How to Bolster Data, Physical Security to Make Threats Go Elsewhere
eWeek (12/07/15) Rash, Wayne
Having adequate security requires organizations to think about the risks they are most likely to face and the resources they expect to have on hand. In addition to foreign hackers, risks could include someone sitting in the reception area who has connected via an Ethernet port and launches a man-in-the middle attack on the Wi-Fi router. Organizations need to examine who would benefit if it underwent a disruption, such as stolen server or a former employee connected to the network to download trade secrets. Organizations also need to conduct what security experts call “security in depth” or “defense in depth.” One expert recommends housing a server in a room with a solid door and a lock that requires a passcode to enter. An alarm should sound if the door is opened without the passcode or if someone enters the wrong code more than twice. Side doors or doors to the loading dock should be similarly equipped with secure locks and have alarms that go off if someone forces open the door, enters the wrong code, or if the door is propped open longer than a fixed time. The alarms should connect with the organization’s security control center, but if nothing happens, then they should automatically roll over to the police department. The receptionist should be an armed security guard who controls the locks in doors that lead further into the building, and unless someone shows the right ID or gets past the badge reader, they cannot enter.
Post-Paris, a Fundamental Rethink of Corporate Security Is In Order
Forbes (11/30/15) Udell, Bill
The recent attacks in Paris should push business leaders to incorporate security concerns into everyday operations, writes Bill Udell, a former CIA operations officer and the Los Angeles-based Senior Managing Director for crisis and security consulting at Control Risks. Because Islamic State is focused more on setting off numerous attacks than specific, “quality” targets, this means that any place where large groups gather could be at risk. The consequences of mismanagement are also harsher, Udell says, and so organizations must take care to protect their staff and assets. Corporations have reacted to the Paris attacks by placing “quick-fix” security support around their travelers and expatriates, and some are canceling corporate travel. In the longer-term, corporations will probably focus more on threat and risk monitoring, including their profiles, geographical locations, and personnel exposures. They will also focus on risk management and governance, increase their care of business travelers, reexamine security at facilities that were once considered low-risk, and may allow security departments to become more involved in employee screening. Organizations also should test and refresh their crisis-management plans to account for new, potential terrorism scenarios.
12 Cost-Efficient Video Surveillance Strategies
Security Magazine (11/01/15) Zalud, Bill
Security video and surveillance has changed a great deal over recent years, and Bill Zalud, Security Magazine’s editor emeritus, offers several tips on how security professionals can get the most out of security video for the least amount of money. First, he recommends working closely with internal partners, such as IT, both to make the use of video surveillance more effective, but also to gain access to a larger budget pool. He also recommends taking advantage of recent advances, such as cloud-based video services and megapixel and panoramic cameras, the capabilities of which can reduce the number of cameras that need to be placed on site. There are also a plethora of both wired and wireless transmission options available today, giving security the flexibility to find the solution that best meets there needs. This includes power-over-ethernet, which can eliminate the need to run power separately to cameras. There is also a wide variety of storage solutions available, ranging from on device and onsite to cloud-based. Zalud recommends choosing a flexible and scalable solution, especially when transitioning from an analog to a digital system. He also recommends employing video analytics, which is only becoming cheaper as its capabilities increase.
Surveillance Cameras Could Pose Security Threat
WJTV.com (11/02/15) Alexander, Beth
While surveillance cameras are intended to help make users feel more secure, some of those cameras are viewable online anytime, by anyone, day or night. The website Insecam, for example, grants access to more than 8,700 of these cameras, showing everything from inside houses, street views, parking lots, officers, and beaches. Melissa Wiggins, a computer science professor at Mississippi College says that such cameras are “unsecured and people put them in bedrooms and babies nurseries. And places that they would not want the general public to be able to see what they’re doing or who was there.” Wiggins continued on to say that unprotected cameras can lead to significant security risks for homes or businesses, including break-ins and online threats. “If it doesn’t have to be on the Internet don’t put it on the Internet. Turn the wireless off,” she urges, noting that if something does need to be put online, users should make to “secure everything from the point that the connection comes into [the] house to the camera. And any other device that might be on the Internet as well.”