Security now March Top Safety Accreditation for Agenda Agenda

Security now March 2007 Top Safety Accreditation for Agenda Agenda Resource Management is one of the latest successful companies to join a leading edge scheme designed to help industry improve its safety record. Agenda recently received SAFE Contractor accreditation, a programme that recognises very high standards of health and safety practice amongst UK contractors. Commenting on the award, Paul Sanders, Managing Director of Agenda Resource Management, said: “We are delighted that our investment in good health and safety practice has been recognised in this way. SAFE Contractor accreditation will enhance our ability to attract new customers and win new contracts. Our commitment to safety will not only be viewed positively by our customers, but also by our insurers who will look favourably on this achievement when the company’s liability policy is due for renewal.” Those companies meeting the standard are included on a database, which is accessible to registered users only via the website, www. safecontractor.com The areas that Agenda Resource Management has achieved accreditation cover: • • • • • • Security Screening/Vetting Security Consultancy Fire Awareness Training Network Security Recruitment Services Marketing Consultancy In ThIs Issue Top Safety Agenda Accreditation for Fire Safety - You Need to Act Now Beat the SIA Increase ISIS Gives Your Screening Wings Cybercrime - Knowledge is the Best Form of Defence A New Ally in the War Against the Enemy Within Top 10 Security Tips from M15 Fire Safety – You Need To Act Now “Ignorance of new fire safety rules will be no excuse and business owners could end up in prison if a fire injures or kills someone on their premises” said employment law experts. – The Times Online, Sept. ’06. The Regulatory Reform (Fire Safety) Order came into force on 1 October 2006 and if you haven’t taken steps to comply with the new regulations, you need to act now. Some of the major requirements surrounding its implementation include: • The definition of premises and those to which the order applies, there is a huge increase. • The abolition of the existing Fire Certification scheme - previously granted certificates will cease to have any legal status. • The definition and assignment of the 'responsible person'. • Training of ALL staff in Fire Awareness For further information, advice and Fire Awareness course details, contact stevem@agendasecurity.co.uk Setting the standard Beat the SIA Increase On 6 April 2007 the Security Industry Authority (SIA) licence application fee is expected to rise from £190 to £245. The new fee would apply to licence applications for all licensable sectors throughout England, Wales and Scotland. Get your staff trained now and beat the increase! For more details about the SIA licensing system and Agenda’s training services, contact stevem@agenda-security.co.uk Operated by international safety, health and environmental risk management specialists, the National Britannia Group, the SAFE Contractor initiative is applicable to most industry sectors. James Ostler, Managing Director of Information Services at National Britannia, said: “Major organisations can no longer run the risk of employing contractors who are unable to prove they have sound health and safety policies. “More companies need to understand the importance of adopting good risk management in the way that Agenda has done. The company’s high standard has set an example, which hopefully will be followed by other companies within this sector.” Under the SAFE Contractor system, businesses undergo a vetting process, which examines health and safety procedures and their track record for safe practice. The views expressed in this newsletter are not necessarily those of Agenda Resource Management Limited. ISIS Gives Your Screenings Wings Whether you want a simple one-off check, a basic or probity screening, a CRB check or a fully comprehensive or executive screening package, our ISIS process takes care of it all. Designed specifically for pre-employment screening this bespoke system has been developed to precisely meet our clients’ individual needs. The ISIS system manages the whole process and includes an array of powerful features. • • • • • • • • Data, time and operator stamped entries Fully audit trailed processes Tracks the progress of every screening Flags up key milestones and performance indicators Real-time updates to our secure client candidate tracking system High-level security systems and secure servers Securely held back-up tapes in fire-proof safe off site Compliant with ISO27001 Information Security Management Standard • Exceeds BS7858 screening Code of Practice • Automatically selects sample screenings for auditing and quality control • Ensures compliance with Data Protection Act and destruction of materials The system has evolved tremendously over the last three years but we already have plans to make further enhancements, which we believe adds real value for our clients. Besides improving our efficiency, our ISIS system also facilitates the delivery of a quality screening service in the quickest turn-round times in our industry (a fully comprehensive screening is typically completed in just over 6 days). The system can also be adapted to communicate with and update clients’ systems in real-time. If you would like to find out more about the ISIS system or any of our other screening services please contact us at info@agenda-security.co.uk Screening Audits Who checks the checkers? Third party providers and agencies often claim to “screen” people, but organisations tend to have different views on what a screening is. Whilst the BS7858 Security Screening Code of Practice gives some broad guidance it is primarily aimed at security personnel and is neither enforceable nor audited. Our experience shows that standards can vary greatly and by using our ISO27001-based auditing system we can assist in identifying and plugging the gaps that can be so costly if a security breach ensues. Our auditing consultancy, conducted by one of our senior security managers, reviews compliance with the latest legal, data management and screening requirements. The actual audit typically takes around four hours to complete and results in a full report including any deviations and exceptions. A half-day audit costs £350 plus travel and accommodation at cost where applicable. Information Security Investigation System QC Auditable Checkpoint Client Request Cybercrime - Knowledge is the Best Form of Defence The Animal Rights (AR) movement is becoming increasingly adept at using technology to further its goals and reach a wider audience. You only need to look at the popularity of some of the social networking websites to see how easy it is for activists to push their propaganda to a staggeringly large audience. The MySpace phenomenon is an excellent example. Its aim is to allow individuals and groups of people to rapidly share their thoughts, lives, messages, photos and videos with anybody who cares to look. Its popularity with teenagers and younger adults provides a fresh and keen audience for the AR movement. A quick check of the MySpace profiles for SHAC, WAR and NARN reveals nearly 20,000 people who have added these groups to their own MySpace profiles. Of course, each of the AR groups’ profiles contains links to the other AR groups, creating a ring of activist profiles that can be navigated at a click of the mouse. In this respect, the research industry is in the position of playing catchup to the AR groups’ massive public popularity. If there are any proresearch MySpace profiles on the Internet, they are well hidden. individual is involved in illegal activity and increases the chances of being prosecuted. The most common type of online crime committed by AR activists is likely to be designed to obtain sensitive or commercial information pertaining to the target companies, their staff, suppliers and contractors. Malicious hacking – a growing menace? During the course of our 2006 network security work, we have gained some form of privileged access to our clients’ networks and have never been detected until we deliver our report to the client. If we reverse this scenario and consider AR activists and their hacking endeavours, it becomes clear that we will never be able to accurately determine the extent of hacking crimes and further, many companies will never know if they are secure or if they have already been hacked into. The reluctance of companies to alert the authorities to hacking related incidents further emboldens hackers, as they know they face little chance of prosecution. DoS attacks have so far been of little consequence to companies and individuals in the research industry. Technically difficult to undertake with any success, hackers must be highly skilled to maintain a denial of service attack, often relying on vast armies of hacked computers (known as ‘zombies’) to flood the target system with so much information that it stops responding. More common are floods of malicious emails. These are a nuisance, but rarely constitute a danger to the integrity or availability of computer systems. This is a legal grey area at present with no known convictions under the Computer Misuse Act 1990. Vigilance and protection essential It is incumbent upon us all to become at least as ‘savvy’ as the activists with regard to using new media and technology. There exists great potential for harm to the research industry if we do not embrace and adapt the technology that is being so successfully used by AR groups. Further research is required in order to determine the extent of the use of hacking as an extremist tactic, but until this is undertaken we must remain vigilant and ensure our systems are suitably protected against the very real danger posed by AR cybercrime. For more information, please contact our Network Security division or email us hacking@agenda-security.co.uk              QC  OK Documents Received QC          Documents Reviewed QC  MAJOR CONCERN Telephone Client Refer Data Input onto ISIS QC Desk Top Research QC Profiling & Analysis QC Verification Memberships/Quals QC MEDIUM CONCERN Refer to supervisor Candidate Security Interview QC Referees Interviewed QC Completion & Validation QC MINOR CONCERN Request further information from candidate or client Automated Reporting QC Monthly Client Report Affiliations Check Do your current and future employees have your best interests at heart? Our new Affiliations Check includes a full Internet mining search (over a billion Rights Connections) database and also a check against the Sanctions database, which is used by the Bank of England to identify terrorist affiliations. A useful supplement to current screening processes, this detailed review can also be used as an annual Affiliations Check, particularly for those employing people in sensitive areas of an organisation. The cost per person is £25, or £22 for 100 or more people. Exploiting the power of technology With this ever-increasing uptake of technology as a means of furthering their cause, it will come as no surprise that some AR groups and individuals are turning their skills into weapons of protest. The recent prosecution and conviction of 4 defendants in the Gladys Hammod case highlighted the role that computers and technology played in the campaign against the Hall family. The police seized over 20 computers during the investigation and worked hard to pull information from them. Encryption makes this forensic work very difficult and AR activists are increasingly adept at using this kind of technology to thwart investigations. On one laptop, investigators discovered personal details of the Halls, their families, friends and employees plus research of birth, marriage and death certificates. International Cooperation Working with the FBI, Microsoft and the American Embassy in London, detectives were able to secure evidence from a defendant’s Hotmail email account. This was made possible using the US PATRIOT Act, which is intended to help investigators track terrorist activity in the USA. Such cooperation with an English police force is rare, but it does highlight the seriousness with which AR activity is viewed by international law enforcement agencies. Whilst cases such as this one involve the use of computers to facilitate the crime, the use of the computer is itself not actually a crime. AR activists are well aware of this and know how far they can go before falling foul of the law. When it comes to committing cybercrime, activists are rather tight-lipped – especially when all of their other activities are so well publicised. Whether we consider hacking into computer systems, denial of service (DoS) or website defacement, it is difficult to find reliable evidence from which to derive accurate figures for the level of cybercrime activity by AR activists. We know of only a handful of cases where high-profile companies have had their websites defaced and replaced with pictures of mutilated animals and long diatribes against the use of animals in research. Defacing web pages, however, can be seen as a bad idea for AR groups. It leaves evidence, publicises the fact that the group or Big Brother is Watching! If anyone was in any doubt about the growing number of CCTV cameras in our streets and buildings, a new BSIA survey confirms what the vast majority of us already strongly suspected. It finds that the demand for CCTV systems has increased significantly year on year. Moreover, and perhaps more notably, some 85% of CCTV businesses reported that their business has increased and the same numbers are predicting further business growth into 2007. The survey also reports that awareness and compliance with standards is a high priority, with 90% of respondents stating they were aware or reasonably aware of the new BSIA Digital Video Evidence Code of Practice. A New Ally in the War Against the Enemy Within New guidelines published to help combat employee fraud With the incidence of staff fraud on the increase, the introduction of new guidelines to help employers understand the threats associated with fraud couldn’t be more timely. CIFAS, the UK’s Fraud Prevention Service, and the Chartered Institute of Personnel and Development (CIPD) have launched the free guidance to help employers and HR professionals to manage more effectively the risks posed by employee fraud. The new CIPD/CIFS guide, Tackling Staff Fraud – Guidelines for Employers, HR and Line Managers, offers advice on: • • • • • • • • the nature of staff fraud why staff fraud is a growing risk combating staff fraud vetting and security screening internal corporate culture monitoring staff effective policies for responding to identified staff fraud deterring fraudsters. now taking this a step further by sharing with each other, through CIFAS, data about staff fraud within their organisations. Businesses should aim to create a rigorous internal anti-fraud culture that promotes honesty, openness, integrity and vigilance throughout the workforce.” Prevention is better than cure Last year credit reference agency Experian highlighted the fact that many cases of insider fraud could be prevented if companies holding personal information were to carry out adequate checks on the backgrounds of their employees before giving them access to highly confidential personal information. Meanwhile, accounts firm BDO Stoy Hayward has claimed that, when it comes to stopping fraudsters, businesses are failing to make use of their main ally – the honest majority of workers. When questioned, most employees said they would want to report dishonest colleagues, but many would be deterred either because they do not know the correct procedure or they are wary of recrimination. For professional guidance and further information on preemployment screening contact screening@agenda-security. co.uk or call us on 08456 44 55 46 John Hinds, Policy and Projects Manager at CIFAS and co-author of the guide, says: “The majority of staff within any organisation are trustworthy and honest. But businesses are now beginning to understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer. “CIFAS research shows that staff fraud can have a negative impact on businesses in terms of their reputation, costs and customer service. As a result, staff fraud is now emerging as the single most significant fraud risk both to the financial services industry and to businesses handling financial transactions. It is also a serious risk to all businesses.” As Workplace Law previously reported, according to KPMG’s most recent Forensic Fraud Barometer, fraud by managers and employees accounts for almost half of all fraud cases dealt with by the courts. The rising cost of fraud In 2006 management fraud accounted for almost £310m of fraud. Fraud by other employees totalled just under £22m. A typical example of a managerial fraud was the prison’s payroll boss from Thornton Heath in Surrey who created fictitious employees so she could pocket more than £180,000 and start a new life in Jamaica. The way that business tackles fraud is changing though says Hinds: “Many organisations have historically been anxious to play down the threat from within and have been reluctant to admit to the scale of the problem or the associated financial losses. “However, for many organisations, the days when the majority of staff fraud cases would be handled quietly with no publicity, allowing the dishonest employee either to resign discreetly or be dismissed inconspicuously are long gone. Indeed a number of businesses are Top 10 Security Tips from MI5 The MI5 offer very good advice on good security practices, the top 10 guidelines are: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Perform a risk assessment of potential threats Consider security at the planning stage Make security awareness part of the organisational culture Ensure good housekeeping Restrict access points for people and vehicles Install appropriate physical security measures Examine mail handling procedures When recruiting, screen people effectively Protect your information Develop and test your business continuity plans Visit www.mi5.gov.uk/output/Page167.html for more information or ask one of our friendly advisors on info@agenda-security. co.uk Offices in Cambridge and Hull Tel: 08456 445546 Fax: 08456 445547 Int Tel: +44 (0) 1964 671791 E-mail: info@agenda-security.co.uk Web: www.agenda-security.co.uk