Cover oct13_Layout 1 04/11/2013 11:07 Page 1
November 2013
Risk management, loss prevention and business continuity
Ergonomics – Are you sitting comfortably? Business crime and collaboration Is wireless the Trojan horse in your network? Essential news for risk mitigation professionals
Project2_Layout 1 05/11/2013 11:57 Page 1
“What goes up, must come down” is the simple way of expressing Newton’s Law of Gravity. The more complicated way is
m1m2 F=G 2 d
The algorithms we use to provide you with the best security surveillance video analytics are even more complicated so fortunately the only formula you need to remember when you install VideoIQ is
VIQ = ROI VideoIQ’s analytic cameras and encoders with built in video recorder offer a cost effective and industry leading solution to perimeter protection. Simple to install and effective at greater distances our solutions provide real time threat detection and deliver instant alert notifications so you can spot potential trouble before it happens. Most security surveillance systems will benefit from using the VideoIQ solution, using less cameras, less infrastructure and therefore less cost. Learn more about how you can improve your Return On Investment by visiting our web site white paper or by calling our office. Successfully detect people and vehicles at over 300 metres advanced analytics significantly reduce false alarms Fewer cameras required resulting in lower project cost Reduced infrastructure means less time to install minimising site disruption Enhance existing security cameras compatible with 3rd party analogue, IP or thermal cameras For this and more examples of how to improve your security and reduce cost, visit our website or call +44 (0) 161 6240153
Sir Isaac Newton 1642
www.videoiq-uk.com
EDIT comment nov13_riskuk_nov13 06/11/2013 13:31 Page 2
Comment
Open door policy? hese days it’s fairly tricky to sit through television news broadcasts without a terrorism-based item popping up at some point. For the public at large, the threat of a terrorist attack is still high on the agenda of security concerns. Whether we really are at risk as much as the proliferation of news stories would suggest is open to debate, but one thing is certain, the highest security alert for businesses is not from bomb-planting terrorism, it is the kind of attack that enters the building via the network that is still the number one headache for risk managers. According to a new survey released by EY this month, the majority of UK responding businesses reporting an increase in external threats and with 96% fearing that their information security functions not fully meet their needs, cyberattacks pose the number one threat for UK businesses. It should come as no surprise then that according to a report by Microsoft, on average 17% of computers worldwide encountered malware during the first half of 2013. The Microsoft Security Intelligence Report collected data from over 1 billion sources, providing a view into the threat landscape across 105 countries/regions around the world. Similarly, EY’s Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. In the UK, 66% of respondents reported the number of security incidents within their organisation has increased by at least 5% over the last twelve months. Many have realised the extent and depth of the threat posed to them; resulting in information security now being ‘owned’ at the highest level within 62% of the organisations surveyed. Mark Brown, Information Security Director at EY commented: “This year’s results show that while businesses are faced with a rising number of security breaches, budget constraints and talent shortages mean that they fail to put in place those systems that match their needs. As a result, for UK businesses, this is no longer an issue of whether they will be attacked - the
T
reality is that organisations need to now focus their efforts on determining when the attack took place and identifying that they fell victim to the cyber threat in the first place.” With just a quarter of respondents planning to increase their budget by 5% or more in the next twelve months, enabling them to channel more resources toward solutions that can protect them, 69% of information security professionals continue to feel that their budgets are insufficient and cite them as their number one challenge to operating at the levels the business expects. Although information security is focusing on the right priorities, in many instances, the function doesn’t have the skilled resources or executive awareness and support needed to address them. In particular, the gap is widening between supply and demand, creating a sellers’ market, with 66% of respondents citing a lack of skilled resources as a barrier to value creation. Similarly, 28% of participants indicated a lack of executive awareness or support as an issue. Essentially it would seem that some companies are not recognising the threats that they are potentially facing and failing to provide IT security budgets to match the threat. Perhaps it is the same approach as those people who download some form of AV protection and then assume that they are invulnerable to attack. Noone is ever 100% safe especially as the door to security attack can easily be opened by a wellmeaning worker who is not fully up to speed on IT best practices. So often it is the operator who exposes a company to a threat and by then it is usually too late to do anything about it. IT security on a reactive level does not work. A greater emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions is needed to deal with current and future attacks. The pace of technology evolution will only accelerate – as will the cyber risks and by not considering risks until they arise gives cyber attackers the advantage, jeopardising a company’s survival. Be proactive and be prepared.
Could one of your employees or your security budget be putting you at risk of attack?
Andy Clutton – Editor – Risk UK
The highest security alert for businesses is not from bomb-planting terrorism, it is the kind of attack that enters the building via the network that is still the number one headache for risk managers December 2012
3
www.risk-uk.com
EDIT contents_riskuk_Dec12 06/11/2013 11:32 Page 2
Evacuate everyone
Sonos Pulse EN54-23 Fire Beacons In a fire, everyone matters. Sonos Pulse fire beacons and sounder beacons ensure that all personnel are notified of fire emergencies. With Pulse Alert Technology, buildings are evacuated quicker, evacuation requirements are unambiguous and everyone is made to feel safe and secure. Visit our new dedicated fire website for more information: www.klaxonsignals.com/fire
Signalling Solutions
EDIT contents_riskuk_Dec12 06/11/2013 11:32 Page 3
November 2013 Signalling Solutions
Sonos Pulse Ceiling EN54-23 Coverage: C-3-15
Contents 3 Comment The biggest threat to any company’s efficiency, performance and security is the one that many of us experience at some time during the year. What’s more it often occurs as a result of employee error or budget cuts...
6 News News stories for risk management professionals
13 The espionage threat In the current climate many businesses and organisations are potentially under threat from espionage-based surveillance, whether for commercial, criminal or malicious reasons.
17 A dangerous place to be
Sonos Pulse Wall EN54-23 Coverage: W-3.1-11.3
Apart from the health and safety risks which apply to any environment (such as fire, trips and falls), the most common risks come from intensive use of computer workstations.
20 Business crime and collaboration Catherine Bowen explains why collaboration is key to reporting business crime in the UK and why it’s time for businesses to take ownership.
23 Service with a smile Geny Calioisi looks at security measures in the leisure industry and how good security can be improved with a smile and a pleasant approach.
26 Careless with wireless? Is wireless the trojan horse in your network security? A look at the risks to businesses from the proliferation of wireless access points around the building.
FEATURING:
29 Cyber and data news News of interest to data security professionals
31 Products and applications A look at some recent applications and product launches
39 Risk UK Directory ŕ EN54-23 compliant beacon technology ŕ Wall and ceiling mount light orientations ŕ Wide coverage pattern - one device can protect most rooms ŕ 20mA beacon current @ 0.5Hz flash rate
ISSN 1740-3480 Risk UK is published 12 times a year and is aimed at risk management, loss prevention and business continuity professionals within the UK’s largest commercial organisations. © Pro-Activ Publications Ltd, 2013 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without the written permission of the publisher. The views expressed in Risk UK are not necessarily those of the publishers.
Risk UK is currently available for an annual subscription rate of £78.00 (UK only)
Managing Editor Andy Clutton Tel: 0208 295 8308 E-mail: andy.clutton@risk-uk.com Contributing Editor Geny Caloisi E-mail: geny.riskuk@gmail.com Design & Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 4292015 E-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 0208 295 1919 E-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 0208 295 1919 E-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton
RISK UK PO Box 332, Dartford DA1 9FF
Tel: +44 (0)1706 233879 www.klaxonsignals.com/fire
Chairman Larry O’Leary
Editorial: 0208 295 8308 Advertising: 0208 295 8307
5 www.risk-uk.com
EDIT news nov13_riskuk_nov13 06/11/2013 16:03 Page 2
News
Accreditation double for SSAIB SSAIB has announced a double achievement with the news that it’s gained UKAS accreditation for two standards affecting companies operating in the security sector. SSAIB is now accredited for OHSAS 18001, the British Standard for occupational health and safety management systems, as well as ISO14001 Environmental Management Systems. “The business landscape is becoming increasingly governed by health & safety, risk and environmental legislation/regulations,” warns SSAIB’s Sales and Marketing Manager, Andrew Brown. “In terms of health and safety firms must be mindful, for example, of RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations), COSHH (Control of Substances Hazardous to Health) and REACH (Registration, Evaluation, Authorisation & restriction of Chemicals) etc. “Equally, ISO14001 reflects the increasing importance placed on the environmental impact of business operations and the need, for instance, to demonstrate awareness of zero waste, pollution, hazardous materials management and vehicle fuel efficiency. Many tenders now stipulate accreditation to ISO14001 or an integrated management system (ISO9001 Quality, ISO14001 Environmental, and OHSAS18001 Health and Safety combined management system).”
Usdaw wants freedom from fear The shop-workers’ trade union Usdaw has launched a report on violence, threats and abuse faced by its members at work. Whilst there has been a welcome decrease in the number of incidents there are still many shopworkers suffering in silence. Incidents of serious violence have come down, based on the reported figures in the BRC annual survey. There is a substantial difference between the levels of violence and abuse recorded by Usdaw reps in face-to-face discussions with workers and the incidents reported to employers, which form the basis of the BRC annual crime survey: Violence: BRC 2 in 1,000 – Usdaw 4 in 100 Threats: BRC 3 in 1,000 – Usdaw 36 in 100 Abuse: BRC 7 in 1,000 – Usdaw 61 in 100 John Hannett, Usdaw General Secretary says, “There clearly is a lot of under-reporting of incidents and our message to shop-workers is that abuse is not a part of the job. We are encouraging our members to report all incidents of violence, threats and abuse to their managers and help get the issue tackled. Our message to shop-workers is: ‘We can sort it - if you report it.”
6
www.risk-uk.com
News
Mitie expands partnership with Essex County Council Mitie has furthered its Facilities Management (FM) contract with Essex County Council (ECC). The company already provides security systems installation and maintenance and response services to ECC. The new contract will include patrolling and managing twelve car parks throughout the county, to enhance the ECC capabilities to enforce parking regulations. Following the team completing a parking enforcement training programme, Mitie proposed a patrol plan to support the portfolio of sites effectively. In the first week, the team increased ticket issuing by six times more than the previous level, and overall season ticket compliance has improved as car park users now see visible car park management. Danny Vant, mobile services director, Mitie’s total security management business said: “The results of the first month were really pleasing. The parking revenue is vital to assist ECC in funding the parks for people to enjoy. By driving up compliance and revenue, this allows the council to maintain them. “The feedback from the Park Rangers was extremely positive and they are really seeing the benefit of the additional parking enforcement service we are providing.”
Project2_Layout 1 05/11/2013 11:56 Page 1
Gartner Identity & Access Management Summit 2014 17 – 18 March | London, UK | gartner.com/eu/iam
A 2020 Vision for IAM The 2014 IAM Summit will present the strategic trends that will shape enterprises’ IAM over the next six years, as well as actionable advice that equips leaders and practitioners to deal with today’s business and technology challenges, including — but certainly not limited to! — business agility and profitability; regulatory compliance, accountability and transparency; and the Nexus of Forces itself.
HOT TOPICS Plan, Build and Govern Your IAM Program Maximise Your Return on IAM Technology Investment To the Nexus of Forces and Beyond Link IAM to Security and Risk Management
3 easy ways to register Web: gartner.com/eu/iam Email: emea.registration@gartner.com Phone: +44 20 8879 2430
Register before 20 January 2014 and save €300 off the standard price.
EDIT news nov13_riskuk_nov13 06/11/2013 16:03 Page 4
News
Organisations must lead the way with standards
CSL streamlines with Access CSL DualCom is to implement a new financial and self-service system from Access Group. The new Access Dimensions & FocalPoint system will help to support future growth and streamline financial reporting and expense management within the business. Paul Hardwick, Financial Controller for CSL DualCom announced, “We’re forecast to grow in the next few years, expanding both outside of the security industry and outside of the UK into vertical sectors throughout Europe. “Having used Access before, it was the functionality and ability to extend the software solution in the future that led us to our decision,” said Paul. “We needed a system that could keep pace with our growth plans, that offered detailed financial reporting and a self-service system for staff expenses and purchase orders. The Access solution will improve business processes, saving a great deal of time and effort. “Utilising Access Dimensions we’re looking to automate much of our monthly financial reporting, thus reducing our reporting times. With Access FocalPoint we found a system that can multifunction, being able to manage staff expenses more accurately, streamline the process of purchase orders, and more efficiently allowing instant access to KPIs.”
Businesses to need SIA licences from 2015 The Home Office has been working with the SIA on the introduction of business licensing, which will be compulsory from April 6th, 2015. Home Office Ministers have publicly stated their commitment to the regulatory reforms and the introduction of business regulation; which will help create a fair business environment for security companies, remove rogue operators, and deliver better value regulation. The Scottish Government and Department of Justice for Northern Ireland have indicated that they are supportive of a consistent UK-wide regulatory regime. The proposed implementation dates are: • 7 April 2014: SIA accepts business licence applications. • 1 October 2014: The last recommended business licence application date. • 6 April 2015: Legal requirement to have a business licence. To qualify for an SIA business licence, a security business must demonstrate that it is 'fit and proper' to supply security industry services. When processing a business licence application, the SIA will consider: identity; criminality; financial probity; integrity; business competency (including British Standards).
8
www.risk-uk.com
BCS, The Chartered Institute for IT, believes that organisations need to lead the way in setting security standards when dealing with large amounts of personal data. The suggestion is one of a number of recommendations to have emerged from a white paper, entitled Privacy vs Intelligence: Managing the tension in the era of big data, commissioned by the Institute. The paper focuses on the pressures organisations are faced with when finding the right balance in how they manage data, providing the flexibility for people to set their own boundaries on how much information they are ready to provide. Adam Thilthorpe, Director of Professionalism, BCS, The Chartered Institute for IT, says: “Captured data is a valuable resource that can benefit both organisations and individuals; providing more personalised services and making businesses more efficient. However, it is vital that organisations respect the privacy of individuals and treat personal data with the same level of security as they would any other valuable asset. As more and more data is collected, organisations will need to regularly evaluate how they deal with that information and make sure they are open and transparent with their customers to ensure continued trust.” The white paper also considers how those working in IT manage the conflict and suggests four areas where skills need to be developed: refreshing data and consent; the appreciation of context in the use of information; carrying out privacy impact assessments; and developing the mechanisms to simplify consent. Adam Thilthorpe continues: “CIOs will need to ensure that their teams have the right skills to manage the tensions between information and privacy. First and foremost, providing excellent customer service and respecting people’s personal information is key to success for any savvy organisation.” The white paper is broken into a number of sections: Personal information and big data; The benefits of big data; The risks of big data; Public concerns; Data Protection Act; Strategies; Skills; Personal data stores; and The long term. This is part of a wider campaign by BCS, focusing on how organisations manage data and supporting best practice which includes: a video debate hosted by the Institute, blogs and additional articles.
dycon ad risk nov13_Layout 1 06/11/2013 14:01 Page 1
D15xx & D24xx SERIES DIN-rail Mounted 1-3A Power Supplies
• No fixing screws required, clips directly onto an NS32 (‘G-Section’) or an N35/7.5 ‘Top Hat-section’ DIN-rail • Efficiency higher than 90% at full rated output • 230vAC -12vDC, 230vAC–24vDC, 1–3 A output versions • 110vAC–12vDC version for construction sites • With or without battery backup
Dycon POWER SOLUTIONS
EDIT news nov13_riskuk_nov13 06/11/2013 16:04 Page 6
News
NSI and Facewatch join forces on CCTV digitisation
Jeff Little of the National Security Inspectorate (NSI)
10
www.risk-uk.com
The National Security Inspectorate (NSI) and Facewatch are teaming up on a project that it is hoped will help transform the use of CCTV by moving it into the digital world of online reporting. NSI provides certification schemes audited against internationally recognised standards for the security and fire sectors. Facewatch online police crime reporting service will be added to the NSI training offer, encouraging approved companies to also roll out the system to their end user customers. Simon Gordon, Chairman, Facewatch commented: “It is essential to our national roll out plans that Facewatch can be successfully integrated into business of any size or complexity and that the quality of the CCTV system is such that the evidence uploaded to the service is useable by police and the courts.” Facewatch training and support will be provided by NSI to any company wishing to use the system as part of its CCTV security solution. Jeff Little (pictured), Chief Executive NSI says “The new NSI training and e-learning suite for Facewatch will be the catalyst which ensures that companies will be able to provide a system to their customers that will result in lower crime levels and will also help to improve the quality of CCTV evidence provided to the police services.” It will also be possible, using the key performance indicators from Facewatch to establish how effectively systems are operating to provide good evidence for police services which will help to drive up standards. According to the NSI/Facewatch data, until now CCTV has been a poor relation to the forensic approach taken by the police in the use of fingerprints and DNA. This is mainly because of the physical difficulties surrounding the collection, analysis and storage of CCTV footage. Furthermore, when poor quality CCTV imagery is provided, often in a format that cannot be viewed clearly by the police without special software, the effectiveness of the capability is greatly weakened. Many cases fail in court due to basic issues such as DVD’s not playing or disks getting lost, says the statement. The partnership seeks to address these weaknesses.
Automation technology for airports trends In a bid to cut costs while maintaining acceptable levels of customer service, airports are adopting automation for repetitive tasks involving security and access control. Every day in airports across the world, countless employees are tasked with sitting at entry/exit doors, scanning boarding passes and other tasks. These duties can be effectively automated through electronics, according to a new report entitled ‘The World Market for Pedestrian Entrance Control Equipment’ from IHS Inc. Omar Talpur, security, fire and access control analyst at IHS explains: “Automation at airports represents a huge opportunity for suppliers of pedestrian entrance control equipment, particularly those that specialize in speed gates. The first process that everyone thinks about -and the area where there has probably been the most progress, is boarding control. “In most airports around the world, employees are tasked with scanning individual boarding passes while passengers idly wait,” Omar observes. “Automated boarding control provides airports with an opportunity to speed up the boarding process by deploying two to three speed gates in the boarding area to automate this process. In an industry where ontime departures are essential, any acceleration in boarding could potentially save millions of dollars each year.” The reasons why this has not been widely adopted yet vary depending on the country and the region. For instance, to date, automated boarding control gates have been more prevalent in Europe than the United States. “The airport environment is complex, and in most instances it takes years of planning and construction to roll out a solution that offers such radical changes,” adds Omar. “Automated boarding control won’t happen overnight. However, a snowball effect is inevitable as passengers and airport personnel become accustomed to working with the technology. Pedestrian entrance control manufacturers that are not prepared with products that can serve this industry will have a steep hill to climb should they look to pursue opportunities within airports in the future. Being first to market with an approved, reliable product will be critical to success.
Project2_Layout 1 05/11/2013 14:55 Page 1
Simply Brilliant Setting new standards for Access Control, Security and Automation SCALABLE True Enterprise solution delivering 1000's of controllers, 1000's doors and 1000's of zones POWERFUL State of the art electronics designed to give many years of seamless operation RESILIENT Designed with high level of self-protection EFFORTLESS Simple "Plug & Play" system expansion
ARRANGE A DEMO Call the Integriti team on 0845 470 5000 or email integriti@innerrange.co.uk
FLEXIBLE Range of Controllers & LAN modules designed to meet simple or complex access control, intruder detection and automation specifications FAST Streamlined installation and commissioning
“Integriti is a true Enterprise solution controlling thousands of doors and zones across multicontroller IP networks�
VIMPEX Shaping Alarm Technology
Project2_Layout 1 05/11/2013 14:40 Page 1
OxyReduct® fire prevention
REMOVING THE T H R E AT O F F I R E .
The new Library of Birmingham has chosen OxyReduct® to protect its valuable archives, the same as over 700 other businesses and organisations around Europe. No matter how good your fire detection, extinguishing or suppression system is, a fire has to start for it to work – so some damage is inevitable. In mission critical applications where any business interruption is unacceptable or where warehouse stock or archives are invaluable, a different approach to fire prevention is needed. OxyReduct® employs innovative technology that continuously reduces the oxygen level in a room by adding nitrogen to the air. The oxygen is reduced to a level in which combustibles do not inflame and an open fire is impossible. Importantly, people can enter the area of risk. Visit our in-house demonstration facility and experience a fire-free environment at first hand.
www.wagner-uk.com
EDIT article 1 nov13_riskuk_nov13 06/11/2013 11:51 Page 3
Counter surveillance
n the current climate many businesses and organisations are potentially under threat from espionage-based surveillance, whether for commercial, criminal or malicious reasons. The aim of this surveillance is clearly to be able to gain intelligence in relation to future corporate development, customer databases, new or developing technology or to provide information that could be used to intimidate or blackmail the organisation or specific individual. The process has been made easier as the equipment to carry out such illicit surveillance is easily obtained either via the internet or by employing the services of a specialist. Surveillance can be very broadly divided into two methods - the physical following of an individual or physical observation of a company’s location, or by way of electronic eavesdropping devices, known as technical surveillance. The former has its own solutions, but technical surveillance is curtailed via what is known as ‘Technical Surveillance Counter Measures’. There are various methods of surreptitiously and covertly gathering information from a potential target and these include phishing, computer based methods and electronic techniques.
I
Phishing Phishing is a technique whereby a surveillance operative will typically contact a company’s computer system administrator purporting to be say, a user of the company’s system who cannot gain access. Typically, the help desk technician will assist them in gaining access to the system. Another method involves an operative pretending to be an angry supervisor threatening the technician if they do not help them. Many fold at these threats and pass the operative the requested information. Sometimes helpfulness, as opposed to intimidation that takes advantage of a person’s natural instinct to help another will be employed. Here, the operator does not get angry but instead acts very distressed and concerned
The espionage threat All of these forms of social engineering make the help desk the most vulnerable target in the company as it generally has the authority to change or reset passwords, which is exactly what a hacker needs to gain access to a company’s information system. An alternative method, name-dropping, is where an operator uses the names of advanced users or senior persons within the organisation as ‘key words’, and gets the person who answers the phone to believe that they are part of the company because of this. While some information is all too easily obtained on the web, Companies House can help with the rest such as the owners or directors names. The skills and techniques used in phishing are almost identical to those used by the traditional ‘con-artist’. To defend again phishing policies should be put in place in line with the Data Protection Act 1998 so that no information is given out to any unauthorised person. If a request for information is received from an unknown or unverified person this should be referred to the company’s data controller (who should have the training and experience to sort out the issue). Staff training and guidance should also be considered for all key personnel. As a basic safeguard measure, callers should be rung back on a telephone number that has been verified independently of the caller, i.e. from the company’s own internal directory. Computer based attack Perhaps one of the biggest security weaknesses in most companies centres around their computer systems. There are numerous ways of attacking – hacking – computer systems that use programs
Darrell Johnson looks at countering surveillance within the corporate environment
13
www.risk-uk.com
EDIT article 1 nov13_riskuk_nov13 06/11/2013 11:51 Page 4
Perhaps one of the biggest security weaknesses in most companies centres around their computer systems. designed around ‘trojans’, ‘viruses’ and ‘worms’. There’s enough written about these topics alone to fill a number of books and this is beyond of the scope of this article. Users need to be aware of hardware based methods used to attack computers such as ‘key loggers’ which are small devices that plug into a computer keyboard and which log or record all keypad strokes for later retrieval. It’s worth pointing out that some of these devices have been found on a public access computer in a library used by members of the public for online banking. These devices can be very dangerous. Another technique that seems to becoming more widely used involves dropping a company logo’d memory stick on the company’s car park knowing full well that there is a high likelihood that an employee will pick it up, take it inside and plug it into a company machine in order to identify to whom it belongs, thereby infecting the whole computer network.
Protection of computers The protection of computers involves a number of steps and policies, each of which is as important as the next. It should go without saying that firms should not allow any unauthorised software, games etc. to be loaded onto company machines as they often have malicious software attached to them. By extension, staff should be instructed not to open email from unknown senders as malicious software may be attached. At the same time, general web browsing needs to be curtailed. And to combat the effects of contaminated emails or websites, firms should install good quality, up to date anti-virus and firewall software. The latest trend, not unsurprisingly, is to target smart devices like mobile phones and tablets because these are not as secure as a typical computer and can still allow a hacker to penetrate a network when a user plugs their device into the USB port, even if it’s just to charge the battery. Policies should therefore bar the connection of any unauthorised devices – not even for charging. Software can be deployed to prevent devices making a
Firms should not allow any unauthorised persons into sensitive areas such as conference rooms and unsupervised people should not be left unattended 14
www.risk-uk.com
connection. It clearly makes sense to have a strong IT security policy while running regular spot checks on company machines with severe penalties in place for breaches, however small they may seem at the time. Simple security measures can also extend to keeping all operating systems updated, along with peripheral software that is used and ensuring that all staff lock or switch off their computers when away from their desks. This also applies to securing mobile devices and any sensitive paperwork.
Electronic techniques The traditional technique of covertly gathering information was the bug, a simple small battery operated radio transmitter with a sensitive microphone attached that would have been hidden within a target’s room. Though these devices are still readily available at very low cost - at the usual online auction sites they have very much been superseded by more modern, and indeed much more effective devices. So now, in addition to audio devices, video transmitters with built in cameras having pinhole lenses (lens about 1mm across) are also easily available. These tend to be about the size of a stock cube and run off a standard PP3 battery although the range and quality of picture tends to be somewhat limited. As a countermeasure, there are numerous, simple to use devices readily available on the market which will detect and warn of these devices by either buzzing or vibrating in the proximity of a radio transmitter. In addition, there are devices that will detect both radio transmissions and pinhole lens cameras whether they are switched on or not. Newer GSM bugs work via the standard mobile telephone network and are effectively just a mobile telephone, but without the usual keyboard, display etc. They use a standard SIM card on the network of choice and when placed within the target room or vehicle and just need to be called from another telephone anywhere in the world to activate them to allow conversations in the target area to be overheard. As might be expected, GSM devices may be either standalone, powered by their own batteries with a life of about 10 days on standby and 4 hours on listen or hidden in virtually anything such as electrical sockets, clocks or the now ubiquitous computer mouse. (The mouse based bug is particularly effective as it has indefinite life being permanently connected to a power source power and is right
EDIT article 1 nov13_riskuk_nov13 06/11/2013 11:52 Page 5
Counter surveillance
in front of the targets face). Also popular are devices that record sound or sound and video onto memory cards. They are small, inexpensive and will capture high quality images of anything within their range and can be disguised as radio alarm clocks, pens, cigarette lighter and coat hooks. (These devices are often commonly known as “nanny cams” and are often popularised in, for example, investigative TV programmes looking at abuse of elderly relations in care homes.) While effective, the main disadvantage of these devices is that the recording media needs to be retrieved at some stage before it can be displayed on a computer. In most business environments the telephone system is highly vulnerable. Devices may be wired into the network that will monitor calls made on the system. More sophisticated devices called ‘infinity transmitters’ are often disguised at the telephone junction box. As with GSM devices, a surveillance operative can call the number of the target telephone and remotely switch off the ringer. The telephone microphone is then activated, amplified and the signal is sent back down the telephone to the listener who may be anywhere in the world. Many senior executives will not use a secretary to connect their telephone calls due to the risk of them listening in; they use a direct line to the outside world thereby making themselves vulnerable to infinity transmitters as their telephone line is always “live”. Another technique, which few think of, is to bounce a laser beam off of a target’s window. In this instance, the window acts as a microphone diaphragm responding to sound inside. The reflection of the laser beam is detected and turned back into speech.
There are various methods of surreptitiously and covertly gathering information from a potential target been left unsupervised in that area. Also, it must not be taken for granted that telephone / computer faults are genuine if technicians arrive to work on them. Professional specialist companies should be hired to “sweep” for any hidden devices or computer vulnerabilities and double glazed windows and curtains can be used to help defeat laser devices. Prevention is, as they say, better than cure and a little time, effort and expense will repay with huge dividends later on.
Author: Darrell Johnson is the owner of Shield Security Consultants.
Protecting against bugs The main limitation of any physical bugs is that they need to placed within the target room or vehicle and so probably the simplest and most efficient way of protecting against these devices is to prevent it being put in place in the first place. Firms should start by not allowing any unauthorised persons into sensitive areas such as conference rooms and certainly unsupervised people should not be left unattended within premises. A “consent to be searched” policy should be a condition of entry to sensitive areas within a location. This is especially important bearing in mind that many of these devices are very well disguised. At the same time, firms should consider a regular, physical and technical search of vulnerable areas, particularly if anybody has
15
www.risk-uk.com
Project2_Layout 1 05/11/2013 14:35 Page 1
EDIT article 2 nov13_riskuk_nov13 06/11/2013 11:52 Page 3
Workplace risks
part from the health and safety risks which apply to any environment (such as fire, trips and falls), the most common risks come from intensive use of computer workstations. In 1990, the European Economic Community (as it was then) issued directive 90/270/EEC to address the main risks - visual discomfort, musculoskeletal discomfort and disorders, and stress. Member states were required to transpose the directive into national legislation in 1992. In the UK, the current version of that legislation is the Health and Safety (Display Screen Equipment) Regulations 1992 (as amended in 2002). The main obligations on employers are to implement an appropriate risk assessment and risk reduction programme. There is much helpful information and even an ‘easy guide’ on the Health and Safety Executive website and many consultancies offer training for staff and for display screen equipment (DSE) risk assessors plus there are software packages to help users conduct their own assessments and to maintain appropriate corporate records. However, rather than just address the risks once they have occurred, the Regulations also require employers to prevent risk by applying ergonomics to the design of computer screen work in the office. Employers can meet the design requirements for screens, keyboards and workplaces by specifying appropriate ergonomics standards during procurement, but many of the requirements in the Schedule of the Regulations also concern how the workstation is used. So what does this mean in practice?
A
Suitable office design Assuming that the right display screens and keyboards have been bought and appropriate ‘user friendly’ software installed, what needs to be considered when planning an office? Work desks and work surfaces are large enough - The Schedule does not specify how much space display screen users should have but there should be enough room for changes of posture, which is vital in preventing fatigue and maintaining comfort. Most experts agree that 1600mm by 800mm is the preferred minimum for a straight desk. However, size is not everything. Even a large work surface may be inadequate if it must accommodate lots of equipment. Many musculo-skeletal problems are caused by twisted and unbalanced postures. Legroom under the desk must be free from obstructions and of a sufficient size to allow some movement (at least 450mm deep at knee level, 600mm at foot level and at least 580mm width). Work chairs are comfortable- This is easily
The dangers of desk... achieved using a swivel chair with a five star base, castors and easy to use adjustability for seat and back height. Employers are required to provide users with training to use such features. The work environment is comfortable - This is involves good lighting as reflections on the screen are a common cause of problems amongst display screen users. Any reflections can be distracting and mask images on the screen but when they are also bright and a source of glare they cause discomfort. It is therefore important to arrange the workstation to avoid reflections. As far as the display is concerned, this involves using the swivel and tilt and other adjustments to optimise the displayed image in the working environment. Most people like windows, but direct daylight can make reading a display very uncomfortable. It is therefore essential to control daylight by blinds or curtains. Low noise is important. Except in specialised environments, say in factory control centres, display screen users are unlikely to be subject to noise levels high enough to damage their hearing. However, even relatively modest noise levels distract concentration and disturb normal speech. In areas where concentration or communication are important, 55 dB(A) should be regarded as the maximum. Controlled heat and humidity must be considered. Display screen users are particularly sensitive to environmental stress because they often have little opportunity to move away from their workstation. Furthermore, few work areas were designed to accommodate the quantity of computer equipment now present. Unfortunately, the solution to the additional heat load is often simply to increase cooling or air
Tom Stewart asks how risky is the modern office?
17
www.risk-uk.com
EDIT article 2 nov13_riskuk_nov13 06/11/2013 11:53 Page 4
Workplace risks
Size is not everything. Even a large work surface may be inadequate if it must accommodate lots of equipment movement. This can result in draughts and local ‘microclimate ‘ effects, which are uncomfortable. Where possible, some individual control over the environment is highly desirable, even if only opening a window or adjusting an air vent. Full air conditioning is not essential although assisted cooling may be helpful in new installations, especially where opening windows leads to problems of traffic noise or dust.
New trends make it harder
Author: Tom Stewart is the founder of System Concepts and is also director of the Council for Work and Health.
It is relatively straightforward to implement an appropriate risk assessment and risk reduction programme addressing visual and musculoskeletal risks, although many organisations find it difficult to address stress adequately. Recently, trends in technology and office work are emerging which are making it much more difficult to predict and control ergonomics risks to health and safety. Increased home working -Many office workers work at home part of the time, benefiting from reduced commuting time and hassle. But not everyone is willing or able to make a proper workspace available at home. For many, the kitchen chair or dining room table forms part of the home workplace. Although the table may provide sufficient workspace, the four legged domestic chair is a very poor relative of the adjustable office chair. From a risk management point of view, how much should or can the employer dictate how an employee works at home? The answer lies in a sensible balance between providing equipment and facilities, offering guidance and support to enable the employee to look after themselves and some form of sensitive monitoring to ensure that problems are reported and addressed before they escalate. More shared workplaces - The high cost of office space and the increasing use of contractors and self employed staff means that several people now share office space during a typical week. For the individual, this can mean
Carrying out an assessment every time there s a significant change of a display screen workstation is fine when there is limited churn 18
www.risk-uk.com
that they have to spend more time and effort readjusting chairs or equipment to suit or, as often happens when people are busy, just make do with the set-up left by the previous occupier. On an occasional basis, this probably does not matter much but when people start spending a significant proportion of their working life this way, the risks of backache and postural discomfort become significant. Carrying out an assessment every time there is a significant change of a display screen workstation is fine when there is limited churn but if it is shared by an unpredictable number of people, new approaches are required. Equipment and furniture need to be purchased with this kind of intensive multi-occupant use in mind (which has implications for robustness as well as adjustability). There also needs to be an appropriate level of training and guidance provided to ensure that staff can be relied on to look after their own interests. However, even this does not avoid the need for management training and awareness to ensure that problems are identified early. More mobile workers using laptops - In 2000, the Health and Safety Executive published a report on research undertaken by System Concepts, the Health and safety of portable display screen equipment. The research identified three main musculoskeletal problems: carrying the extra weight (not just of the laptop but also its accessories), hunching over the fixed keyboard/screen arrangement and working in unsuitable environments (for example, aircraft seats). These problems were exacerbated by extended working hours – never getting away from work. The HSE published further guidance on laptop use in 2003 which encouraged such measures as buying lighter laptops, using rucksacks to carry them in, using extra keyboards or screens when worked on for more than a few minutes and providing more advice for users on avoiding poor working postures.
And finally A final worry is the growth of ‘fun and funky’ workplaces, which look more like coffee shops and lounges. Great for short meetings or quickly checking emails but not good when sitting for hours glued to screens and keyboard. Many in the standards world fought hard to make equipment adjustable and flexible and with good reason. Hours hunched over a trendy coffee table or unsupported in a big squishy chair will take their toll. At least the Regulations provide some ammunition to explain to employers that they still have a duty to care for their employees, no matter how trendy the office.
Project2_Layout 1 05/11/2013 11:59 Page 1
EDIT article 3 nov13_riskuk_nov13 06/11/2013 11:54 Page 2
Business crime and collaboration... Catherine Bowen explains why collaboration is key to reporting business crime in the UK and why it’s time for businesses to take ownership
t a time when one of Britain’s most senior police officers revealed that only four in every 10 crimes reported to his force is investigated, businesses are left asking a familiar question – where is business crime on the police agenda? With resources stretched and increasing pressure to cut budgets, the police have no choice but to focus their efforts on the most serious incidents of crime or those where the lines of investigation are most likely to produce evidence. While I appreciate the difficulties Mr Fahy and his colleagues are facing, there is a solution that has been, up until now, overlooked – collaboration. Over the past few years, business crime has become increasingly complex and sophisticated. Authorities are under greater pressure and there has been a significant reduction in the number of offences reported, making the time for the National Business Crime Solution (NBCS) just right. Businesses are asked to make data relating to business crime incidents such as shop theft, burglaries and robberies available to the NBCS. The collective business crime data is then analysed centrally, and used to deliver key updates and information on trends, prolific offenders and national hot spots to its members, enabling them to adjust their priorities and prevent crime before it takes place. Through collective data sharing, the NBCS helps businesses pinpoint the exact nature and scale of potential threats as well as identifying prolific, persistent and travelling offenders. The operational support and managed services of the NBCS are provided by the National Business Crime Intelligence Bureau (NBCIB), which acts as the private sector intelligence hub, collating and analysing crime intelligence perpetrated against UK businesses. Many businesses have been reluctant to report offences to the police due to a lack of confidence in the police’s ability to progress an investigation into these offences. The British Retail Consortium (BRC) Retail Crime Survey 2012 revealed that the proportion of incidents of crime reported to the police had fallen noticeably compared with the previous year.
A
With resources stretched and increasing pressure to cut budgets, the police have no choice but to focus their efforts on the most serious incidents of crime 20
www.risk-uk.com
Around two in five respondents claimed the most significant reason stopping them from reporting crimes was because they had no confidence in the police. Through the managed service offered by the NBCIB, the NBCS is helping to overcome this problem. It is primed to act on behalf of the business community and work with the police by collating all business crime and incident data. This therefore helps identify where organised criminal groups are in operation or the particular trends that are impacting the local and business communities. This allows the police to respond to viable leads which have been collated through collaboration with the business community and consequently to take appropriate action. Through liaison with both the police and businesses alike, the NBCIB pulls all the relevant incident data together and presents this in chronological order. This supports law enforcement and other authorities to pull an investigative package together based on all the facts. This is hugely valuable to businesses, and the authorities, as it helps achieve a collective action on cross border, serious and organised criminal offences that have historically remained unresolved. More than often, this is a result of a long-standing issue with level two crimes, which are associated with more serious and organised offences that have a regional impact. What makes the NBCS particularly unique is the fact that is uses a multi-agency approach to tackle business crime. All of the participating companies, law enforcement officials and associations play an active role in sharing the solutions, outputs and services offered to UK businesses, helping to set a standard for the future reporting of business and retail crime. The collaborative partnership of the NBCS involves the public and private sectors and is supported by law enforcement agencies. It has also been recognised as an effective model by the Association for Chief Police Officers (ACPO). Through an investment in police and public sector analysts, the NBCS also has the means to work collectively and is utilising every opportunity to gather the necessary intelligence to more effectively detect, prevent and subsequently respond to crimes that affect us all. While alerts sent out to businesses can help warn them of criminal activity within a region, alerts are also disseminated to law enforcement agencies to increase their
EDIT article 3 nov13_riskuk_nov13 06/11/2013 11:54 Page 3
Crime
awareness of criminal and suspicious activities, leading to action and prosecution. In a recent example – incident data from businesses had been collated and flagged by the NBCIB involving a travelling crime gang. This gang had been active across the country and involved several businesses being targeted. As a result of heightened awareness raised amongst the businesses by the NBCIB, a report of suspicious activity involving a vehicle was reported. The police were notified of the vehicle details and a few days later the vehicle was stopped by the police. The vehicle contained four persons who were known to the police. A search of the vehicle resulted in a large amount of equipment being seized as it was suspected as stolen. All of the occupants were arrested, with one being kept in custody due to intelligence relating to other theft offences in another force area. As a result of closer collaboration between businesses and the police, the NBCS is equipped to act as the mediator between businesses and law enforcement, helping to guarantee a more effective response to incidents of serious, widespread offences. This not only improves the influence business have with law enforcement officials, but helps keep business crime remains on the agenda – albeit with less time and resources required from the police than ever before. Adrian Regan, UK Risk Manager, Staples UK, said: “We have seen a real increase in groups of shoplifters and fraudsters willing to travel across the company in recent years and with the support of the NBCIB we have seen a significant improvement in the Police reaction and subsequent prosecution of these cross border offences.”
Colin Culleton, Group Security Manager, Next Retail Ltd, said: “The NBCS dashboards allow us to make more informed commercial decisions on where we should concentrate our resources in relation to the identified risks. The alerts we receive from the NBCIB have also enabled us to take appropriate preventative action when necessary. The ability to see via the crime mapping dashboards whether these trends are impacting other businesses also has significant value. If we identify a trend that requires police action we can very quickly alert the NBCIB who will immediately pull all the relevant incident data together and liaise with the police to get a force to take ownership”.
Author: Catherine Bowen is Policy & Stakeholder Director for the National Business Crime Solution
Collaboration is key No one knows an immediate area better than the businesses and communities within it, and by working with the NBCS every business has the means to be heard, to get business crime back on the political agenda and to keep it there. Now, we need to continue to share information, engage with the relevant public and private sector parties to work together – in collaboration instead of isolation to ensure the UK remains a world-class place to do business. However we choose to monitor and report crime, we know there will be challenges ahead – but by closer collaboration between UK businesses and law enforcement officials we can build a national profile of business crime in the UK and help police to establish watertight, cross-border cases that result in real action.
Businesses benefit from collaboration By supporting and working with the NBCS, businesses will not only help build a comprehensive profile of business crime in the UK, but gain access to their own crime data through a series of dashboards, accessible via PC. This enables businesses to more effectively determine how to place their resources in relation to identified risks as well as regional crime trends. Anonymised crime maps also help identify more widespread issues or concerns.
21
www.risk-uk.com
Project2_Layout 1 05/11/2013 14:21 Page 1
CERTIFYING
SECURITY
The leading certification body for Guarding Services. Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001 and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guarding and Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuables in Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.
Telephone : 0191 296 3242 www.ssaib.org
SSAIB
EDIT article 4 nov13_riskuk_nov13 06/11/2013 11:55 Page 3
Leisure industry security
eisure industry security encompasses a variety of venues, events and businesses. From night clubs, casinos and stadia, to gyms, retail and restaurants; they all have their own specific needs. Some can automate parts using security cameras, but the human input is essential and it also provides good customer services. Security measures in this area can range from the preventative type, where people will be searched to avoid allowing offensive items entering the event, or crowd management techniques will be used to ensure a smooth flow; to the intervention in a case of disorderly behaviour or an emergency. Leisure facilities have to show a commitment to reducing antisocial behaviour and preventative measures can go a long way to achieve success. Jean-Paul Frenett from Access Control Security (ACS) says, “Access control and CCTV are invaluable during opening hours for any business. These methods combined mean you can track movement of both visitors and staff, with historical checks to see who accessed certain areas and when. At night, fire and security alarms guard leisure businesses.”
L
A personal touch Despite the rise of CCTV to assist the monitoring of public areas, and the moves towards automating safety measures, manned guarding is still essential in leisure. Adrian White from Carlisle Support Service, a company that provides security personnel to the public and private sectors, says that today a security guard doesn’t just need to have training and an understanding of security, “He or she also has to provide good customer services.” Carlisle stewards need to have an NVQ level 3 certificate in customers’ safety in addition to their SIA licence. Managers are also trained to be leaders of their teams. “Within an event you will have a chain of command including people with different skills, training and responsibility level,” explains White and adds, “Venues are advised to have an effective command control process in place and guidance on security measures, describing how to deal with exceptional circumstances.” Carlisle works closely with security trainer and consultant Jim Ferran. The ex-policeman runs workshops and training courses for security personnel. He says, “When you deal with large numbers of people in a public space, it is important to provide safety, security, reassurance and deliver a high quality of customer services.” Ferran uses different techniques to help train security workers, from neuro linguistic
Service with a smile programming (NLP) techniques, to role-playing and simulations, they all provide practical tools that can be used when dealing with risk situations. “Security people have to be visible and show authority, but at the same time they need to be reassuring and have a smile on their face,” explains Ferran. “Bag searches, for instance, can be quite emotive. People should open and show their belongings and not feel invaded. They need to be reassured that this is not because they are thought of as suspicious, but for everybody’s safety. Empathy is a great ally when dealing with people.” In general, events are not one-off occurrences. Jim Ferran says that having a historic view is a good preventative measure. “Look at the demography of people going to the event. See if there had been incidents in the past and be prepared.” The use of technology is a great aid. As Jim calls it, CCTV is ‘the eye in the sky’. The CCTV control room can monitor the venue and let guards on the ground know about the overview of any situation. Stephen Marsh, from video security manufacturer Dallmeier, says that each venue and industry sector will have different technological requirements in terms of security cameras. “The solutions provided are location and application specific. Each leisure industry sector has its own challenges and requirements. These could range from lighting, to infrastructure or access. There is no true, out-of-the-box solution. Each system has to be designed with the project locations in mind.” According to Marsh, the technology trend in CCTV is a migration to HD. With the increased
Geny Caloisi looks at the best forms of leisure industry security and how to properly deal with the public
Security people have to be visible and show authority, but at the same time they need to be reassuring and have a smile on their face
23
www.risk-uk.com
EDIT article 4 nov13_riskuk_nov13 06/11/2013 11:55 Page 4
Leisure industry security
The value of electronic items we carry in our pockets on a daily bases, is a lot higher than it was some five years ago. This makes security in lockers more important than ever. The use of smart-cards is a growing trend to sort out this issue, says Jean-Paul Frenett from Access Control Security. “In places like gyms, we have noticed increasingly sophisticated systems to track members. Smart-cards are becoming more prevalent. In particular university gyms, or other large institutions that already use smartcard technology for payment and identification, are adopting this solution. This also facilitates automation at barriers and entry-points. The next step will be to use it for lockers.”
possible. Roland Hemming lists four principles to bear in mind when designing PAVA: 1 The systems should have no single point of failure – if one part breaks, the rest has to continue working. It is good practise to introduce redundancy audio circuits to avoid failure. 2 Asses your venue and check the rules of coverage and quality. The audio needs to cover the whole floor and the system has to be intelligible. 3 Keep an eye on it. IP networking and other monitoring resources will warn you if something is not quite right. Don’t ignore it. 4 Make your system is easy to use. Unskilled personnel should feel capable and comfortable about using the system. It is important to create a risk assessment with evacuation analysis tailored to the specific building, because they are all different.
The sound of order
In-store digital signage and security
Not everybody can clearly read written instructions in a sign, especially if they are far away or looking the wrong way, but almost everybody can listen. In public venues it is common practice to use public address and voice alarms (PAVA) as part of its security measures for evacuating premises during an emergency - such as fire, or just to direct people in the right direction. Roland Hemming, director at RH Consulting comments, “The implementation of PAVA has grown exponentially since the Hillsborough disaster of 1989, where 95 people were crushed to death. But now PAVA also has a secondary use. Today venues are taking advantage of the systems in place, to provide entertainment and make the experience more pleasing.” Hemming was in charge of planning and executing the PAVA for the London 2012 Olympics and Paralympics games. He explained: “The games were a kind of hybrid. It was planned as if it was a fixed installation, with very accurate and detailed parameters, but it was executed as a live event. It was important to have the venue’s audio system organised in independent zones. At a large venue, and especially at a popular international event, you might not want to evacuate everybody at once. Zoning is key. Dealing first with people that are in immediate danger and taking care of the rest later, can be essential to the right resolution of whatever the issue might be.” Audio announcements need to be intelligible and also instigate the appropriate action, allowing crowds to understand what they need to do next while trying to keep them as calm as
In the last three years, there has been a proliferation of digital signage screens in retail stores. These displays are used to promote products and provide customers with a better retail experience. So why not use this resource as a two-way street? Digital signage specialist AOpen and network video surveillance provider Axis have teamed up to do just that. Their product is called DS2, and it is designed for retailers and other commercial applications. It combines signage and surveillance. Gabriëlle Offringa, marketing manager AOpen Europe says, “We see surveillance as an important challenge for retailers. Shoplifting accounts for unnecessary losses. With the combination of signage and surveillance, retailers can use it as a marketing tool and at the same time, improve security measures and prevent theft.” DS2 allows a single player to connect up to six cameras. AOpen Digital Engine media player can power both the local signage network and the camera security feeds, making it cheaper. Axis IP 30FPS cameras are housed in a 59 x 95 x 41 form factor. Motion detection and sabotage alarm analytics help to ensure maximum device security. Customer service is important. Whether it is directing someone to the nearest toilet, or dealing with an emergency, security in leisure facilities must make sure that visitors feel welcome, safe and comfortable in the environment. Technology solutions can help to gain better control of the venue but they can’t be used in isolation, the human touch is needed.
resolution there is a potential to decrease the number of cameras installed. This saves on infrastructure costs as well as on-going maintenance costs.
Valuables at leisure centres
With the combination of signage and surveillance, retailers can use it as a marketing tool and at the same time, improve security measures and prevent theft
24
www.risk-uk.com
Project2_Layout 1 05/11/2013 12:00 Page 1
SOLID SECURITY SOLUTIONS
KEY CONTROL SYSTEMS CASH SAFES & SECURITY CABINETS FIRE SAFES & CABINETS KEYLEX MECHANICAL DIGITAL LOCKS CONVEX MIRRORS MASTER LOCK速 Telephone: +44 (0)1252 311888 Web: www.securikey.co.uk Email: enquiries@securikey.co.uk
EDIT article 5 nov13_riskuk_nov13 06/11/2013 11:56 Page 2
Careless with wireless? Is wireless the Trojan horse in your network security? ccording to Roger Klorese of WatchGuard technologies, smart phones and tablets now account for about 25% of devices used for work in the US. Wireless, mobility and BYOD are all part of an unstoppable wave, based on widespread consumer and remote worker usage. With the new faster wireless standard, 802.11ac, due to be ratified this year, and with 4G continuing to grow, demand for fast wireless in the workplace will increase inexorably. While this creates multiple opportunities, it also creates a great many challenges. If, for example, your existing wireless network is insecure, building on that base of sand is always going to fail. Historically, for many organisations, both large and small, wireless was a tactical solution to a user-driven demand for laptop (and subsequently smartphone and tablet) mobility in the office. As demand and users have increased, organisations have typically added more access points. Today, access points are a significant element of user LANs. While they may not carry the highest amount of traffic, they typically will carry a disproportionate percentage of business confidential information. The problem that this creates, particularly for smaller organisations, is that access points sitting inside the network, and connecting to it, are often perceived as being covered by many of the existing gateway security solutions. This can mean they are connected directly to the trusted network (internal LAN). Where this happens, it raises major security risks. There are also risks, even where wireless connectivity is managed through a separate virtual LAN (VLAN). Wireless has crept up on many organisations. From a situation where it was provided as an additional service for certain specified staff and as a guest service to provide internet access for visitors (and staff), it has gradually increased in importance. Today, with the upcoming multi Gbps 802.11ac wireless standard, we can now foresee a
A
Today, access points are a significant element of user LANs. While they may not carry the highest amount of traffic, they typically will carry a disproportionate percentage of business confidential information 26
www.risk-uk.com
fundamental shift from wired to wireless networks. The main problem with this is that the risk assessment and security deployed around wireless haven’t kept up with the pace of change. While many of the actual threats of wireless use haven’t changed, the increasing pace of deployment has significantly increased the risks to organisations. Companies are often unaware of the risks because they have multi-layered perimeter security in place and don’t realise that wireless access has subverted that security. In addition, a misplaced ‘shoal mentality’ still blinds users to the risks. They realise there are lots of hackers out there, but simply think that there are so many targets, it’s unlikely they will be the one who is attacked.
Potential risks Misconfiguration - Every time a new access point is added, there is the risk it may be misconfigured. If that happens, the rules that were put in place to protect the network won’t be consistently applied. Man in the middle attack - This type of attack is where someone presents an SSID (network address) that pretends to be something it isn’t, e.g. your company wireless name. The attackers intercept the name and password of users who are logging in, and pass them through, so it isn’t obvious what they have done. By the way, this is the risk that everyone who logs in at internet cafes, hotel lobbies, etc. takes. Connection by unauthorised users Unauthorised users may connect to the network. It may be disgruntled ex-employees, it may be through identity theft or through ‘man-in-themiddle attacks’. Most organisations are vulnerable because most organisations have something valuable on the network, such as credit card data, online banking information, confidential payroll details, or information helpful to a competitor. Insertion of malicious code or theft of code via a wireless connection - Access directly onto the trusted network creates a vulnerability for data stealing programs, as well as for data destruction programs - particularly by disgruntled individuals and ex staff. Data-stealing apps on mobile devices - While Apple isn’t immune, the problem of malicious apps is particularly pernicious on Android devices. Rogue access points - Well-meaning employees (and sometimes less well-meaning) can put up additional wireless access points to provide wider coverage, without management permission or awareness, creating security risks.
EDIT article 5 nov13_riskuk_nov13 06/11/2013 11:56 Page 3
Network Security
The TKMaxx fraud - And, of course, there is the never to be forgotten TKMaxx credit card fraud when hackers accessed data on 45 million payment cards, through an unsecured wireless LAN.
Wireless security With wireless and mobility becoming ever more ubiquitous, now is a good time to review the risks, security policies and protection that are in place. Most companies have policies for wireless and mobility that are out-of-date. Since it is the statement of and management of policies that drives employee behaviour, out-of-date and unsupervised policies will almost certainly lead to incorrect employee behaviour, when it comes to mobile security. Reviewing policies, perhaps doing that with some power users who understand what’s happening with technology and apps, not only gives a clear message to the business that you are serious about mobile security, but can often be a very interesting and enlightening experience. It is also important for users to be aware that wireless security is not only considered essential, but will also be managed and reported on. The wireless risk profile changes as usage increases and more users are enabled. Many of the threats have changed and migrated down from enterprises to smaller businesses. However, many organisations have not reviewed their wireless and mobility risks in line with increasing wireless use. They are often rolling out increased access and access points without considering the security implications. For those with PCI or data security considerations, a security review is essential. There are a whole range of things that organisations can do to secure their devices, and mobile networks - too many, in fact, for the scope of this feature. Everything starts with reviewing policies and appreciating some of the risks. At a practical level, there are some quick wins. Use your laptop, tablet or phone to scan for network connections and make sure that that all network addresses under your company name are yours. As additional security consider changing the SSID (Network ID) to something other than your company name. • Make sure all connections are over a secure VPN • Ensure that all connected devices have at least anti-virus security, including all tablets and smartphones. Suppliers such as Kaspersky and McAfee have solutions in this area.
The wireless risk profile changes as usage increases and more users are enabled. Many of the threats have changed and migrated down from enterprises to smaller businesses • Use two-factor authentication to protect against ID theft. VASCO and SafeNet are just two of a number of solution suppliers in this area, many of which can use a mobile phone as the token. • As an absolute minimum, require all users to have a PIN on their devices. Much of the risk with wireless is around having unregulated (unsecured) devices inside the security perimeter, causing a breach of firewall/UTM (unified threat management) gateway protection. One solution is to use a firewall/UTM which can integrate with wireless access points, creating multiple security benefits. WatchGuard systems, for example, are multi-function firewall appliances, which typically include a firewall, intrusion prevention, application control, web and spam blocking, spyware blocking, anti-virus, VPN and encryption. They allow for firewall/UTM and access point integration. Firewall/UTM and access point integration means that: • Firewall policies are also applied directly to and through all access point traffic, so you have one policy applied on the wired and wireless network. • One management console can be used for managing and reporting on access point traffic, as well as gateway traffic • All wireless users can be required to use an encrypted VPN connection.
Author: Ian Kilpatrick is chairman of Wick Hill Group
Conclusion The continuing shift to wireless, and the increased need to secure against data leakage (DLP), is a trend that will accelerate. One of the quickest ways to improve security is by the direct integration of access points into perimeter firewall defences. However, this is an area where threats continue to change and therefore risks continually alter. Some of the above suggestions will give some quick wins, but a security review in conjunction with your IT supplier is essential, particularly as the threats created by mobile devices are significantly broader than just the wireless issues.
27
www.risk-uk.com
Project1_Layout 1 06/08/2013 12:13 Page 1
Security solutions for today’s challenging times
Consultancy Operational Consultancy Manned Guarding Training Information and Intelligence Communications Support Technical Systems Equipment
Global economic pressures are forcing organisations to review expenditure across the board. But, the security issues remain the same. So, do you cut your security? Pilgrims offers a complete and complementary range of security, communications and support services, backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover. Our expertise and global experience allow us to deliver robust, practical solutions for today’s challenging financial climate.
For more than ten years, Pilgrims has been supporting clients across the globe, protecting and enabling their businesses to continue in spite of threats from terrorism, serious organised crime and natural disasters. Our personnel are handpicked for their experience, skills, training and personality to match the requirements of our clients. This, combined with our continual exposure to the world’s hot spots and difficult regions, makes Pilgrims the ideal choice for advice and support. Pilgrims provides a global service, with local knowledge through our employment of local personnel, quality control, continual ongoing training and our relationships with specialists and local partners.
We can help you find the right solution. Call Pilgrims on: +44 (0)1483 228 786 www.pilgrimsgroup.com
EDIT cyber news nov13_riskuk_nov13 06/11/2013 13:32 Page 3
Cyber and Data News
Dispelling myths around data protection law Dell SecureWorks and European law firm Field Fisher Waterhouse (FFW) have released a white paper about data protection laws and how organisations can use Managed Security Service Providers (MSSP). The white paper identifies four myths surrounding the approaches that EMEA based organisations take towards data handling. The myths are often attributed to concerns that using a MSSP is inconsistent with data protection laws. The myths are: • Using a third party to process personal data isn’t permitted • Transferring data outside of the European Economic Area (EEA) can’t happen under any circumstances • Organisations can’t use cloud-based services for processing or storing any personal data • Foreign Security and Law Enforcement Authorities (LEAs) automatically have access to personal data The security landscape is becoming tougher; the increase in the volume and types of cyberattacks is making it harder for organisations to protect themselves and the laws governing data are becoming stricter. Many organisations use external security service providers like MSSPs to ensure compliance with country level, EMEA and global laws. The white paper explains why and how legislation supports this. Peter Heim, sales director EMEA, Dell SecureWorks comments: “Changes to the workplace such as mobile working, the move to cloud based services and trends such as BYOX mean that security teams have to contend with threats from all angles. The European data protection laws have some of the highest standards in the world, and so it’s crucial that businesses understand what steps they are expected to take to protect data and how this can be done efficiently and cost effectively. “There are a multitude of extremely complex laws and many organisations are confused by which laws they need to comply with and how they do this. This white paper, which has been prepared in collaboration with FFW, who are experts in regulatory law, helps to clarify an increasingly complicated business critical issue and guide implementation, protection and compliance in the right areas.” Stewart Room, partner, Field Fisher Waterhouse adds: “Compliance with security and data protection laws is vital but many business leaders don’t know where to start when considering these intricate laws. It is no wonder businesses lack clarity as the
Cyber and Data Security News requirements vary for different countries, within the EEA and globally. We have developed this white paper with Dell SecureWorks to provide guidance and reassurance for organisations and we have found that the laws in EMEA support the use of external providers such as good quality MSSPs which provide better data security because of their enhanced level of expertise, awareness and threat intelligence.”
Directive could cost organisations £billions A study from Tripwire and the Ponemon Institute has revealed that many of the world’s largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organisations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. Unless they take action, the top 10 companies in UK could collectively be fined as much as £20.34 billion based on revenue of £1017.1 billion based on their latest published results. The directive, which was adopted in July this year, will require that organisations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities. Organisations that suffer a breach because they do not have sufficient IT security in place to protect their digital assets face fines of up to two percent of their annual global turnover. However, Tripwire’s study, which looked at security management of 1320 IT security professionals working in healthcare and pharmaceuticals, financial services, the public sector, retail, industrial, services, technology, software and communications or education and research, revealed that most organisations are under prepared for the Directive and therefore at risk of being fined. Dwayne Melancon, CEO at Tripwire, said: “The new EU Directive has the potential to have a huge global impact because it applies to any organisation which operates in the EU, even if they are headquartered elsewhere in the world. Countries have been given two years to put the EU Directive into place and organisations should be using this time to tighten their security programs; ensure that incident detection and response processes are in place and effective; and harden their systems, applications, and networks to reduce the risk of breaches.”
29
www.risk-uk.com
EDIT cyber news nov13_riskuk_nov13 06/11/2013 13:32 Page 4
Cyber and Data News
Mobile ad library threatens privacy FireEye researchers have warned that a rapidly growing class of Android mobile ad library is collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand, remotely. Affecting apps with over 200 million downloads in total, this unnamed ad library, has been dubbed as "Vulna." “We have analysed all Android apps with over one million downloads on Google Play, and we found that over 1.8% of these apps used Vulna,” says FireEye, “These affected apps have been downloaded more than 200 million times in total.” Ad libraries enable apps to host advertisements. FireEye has coined the term “vulnaggressive” to describe this class of vulnerable and aggressive characteristics. Most vulnaggresive libraries are proprietary and it's hard for app developers to know their underlying security issues. Legitimate apps using vulnaggresive libraries present serious threats for enterprise customers. FireEye has informed both Google and the vendor of Vulna about the security issues and they are actively addressing it. Though it is widely known that ad libraries present privacy risks such as collecting device identifiers (IMEI and IMSI), and location information, Vulna presents far more severe security issues. First, Vulna is aggressive - if instructed by its server, it will collect sensitive information such as text messages, phone call history, and contacts. It also performs dangerous operations such as executing dynamically
downloaded code. Second, Vulna contains a number of diverse vulnerabilities. For instance it transfers user’s private information over HTTP in plain text, which is vulnerable to eavesdropping attacks. These vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing twofactor authentication tokens sent via SMS, or turning the device into part of a botnet. There are many possible ways an attacker could exploit Vulna’s vulnerabilities. One example is public WiFi hijacking: when the victim’s device connects to a public WiFi hotspot (such as at a coffee shop or an airport), an attacker nearby could eavesdrop on Vulna’s traffic and inject malicious commands and code. Attackers can also conduct DNS hijacking to attack users around the world, as in the Syrian Electronic Army’s recent attacks targeting Twitter, the New York Times, and Huffington Post. In a DNS hijacking attack, an attacker could modify the DNS records of Vulna’s ad servers to redirect visitors to their own control server, in order to gather information from or send malicious commands to Vulna on the victim’s device. FireEye concludes, “Vulna’s aggressive behaviours and vulnerabilities expose Android users, especially enterprise users, to serious security threats. By exploiting Vulna’s vulnaggressive behaviours, an attacker could download and execute arbitrary code on user’s device within Vulna's host app.” A solution has not yet been talked about.
Malware creation on the rise Panda Security has reported that malware creation reached record levels in the second quarter of the year. The company’s Quarterly Report for Q2 2013, drawn up by PandaLabs, said that Trojans continued to account for most infections, and shows a worrying increase in malware targeting the Android platform. According to PandaLabs, Trojans continue to be the most popular threat, accounting for 77.2 per cent of all new malware created and 79.70 per cent of malware infections; that is, almost eight in ten users are infected with a Trojan. Another interesting fact is that the amount of new malware samples continues to rise. In the second quarter of 2013, 12 per cent more malware was created than in the same period last year, and when the data for the first and second quarters of 2013 is taken together, the increase on 2012 reaches 17 per cent. Luis Corrons, technical director of PandaLabs explains: “Cyber-criminals use Trojans as a key tool to infect users, continually introducing changes to avoid detection and in many cases, automating the process of changing the Trojan. They use scripts and special tools in order to change the binaries run on victims’ computers to evade the signature-based detection used by antivirus firms.” Analysing all infections around the world, the numbers are similar to those for the new malware samples created: Trojans (79.70 per cent), viruses (6.71 per cent) and worms (6.06 per cent). In the second quarter of 2013, the global infection ratio was 32.77 per cent, which was up on the first quarter (31.13 per cent). As for the data for individual countries, China once again topped the table (52.36 per cent), followed by Turkey (43.59 per cent) and Peru (42.14 per cent). On the other end of the spectrum, Europe continues to have the lowest infection rates. Sweden (21.03 per cent), Norway (21.14 per cent) and Germany (25.18 per cent) are the countries with the lowest infection rates. The only non-European country in the Top Ten was Japan, in fourth place with 24.21 per cent, followed by the UK with 24.48 per cent. The study warned that cyber-criminals try to exploit newsworthy events to spread malware and said that social networks are the new battleground of cyber-activists.
30
www.risk-uk.com
EDIT ria nov13_riskuk_nov13 06/11/2013 11:57 Page 1
Risk in Action
Period property protected The National Trust has partnered with Chubb Fire & Security UK for fire prevention and detection solutions to protect Lanhydrock House in Bodmin, a period property set on almost 900 acres, with some parts of the GradeI-listed building dating back to the 1620s. The dangers of fire are by no means unknown in the house’s history. In 1881, a fire started in the kitchen chimney and was spread by high winds, destroying many of the house’s Jacobean features. Later it was refurbished in high Victorian style, with a number of fire safety precautions introduced that still survive today. The National Trust was keen to preserve the property and its history, including the priceless Jacobean ceiling in the Long Gallery of the north wing, which survived the 1881 fire. The National Trust, which has managed the house since 1953, has recently implemented fire safety works and turned to Chubb to upgrade its detection technology. “We installed detectors throughout the property and in a church on the grounds that is also connected to the fire alarm system, all to British Standard L1 requirements. In the event of a fire, staff are alerted by pager and the addressable system means that the location of the fire can be pinpointed to a specific zone,” said Will Carter, Business Development Manager, Chubb. “Naturally, as this house is a Grade-I listed property with many irreplaceable features, I have a responsibility to ensure that any suppliers we work with fully recognise the implications of any work carried out, and are respectful both of the property and the ongoing efforts of our conservation staff,” said Paul Holden, House and Collections Manager, Lanhydrock House. Following the two-year project to make Lanhydrock House one of the most fire resistant heritage attractions in the country, it has been awarded a certificate of passive fire resistance, which recognises the fire prevention qualities of the vertical and horizontal fire compartments that we were created throughout the property. www.chubb.co.uk
Risk in action Brewery upgrades to HD IP surveillance The Rebellion Brewery has upgraded its surveillance capability to a full-HD and networked DirectIP surveillance solution to safeguard staff and visitors while protecting its multipurpose facilities. Integrators Evolution Security Systems completed the installation project, including handover and training of Rebellion staff. The Rebellion Brewery is taking advantage of DirectIP network video recorders (NVRs) together with a range of two mega-pixel and weatherproof dome cameras utilising night vision capability to protect its merchandise and gift shop, brewing museum and production line producing over 70,000 pints of beer a day. The IDIS Mobile App allows the Rebellion management team to retrieve video footage and remotely live-view on mobile devices, while the push notification feature provides instant alerts to alarms and pre-set events on the move and out of hours. Commenting on the project, Tim Coombes, Co-owner of The Rebellion Brewery, said: “The DirectIP solution fulfils every need the brewery had in terms of our safety and security requirements while providing all the benefits of HD and IP-enabled surveillance.” John Wust, Founding Director at Evolution Security, said: “With the installation and handover only taking a day, DirectIP has proven to be far less complex than other IP surveillance systems. IDIS has eliminated the hassle of configuring IP addresses and in doing so removed any chance of error.” www.idisglobal.com
Olympic Park secured between events Onwatch has deployed three Tower Light TL Security Systems to help guard the Olympic Park in East London. The system is on a long-term hire to the park’s custodians and will help to protect the area from trespass, vandalism and other form of anti-social behaviour. As the Olympic Park is often unmanned between events, close security is vital. Therefore Onwatch has provided the site with a TL mobile master unit accompanied by three portable slave units, wirelessly linked together. The system includes 24/7 CCTV infra-red monitoring, with a zoom and spin facility, which gives images both throughout the day or during the dark of the night. In addition, the module is able to make audio announcements to warn away intruders and has the ability to instantly contact a mobile patrol or, if necessary, the Police. The Olympic Park TL security set-up is remotely connected, via ADSL and 3G, to the Onwatch Worldwide Monitoring Service. The TL Master Security Tower is a mobile, self-powered unit which will run for up 700 hours on a single tank of fuel and the three slave units are connected to the master by a single, heavy-duty mains cable. The CCTV camera system is fitted to a vertical hydraulic mast with a public address system, anti – climb bracket, heat and movement detectors, multi directional WiFi and a siren and strobe. www.towerlight.co.uk
31
www.risk-uk.com
EDIT ria nov13_riskuk_nov13 06/11/2013 11:58 Page 2
Risk in Action
Securing the Golden Arches Assa Abloy Security Doors has supplied a bespoke steel high security fire door to protect a McDonald’s restaurant in the Midlands. Installed at one of the burger chain’s restaurants in Birmingham, the steel doorset was manufactured at Assa Abloy’s site in Lisburn, tailoring its design to the security and access needs of the restaurant. Accounting for building security, the steel door was installed to the external back-ofhouse entrance, protecting both personnel and personal property in the staff-only areas. The doorset can withstand the spread of fire for between 30 and 60 minutes, successfully certified by Bodycote Warringtonfire in accordance with Certifire, ensuring the safety of staff and patrons of the restaurant in the event of an emergency, facilitating a route of safe exit. Stephen Wilkinson, Area Sales Manager for Assa Abloy Security Doors, said: “It is always interesting when a project requires a balance of objectives. At this particular McDonald’s, we were aiming to maintain the friendly family atmosphere, whilst protecting the building and its users from intrusion or fire risk. Tailoring the door to blend in with the building exterior, the result was unassuming in its appearance, yet robust in its performance, accounting for both fire safety and security, at the same time as providing easy access for members of staff. “Like many inner city spaces, the area surrounding the restaurant sees its fair share of petty crime and vandalism. We needed to ensure the protection of both McDonald’s’ staff and patrons, in order to maintain the great experience enjoyed by their customers. Despite the challenging location, we have made that happen,” concludes Stephen. www.assaabloy.co.uk/securitydoors
New operations centre fits video wall display Cloud and IT services provider Exponential-e has recently relocated its headquarters to an east London location that features facilities with new equipment, including the Panasonic TH-55LFV50 video wall display, to provide an end-to-end service. Configured in a 2 x 4 array and forming a part of the 24/7 Network Operations Centre, the Panasonic TH-55LFV50 enables Exponential-e’s network engineers to visualise multiple data sets such as incoming tickets, service statuses and active mapping of POP server locations at one time, increasing efficiency in problem solving and in-turn maximising customer satisfaction. “We provide network connectivity to our customers and many of them can’t afford any downtime; if there is a problem we need to be on top of it straight away. The Panasonic video wall is an essential tool for our business as it allows our engineers to view a range of data at one time to quickly and efficiently solve problems and keep customers happy,” said Chris Harris, IT Infrastructure Manager at Exponential-e. “In our previous office we had standard plasma screens, but they had large bezels that restricted our view of content and got very hot which made our engineers uncomfortable. The Panasonic displays had the narrowest bezel-to-bezel (5.3mm) gap, the LCD D-LED panels were much more heat and energy efficient and the high picture quality and brightness of the displays meant that even small text could be seen from a distance.” The company also required a much more configurable solution than their previously limited setup, to facilitate the process of viewing different sets of data. The Panasonic TH-55LFV50 solution newly enabled the engineers to intuitively manipulate the data sets and stretch them across multiple screens using only their fingertips and a touch screen device. Additionally, they were able to create configuration profiles which they could effortlessly switch between to meet the requirements of the 24/7 business’s shift patterns. “The Panasonic video wall is not only essential for our Network Operations Centre engineers, it is a great tool to show customers as it gives them the reassurance that we’ve got their network in our hands. We needed something highly functional that also had that “wow” factor and the TH55LFV50 fitted the bill on both those levels,” Harris added. business.panasonic.co.uk
32
www.risk-uk.com
Project2_Layout 1 05/11/2013 14:37 Page 1
PRODUCT SHOWCASE
AQUARIUS FEATURES DUAL TECHNOLOGY EXTERNAL SENSOR
WATERPROOF
Utilizes microwave and infrared detection technology for high performance.
INFRARED ANTIMASKING
Completely waterproof with IP65 rating for the XL model & IP61 for the XS.
RANGE
Prevents any attempts to mask the infrared signal.
Has an operating range of 12 metres for the XL model and 8 metres for the XS model
MICROWAVE ANTIMASKING
DETECTION FUNCTIONALITY
Prevents any attempts to mask the microwave signal.
Can be set up to operate either in ‘curtain’ or ‘corridor’ mode.
PET IMMUNITY
TEMPERATURE COMPENSATION
Small animal pet immunity (optional)
Special algorithms automatically optimize detection performance when outside temperature changes.
XL
XS
Height: 110mm Width: 46.5mm Depth: 44mm
Height: 110mm Width: 41.5mm Depth: 44mm
CONTACT US NOW FOR MORE INFORMATION ON Office +44 (0)1604 648 344 Email info@gpsperimeter.co.uk Web www.gpsperimeter.co.uk
ADVERTISING FEATURE
Over 60% of all fines issued by the Information Commissioner’s Office (ICO) relate to the use of un-encrypted email, often being sent to the wrong recipient.
U
www.cryptshare.com/riskuk
n-encrypted e-mail can be viewed a bit like a postcard where the content is immediately available to anyone who can see it - including the postman or nosey neighbour, or the wrong recipient! Insecure email is also about to get a lot more expensive with the European Data Protection Framework (EDPF), which is expected to come into force in 2014, carrying penalties of up to 2% of annual turnover for those found not to have taken the necessary action to prevent the data loss by establishing the necessary procedures and technical infrastructure. A further issue that results in data loss is
that email does not handle large attachments at all well, causing users to send large files, those carrying the most data, via ever more insecure, and often much more expensive methods such as couriers, USB, consumer grade cloud services and USB sticks or DVDs. But how can we operate without e-mail. It’s our favorite tool, we’re all used to it, it’s universally available and it’s easy to use. We can even receive it on our mobile devices so we have access to it wherever we are. Solve the security and file attachment problems and e-mail is an effective tool rather than a major vulnerability. Cryptshare enables users to exchange fully encrypted emails and file attachments of unlimited size with anyone and from within existing email solutions such as MS Outlook and IBM Notes. Furthermore Cryptshare complies with all existing ICO requirements. Simply put, in addressing both issues, Cryptshare makes e-mail better. To find our more or start a free trial go to www.cryptshare.com and click Risk UK
EDIT ria nov13_riskuk_nov13 06/11/2013 11:58 Page 4
Risk in Action
Immediate response at VW site An Aimetis Symphony system is providing video surveillance and analytics for Volkswagen’s manufacturing plant in Germany. Volkswagen Sachsen produces 1100 vehicles a day and employs over 6000 staff at its site in Zwickau, Germany. Aimetis Symphony was installed by Aimetis Certified Partner, VST GmbH at the manufacturing plant, to provide video surveillance with effective video analytics. Staff and customer safety were paramount, but the system also had to prevent or investigate vandalism and theft of automotive components and vehicles. The site’s existing CCTV cameras, mostly outdoor PTZ domes, were integrated into the Aimetis system. Many new IP cameras were installed to monitor the delivery truck loading bays; the car park for postproduction vehicles; the customer-service centre and other critical areas. Video images were then transmitted to a remote monitoring centre, for real-time observation and management. Accuracy of video analytics was vital, especially with outdoor cameras open to differing weather conditions, such as rain, snow and strong winds. Aimetis Symphony video analytics detect and alert operatives to any suspicious activity, like loitering or people entering restricted areas. This prevents potential incidents and allows an immediate, appropriate response to actual ones. The system triggers PTZ cameras to zoom in on intruders, turn lights on or sounds an alarm. All event images are viewed in realtime and stored. The result is that there are virtually no false alarms for Volkswagen. Video analytics can be applied to live cameras, or retrospectively to already recorded video data, to equal effect. Video metadata, not full video files are interrogated, making the searching and retrieving of data extremely fast, whilst still providing Full HD video evidence when required. The new system operates as a deterrent, detection and evidential tool and Volkswagen now has a site security management system, which may be networked with other Volkswagen sites. www.securitybuyinggroup.co.uk
34
www.risk-uk.com
HMS Belfast gets the message across HMS Belfast has installed an integrated voice alarm and public address (VA/PA) system from Notifier by Honeywell, in order to provide messaging and safety information. The VA/PA solution was designed and installed by Notifier ESD Powerpoint Fire Systems. The VA/PA system includes a total of twelve circuits, with two circuits for each of the public, function and staff zones, both fore and aft. The ship’s design meant that it was impossible to route cabling directly between speakers, with the result that 12,000 kilometers of cabling was required to link all the speakers throughout the ship. The choice and positioning of the speakers was critical in a complex multi-level environment with many narrow corridors and metal surfaces. The solution includes an override facility, which provides staff in each zone with appropriate emergency messages to enable them to evacuate visitors quickly and safely in the event of a fire-related incident. An automated messaging system also provides customised messages advising visitors when the ship is due to close for the day, replacing the previous manual system, as well as a radio mic enabling live messages to be broadcast when required. “The VA/PA installation on HMS Belfast reinforces the importance of voice within an integrated information system, as part of an effective fire safety solution for any public venue,” says Derek Portsmouth, national sales leader, UK & Ireland, Notifier. www.notifierfiresystems.co.uk
Project1_Layout 1 01/08/2013 12:11 Page 1
Bringing together the entire security buying chain In 2014 IFSEC International, the largest and longest running security event moves to a truly international venue. With more than 40 years at the heart of the security industry, reČľecting innoYatiYe industry trends and SroYiding insight into the Oatest technoOogy to NeeS Eusinesses and goYernments secure Put the date in your diary now! www.ifsec.co.uk/add2014
IFSEC International is Sart of
PROTECTION & MANAGEMENT Week
WWW.IFSEC.CO.UK
17-19 JUNE 2014 ExCeL LONDON
EDIT tif nov13_riskuk_nov13 06/11/2013 11:59 Page 2
Technology in Focus Increasing road safety outside schools Videalert has introduced a digital CCTV system for the enforcement of stopped vehicle offences, designed to reduce the incidence of stopping and parking on the zig-zag lines outside schools. Without any human involvement and using a single camera, the Videalert system continuously monitors the restricted area and automatically zooms in to capture the number plate of any vehicle that stops during the period of time defined by the local traffic order, typically twice a day during the school opening and closing hours. The camera then automatically zooms out and captures relevant parking signage and the video evidence pack is transmitted to the council for review, before automatically generating a PCN. An additional benefit of the system is that it can also record video outside schools 24/7, providing further protection to pupils, staff and premises. www.videalert.com
Surveillance software mimics brain Sighthound has launched Sighthound Video, software that reportedly mimics the way the human brain works to differentiate humans and objects. The system has been trained to simulate the human brain’s recognition abilities and not only detects motion, it detects people. The software’s ability to detect and differentiate humans from animals or other objects reduces the number of false positives and unnecessary alerts sent to users, which can make even the most modern security cameras unusable. The video security software works on Macs, PCs, iPads, iPhones and Android without the need for browser plug-ins or mobile downloads. After installation, it finds most cameras automatically. Users can have remote access to their videos by creating secure links to the software and can search through days’ or weeks’ worth of video in seconds to find specific events. The software creates clips file of all actions triggered by the set up rules. www.sighthoundlabs.com
Vandal resistant dome launched Samsung Techwin’s WiseNetIII 2MP Full HD network vandal-resistant dome camera, the SNV-6084, is designed to work in severe weather conditions as well as being resistant to physical attack. The SNV-6084, which is IK10 vandal resistant and weatherproof to IP66, can withstand temperature variations of -50°C to +55°C. Both the SNV-6084’s camera and its in-built heater can be powered by standard PoE (Power over Ethernet), negating the need for the installation of separate cables for power and image transmission, or additional costly midspans. Equipped with a 3-8.5mm motorised varifocal lens, the ONVIF conformant SNV-6084 is a true Day/Night camera with an infra-cut filter. It is designed to capture images at a frame rate of 60fps at 1080p and features enhanced Wide Dynamic Range which with performance greater than 120dB can produce images in scenes that simultaneously contain very bright and very dark areas. www.samsungsecurity.com
36
www.risk-uk.com
Enhanced PSIM software platform VidSys has released version 7.5 of its PSIM software platform to provide increased flexibility and customisation for an “enriched” experience for both administrators and security operators. The updated features – including mapping enhancements, advanced search capabilities and other operational enhancements – will help users more easily manage and respond to events, allowing for better situation management and improved response times. Offering geocoding, the VidSys PSIM software 7.5 offers enables operators to identify locations of interest based on address look-up for faster situational awareness. In addition, users now have the ability to create shared global or private salvos for real-time collaboration between multiple users or agencies. www.vidsys.com
EDIT tif nov13_riskuk_nov13 06/11/2013 11:59 Page 3
Technology in Focus
Wireless range enables greater throughput
Camera range to keep expanding The IP 5000 camera family from Bosch features cameras with up to five-megapixel resolutions. By the end of 2013 the range will consist of thirteen cameras in four different designs: micro domes, bullet, indoor and outdoor domes with a variety of resolutions for different image detail requirements and SD card storage options. Options for outdoor installation include vandal resistance, water and dust-proof enclosures, and IR LEDs for night time monitoring. Varifocal lenses also simplify adjusting the field of view. The cameras incorporate two bandwidth reduction technologies. Firstly, intelligent Dynamic Noise Reduction (iDNR) adapts the degree of noise reduction real-time based on an analysis of the contents of a scene. For example, bandwidth is reduced by up to 50 percent when no motion is present. As soon as an important object is detected, bandwidth increases to capture maximum detail. Secondly, bandwidth is further reduced by way of area-based encoding that enables compression parameters to be set for up to eight user-definable regions. This means less interesting regions are more highly compressed, leaving more bandwidth for the important parts of the scene. Further, two regions of interest can be selected and controlled by remote electronic pan, tilt and zoom (e-PTZ). The combination of these special streams with the main stream allows for closer inspection of details while retaining situational awareness.
The wireless HT range from KBC Networks is designed to enable customers to obtain greater throughput over their wireless links having been demonstrated to provide useable throughput in excess of 230Mbps across a wireless link and the units also feature a Gigabit port making them ideal for backhaul and megapixel camera installations. The series is available in all of KBC’s wireless formats: point-to-point, point-to-multipoint and redundant ring mesh with both passive PoE and 802.3af/at PoE variants. The products also boast the same plug-and-play design as KBC’s existing WESII and MeshII ranges. The HT range units feature KBC’s antenna alignment and mapping tools to ensure optimum system setup. www.kbcnetworks.com/ht
VMS even easier to deploy! Milestone Systems has announced the next versions of its products: XProtect Essential 2013, XProtect Express 2013, XProtect Professional 2013 and XProtect Enterprise 2013. XProtect Professional 2013 provides security operators with a graphical overview of the entire installation from a single interface, empowering them to react quickly to incidents and efficiently manage alarms. The Alarm Manager ensures users are notified when unwanted behaviours occur. The new product offerings are designed to simplify initial deployments of XProtect and to enable users at different skill levels to set up a Milestone IP video solution. This helps distributors to broaden the offerings of XProtect so the benefits of IP video surveillance are available to a more varied reseller audience. The new configuration procedure removes the challenges and decreases the time needed to initially deploy and set up the system. This gives installers more time for the rest of their business and helps integrators who primarily install analogue systems to feel comfortable working with Milestone XProtect VMS, even without IP network and IT skills. www.milestonesys.com
www.boschsecurity.com
HD real-time mini box camera The MDF4220HD from Dallmeier is a mini box camera (50mm width) with a 1.3 megapixel CMOS image sensor providing HD video in real-time (720p/30fps), using the H.264 codec. The unit is a hybrid camera which can send HD video over IP and analogue SD video via BNC simultaneously. Equipped with a 1/4” tripod socket located on the top and bottom side, the MDF4220HD fits all standard brackets with UNC threaded screws. Due to its compact design and the included mounting brackets, the mini box camera is also ideally suited for installations in automated teller machines (ATMs). The HD mini box camera is characterised by its Wide Dynamic Range (WDR) and ability to capture images with colour fidelity and detail reproduction even in scenes with a wide range of contrast and strong backlighting. www.dallmeier.com
37
www.risk-uk.com
EDIT tif nov13_riskuk_nov13 06/11/2013 12:00 Page 4
Technology in Focus
Vandal and weather-proof dome for all environments D-Link has extended its portfolio of full HD vandal and weather-proof IP surveillance cameras with the introduction of the full HD WDR Varifocal Day & Night Outdoor Dome Network Camera (DCS6314), which features a built-in heater and water-shielded, resistant casing to protect against vandalism and harsh weather conditions. Wide dynamic range (WDR) technology enables the capture of footage in most lighting conditions and for around-the-clock surveillance the camera’s 15-metre IR LED illumination captures images at night time. Additional features like video management software bring benefits such as the ability to zoom into a target area, to see an object in more detail than through normal viewing. The camera’s varifocal lens ensures the viewing angle and optical zoom ratio are optimised for its environment. With Powerover-Ethernet (PoE) support, the camera can be connected and powered with a single Ethernet cable to further simplify installation. A Micro SD/SDHC card slot provides the option of on-board storage, eliminating the need for a PC or network storage device. www.dlink.com/uk
NVR includes management tools and mobile viewers AVer has announced the release of the E5016 NVR, a Linux-based network video recorder that delivers a performance throughput of 120Mbps with 16 channels at up to 5MP and 30fps per channel, ensuring no detail is missed. It includes camera features such as region of interest, smart stream, motion detection and privacy zones to simplify operation alongside intelligent streaming to allow users to preview all 16 channels in real time. Four removable HDD trays and RAID support enhance storage capacity and reliability, with further capacity available via e-SATA interface with direct-attached storage performance. With
38
www.risk-uk.com
Open IP, non-proprietary access control for 2014 release Axis Communications has entered the physical access control market by introducing a network door controller with built-in web-based software. The A1001 Network Door Controller which will be launched in the UK in 2014 is a non-proprietary, open IP-based access controller. It is a platform for two different solutions. Axis Entry Manager (AXIS A1001 with built in software) is a ready-made solution for small- to mid-sized businesses with typically ten doors and basic access control requirements. For larger enterprise systems, the A1001’s open application programming interface enables Axis’ Application Development Partners (ADP) to meet specific customer requirements. Further features of the A1001 Network Door Controller include open architecture that allows easy integration of video, intrusion detection and other systems, support for Power over Ethernet to reduce the need for separate power cables and proprietary cables and also the ability for cardholder data and system configurations to be automatically stored and synchronised between controllers and managed from any computer in the system. www.axis.com tri-codec compression, this equates to non-stop recording on all channels at full HD 1080p resolution for around a month. The E5016 is easy to set up and use, with plug and play support and an intuitive, user-friendly GUI that offers simplified click-and-drag preview selection and a range of smart tools to significantly reduce training time and related costs. Also included are a range of remote access and management applications, including AVer’s CMS (central management software) to offer control over configuration of remotely connected cameras, including remote recording and playback. Additionally, AndroidViewer and iViewer mobile applications allow users to monitor and control events from a smartphones or tablets in real time. www.aver.com/uk
nov13 dir_000_RiskUK_sep13 06/11/2013 13:18 Page 1
Best Value Security Products from Insight Security www.insight-direct.co.uk Tel: +44 (0)1273 475500 ...and lots more Computer Security
Anti-Climb Paints & Barriers
Metal Detectors (inc. Walkthru)
Security, Search & Safety Mirrors
ACCESS CONTROL
Security Screws & Fastenings
Key Control Products
Empty Property & Lone Worker Alarms
Traffic Flow & Management
see our website
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL
ACT Unit c1 South city Business centre Tallaght D.24 Ireland www.accesscontrol.ie tel: 00 353 1 466 2570 UK Lo Call Number: 0845 300 5204
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES
HTC PARKING AND SECURITY LIMITED
ACCESS CONTROL
APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8
4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk
ACCESS CONTROL
INTEGRATED DESIGN LIMITED
ACCESS CONTROL
KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk
Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED
ACCESS CONTROL
COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com
Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk
AUTOMATIC VEHICLE IDENTIFICATION ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com
ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS
HEALD LTD HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems
Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com
ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS
NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com
ACCESS CONTROL – BARRIERS, GATES, CCTV
ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV
ACCESS CONTROL – MANUFACTURER
FRONTIER PITTS
ROSSLARE SECURITY PRODUCTS
Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com
Bletchley Park, Milton Keynes, MK3 6EB Tel: 01908-363467 Email: sales.uk@rosslaresecurity.com www.rosslaresecurity.com ISO 9001 and ISO 14001 Certification
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com
Rosslare Security Products manufactures the Security Industry’s largest and most versatile range of Proximity and Smart Card readers.
MANUFACTURE STANDALONE ACCESS CONTROL PRODUCTS PSU’S, KEYPADS, ELECTRIC LOCKS, BREAKGLASS, EXIT BUTTONS
RGL ELECTRONICS LTD “Products to Trust – Power to Help” Pelham Works, Pelham Street, Wolverhampton WV3 0BJ Sales: +44 (0) 1902 656667 Fax: +44 (0) 1902 427394 Email: info@rgl.co www.rgl.co
www.insight-direct.co.uk Tel: +44 (0)1273 475500
nov13 dir_000_RiskUK_sep13 06/11/2013 13:18 Page 2
BUSINESS CONTINUITY BUSINESS CONTINUITY SOFTWARE & CONSULTANCY
CONTINUITY2 E232 Edinburgh House Righead Gate Glasgow G74 1LS Tel: +44 (0) 845 09 444 02 Fax : +44 (0) 845 09 444 03 info@continuity2.com
CCTV
G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk
CCTV
PECAN BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org
Stortech Elec, Unit 2 spire green Centre Pinnacles West, Harlow, Essex CM19 5TS Tel 01279 419913 Fx 01279 419925 www.pecancctv.co.uk email sales@stortech.co.uk
CCTV / ACCESS CONTROL
GENIE CCTV LTD CCTV HOUSE, CITY PARK, WATCHMEAD, WELWYN GARDEN CITY, HERTFORDSHIRE, AL7 1LT TEL: 01707 330541, FAX: 01707 330543 EMAIL: sales@geniecctv.com www.geniecctv.com / www.genieaccess.com
PHYSICAL IT SECURITY
RITTAL LTD Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk
CCTV/IP SOLUTIONS
DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com
BUSINESS CONTINUITY 4 Scotia Close Brackmills Northampton NN4 7HR 01604 769222 www.bcontinuity.com
CCTV AND IP SECURITY SOLUTIONS
JVC PROFESSIONAL EUROPE LTD.
BUSINESS SALES BUSINESS SALES Caroline Exley FCA 01925 756970 info@abalymm.com www.abalymm.com
ABA Lymm
• • • •
Business acquisitions Disposals Valuations & advice Confidential
Specialist in buying and selling security businesses
CCTV
12 Priestley Way London NW2 7BA T: +44 (0)20 8208 6205 www.jvcpro.co.uk
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv
SURVEILLANCE / CCTV
COMMUNICATIONS & TRANSMISSION EQUIPMENT
IDIS EUROPE
KBC NETWORKS LTD.
1000 Great West Road, Brentford, LONDON TW8 9HH Tel : +44 (0)203 657 5678 Fax : +44 (0)203 697 9360 uksales@idisglobal.com
Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com
MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHTING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.
DIGITAL IP CAMERAS
ADVANCED LED TECHNOLOGY LTD
Supplying digital IP camera for rapid deployment, remote site monitoring, fixed and short term installations. High resolution images available over mobile and wireless networks to any standard web browser.
Sales: +44 (0) 1706 363 998 Technical: +44 (0) 191 270 5148 Email: info@advanced-led-technology.com www.advanced-led-technology.com
SESYS LTD 1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
END TO END CCTV SOLUTIONS/RECORDERS, CAMERAS, NETWORK PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD
DEDICATED MICROS
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: comms@altron.co.uk Web: www.altron.co.uk
1200 Daresbury Park, Daresbury, Warrington, WA4 4HS, UK Tel: +44 (0) 845 600 9500 Fax: +44 (0) 845 600 9504 Email: customerservices@dmicros.com www.dmicros.com
www.insight-direct.co.uk Tel: +44 (0)1273 475500
nov13 dir_000_RiskUK_sep13 06/11/2013 13:18 Page 3
INFRA-RED AND WHITE-LIGHT CCTV LIGHTING AND ANPR
DISTRIBUTOR
RAYTEC
FASTFLEX
Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com
2A Woodham Lane, New Haw, Addlestone, Surrey, KT15 3NA Contact: Chris Hobbs on 0845 276 1111 sales@fastflex.co.uk www.fastflex.co.uk
CCTV SPECIALISTS
PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: sales@plettac.co.uk www.plettac.co.uk
WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.
MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ
Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com
CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION
AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com
CONTROL ROOM & MONITORING SERVICES ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.com Web: www.eurotechmonitoring.com
DISTRIBUTORS
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD 210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com
EMERGENCY PLANNING SYSTEMS
THREAT ASSESSMENT, REGULATORY COMPLIANCE, EMERGENCY PLANNING
G4S TECHNOLOGY – ONEFACILITY Integrating people, process and technology to enable organisations and the facilities they run to achieve regulatory compliance, mitigate risk and remain one step ahead.
01684 850977 onefacility@uk.g4s.com www.1f.com
EMPLOYMENT
EMPLOYEE SCREENING SERVICES ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.
ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com
TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR
COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.
COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com
THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830
EMPLOYMENT
URGENTLY NEEDED… National Franchise Opportunities with an established Security Company with over 4000 installs specialising in Audio Monitoring. Try before you buy scheme. Contact Graham for full prospectus graham@securahomes.co.uk TEL: 01274 631001
www.insight-direct.co.uk Tel: +44 (0)1273 475500
nov13 dir_000_RiskUK_sep13 06/11/2013 13:18 Page 4
PERIMETER PROTECTION
IDENTIFICATION
INFRARED DETECTION
GJD MANUFACTURING LTD Unit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk
COMPLETE SOLUTIONS FOR IDENTIFICATION
DATABAC GROUP LIMITED 1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com
INDUSTRY ORGANISATIONS
PERIMETER PROTECTION
GPS PERIMETER SYSTEMS LTD 14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
POWER
BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk
STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE
DALE POWER SOLUTIONS LTD THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY
SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org
Salter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO11 3DU United Kingdom Phone: +44 1723 583511 Fax: +44 1723 581231 www.dalepowersolutions.com
POWER SUPPLIES – DC SWITCH MODE AND AC
INTEGRATED SECURITY SOLUTIONS SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate
HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk
STANDBY POWER
UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk
UPS - UNINTERRUPTIBLE POWER SUPPLIES INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com
ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
UPS - UNINTERRUPTIBLE POWER SUPPLIES
TYCO SECURITY PRODUCTS
UNINTERRUPTIBLE POWER SUPPLIES LTD
Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com
Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk
www.insight-direct.co.uk Tel: +44 (0)1273 475500
nov13 dir_000_RiskUK_sep13 06/11/2013 13:19 Page 5
SECURITY
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM CASH MANAGEMENT SOLUTIONS
LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - info@uk.loomis.com W - www.loomis.co.uk
Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com
INTRUDER ALARMS – DUAL SIGNALLING
WEBWAYONE LTD CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk
11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone
LIFE SAFETY EQUIPMENT
C-TEC CCTV
INSIGHT SECURITY Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com
Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk
PERIMETER SECURITY
TAKEX EUROPE LTD FENCING SPECIALISTS
J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk
Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takexeurope.com Web: www.takexeurope.com
SECURITY EQUIPMENT INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com
PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS
BOSCH SECURITY SYSTEMS LTD
CQR SECURITY
PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk
125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk
INTRUDER ALARMS – DUAL SIGNALLING
CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com
INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS
RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk
SECURITY EQUIPMENT
CASTLE Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
VICON INDUSTRIES LTD. Brunel Way Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com
www.insight-direct.co.uk Tel: +44 (0)1273 475500
Project2_Layout 1 05/11/2013 11:56 Page 1
Small,
Discreet,
Super Tough
600 IP HD Illustra 600 Series - Compact IP Mini-Domes Don’t let the small size fool you. The Illustra 600 Series Compact Mini-Dome provides crisp and clear high-definition video at 720p and 1080p resolutions. Ideal for surveillance of wide areas, the 1080p model provides a 123° wide horizontal viewing angle. With a detailed resolution of 15 pixels per degree, this camera captures a crisp, clear image of an entire scene, even the perimeter.
For more information:
Call: 0208 750 5660 Email: salesacvs@tycoint.com Visit: www.americandynamics.net © 2013 Tyco International Ltd and its Respective Companies. All Rights Reserved
The Illustra Compact Mini-Dome Camera is designed to provide optimal imaging in a variety of lighting conditions with automatic exposure control. Low-light performance is enhanced via digital slow shutter (DSS) and Soft Day/Night (SDN) technologies. All this with an IK10-rating, even extreme impacts can’t stop these super tough compact cameras. To find out more visit www.americandynamics.net