Biometric Scans Comply With Impending Privacy Legislation

Amidst the chaos of Brexit, many security minded organisations are concerned about the implications of the European Regulation on the Protection of Individuals with regard to the Processing of Personal Data, adopted in 2016 and planned to be enforceable in May 2018.

As an integral component of EU privacy and human rights law; it regulates the processing and distribution of personal data. In essence it will become illegal, or certainly contrary to the regulation, to link the stored data to the individual. Furthermore, the regulation states that personal data should not be processed unless the individual is informed and at least one of a set of strict criteria are met.

Whilst the regulations are designed to protect individual’s rights to privacy, they will have enormous implications for the security industry which now must adapt to comply.

Shaun Oakes, Managing Director of ievo Ltd, the Newcastle-based manufacturer of biometric recognition systems, explains, “The regulation is designed to prevent stored data being linked to individuals and used for purposes other than ensuring the security of whatever system it was designed for and transferring this data to third parties. Biometric data – fingerprint scans in our case – comes under the heading of a ‘special privacy element’ which are forbidden to use and process, unless, and this is very important, one of a number of criteria apply, the most pertinent of which is the data subject has given permission.”

“As all scans are taken either voluntarily (after the individual has given his or her permission) or legitimately to ensure the safety and security of others, the ievo range of biometric systems fully comply with this legislation as they utilise feature-based matching – they do not store the raw biometric data or image; but rather extract a salient set of features known as minutiae from which an individual template is generated.”

“In essence, we use a system of ‘pseudonymisation’ where the data is processed in a manner where it can no longer be attributed to an individual without the use of additional information which is stored separately and subject to strict technical and organisational control.”

“Following a High-Resolution scan of the finger our algorithms separate the foreground from the background of the image; it then enhances the image, detects minutiae points and creates a pattern. It is this pattern that is stored on our controller (which are installed separately from the sensor) which, when combined with encryption using AES (Advanced Encryption Standard) ciphers and further confidential safeguards serve to eliminate tampering. It is important to note that the original scanned image of a fingerprint is never stored.”

“As such, ievo biometric readers fully comply with the new legislation, but many older systems which store biometric and/or personal data of card holders, or those with knowledge of key pad combinations, may well have to review their compliance.”

 

The process of data extraction from a typical fingerprint scan creates an encrypted pattern, no fingerprint image is stored.

(116)

Share

Digital Forensics Specialist (Video)

Digital Forensic Specialist (Video)

SALARY – Circa £37,305 plus £3,406 location allowance

You will receive £37,305 the band minimum. Progress to the band maximum of £41,811 will be via incremental progression. 
LOCATION –   London, SE1

The Digital, Cyber and Communications (DCC) department is undergoing significant changes. It’s all to improve the way we deliver digital forensics services to the MPS and the Criminal Justice System. We’re aiming to offer three different levels of service. As part of this, we’re introducing digital forensic kiosks into custody suites and opening small labs across London. This is a rare chance to be part of the Central Digital Forensics laboratory and help bring criminals to justice – all while developing a unique skill-set.

You’ll be crucial to our vision, as you’ll help us to enable complex investigations, and develop new tools to meet the needs of future technologies. An expert in your field, you’ll be a valuable member of the Forensic Video department, able to interpret digital forensic submissions and provide detailed reports. Confident in the recovery of deleted or corrupted video material, you’ll reverse engineer everything from CCTV recorders to phones – creating compilations for court presentation. With outstanding communication skills, you’ll also oversee a small team and provide peer reviews against ISO 17025 standards.

To join us, you need to be confident with all types of video technology and forensics techniques. With second-to-none expertise, you’ll have proven experience in presenting evidence, working on criminal investigations and attending court. And committed to constantly improving technical practices and procedures, you’ll be dedicated to keeping track of emerging trends.

To apply, please visit our website to download a role specific information pack and application form.

Completed applications must be returned by 17 March 2017.

Please note we are only able to review the first 50 applications received.

We view diversity as fundamental to our success. To tackle today’s complex policing challenges, we need a workforce made up from all of London’s communities. Applications from across the community are therefore essential.

www.metpolicecareers.co.uk

(166)

Share

Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours

More than three-quarters (88%) of hackers can break through cybersecurity defences and into the systems they target within 12 hours, while 81% say they can identify and take valuable data within another 12 hours, even though the breach may not be discovered for hundreds of days, according to research by global technology company Nuix.

The Nuix Black Report—the results of a confidential survey of 70 professional hackers and penetration testers at DEFCON, the hacking and security conference—will overturn many conventional understandings and sacred cows of the cybersecurity industry.

“There is no shortage of cybersecurity industry reports so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem,” said Chris Pogue, Nuix’s Chief Information Security Officer and a co-author of the Nuix Black Report. “Instead, we have focused on the source of the threat landscape: the attackers themselves.”

By examining the security landscape from the hacker’s perspective, the Nuix Black Report has revealed results that are contrary to the conventional understanding of cybersecurity. For example:

  • Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks
  • More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks
  • Around one-third of attackers said their target organizations never detected their activities.

“Data breaches take an average of 250–300 days to detect—if they’re detected at all—but most attackers tell us they can break in and steal the target data within 24 hours,” said Pogue. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”

“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources,” said Pogue. “Readers will learn what is the best spend for their security dollar and, more critically, why.”

(210)

Share

How To Choose The Appropriate Security Systems For Your Business

Whether you are dealing with a sole proprietorship or a large-scale corporation, it is always important to secure your business assets. A security breach could not only cause the loss of critical information, but it can also damage your reputation. This is especially true if you share information with other organizations.

Unfortunately, security incidents have increased significantly over the last couple of decades, affecting over 70 percent of organizations in the U.S alone. This has subsequently led to an upsurge in the demand for effective security systems in the business world. The problem: there are gazillions of security systems in the market today that pinning down to a single one is a dilemma in itself. This brings us to our topic today: how to choose the appropriate security systems for your business.

Types of Business Security Systems To Consider

There are five main types of security systems which businesses should consider installing in their company building in order to secure not only the building, but the staff and customers too.

 

Fire Alarm Systems

Any business needs a system for detecting smoke and alerting occupants of a possible problem which involves fire and smoke. Fire alarm systems can go a long way towards preventing losses resulting from a fire outbreak in the premises which could harm staff, as well as customers.

 

CCTV Systems

CCTV systems allow you to monitor your business from both the outside and inside, as well as keep track of your customers and employees. If customers and employees are aware they they are being recorded on CCTV footage at all times, it could prevent them from being part of a deviant or criminal act.

Most importantly, cameras can help discourage criminals from entering the business premises or capture enough footage to prosecute intruders, giving anyone in the building a sense of protection when working.

 

Wireless Sensors

Your clients, staff, and customers are an important part of your organization too. One way you can keep them protected is by installing wireless sensors that can detect toxic gases like carbon monoxide.

 

Access Control Systems

The twenty first century has seen a significant development in technology in terms of security systems. One such advancement is access control systems, which help you to manage the access to and from your business. This in turn ensures the safety of both your assets and employees.

 

Remote Monitoring

Another brilliance of modern security technology is the ability to monitor your business remotely. Remote monitoring involves connecting security systems to intelligent alarm keypads that give you instant feedbacks when something happens at your business. A 24/7 monitoring station will even keep an eye on your business when you can’t.

 

Factors to consider when choosing a business security system

 

Who will monitor the cameras?

You have three options, depending on the nature of your company. The first option is to incorporate a security surveillance monitoring center in the premises. Factors that come into play here include the training and hiring of security personnel, additional installation expenses, and labor.

The second option is to hire a reputable business security company to monitor your establishment. The third option is to find a software solution that will give you access to your facility from any internet-enabled device. In any case, adding access controls that bar employees from accessing certain areas of your facility can go a long way towards enforcing the company’s security systems.

 

The Location

Surveillance cameras are only as effective as their positioning. Finding the right spots to install your CCTV systems can ensure optimal security both inside and outside the establishment. Even the most advanced camera setup can end being completely useless due to mistakes in positioning.

For this reason, it is advisable to enlist the help of a professional surveillance system firm during the installation and implementation process.

 

The Cost

It can be tempting to go for the most sophisticated security system in the market, but you still want to stick within your budget or it may end up ruining you financially. Consider whether you just want an alarm system that sounds off to scare intruders away, or need the alarm to transmit a signal to a monitoring system that will then alert you and local authorities in case of a break in. The latter comes with a monthly fee, but is still more effective.

 

Bottom Line

Finding the most appropriate security system for your business requires planning and critical evaluation. After a comprehensive security check, your quote should cover everything your business needs, including monitoring costs, servicing, installation, insurance, and key holding. Upon installation, have your supplier test the sensors thoroughly and train the authorized staff on how to use the security system.

 

(88)

Share

What small businesses need to know about cybercrime in 2017

Cyber attacks can happen to anyone and attackers can strike at any time. It can be challenging for small businesses to deal with cyber attacks as they lack the resources and appropriate security to keep themselves protected. Creating a business online can have its vulnerabilities and keeping your data protected is crucial for all businesses.

Premierline turned to some cyber security experts and their top three cybercrimes to look out for in 2017 were:

  1. Ransomware
  2. Internet of Things (IoT)
  3. Spear-phishing

These will continue to grow especially the internet of things.

Ransomware

Ransomware is literally a software that holds the user at ransom by encrypting files on their device and delivering a ransom note asking for payment (usually a fairly low amount, via bitcoin) to unlock the files. Of course, paying the ransom does not guarantee the files will actually be unencrypted, however it can identify you as a target for future attacks and only encourages more proliferation of the crime.

Stephen Wright from Cyber Skills Centre added that “2017 will likely have greater sophistication and possibly move to also targeting households, individuals, and mobile devices.”

Internet of Things (IoT)

With greater connectivity, comes greater vulnerability. We will see more attacks targeted at the Internet of Things, including a shift from ransomware largely targeting computers and smart phones to targeting consumer products. We’ve already seen some examples of this, such as ransomware targeted at smart TVs but as

It’s been predicted that 96% of senior business leaders will be using IoT by 2020.

Spear-phishing

In 2015 / 2016 we saw a huge number of attacks carried out via spear-phishing emails. These emails look like they come from a legitimate source, for example a trusted institution, colleague or friend, they are tailored for the recipient and some appear very convincing and sophisticated.

According to Dr Jessica Barker, “spear-phishing emails will focus on so-called ‘CEO Fraud’ in which a member of the finance department receives an email that appears to come from the CEO requesting an immediate transfer of funds to a bank account.”

So how can you protect your small business from being under threat and what precautions should you take?

You can read all about it here: https://www.premierline.co.uk/knowledge-centre/cybercrime-in-2017.html

 

(498)

Share

6 Ways to Stay Safe From Ransomware

Ransomware – the newest and most insidious malware that wrests control of a device or data and demands payment for its return – is unfortunately on the rise. Though early studies initially predicted a drop in ransomware’s popularity in 2014 and 2015, 2016 brought an unexpected resurgence in the malware that had millions of individuals and businesses scrambling.

The likely reason behind ransomware’s renaissance is its infiltration of more devices: Macs, smartphones, and even IoT tech are being hit with ransomware attacks, giving cybercriminals more opportunities to make quick cash.

It is more important than ever that consumers protect themselves against ransomware – if not to safeguard their data and devices than to dissuade malicious hackers from further galvanizing the dangerous technique. The following six tricks should keep any device safer from the risks of ransomware.

1. Backup Often

Ransomware isn’t the only threat to data; users could lose everything on their devices’ hard drives in the time it takes to upend a beverage or trip over a crack in the sidewalk. However, ransomware is perhaps a more compelling reason to back up data often and to several sources.

Experts advise computer users to use at least two backups: one based in the cloud and one on a physical external hard drive. The former is more convenient but also more susceptible to attack – especially since hackers have begun developing cloud-specific malware in recent years – so having multiple backups is ideal.

2. Update Often

Operating system and software updates are inconvenient, but opting out of updating puts devices at serious risk. Every update comes with security patches and improvements that work to keep devices safe from emerging threats, which means outdated versions are more susceptible to infiltration by ransomware or other malware.

Whenever users see an available update, they should take a break and allow the update to download and install, or else ransomware could creep in through vulnerable software.

3. Limit Your Privileges

There are several different types of ransomware, but the most common take control of a device through the current user’s account. Unfortunately, most users use the default account, which often has administrator privileges the ransomware abuses to its advantage. However, it is easy enough to thwart ransomware’s use of admin abilities: Don’t use admin accounts. The process for creating a new local account is surprisingly quick and easy, though the precise steps depend on whether a user has a Mac or a Windows PC.

 

4. Control Your Activity

Ransomware tends to infiltrate devices with the same tactics as other malware: primarily through spam emails, corrupted software files, and hacked webpages. Thus, to stay safe from ransomware, users must be exceedingly careful concerning their use of their devices. Here are some smart rules for device activity:

  • Check the file extension before clicking. Ransomware (and other malware) often hides as one type of file, like an image, when it is really an executable file. Any .exe. downloads should be from trustworthy sources and users should never use Autoplay to launch files.
  • Never use unfamiliar USB drives. Malware can spread through physical connections, too.
  • Avoid opening email from unknown senders. Even if the subject is something eye-catching or important-seeming, users should be wary of unfamiliar emails.
  • Avoid clicking links or downloading files in suspicious emails or on suspicious websites.
  • Turn off Bluetooth and wireless connections unless in use.
  • Disconnect devices from local networks unless in use.

5. Use Anti-Ransomware Tools

In addition to controlling their data and behavior, users should rely on proven anti-ransomware tools to keep them safe. Paid consumer ransomware protection is the most reliable security software; though it does come with costs, unlike some free security software available online, it is backed by guarantees and the experience of thousands of security professionals who have devoted their lives to keeping users and devices safe. Online freeware could very well be laced with the same ransomware it promises to guard against.

Additionally, users should ascertain that their operating system’s firewall is active. Though it may seem like an old-fashioned security measure, a firewall is simply one more layer of protection that ransomware must overcome to infect a device, which makes firewalls advantageous in the fight against malware.

6. Respond Appropriately During Attack

Considering the complexity and aggressiveness modern hackers employ, it isn’t inconceivable that users will still succumb to a ransomware attack even with stringent security measures in place. The damage done to data and a device during a ransomware attack will depend on the type of ransomware; though some users will never recover what they lost, others may be able to resume business as usual with the following response plan:

  • Contact security professionals. Users who have anti-malware protection may have access to a hotline where professionals can lend expert advice.
  • Use a post-ransomware tool. This fast-acting, targeted anti-virus software identifies the file harming the device and erases all traces of it, reversing any changes made to the device and hopefully restoring missing data.
  • Run additional anti-malware checks. Malware often leads to other malware, so users should scour their device for additional issues that might threaten their data.

Even if a security professional and specialized software cannot reinstate lost information, users should never be tempted to paying a hacker’s ransom. For one, there is no guarantee that paying the sum will return the data; for another, giving cybercriminals what they want only encourages them and those like them to continue perpetrating illegal acts.

 

(487)

Share

The iconic three days of TB Forum powered by Intersec 2017

TB Forum powered by Intersec 2017 has been a smashing success gathering together manufacturers, developers, solution providers, sales channels, end users, regulators and government officials under one roof.

Exposition of solutions and technologies for Retail, Banks and Finance, Oil&Gas, Industries, Energy, Transport, Sport and Mass Events, City Management, Government, etc., as so as special meetings and business events has attracted top management and high-level specialists from Russia and rest of the world!

Delegations from 39 countries have visited us these days:

United Kingdom, Palestine, Spain, Italy, China, Germany, Lithuania, Sierra Leone, the United Arab Emirates, Zimbabwe, India, the Republic of Lebanon, Greece, Netherlands, Portugal, Myanmar, Iran, Iraq, Morocco, Japan, Colombia, Sri Lanka, Turkey, Czech Republic, Republic of Chad, Brazil, Dakar, Republic of the Congo, Cyprus, Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Ukraine, Uzbekistan, Turkmenistan.

Conference sessions have been extremely popular these three days! An outstanding line-up of experts addressed the industry’s hottest challenges and topics. The program featured various talks, round tables, plenary sessions, workshops and seminars in four different conference rooms.

An active part of the Organizing Committee in set-up of the business program and the exposure helped to focus the most important issues for the safety of citizens, businesses, territories, facilities and infrastructures.

Led by high-profile speakers and supported by Federation Council Committee on Defense and Security, Moscow Government, Ministry of Transport, Anti-Terrorist Centre of CIS, Association of Russian Banks and other associations, big buyers and regulators – the TB Forum 2017 conferences were an ideal platform for experts to discuss and analyze new developments, trends, legislation changes within the national security industry.

Once again TB Forum provided to its visitors and participants direct access to the major clients and key players of the market.

DOWNLOAD POST SHOW REPORT>>>

 

This year’s Show has been more to see, more to do and even more to learn! Join us and other like-minded industry professionals in Moscow at TB Forum powered by Intersec 2018! Click now for your early bird special!

EARLY BIRD SPECIAL>>>

 

 

Anna Zabora

TB Forum powered by Intersec
Project Coordinator

Groteck Business Media

Find me on LinkedIn

zabora@groteck.ru
www.groteck.com

 

 

(82)

Share

INTERPOL World 2017 builds up momentum with strong support from public and private sectors

The second edition of INTERPOL World has garnered strong support from public and private sectors, both locally and on the international front. Owned by INTERPOL, the world’s largest police organization with 190 member countries, the event is supported by Singapore’s Ministry of Home Affairs (MHA), the World Economic Forum and CyberSecurity Malaysia, an agency under Malaysia’s Ministry of Science, Technology and Innovation.

INTERPOL World provides a strategic platform for mutually beneficial collaborations, information sharing, innovations and solutions in response to security threats. It encapsulates the vision of a safer world through a multi-stakeholder approach by engaging the government, private and public sectors to address future security menaces.

“INTERPOL World is a unique opportunity for law enforcement and industry to build partnerships for developing innovative solutions to the global security challenges of tomorrow,” said Jürgen Stock, INTERPOL Secretary General.

To stay ahead of the game, law enforcement agencies and commercial organizations need to embrace current and future technologies to detect, prevent and investigate, so as to safeguard assets, property and citizens. Innovations in securing the cyberspace, public safety technologies such as artificial intelligence, big data analytics, drones, and identity management solutions such as biometrics, forensic sciences and investigations are some of the key enablers to better equip law enforcers and commercial entities with the necessary tools and solutions to counter future security challenges.
At least 300 international manufacturers and solutions providers will present their latest cutting-edge technologies to 10,000 security professionals and buyers from both public and private sectors. Market leaders such as Canon, Datacard, Gemalto, Kaspersky Lab, Microsoft, Oracle, NEC Corporation, Securiport, SICPA and Symantec have confirmed their participation at INTERPOL World to further strengthen their presence in the security landscape.

INTERPOL World 2017 will also see strong participation from national groups led by trade offices, chambers of commerce and associations.  Featuring the best capabilities and latest innovations from their countries, confirmed national groups include France led by Business France, Israel led by Israel Export Institute, and Singapore led by Singapore infocomm Technology Federation (SiTF) and Singapore Manufacturing Federation (SMF).  Participating for the first time as a National Group will be Italy led by Italian Chamber of Commerce Singapore, Japan led by Japan Network Security Association (JNSA) and USA led by the U.S. Commercial Service. This strong international presence reaffirms the recognition of INTERPOL World as an important platform for all to come together regularly for dialogues and sharing of ideas.

With five months to the event, international visiting delegations from various law enforcement and private sectors have already booked their interest. The dedicated Visiting Delegation Programme is a vital part of the INTERPOL World event to ensure a perfect match of buyers with suppliers. Each delegation will have a customized itinerary in line with their profile and interest to maximize their time spent at the event.  To date, visiting delegations from Australia, Indonesia, Japan, Malaysia, New Zealand and the Philippines have been confirmed.

INTERPOL World will also see stronger support from international trade associations this year.  (ISC)2, Asia Cloud Computing Association (ACCA), Biometrics Institute, Cloud Security Alliance, European Corporate Security Association (ECSA), International Aviation Security Association (IASA), ISACA, and Transported Asset Protection Association (TAPA) have confirmed their support, recognizing INTERPOL World as an event for their members to source, learn and network. Trade organisations supporting the event for the first time include APSCA, Certified Counter Terrorism Practitioner (CCTP), Cross-border Research Association (CBRA), EC Council, IEEE Communications Society, Security Identity Alliance, and World Association of Detectives (WAD).

The INTERPOL World Congress will happen from 4 to 6 July while the INTERPOL World Exhibition will take place from 5 to 7 July 2017 at Suntec Singapore Convention and Exhibition Centre. Please visit www.interpol-world.com for more information.

 

(107)

Share

Vizio TV Unlawfully Tracked User Data

TV maker Vizio has agreed to pay out $2.2m in order to settle allegations it unlawfully collected viewing data on its customers. The US Federal Trade Commission said the company’s smart TV technology had captured data on what was being viewed on screen and transmitted it to the firm’s servers.

http://www.bbc.co.uk/news/technology-38889975

Following this news, Lee Munson, security researcher at Comparitech.com, comments:

“The news about Vizio collecting data about its customers’ viewing habits is significant for many reasons, not least of which is the awareness it has created around the topic of snooping smart devices in the home.

“While customers of Vizio, and possibly many other manufacturers of connected devices, would do well to assume that the gadgets in their homes are collecting information about them, they do not have to accept it.

“Depending upon jurisdiction, privacy laws may well outlaw the practice, or control what can be done with that data.

“Even if that is not the case, many smart devices offer customers the ability to turn off the in-built tracking services, albeit those options may be buried in places where they are unlikely to be found with ease.

“Customers also have the option to research products before they buy and this is another reminder that privacy policies are there to be read, however long they may be!

“Only the fully informed will truly understand that such practices are likely to continue in this day and age, in which personal information is the most lucrative currency bar none, whether its collected with consent or stolen from a third party’s site during a data breach.”

(73)

Share

2nd GCC Operational Technology Security Forum

In the age of constantly advancing technology, shouldn’t the security of this technology be advanced as well? This is exactly what is to be discussed at the 2nd GCC OT Security Forum. The main focus is to illuminate and up-skill delegates on effectively securing OT infrastructure through different courses of action such as convergence of IT and OT, defeating cyber threats, changing the regulatory landscape, understanding smart cities, etc. It is the perfect opportunity to showcase any new upcoming technology as well as new security services. Speakers can address various individuals from various fields who are facing the issues.  It is not only a platform to discuss and solve problems, but it is also the perfect way of networking amongst like-minded individuals. For this and more, this forum is a must to partake in.

This event takes place 21-23 March 2017 in Doha. Visit  http://www.otsecurityforum.com

(71)

Share