The things you say Write to: Professional Security Magazine Westcroft, Cannock Road, Wolverhampton WV10 8QW Phone: 01922 415233 Email: info@professionalsecurity.co.uk Web: www.professionalsecurity.co.uk Knife crime issues I would not want it thought that I leap into action every time my chum Steve Collins goes to print, but I must again take issue with his position on knife crime, repeated in Professional Security, September 2017 – although, this time, I (almost) agree with him. Logic seems to be completely missing in current discussions of knife crime. “Knife crime is now four times more prevalent than gun crime”. Of course it is – have you ever tried to walk into a hardware store and buy a gun? Does everyone have a rack of guns hanging in the kitchen? There is a complaint that we are continually assured ‘knife crime has fallen’, but that those statistics are ‘massaged’. And yet, 120,000 fewer people with violence-related injury were treated in A&Es across England and Wales in 2016 compared with 2010. So, ‘between 2014 and 2016 the number of children carrying knives in London schools rose by almost 50pc’. What actual rise is that – up from 2pc to 3pc of pupils is a 50pc rise. In my schooldays, virtually every boy (yes, it was a boy thing) carried a knife in school – for playing ‘split the kipper’ and other harmless pursuits. Now a child doing that is ‘a potential murderer’. In amongst all of these figures showing offences involving knives, where is the figure that shows what percentage of the knives were being carried illegally in a public place, and how many were kitchen knives turned on a domestic partner in the home? PC Keith Palmer’s killing – used an edged weapon - in Westminster in March [pictured; flowers in his memory outside the Houses of Parliament] was a tragedy of the first order. But, in the same incident, the attacker killed four other people, using a vehicle, a modus operandi that has now Cyber aware Cyber awareness training for staff is important; so is constant communicating of risks. Ongoing cyber awareness training is an integral element in an organisation’s defence against cyber-attacks. However, our research indicates that this has not been a focal point for many organisations over the past 12 months. This is concerning, especially in light of the NIS [security of network and information systems] directive and therefore immediate action is needed to address it. Firstly, for organisations who only carry out awareness training once a ID responsibility Identity fraud is a very real, and growing, threat. The responsibility to protect against it is shared between banks, online stores and other online providers, government and consumers. Online providers, for example, have a duty of care to safeguard the personal data of their customers. However, consumers must be vigilant and do all they can to minimise the risk of their personal data being stolen. Central to this is having up-to-date and appropriate Internet security software on all connected devices, installing operating system and application updates promptly, using strong and unique passwords, applying caution when using public Wi-Fi networks, being aware of our digital footprint and not revealing too much information about ourselves online. David Emm Principal Security Researcher, Kaspersky Lab 82 OCTOBER 2017 PROFESSIONAL SECURITY been copied in several other terrorist attacks around the world. I have heard no-one say that, in consequence, driving cars and vans in a public place should therefore be made illegal. That would be seen as a stupid demand: is the ban on carrying a pocket-knife or multi-tool any less ludicrous? Steve is right: the law on knives and edged weapons is a failure. More, I would add: it is criminalising decent honest people, and giving police officers the right (I am not suggesting that they necessarily use or abuse it) to harass law-abiding citizens. The law is achieving nothing, and it is over-bearing. It should be repealed, and an effective system of dealing with all violence-related offences brought into being. Punish the offender, not the innocent - a country does not protect freedom by denying it to its citizens. Bill Wyllie year - typically as part of an initial employee induction - we’d recommend increasing this to at least twice annually as well as providing employees with frequent security refreshers. The rate of change in cyber-threats means that we all need to constantly adapt our methods of protection. It’s no longer acceptable for cyber awareness training to be a five-minute warning given to new starters, the entire workforce needs to be informed and up to date on new threats. Additionally, this approach needs to be supported by the IT department who, when an incident occurs, needs to communicate this to the entire business, providing insight as to why an incident took place, what the implications Data shake-up Shocking stat The UK anti-fraud organisation Cifas recently released statistics highlighting that identities were being stolen at the rate of almost 500 a day! This is a truly shocking statistic and highlights how much at risk we are all in today’s online world. More important than anything is not to get complacent or be ignorant of the threat. A good starting point on this is to perform a holistic vulnerability assessment based on one of the well-defined frameworks that provides an organisation with a benchmarked assessment of their controls and readiness as well as a path to improvement. These risks are not going away and with regulatory oversight increasing, for example with the upcoming GDPR, they are going to become more and more important! An epidemic needs to be addressed from multiple angles. Yes, there is a lot that you can do as an individual but there is also a lot that organisations can do and should do to protected personal information. Phil Beckett Managing Director of Global Disputes and Investigations, Alvarez and Marsal Awareness among executives is now absolutely critical in today’s digital age. While educating and up-skilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these difficult circumstances. The stakes are simply too high for organisations to stand by and wait for an attack to happen. Jon Geater CTO, Thales e-Security were and, most importantly, what can be done to prevent this from happening again. Protecting your organisation from threats in not just about preventative technology, it’s also about building a culture of information security. An employee’s understanding of security is one of the most important and effective security measures that organisations should be investing in, not least because unwitting employees are often the unknowing accomplice within an attack. While good security habits take time, effort and repetition, it’s better to invest in good practices now than pay the price later. Peter Groucutt MD, Databarracks The previous couple of issues, we’ve featured the likely UK law to update data protection according to the General Data Protection Regulation (GDPR). The GDPR is the greatest shake up in privacy legislation that we have seen. The proposed laws align organisations’ responsibilities with the expectations of individuals. It requires organisations to exchange data in a safe and ‘properly regulated’ way and continues to protect the privacy of individuals. Just as GDPR is based on how the European Union values personal data and requires businesses to behave in an appropriate manner, so does these data protection laws. Compliance officers familiar with the requirements of the EU’s GDPR will not be surprised by the contents of the Government’s proposal. These laws, alongside GDPR and the Data Protection Bill show that the Government is serious about Britain’s digital economy and is making steps to ensure the way our data is protected will not be negatively impacted by Brexit. Steve Durbin Managing Director, Information Security Forum (ISF) www.professionalsecurity.co.uk p82 Letters <strong>27</strong>-10.indd 1 16/09/2017 21:45
View the latest global vacancies from the Leading Specialist Recruitment Consultancy for Corporate Security, Technology Applications, Cyber, Engineering, Health and Safety. Voted by you as the Leading Security Recruitment Consultancy SSR A4 265.indd PAGE.indd 1 1 14/12/2015 14/04/2016 11:47 13:36