Hi-Tech-Consulting

Shoplifters? Studies Say Keep an Eye on Workers
New York Times (12/30/09) Greenhouse, Steven

With gift cards growing in popularity, some retail employees are discovering ways to exploit the cards and use them for theft. At a Saks store in New York, for example, an employee rang up $130,000 in false merchandise returns and transferred the money onto a gift card. Other employees, meanwhile, are giving worthless cards to customers who purchase gift cards and transferring their money onto cards for themselves. Although some of these employees are acting alone, others have been paid or pressured by members of organized crime rings to give them gift cards or tell them when and where security guards will be patrolling. There are a number of reasons why gift cards are increasingly being used in retail theft, including the fact that the cards are almost as good as cash and are much easier to conceal. In addition, gift cards are harder to track than credit cards and consumers do not have to show any form of identification when using them. With gift card fraud on the rise, retailers are taking a number of steps to fight back, including using loss-prevention specialists to monitor online auctions of gift cards. Online auction sites such as eBay are popular among thieves looking to sell gift cards. Other retailers are using technology that can tell them whether cashiers are refunding an unusually large amount of items. If the retailer determines that a cashier is issuing an abnormally large amount of refunds, it can use surveillance video to determine whether the cashier is repeatedly giving refunds to the same group of people.

Security vs. Sustainability
Building Operating Management (12/01/09) Vol. 56, No. 12, P. 34; O’Neill, Daniel

Sustainability and security concerns can be at odds in commercial buildings, which is why risk managers must examine the costs and benefits of various strategies to determine which goals will win out. For instance, sustainability would require minimal lighting to reduce light pollution and energy consumption, but security will require additional lighting to ensure camera viability and crime prevention. However, risk and facilities managers can adopt variable intensity lighting systems and intelligent lighting control to achieve a balance. Regarding HVAC, security calls for windows to be tightly secured to prevent intrusion, while sustainability calls for windows to open for natural air flow. With the help of occupancy sensors and window contact technologies, security or facilities managers can check whether windows are open or unlocked in empty rooms. During the building design process, security should be accounted for in order to prevent potential financial loss, increases in legal liability, and declines in corporate credibility.

Insurgents Hack U.S. Drones
Wall Street Journal (12/17/09) P. A1; Gorman, Siobhan; Dreazen, Yochi J.; Cole, August

Officials say that militants in both Iraq and Afghanistan have discovered a way to intercept live video feeds from the U.S. Predator drones that are being used for anti-terrorism missions in the two countries. The problem was discovered last year, when U.S. military personnel in Iraq discovered drone video feeds on laptops belonging to a number of Shiite militants. Those discoveries have led some officials to conclude that militant groups trained and funded by Iran were regularly intercepting video feeds from drones. Officials believe that the militants are intercepting the feeds by using software programs such as SkyGrabber–which is designed to intercept free legal content such as music, photos, and videos that other users download from the Internet–to take advantage of the unencrypted downlink between the drones and ground control. However, there are no indications that militants were able to control the drones or interfere with their flights. Nevertheless, officials are still concerned about the ability of militants to intercept video feeds from drones because it could allow them to evade attacks and determine which roads and buildings are under U.S. surveillance. The military is working to correct the problem by encrypting all of its drone feeds from Iraq, though doing so is a difficult process because it involves upgrading many components of the networks that connect drones to their operators.

New Squeeze: You’ve Got Blackmail
Wall Street Journal (12/10/09) McQueen, M.P.

The number of cases of blackmail appear to be on the rise as the result of the recession, private security experts say. Among the private security experts who have seen an uptick in the number of blackmail cases is Paul Viollis, the chief executive officer of the New York-based security and investigations firm Risk Control Strategies. Viollis noted that he is currently handling 40 active cases of blackmail involving high-net-worth clients, and is adding two to five more cases each month. He added that he used to handle only about eight cases of blackmail a year. According to Viollis, the increase began last November when one of his clients was blackmailed by a former business partner who claimed that the client had committed Securities and Exchange violations in the past. The accusations were false, and the blackmailer stopped trying to extort money from the client after Viollis confronted him. But not all blackmailing incidents are about money, security experts say. They point out that there are a growing number of incidents in which the blackmailer is trying to punish or humiliate the victim for what they believe is his undeserved success. Other cases of blackmailing involve difficult family relationships. No matter what the cause of blackmailing, security experts say that they are telling their clients to protect themselves by being guarded in their personal activities and communications and by conducting background checks on key advisers and household employees, who are often the perpetrators of blackmail.

A Realistic Approach to Compliance Ensures More for Your Security Spend
Security Director’s Report (11/09) Vol. 2009, No. 11,

Because employee negligence is the cause of so many corporate security breaches, nearly all security researchers are in accord in urging companies to take more time to train workers. Companies are beginning to internalize the message. The 2008 numbers on corporate spending for employee data security awareness training indicate that it accounted for a larger percentage of the IT budget. As observance of security policy is often not compulsory, it is helpful to weigh a management strategy promoted by experts at the University College of London and Hewlett-Packard Labs. They suggest dividing organizational security goals into a “compliance budget” to get a better view of how individuals approach the costs and benefits of following organizational security measures. For instance, if a security policy requires the encryption of data stored on USB devices, an employee will usually examine the policy’s pros and cons using the following approach: individual cost of compliance — time spent copying data due to encryption or unencryption; individual benefit of compliance — no threat of sanctions for failing to follow policy; cost of compliance to organization — more time spent transferring data cuts into productivity; and the benefit of compliance to the organization — no danger of a costly and humiliating data leak as the result of a lost drive. By getting a better hold on their workers’ present “compliance budget,” security executives can use it as a model for budgeting money and spending on areas most likely to impact employees’ weighing of costs and benefits.