Hi-Tech-Consulting

Access Control & Security Systems (03/01/08) Vol. 51, No. 3, P. 14 ; Rhodes, Tim

A survey by Pricewaterhouse Coopers, the U.S. Chamber of Commerce, and the ASIS International Foundation found that both Fortune 1000 companies and small- to medium-sized businesses are equally likely to absorb proprietary information and intellectual property losses. For large and small companies, these losses range between $53 and $59 billion, and strike hardest in the areas of research and development, customer lists and related data, and financial data. There are five main prevention strategies for businesses: Inventory and risk assessment; new policy enforcement; access controls and authorization code installation; regular communication; and consistent accountability for all actions by adhering to procedures and leaving good records.
(go to web site)

“IP Video Surveillance Bolsters Warehousing, Transportation”
Security Products (03/08) Vol. 12, No. 3, P. 74 ; Bodell, Paul

As DHL expands, they are taking extra precautions in securing their workplace, which includes monitoring a new 2,400 square-meter warehouse in Rosersberg, Sweden. “We need to ensure our security is the best,” said Tommy Nielsen, security and safety manager for DHL Sweden. An IP video surveillance system was installed in the Rosersberg warehouse in order to monitor each step of a shipment. External PoE adapters carry power to IP surveillance cameras through Cat-5 Ethernet cables. Both the network camera and the network connection use the same cable for power. Because IP surveillance uses minimal cabling, it costs less than an analog system. In order to maximize video surveillance, DHL paired Mirasys N series software, which runs thousands of security devices, with IqinVision megapixel cameras. The Iqeye cameras are equipped with digital zoom and provide great flexibility because they can be hooked up to any network or wireless adapter. The new security system helps DHL maintain its status as a leader in security excellence. “The IP surveillance solution coupled with megapixel IP cameras help us to make sure that shipments are handled correctly at our facility at all times,” said Nielsen.
(go to web site)

“Understanding Ricin”
Newsweek (03/06/08) ; Reno, Jamie

The hospitalization of a man in Las Vegas due to possible exposure to ricin along with the discovery of several vials of the toxin in a hotel room occupied by the victim has highlighted the ease of which castor seeds, from which the poison is extracted, can be obtained in the United States and abroad. Jonathan Tucker, a U.N. biological weapons inspector in Iraq in the 1990s and the author of “Toxic Terror: Assessing Terrorist Use of Chemical and Biological Weapons,” notes that in developing countries like China, Brazil, and India, large quantities of castor beans are processed to extract castor oil as an industrial lubricant. About 1 million tons of castor oil are processed annually around the world. Left over during the cold-pressing process used to extract the castor oil is a mash that contains about 5 percent ricin. Toxins are deactivated however through heating with steam; the mash is then used to feed animals. In the United States, though not grown as an agricultural crop, castor plants are still sold at nurseries. A person desiring to produce ricin would merely have to remove the beans from the plant and process them using recipes easily found in books and online, though extracting ricin deliberately is considered a felony. Ricin first gained notoriety in 1978 when a Bulgarian dissident in London was assassinated by an agent of the Bulgarian secret police using an umbrella rigged to inject a tiny pellet containing ricin under the skin of the victim; the ricin was supplied by the Soviet KGB. In the mid-1990s, the Minnesota Patriots Council, a right wing militia group based in Alexandria, Minn., was found to have been producing ricin to kill local U.S. marshals, IRS agents, and deputy sheriffs. The group obtained castor beans from an advertisement found in a right-wing publication that provided instruction for extracting ricin. And in February 2004, a letter mailed to then U.S. Senate Majority Leader Bill Frist was found to contain trace amounts of the toxin. In 2002, select agent regulations in the United States were bolstered to require any lab using ricin for research purposes to report possession to the Centers for Disease Control and Prevention and to report any transfers from one lab to another. Though the CDC says on its Web site that it takes only 500 micrograms of ricin, about the size of a pinhead, to kill a person, Tucker notes that this only applies to ricin in its purest form, which requires expert knowledge; the threat posed by crude preparations made by nonexperts is often exaggerated. Furthermore, ricin poisoning is not contagious and requires direct contact with the toxin. Though it could be refined into a fine power and dispersed, ricin is a large protein and thus, unlike anthrax, tends to be inactivated if spread through the air.
(go to web site)

“Computer Security Team to Report Hacking Into Defibrillator-Pacemaker”
New York Times (03/12/08) P. C4 ; Feder, Barnaby J.

Computer security researchers say they were able to gain wireless access to a combination heart defibrillator and pacemaker in a lab. The researchers were able to reprogram the device, and to cause it to deliver jolts of electricity that would potentially be fatal if the device was in a person. The researchers were also able to obtain personal patient data by monitoring signals from the tiny wireless radio that was embedded in the implant as a way to enable doctors to monitor and adjust it without surgery. However, the researchers say that people with implanted defibrillators or pacemakers are not at risk yet since the experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data. Additionally, the device the researchers tested was placed within two inches of the test gear. The researchers say the test results suggest that too little attention is being paid to security for the increasing number of medical implants equipped with communication abilities. “The risks to patients now are very low, but I worry that they could increase in the future,” says University of Washington lead researcher Tadayoshi Kohno.
(go to web site)

“7 Rules Employees Love to Break”
CSO Magazine (02/08) Vol. 7, No. 1, P. 16 ; Walsh, Katherine

Firms are either not establishing, or workers are not obeying, information security protocols in numerous high-risk areas, concludes a recent Ponemon Institute report. For the report, “Data Securities Policies Compliance and Enforcement,” Ponemon surveyed 893 business information-technology staff, studied the risks related to storing and moving sensitive data, and examined how well corporations are installing and upholding rules to protect against this threat. The seven areas where workers are violating the most protocols include copying confidential data onto a USB memory stick, with 87 percent of those surveyed thinking their firm’s rules prohibit it, but 51 percent admitting they do it. Using Web-based email accounts at workplace computers also made the list, with 45 percent of those surveyed utilizing Web mail in the workplace, and 74 percent claiming there is no written company policy stating they cannot do it. Thirty-nine percent of those surveyed say they have lost or misplaced a portable information-bearing gadget, and 72 percent of them did not report the lost item right away. Workers are also guilty of downloading personal software onto a corporate computer, with 60 percent of respondents stressing there is no official policy that bans downloading such software, something that 45 percent of respondents acknowledge doing. Employees often send workplace documents as email attachments, with 33 percent of those surveyed doing so, and 48 percent are not even certain it breaches company policy. While 87 percent of surveyed respondents are not sure whether disabling firewall and security settings violates regulations, 17 percent of them do it. Lastly, 67 percent of employees surveyed claim sharing passwords with coworkers is banned, but that 46 percent of them do it.
(go to web site)

According to a UK HR site,

A staggering 82 per cent of employees have taken property from work or exaggerated expense claims.

This is according to a new study by insurer Royal & SunAlliance (R&SA), which shows that 24 million workers are guilty of removing and keeping company laptops, whilst as many as one in seven exaggerate expense and overtime claims.

Worryingly, of those who have taken something from work, nearly 1 million did so because they considered it to be their property, and a further 963,200 workers did so to spite their company.

Jon Woodman, trading director of Broker, R&SA, said: “Per worker, thefts are mostly of small items, but given that 82 per cent of people who work have admitted to pilfering from the workplace, the overall impact on a business could be significant.

“As an insurer, we take theft very seriously and advise businesses to be aware of the actions of their employees. Policies can be enforced which encourage employers to respect company property or sign in and out materials such as laptops.”

http://www.hrzone.co.uk/cgi-bin/item.cgi?id=178993