Group has released PenMetrics, a new graphometry-based technology that measures a wide range of individual handwriting characteristics and parameters. These parameters include letter width, height, inclination and other measurements. The metrics can be subjected to further analysis for a range of purposes, including determining whether or not a piece of text was written by a particular individual. PenMetrics is capable of processing both plain text (scanned from a paper handwriting sample) and dynamic text (collected using a range of mobile devices or graphics tablets). The technology determines constants in handwriting and provides full, detailed data on requested parameters. The collectable characteristics can be customised upon request. Characteristics collected can include letter width, height and inclination angle; pen pressure, input rate, time delay between strokes and words, total input period for each stroke or word; width and height of upper and lower loops.

Lancope enhances integration with Cisco Lancope has announced tighter integration with several Cisco infrastructure solutions to provide governments and enterprises with greater performance and flexibility for network and security monitoring. The company will also join the recently announced Security Technology Partner Ecosystem and Platform Exchange Grid (pxGrid) to provide customers with advanced security intelligence. The relationship is reflected in the StealthWatch system through enhanced and more customisable integration. Lancope will now offer deeper integration with the Identity Services Engine (ISE), ASR/ISR and ASA to empower users to more closely guard their infrastructure from potential cyber-attacks and performance issues. StealthWatch helps combat advanced attacks such as APTs, zero-day malware and insider threats. It is claimed to deliver in-depth visibility into the network interior and advanced security context including virtual, application, identity and mobile awareness.

Students to help build trust in the online world Cyber Integrity and Meaning of Trust Competition has been launched across 15 UK universities, offering opportunities for those with ideas to improve confidence in the internet-dependent society. The pilot for a national programme, delivered through the Cyber Security Challenge, aims to put the issues of security, resilience and integrity into a business context and draw ideas from all UK Masters students. Participants will receive an opportunity to present their ideas to employers looking to recruit talented individuals to not only secure their systems but also improve customer’s confidence in their products and services. Any MA, MBA or MSc student can enter a

www.risk-uk.com

US Defense Department to move away from firewalls The US Defense Department is building a single security architecture that will eliminate firewalls in the future, according to Lt Gen Hawkins Jr, USAF, Defense Information Systems Agency (DISA) director. The future architecture, which is still in development, will be designed to protect data rather than networks. Hawkins stated, ‘In the past, we’ve all been about protecting our networks: firewall here, firewall there, firewall within a service, firewall within an organisation. We’ve got to remove those and go to protecting the data. You can move that data in a way that it doesn’t matter if you’re on a classified or unclassified network, depending on someone’s credentials and their need to know. ‘We want to be able to normalise our networks to where you can have the collaboration and information moving over our networks and you don’t have to have the different firewalls, the separate networks, to get those things done.’ It is claimed that significant savings in instrumentation can be realised using the approach to allow, for example, a move from ‘hard phones’ to ‘soft phones’. This simplifies the task of delivering data to personnel in the field. The single security architecture will improve command and control capabilities, including cyber command and control.

presentation based on their dissertation for assessment by a panel of policy makers and business leaders, as well as security professionals. The competition recognises that improving confidence in the increasingly internet-dependent society requires consideration beyond the technical, computer science and electrical engineering domains. The competition has been developed by the WCIT (The Worshipful Company of Information Technologists), the City of London Livery Company for ICT, in association with The Institute of Engineering and Technology, the Digital Policy Alliance and others. It will be delivered through the Cyber Security Challenge which runs a series of competitions developed by employers and supporters from industry, government and academia to find new talent for the sector, and is part of a new stream of university activities.

FINAL bm web house_001_Benchmark_jul11 08/08/2011 16:20 Page 1

www.benchmarkmagazine.com

BENCHMARK

Benchmark â&#x20AC;&#x201C; dedicated to independent tests, assessments and reviews of security products and solutions

The Benchmark website is a PRODUCT TESTS All tests are fully independent, and manufacturers supplement to the monthly have no involvement in the process. Additionally, Benchmark makes no charge, financially or of any magazine, and includes a variety other kind, for inclusion in tests. All products are selected by an independent team. In short, itâ&#x20AC;&#x2122;s the of tests and assessments of the only way you can ascertain the truth about product latest products, as well as guides performance! to product selection, technology Tests are carried out by an independent team of experts, telling you the truth about the performance challenges and information about of a wide range of security equipment, warts and all. influential technologies in the CHECK PREVIOUS ISSUES Benchmark back issues are available on-line, in a security sector. All content fully interactive format, and can be accessed free of is taken from the published charge. If Benchmark has tested the product, then you can establish the level of performance expected editions of Benchmark, so you in the field! will not find drafts by GUIDES AND CHALLENGES The Benchmark website includes product guides, manufacturers marketing their highlighting products that have been tested, or that wares or marketing hype that is have been recommended by security installers, system integrators, specifiers and security regurgitated via so many other consultants. There are also Technology Challenges, debunking the hype by reporting real-world channels. The content is written experiences of the various technologies. in plain English, free from technobabble, and reflects STAY UP TO DATE genuine experiences with the Benchmark is always testing and assessing products and technologies. Keep up to date equipment, whether that be with the latest reports by following Benchmark on Twitter. good, bad or indifferent. The www.twitter.com/benchmarkmag website is free to view.

www.benchmarkmagazine.com

next issue_riskuk_Dec12 03/07/2013 16:42 Page 1

Next Issue

Next Issue... Cloud services

Incident reporting

Talk of the Cloud has become ubiquitous in recent times, with a constantly-growing number of business operations being offered as a service. Whilst the Cloud – in it’s many forms – represents benefits in many spheres of operation, is it the right solution for all tasks? Risk UK considers how the Cloud affects and impacts on the business of risk mitigation, as asks whether those involved with threat protection should be more cautious when considering the role of the technology!

In the history of health and safety law, it can be clearly proven that many major disasters might well have been avoided had there been effective auditing and reporting of health and safety issues and warning signs relating to safety concerns. It is both tragic and depressing when preventable incidents happen, sometimes resulting in the loss of life, serious injury and business disruption. What often makes such occurrences worse is that they can happen many years after warnings or previous incidents should have alerted a company to take appropriate action Risk UK considers the importance of correct incident reporting, and looks at how the information gathered can help businesses and organisations to enhance health and safety for employees and visitors, along with customers and the general public.

Food processing On the surface, the food processing industry might seem one that escapes many of the threats faced by high profile businesses. However, with concerns ranging from Health and Safety of employees, through to public health, strict control of sites and the supply chain is a necessity.

EURO GRADE SAFES WITH ADDED PROTECTION – GRADED 0-5

ARE YOU READY IF THE POWER FAILS? STANDBY POWER FOR EVERY SECURITY APPLICATION CCTV

UP TO £100,000 CASH RATING EN 1143-1 CERTIFIED & TESTED MULTIPLE LOCKING OPTIONS FIRE RESISTANT

Battery back up systems and standby power for single and networked camera systems

EMERGENCY LIGHTING Static inverters and central battery systems for all critical lighting systems

ACCESS CONTROL Back-up power systems to ensure continuity of access control

ALTERNATIVE SIZES AVAILABLE LIGHTWEIGHT CONSTRUCTION Telephone: +44 (0)1252 311888 Web: www.securikey.co.uk Email: enquiries@securikey.co.uk

www.risk-uk.com

TEL: 01488 680500 WWW.UPSSYSTEMS.CO.UK

july 13 dir_000_RiskUK_aug12 03/07/2013 15:14 Page 1

Best Value Security Products from Insight Security www.insight-direct.co.uk Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

ACCESS CONTROL

Security Screws & Fastenings

Key Control Products

Empty Property & Lone Worker Alarms

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT Unit c1 South city Business centre Tallaght D.24 Ireland www.accesscontrol.ie tel: 00 353 1 466 2570 UK Lo Call Number: 0845 300 5204

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS

SIEMENS SECURITY PRODUCTS

ACCESS CONTROL

APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8

Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 1291 437920 Fax: +44 (0) 1291 437943 email: securityproducts.sbt.uk@siemens.com web: www.siemens.co.uk/securityproducts

ACCESS CONTROL – SPECIALIST PRODUCT DISTRIBUTOR

MIRAS SECURITY SOLUTIONS LTD

ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

Speed Gates, Loop Detectors, LED Traffic Lights, Bi-Fold Gates, LED Traffic Signs, Turnstiles, Access Control, Bollards, Biometrics, Pay-on-Foot Solutions, Turnstile Hire, AVI Vehicle Tagging. Tel: 01633 420439 Mob: 07870 504 288 E: info@mirassecurity.co.uk W: www.mirassecurity.co.uk securitysolutions solutions security

miras

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES ACCESS CONTROL

HTC PARKING AND SECURITY LIMITED

COVA SECURITY GATES LTD

4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

ACCESS CONTROL ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS

HEALD LTD HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems

Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

AUTOMATIC VEHICLE IDENTIFICATION

NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com

ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS

ACCESS CONTROL – BARRIERS, GATES, CCTV

FRONTIER PITTS

ABSOLUTE ACCESS

Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com

Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

ACCESS CONTROL – MANUFACTURER

UKB INTERNATIONAL LTD

ROSSLARE SECURITY PRODUCTS

Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

Rosslare Security Products manufactures the Security Industry’s largest and most versatile range of Proximity and Smart Card readers.

Bletchley Park, Milton Keynes, MK3 6EB Tel: 01908-363467 Email: sales.uk@rosslaresecurity.com www.rosslaresecurity.com ISO 9001 and ISO 14001 Certification

www.insight-direct.co.uk Tel: +44 (0)1273 475500

may dir_000_RiskUK_aug12 01/05/2013 10:51 Page 2

BUSINESS CONTINUITY BUSINESS CONTINUITY SOFTWARE & CONSULTANCY

CONTINUITY2 E232 Edinburgh House Righead Gate Glasgow G74 1LS Tel: +44 (0) 845 09 444 02 Fax : +44 (0) 845 09 444 03 info@continuity2.com

CCTV / ACCESS CONTROL

GENIE CCTV LTD CCTV HOUSE, CITY PARK, WATCHMEAD, WELWYN GARDEN CITY, HERTFORDSHIRE, AL7 1LT TEL: 01707 330541, FAX: 01707 330543 EMAIL: sales@geniecctv.com www.geniecctv.com / www.genieaccess.com

CCTV/IP SOLUTIONS

DALLMEIER UK LTD BUSINESS CONTINUITY MANAGEMENT

CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

CCTV AND IP SECURITY SOLUTIONS

JVC PROFESSIONAL EUROPE LTD. 12 Priestley Way London NW2 7BA T: +44 (0)20 8208 6205 www.jvcpro.co.uk

PHYSICAL IT SECURITY

RITTAL LTD Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk

CCTV LENSES

PENTAX RICOH IMAGING UK LTD.

BUSINESS SALES BUSINESS SALES Caroline Exley FCA 01925 756970 info@abalymm.com www.abalymm.com



ABA Lymm

• • • •

Business acquisitions Disposals Valuations & advice Confidential

Specialist in buying and selling security businesses

CCTV MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHTING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.

ADVANCED LED TECHNOLOGY LTD

Security Systems Division, Heron Drive, Langley, Slough SL3 8PN UK Office: +44-(0)1753-21 10 71 Sales: +44-(0)7973-154 430 Fax: +44-(0)1753-21 10 90 Email: ssd@pentax.co.uk Web: www.pentax-security.com

CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD.

Sales: +44 (0) 1706 363 998 Technical: +44 (0) 191 270 5148 Email: info@advanced-led-technology.com www.advanced-led-technology.com

Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

DIGITAL IP CAMERAS

ALTRON COMMUNICATIONS EQUIPMENT LTD

SESYS LTD

Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: comms@altron.co.uk Web: www.altron.co.uk

Supplying digital IP camera for rapid deployment, remote site monitoring, fixed and short term installations. High resolution images available over mobile and wireless networks to any standard web browser.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

CCTV

END TO END CCTV SOLUTIONS/RECORDERS, CAMERAS, NETWORK PRODUCTS

G-TEC

DEDICATED MICROS

Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

1200 Daresbury Park, Daresbury, Warrington, WA4 4HS, UK Tel: +44 (0) 845 600 9500 Fax: +44 (0) 845 600 9504 Email: customerservices@dmicros.com www.dmicros.com

CCTV

INFRA-RED AND WHITE-LIGHT CCTV LIGHTING AND ANPR

PECAN

RAYTEC

Stortech Elec, Unit 2 spire green Centre Pinnacles West, Harlow, Essex CM19 5TS Tel 01279 419913 Fx 01279 419925 www.pecancctv.co.uk email sales@stortech.co.uk

Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com

www.insight-direct.co.uk Tel: +44 (0)1273 475500

may dir_000_RiskUK_aug12 04/06/2013 16:20 Page 3

CCTV SPECIALISTS

PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: info@plettac.co.uk www.plettac.co.uk

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION

AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com

CONTROL ROOM & MONITORING SERVICES EUROPE’S MOST SUCCESSFUL DISTRIBUTOR OF CCTV, IP VIDEO, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS ADVANCED MONITORING SERVICES

NORBAIN SD LTD

EUROTECH MONITORING SERVICES LTD.

210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.com Web: www.eurotechmonitoring.com

EMERGENCY PLANNING SYSTEMS DISTRIBUTORS THREAT ASSESSMENT, REGULATORY COMPLIANCE, EMERGENCY PLANNING

G4S TECHNOLOGY – ONEFACILITY Integrating people, process and technology to enable organisations and the facilities they run to achieve regulatory compliance, mitigate risk and remain one step ahead.

01684 850977 onefacility@uk.g4s.com www.1f.com

EMPLOYMENT

EMPLOYEE SCREENING SERVICES

THE SECURITY WATCHDOG

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.

Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830

ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITY

EMPLOYEE SCREENING SERVICES

EUROCOM C.I.LTD Dorset House, Regent Park, Leatherhead, Surrey, KT22 7PL Tel: 0845 880 5888 Fax:020 8643 8384 Email: info@eurocomci.co.uk Web: www.eurocomci.co.uk

Leading European Supplier of CCTV equipment, all backed up by our industry leading service and support package. COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com

FIRE

DISTRIBUTOR

PASSIVE FIRE PROTECTION SYSTEMS

FASTFLEX

PROMAT

2A Woodham Lane, New Haw, Addlestone, Surrey, KT15 3NA Contact: Chris Hobbs on 0845 276 1111 sales@fastflex.co.uk www.fastflex.co.uk

Promat is a market leader in passive fire protection fire protection, offering many of the leading brands in fire protection including Promat SUPALUX®, Promat MASTERBOARD®, Promat DURASTEEL®, Cafco FENDOLITE® MII and the Promat PROMASEAL® range of fire stopping products.

Tel: 01344 381300 Email: marketinguk@promat.co.uk

www.insight-direct.co.uk Tel: +44 (0)1273 475500

may dir_000_RiskUK_aug12 01/05/2013 10:52 Page 4

IDENTIFICATION

PERIMETER PROTECTION

GPS PERIMETER SYSTEMS LTD 14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

POWER STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE

COMPLETE SOLUTIONS FOR IDENTIFICATION

DATABAC GROUP LIMITED 1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

INDUSTRY ORGANISATIONS TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk

DALE POWER SOLUTIONS LTD Salter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO11 3DU United Kingdom Phone: +44 1723 583511 Fax: +44 1723 581231 www.dalepowersolutions.com

POWER SUPPLIES – DC SWITCH MODE AND AC

DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate

STANDBY POWER

UPS SYSTEMS PLC THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SSAIB The Smoke Houses Cliffords Fort, North Shields, Tyne & Wear Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 sales@upssystems.co.uk www.upssystems.co.uk

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Unit 1 Viscount Court, South Way, Walworth Business Park Andover, Hants SP10 5NW Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

UPS – UNINTERUPTIBLE POWER SUPPLY

RIELLO UPS LTD Unit 50, Clywedog Road North, Wrexham LL13 9XN Tel: 0800 269394 Fax: 01978 729 290 Email: sales@riello-ups.co.uk Web: www.riello-ups.co.uk

UPS - UNINTERRUPTIBLE POWER SUPPLIES

UNINTERRUPTIBLE POWER SUPPLIES LTD Bacchus House, Calleva Park , Aldermaston, Berkshire RG7 8EN Telephone: 0118 981 5151 Fax: 0118 981 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

INTEGRATED SECURITY SOLUTIONS

SECURITY

INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

PERIMETER PROTECTION

CASH MANAGEMENT SOLUTIONS

LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - info@uk.loomis.com W - www.loomis.co.uk

INFRARED DETECTION

CASH & VALUABLES IN TRANSIT

GJD MANUFACTURING LTD

CONTRACT SECURITY SERVICES LTD

Unit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

www.insight-direct.co.uk Tel: +44 (0)1273 475500

may dir_000_RiskUK_aug12 01/05/2013 10:52 Page 5

CCTV

ONLINE SECURITY SUPERMARKET

INSIGHT SECURITY

EBUYELECTRICAL.COM

Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

INTRUDER ALARMS – DUAL SIGNALLING

WEBWAYONE LTD 11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone

INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

LIFE SAFETY EQUIPMENT

C-TEC Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk

INTERCOM SOLUTIONS – SECURITY & COMMUNICATION

COMMEND UK LTD Commend House, Unit 20, M11 Business Link, Parsonage Lane, Stansted, Essex CM24 8GF Tel: 01279 872 020 Fax: 01279 814 735 E-mail: sales@commend.co.uk Web: www.commend.co.uk

INTRUDER AND FIRE PRODUCTS

CQR SECURITY

PERIMETER SECURITY

TAKEX EUROPE LTD

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takexeurope.com Web: www.takexeurope.com

125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

SECURITY EQUIPMENT

PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER ALARMS – DUAL SIGNALLING

CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com

BOSCH SECURITY SYSTEMS LTD PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk

INTRUDER ALARMS AND INTEGRATED SOLUTIONS

SECURITY EQUIPMENT

RISCO GROUP

CASTLE

Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.co.uk

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

www.insight-direct.co.uk Tel: +44 (0)1273 475500

008_Layout 1 29/05/2013 22:38 Page 1

Star performers in low-light conditions

Be wise and choose the most light-sensitive HD cameras on the market. The new DINION starlight HD 720P and FLEXIDOME starlight HD 720p RD/VR are the next real breakthrough in HD security. In poor light these amazing HD cameras deliver a clear color image where others show only black and white. And in extreme low-light they deliver a black and white image where others show no image at all! Add the Bosch Video Security app and overcome the bandwidth barrier so you can view HD images from anywhere. See video security in a new light at www.boschsecurity.com/hdsecurity