Business | TRW Interns

Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

July 20, 2025October 18, 2024 by Azubuike Nwenewo

Workplace violence is an inevitable security risk which your organization should get ready to deal with. Having emergency preparedness plan in place will provide formidable leverage for your business risk and resilience team. Workplace violence is any act of verbal, physical or emotional assault and harassment carried out against a victim within the confines of a workplace. It may include abuse and shout, hitting, beating, or attack, bullying and intimidation, and sexual harassment. Here are five key questions to get your team started for this security threat. Does your organization believe workplace violence poses a security risk to be taken seriously? Does your organization have response plan in place for workplace violence? How confident is your organization in dealing with workplace violence? What kind of workplace violence have been identified to be common to your industry? What kind of workplace violence has your organization experienced in the past five years? Providing answers to above questions should not be done loosely. It requires thoughtful insight which must consider size, assets, industry, complexity, experience, capabilities and resilience of the organization. Note also, factors that could possibly motivate persons to lunch acts of violence in workplace vary; however, it may include frustration, revenge, crime, rejection, and mental instability. Here is highlight and description of five sources of workplace violence to prepare for: Criminal intent: violence of this nature oftentimes originates from an external criminal who aims to obtain by force from a target inside the workplace. This may result to injury or fatality, and damage to assets. Customer based: is when a customer aggressively acts or reacts to a situation connected to the business transaction in the workplace. Such aggression may target a worker, a fellow customer or others. For instance, when a customer assaults an employee because their expectations are not met. Worker based: violence occurs when employee attacks, assault or harasses a customer, a fellow employee, the employer or others in the workplace. For example, a worker punches a fellow worker who has offended him/her beyond breaking point or attacks a superior who has refused to recommend a promotion or pay rise. Domestic based: occurs when a relative of a worker, employer, customer or others traces them to a workplace and carries attack. For instance, a jilted or rejected lover who visits and attacks a partner in the workplace. Ideological based: violence is a situation where an adherent of a particular belief or faith lunches attack in workplace perceived to provide or promote a service that offends such faith. For instance, a religious fanatic who carries out assault on workers or customers in a brothel and disrupt its business activities. How to prepare for inevitable workplace violence: Prepare with PPT – activate emergency response plan through people, process and technology. This requires having in place a capable security team who can follow a process backed by technology to deter, detect and promptly respond to acts of violence in the organization. Build strong security culture – strong security culture demands strong tone from the top. When an organization does not tolerate permissive behavior, it will send message that support strong security culture. In such organization, policies and standards are enforced regardless of whether an act is considered a serious one or not. Enforce background check – background check gives insight to past behaviors and profile of a candidate. It also, provides a red flag of what such person can do if granted access to join organization. For instance, someone who has history of rape in the pass will likely attempt sexual harassment in a workplace. Provide workplace violence awareness – training employees to recognize signs and safety risks associated with workplace violence and encourage them to speak up against it is a good prevention method. For example, Human Resources unit should have a dedicated channel for people to freely and fearlessly report acts of violence. Have onsite security visibility – having security personnel physically seen in a business premises promotes sense of safety, deters some would-be attackers from attempting to attack and generally promotes peace and security. Promote data driven security operation – when a security team is being guided by a verifiable data; trends and patterns can be used for planning, execution and insightful delivery. Data driven security operation can show connection between violence and a particular season e.g. weekend, evening, end of month, festive period, etc. Integrate CCTV surveillance to security visibility – CCTV camera have strong deterrent effect on occupants of its space. The system serves to caution people to be law abiding or make attempt and get caught. Encourage open communication – “see something, say something” is a safety and security slogan that must be encouraged amongst workforce. Sometimes a victim of covert workplace violence may not have the courage to speak up, especially if the avenue for such communication is not explicitly provided. Train your team for threat identification – employees and others in the workplace should be trained to easily recognize threats of workplace violence and report same without fear or inhibition. Deploy weapon detection technology – deploying weapon detection devices at company’s main access points will prevent entrance of lite weapons into the premises. With this in place, the risks of lethal attacks will be very low. Workplace violence can originate from five main sources. However, it preventable through application of some security measures outline above. ALSO READ 10 Ways To Prevent Workplace Violence

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

October 14, 2024 by Azubuike Nwenewo

Phishing is a type of social engineering attack built on manipulating and deceiving people to reveal confidential and private information which is then used to carry out further crime against them. This attack takes advantage of gullibility and vulnerability of human emotion to steal from people. Phishing attacks have become a popular, easy to use and very dependable tool for cyber criminals. When in operation; criminals would reach out to users through any communication channel, pretend to represent a legitimate authority; maybe a financial service provider, health insurance provider, a family member or trusted friend, proffer assistance, then request for inimical action from the user. Actions that maybe required from users during phishing attacks include but not limited to; Reveal private and confidential information, e.g. password, date of birth, social security number, BVN, code, etc. Click a link that will further direct users to secondary resource where confidential information will be stolen. Open attachment which in most case will contain malwares that will launch further attack on the device and network. Request for cash to enable a staged problem to be solved. Reveal a sent code to enable completion of a proposed solution. With automation and Artificial Intelligence dominating and directing modern interactions and commerce, people shall depend more on digital channels of communication. Available facts have proven that oftentimes, phishing attacks regardless of its type have more success rate than failure. This means more people are falling victim to these exploits. Hence, the benefits of deepening your understanding about them. Let’s dive into four common types of phishing attack. And how to identify email based phishing attack. Four types of phishing attacks. Spear phishing – this type targets specific category of persons, e.g. insurance or bank customers, students, male mine workers, etc. Whaling attack: is a sub-spear type of attack that targets high net worth and high-profile individuals like company executives, politicians, celebrities, etc. Just like implication of the name “Whale” biggest fish – this attack targets only “big fish”. That is, wealthy people. Smishing attack: this is an SMS based phishing where short message service is used to deceive a receiver into providing private and confidential information or taking other action. This is catchy because, it does not require internet connectivity to hit its intended targets. Vishing attack: this type is a direct opposite of smishing. It uses voice call to reach out and deceptively request for confidential and private information from receiver. In the same vein, internet connectivity is not required to execute this attack. Ten Signs to know a phishing email It will come from a stranger: oftentimes phishing emails come from unknown person or agent. It will come from a public email domain: examples of public email domains are yahoo.com, gmail.com, hotmail.com. Domain name will either be misspelt or corrupted: when it pretends to come from private domain, such domain will never spell correctly as the genuine one. There will be a form of misspelling or corruption of it. It will disguise as proffering assistance: merchants of phishing attacks always pretend to offer one form of assistance or the other. Shylock assistance you may call it. The mail content will be poorly written: content of mail will likely lack expected quality of a business communication. Mail will include suspicious attachment or link: this would require further actions like follow or open. It calls for urgent action: whatever is the call for action from phishing attack always comes with “urgency”. It will request user to provide personal information to enable closure of an event. It may request user to send cash to enable a staged problem to be solved. It will appeal to a defined sentiment. Phishing is a low end and cost-effective tool for cybercrime. It is a social engineering attack that exploits inherent weakness in people to get through and steal from them or carry out other crimes against targets. Getting basic knowledge about method of attacks and the techniques to identify them is a better way to go to prevent being a victim. ALSO READ: Cybersecurity Threat Of Social Engineering

Travel Security Understanding TSA Approved Locks

October 13, 2024 by Azubuike Nwenewo

Travel security refers to measures taken by an intending traveler to ensure protection for self and luggage. In an increasing global village, travelling both local and overseas has become a routine part of most corporate duties especially for executive personnel and others based on personal demands. Travel security speaks to millions of people who throttle around the globe periodically for one purpose or the other. For each trip security and safety should be of significant concern and must be synonymous with such trip. TSA means Travel Security Administration. TSA is an agency of US Department of Homeland Security. It has authority over the security of transportation systems within the United States. This agency was created as part of response to September 11, 2001 attacks on US to improve airport security protocols in harmony with other federal law enforcement agencies. One of the key recommendations of Travel Security Administration is a specified luggage lock known as TSA lock. A TSA-approved lock is any lock that has approval of TSA and authorized to emplaced Travel Sentry logo – the red diamond. When it comes to securing your travel luggage, using a TSA-approved lock is important for hassle-free trip. These locks feature a universal master key that may allow TSA agents to open and relock a luggage without having to cut or destroy such luggage lock. TSA-approved locks are gaining traction within global air transportation system. Although, each state has their individual air travel security regulations and practices, however most of them are adapted to TSA approved type when it comes to luggage lock. It is however, recommended for intending travelers to check the country’s specific luggage lock standard in advance of any trip. See the benefits of using TSA-approved lock on your luggage when travelling. • It will give you peace of mind. • It shows your knowledge of travel security. • It will ensure security of your personal effects. • It will align you to international travel requirement • It saves you the embarrassment of having your luggage lock cut or destroyed during routine airport security checks. Types of TSA-approved luggage locks There are specific types of these locks currently in open market. One striking feature to look out for as symbol of TSA approval is the “red diamond” logo. • Combination lock: this requires a specific combination of digits to lock and unlock. • Key lock: requires insertion of key and twist of tumbler to unlock. • Cable lock: allows for a sort of chain lock of multiple luggage together. Where to buy TSA Locks Local Stores: the keys can be found in most local travel stores or malls in the airport or within the community. Online Stores: notable online stores like Amazon, and Alibaba also sell TSA locks. In conclusion, travel must be synonymous with safety and security. While thinking safety first is crucial during any trip, the security of personal belongings oftentimes packed in luggage during such travel should also receive baseline attention. By understanding what a TSA lock is and its purpose, you should align your travel security to this regulatory requirement, at same time secure your luggage within acceptable standard. ALSO READ: Solo Travels

13 Benefits Of CCTV To Your Organization

October 4, 2024 by Azubuike Nwenewo

CCTV surveillance system has proven to be a high value tool for safety and security as well as productivity; whether it is deployed to personal, public or industrial settings. Twenty-first century security and safety has come to depend strongly on this technology as a reliable complement to other resources. The acronym CCTV, means Closed-Circuit Television. Its origin dates back to early 1940s when it was used to observe the launch of V-2 rockets (aggregate 4) at Peenemunde Army Research Centre in a suburb of Germany by a notable German engineer Walter Bruch who was credited as the inventor. It is an integrated system that uses Network Video Recorder or Digital Video Recorder, cameras, desktop computers, monitors/video walls, joy stick, mouse and other devices to capture, record/store and broadcast live footage of activities within its coverage. Today, there are about one billion installed CCTV system all over the world. China 200 million, US 59 million, German 52 million, UK and Japan with 5 million each are the top five countries with highest number of deployments. And the list is growing and evolving. The system has many domestic and industrial uses; its importance and acceptance are growing so fast by the day. On the field operation, the system is used to watch and monitor activities of all persons working within a facility. It is highly essential for deterrence and detection of crime as well as compliance to regulatory requirement amongst others. For your organization to reap full benefits of this surveillance system it is recommended that it must be fully optimized and functional, it should be operated and managed by competent personnel, and it must comply to privacy laws of the country of its operation. One significant subject of regulatory compliance to deployment of CCTV is “public warning”. This is a deliberate attempt to inform the public that CCTV is in operation 24/7 at the location; and that it is been used strictly for purpose of safety and security. If your organization is still asking what it stand to gain from deploying CCTV, or yet to specifically identify and place metrics and key performance indicators on its CCTV resources see below highlights of return on investment from this tool. 13 benefits of CCTV surveillance system to your organization: Enhance general perception of safety and security: the presence of CCTV surveillance in a location would generally enhance public view of safety and security in such area. Magically though; even when these resources are not fully optimized and utilized, this perception will hold water until proven otherwise by incidents related safety and security. Prevent crime: light-hearted or impulse criminals would think twice about committing any sort of crime in the presence of a visible CCTV camera. It is only a determined attacker who can dare this surveillance to carry out criminal act regardless. Detect criminal: when a crime is committed in the presence of optimized and functional CCTV camera whether visible or hidden; the actor and the act will be captured, recorded and stored by the system. Gather evidence: when a crime is committed in the presence of optimized and functional camera the actor and the act will be captured, recorded and stored by CCTV and the footage will be presented as evidence of such crime during post incident investigation. This will enable Management to take informed decision in line with its policy and standard. Minimize security and safety incident: with presence of fully optimized CCTV surveillance system in a location, the occurrence of security and safety breach will decrease significantly. Minimize cost of security: deployment of CCTV surveillance will save your organization huge fortune comparatively to deploying physical man-guard. 24/7 coverage of locations, capability and reliability can always beat human who would be vulnerable to visibility limitation, exhaustion, fatigue and other factors. Reduce insurance premium: deploying CCTV surveillance in your facility will help lower insurance premiums by reducing the risk of theft, fire, workplace violence, vandalism and other risks. Boost productivity: when employees and others knew they are being monitored through a surveillance or any other digital device, they would most likely mind their business to meet their target. Although, this is a side perk however; it is a function to be credited to CCTV where it applied. Compliance to regulation: some industry regulations have it as mandatory requirement to deploy CCTV surveillance to complement other security and safety resources. While some organization by default deploy this resource just to check out this requirement, others deploy them to maximize the potentials. The latter is a better option – so go for it. Monitor traffic: in a heavy traffic industrial location, CCTV can assist to monitor the flow and ensure it is complying to set standard and use same to promptly respond to incident accordingly. Monitor various retail settings: in the mall, store, warehouse, gym, hotel, restaurant, event hall, etc. CCTV camera can be used to monitor not just safety and security but other human behavior or mannerism that may serve as clue to a developing or active crime incident. With this, prompt response can be activated. Make informed decision: CCTV system analytics (especially post incident) can be used to decide which safety or security concern should be addressed in ways unique to its occurrence. The system can also provide insight to corporate operational risk and its prioritization. Provide employment: CCTV system creates employment to technologists, engineers, researchers, teachers, sales/procurement practitioners, policy makers, managers, operators and others who are important players in the system value chain. In summary, the need to create and sustain a safe and secure business community has place daunting demands on business owners and managers to ensure this obligation is met. Deployment of CCTV surveillance is one sure way to attain this. Organizations who appreciate and deploy fully optimized system shall have various benefits as highlighted above as return on investment. ALSO READ: Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

Top Cybersecurity Threats of 2024

September 27, 2024 by Azubuike Nwenewo

Cybersecurity threat is any criminal activity that has potential to take place through the use of computer devices and the internet. There are many types of cybersecurity threats today, they come from different sources technically known as vectors. Such sources may include state actors, terrorist groups, organized criminal groups, hackers, malicious insiders like; employee, supplier, vendor, competitor, etc. Contemporary world is increasingly being shaped and controlled by automation powered by artificial intelligence, internet-of-things, cloud infrastructure and others; dependence on digital handlers are no longer optional. This development comes with its inevitable security risks. Cyberspace has become the current battle field where criminal elements have continued to innovate various methods of attacks on existing vita resources. Knowledge of these attacks and the vectors is key to planning and implementing preventive and responsive security measures. In no particular order; see below highlight of some top cyber security threats of 2024. Social engineering: this sort of crime occurs when a cybercriminal deceives internet users to provide sensitive personal information; the information given is oftentimes used to commit various kinds of crimes against the person or the organization they represent. Social engineering plays on human intelligence and emotion; it uses of tricks and games to generate personal and confidential information from ignorant people and use same to commit further cybercrimes. Third party exposure: talks about level of potential cyber threats an organization is exposure to due to its relationship with vendors and suppliers within its information technology supply chain. Configuration mistake: otherwise known as misconfiguration, refers to errors in information technology system configuration settings; examples may include fraudulent dataset, hidden data, unstructured data, wrong formatting, failure to patch or wrong patch, non-configuration of firewalls, non-segmentation of network, not using multi-factor authentication, ignorant workforce. These mistakes can occur in any stage of development, deployment and operation of an information technology infrastructure. Artificial intelligence threat: this malicious act could occur when cybercriminals use AI techniques to exploit system vulnerabilities and launch attack. Mobil device threat: is a threat that take place through use of mobile device. Suffice to say that most known cybersecurity threats can occur via mobile devices. This power tool is also a powerful threat. Insider threat: Insider threat is any security risk that come from people within an organization. This maybe anyone who by virtue of their roles have access to sensitive information and other corporate resources capable of being used against the business. There are two types of insider threat. One is intentional threat, the other is accidental threat. The former is oftentimes premeditated and by impulse, the latter is by ignorance or accidental. State sponsored threat: this sort of event occurs when some rogue nation states sponsor or directly carry out cyber-attacks against fellow states, prominent organizations or individuals. DNS tunneling: this sort of attack allows hackers to bypass network security by using Domain Name System as conveyor for malicious data traffic. Tunneling is a powerful tool for hackers, and a serious threat for resource owners and managers. Ransomware: this event occurs when malware takes control, locks and encrypt a resource (this could be data, files, or system), render it inaccessible, then makes a demand as condition for its release. Trojan horse: is a virus that disguise as genuine or legitimate program to gain access to a system. Attackers oftentimes use social engineering as delivery channel for this sort of threat. Drive by attack: also known as drive-by download use “exploit kits” to launch automatic download of malware onto a system without a user’s consent. It is usually associated with compromised webpages or plug n play devices. Poor cyber hygiene: cyber hygiene means maintaining healthy cyber practices for security of systems, devices, networks and data. Main goal is to secure sensitive data against attacks. When this is lacking – poor cyber hygiene is the case. Example may include poor network security, lack of configuration management, lack of cybersecurity training for employee. Cloud vulnerability: this refers to weakness in cloud infrastructure which attackers can take advantage of and gain unauthorized access to data resources. Poor data management: this refers to fluid practices that negate the security of data resources. Cyber bulling: this sort of event happens when digital communication channel is used to send intimidating, assaulting and damaging messages to a target. Cyber stalking: this sort of event occurs when digital communication channel is used to track and harass a target (usually a person). DDoS attack: Distributed Denial of Service is a malicious act of disrupting and denying normal traffic flow to a web resource through the use of overwhelming requests that renders the resource incapable. Brute force: is a hacking method that applies trial and error to crack login credentials, encryption keys and pass words to gain unauthorized access to a network or account. It is reported that brute force success rate is rising; making it a simple and reliable tool for cyber criminals. Man-in-the-middle: also known as MITM or path attack occurs when a cybercriminal secretly intercepts and alters a flowing conversation between two parties without their knowledge or consent. Poor post incident management: this results when after-incident is not properly managed to prevent recurrence. Cybersecurity threats are a serious challenge to businesses. Managing it requires good understanding of different methods in which they may occur. What was discussed in this article is not exhaustive, as such there should be ongoing efforts to uncover and have good insight to more. ALSO READ Cybersecurity Threat Of Social Engineering

16 Trending Physical Security Threats Every Corporate Organization should Prepare to Deal with

September 20, 2024 by Azubuike Nwenewo

Physical security is responsible for overall protection of assets, people and information in the business place. Threat is any person, group, and/or activity that have potential to cause breach of security within a defined space. While the underlie principle of physical security has universal application; what may be defined or accepted as threat is relative to time and space. Threat is synonymous with loss as such, whatever is seen as security threat must elicit thoughtful concern from organization who might suffer its impacts. For instance, pilfering may seem inconsequential in most business setting however, if was not confronted and addressed it can run down a business. The starting point for any corporate organization is to put in place a functional security team who have capability to harness available resources to prevent or frustrate potential threats. Physical security threats are constantly evolving alongside modern society. This is largely influenced by workplace culture, technology, knowledge, socioeconomic factors, globalization, and available market. To stay abreast or ahead of this trend, an organization must build agility, resilience and dominance. What can shape the kind of physical security threats a business may face include type and size of such business, industry, location, leadership and regulation, policing and criminal justice system. Here is highlight of all-time physical security threats every corporate organization should prepare to deal with. Access breach – happens when people and/or materials enter or leave business premises without authorized approval. An organization with porous access management will struggle to exist. Any state or country characterize by border (land, water, and air) porosity will be overrun by criminality. General theft – this old stealth craft may occur in form of stealing, dupe/swindle, pilfering, shoplifting, diversion, shrinkage, padding, undersupply, cargo theft, siphon, fraud, etc. regardless of its form, it is a business killer. Vandalism – this threat is a property crime. It involves willful destruction of a company property Stowaway – this sort of security threat is applicable to aviation and maritime transport sector. It occurs when people illegally board an airplane or ship with intent to enter another country without following official protocol. Burglary – this refers to act of gaining illegal access into a locked building, room or office with intent to commit crime. Oftentimes it involves forceful breaking and entry; sometimes, it may happen with ease of access. Arson – this is act of intentionally setting fire on a property to cause loss to the owner or users. It may be influenced by a disease called pyromania or by vengeance or by criminal intent. Robbery – this old coercive craft involves act of violence through the aid of a weapon to take what belongs to others. Civil unrest – this may occur in form of riot, protest, demonstration, strike, picketing, lockout or lockdown. Regardless of how it happens, it can cause business disruption. Kidnapping – involves abduction or hostage taking of people with aim for a gain. Identity theft – this crime involves intentionally taking on identity of another person and conducting relationship in the name and profile of the person. It is very common on cyber space; however, it also exists in physical world. For instance, a non-staff thief can use identity credentials of a staff to prowl, and to access or exit company premises. Natural disaster – this is an act of nature (force majeure) which may include flood, drought, storm, hurricane, tornado, and earthquake. Convergence of threat – also known as cyber-physical threat is a peculiar kind of threat that is increasingly bridging the gap between physical and cyber security worlds. When a cyber-attack impacts physical services of an organization, a convergence of threat is playing out. For instance, a ransomware or distributed denial of service can cause panic and frustration for customers of an organization thereby creating mutual insecurity. Product adulteration – this sort of security threat is applicable to manufacturing industry. It is a practice of faking a branded product that enjoy widespread industry acceptance and sometimes dominance. Workplace violence – this applies whenever any act of violence against someone happens in a business premises. It may include robbery, assault, harassment, fight, and other types of uncontrolled aggression. Fraud/embezzlement – fraud is a dishonest act of stealing money or property by deception or trick, while embezzlement involves stealing company’s money by a person of trust and authority. Sexual harassment and/or rape – this refers to intimidating act against someone for sexual pleasure; or forcefully having sexual intercourse with a person. This threat is most common with female gender; however, a male can also become victim of it. Physical security threats are realities of modern world business. The security threats exposed above are not new, however, criminals have continued to innovate new ways of committing them such that solutions which worked a decade ago may not be effective today. Proper prior planning will prevent poor performance in responding to these threats. ALSO READ: Insider Threat Management And Guide

Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

September 19, 2024 by Azubuike Nwenewo

Your Email Security Best Practices

September 13, 2024 by Azubuike Nwenewo

Email has become a significant part of modern-day digital relationships. You can hardly have online presence without a functional email address. Most digital interactions in one way or the other would require sign-in, sign-up, or both using email address. For instance, handheld mobile device like iPhone or android cannot function without optimizing it through email sign-in. What this means is that if you do not have working email address, you cannot fully access and activate the capabilities of these mobile devices. Our email; whether private or professional one deserves special security attention. Hackers knew the importance of this tool as introduced above, hence it has become their main route to scout for unsuspecting or ignorant online users from whom confidential private information is generated for criminal acts. For instance; through emails these hackers deploy phishing, spoofing, whaling, and baiting as popular methods to gather private information from online users. having said this, note your email can be safely used when you are conscious of the presence of cybercriminals who are targeting victims in various ways through it. Make effort to protect your emails by following best security practices. See below list and brief description of some best practices for your email security. Use strong password: for password to be considered strong, it must have minimum of eight letters. These letter must contain alphanumeric characters like abc123&*@. Strong password is a good security practice that will keep your email protected from cybercriminals who may attempt to have unauthorized access to such it with intent to steal confidential information. Keep your password confidential: your password is part of your private information, as such it should never be disclosed to anyone. protect and keep it confidential. Review and update password periodically: to use one password too long will make your email vulnerable and expose it to avoidable security risk. Change and update your password from time to time. Active two-factor authentication: this is an electronic access authentication method whereby a user will be asked to present two or more levels of private information as proof of identity and ownership before access is granted to an application. Activating two-factor-authentication (2FA) will further protect your email from unauthorized access by criminals. Avoid opening strange links: online shared links received from unexpected and unknown sources should first be seen and treated as malware. Cyber space is full of malicious files, codes, applications and software. These malwares are oftentimes shared to unsuspecting and ignorant online users as links. To protect your email; open only links received from known and trusted source, and delete the ones from unknown sources. Avoid public wifi network: free public wifi is a potent avenue for security attack. Cyber criminals sometimes provide and use it to monitor and generate confidential information from unsuspecting and ignorant users. To play safe and protect your information requires you should avoid it. Pause and check before you click: the human error of unconscious surfing internet is what hackers take advantage of to share malwares. It is a good security practice not to haste to click on anything, e.g., pop-ups, links, download, etc. Always stop, check, and verify what it is before you decide. Avoid download from strange source: it is a good security practice to avoid random online downloads. Files shared from unexpected and strange sources should be seen and treated as malware. Download files from trusted source. Avoid strange sign-in or sign-up: most online transactions would require you to sign in or sign up. In either case, use of email is a precondition. When this request come from unexpected and strange source, it should be avoided. Update system software periodically: to keep a system (computer or mobile device) safe, its software and applications need to be updated from time to time. Such updates can enhance its security capability to protect against malwares and other security threats. Review and update security and privacy setting: your email contains privacy and security setting where it is required that updates should be carried out periodically. It is a good security practice to routinely check it and activate necessary updates. Email has become a very important part of our digital lives. It has also become prime target for cyber criminals. To use it safely requires conscious security practices. ALSO READ: Cybersecurity Threat Of Social Engineering

Domains Of Security And How They Impact Lives

September 13, 2024September 13, 2024 by Azubuike Nwenewo

Security appears to be synonymously connected to almost every aspect of human existence. Sociologically; society, in all ages has been functioning through contribution of interdependent human interactive silos. Every arears of human interactions although has exclusive social identity, is however, inherently designed to be mutually inclusive of others. To maintain effective functionality, such endeavor must not be threatened by any variable. Whenever any aspect of human interaction is faced with existential threat, it becomes a security concern to the society. Today’s world is increasingly becoming insecure; filled with threats from many fronts. Failed state and political instability, protracted crises and violent conflicts, persistent poverty, natural disasters, epidemics and pandemics, economic meltdown, etc. have imposed hardships on people and decrease chances for peace and stability. The above scenario is challenging to contemporary society; and it posses multiple forms of threats that overlap to create a complex domain of safety concern. Security in the context of this piece refers to a state of freedom from all threats. The concept of threat points to any person, group of persons; and any activity carried out by human, or act any of nature, etc. that has potential to disrupt or terminate the functionality of a subsystem. This “freedom from threats” is expected to translate to efficiency, peace, harmony, growth, development, increase/abundance, progress, advancement, fulfillment, happiness, joy, etc. See below, areas of human endeavor where perception of threat is oftentimes a significant source of concern to society. Human security: this aspect is concern with overall safety and security of people. United Nations refers to it as freedom from want, fear and to live a life of dignity. Anything that threatens dignity of a people is principally robbing such a group their safety. Any society deprived of human security will stagnate and be very far from peace and stability. Job security: this area deals with one’s source of livelihood and the chances that it will remain gainfully active for a reasonably long period without threat. Where this longevity is perceived to be uncertain, fear of insecurity would become the order. Food security: this aspect refers to when all people, at all times have unhindered access to sufficiently safe and nutritious foods that meet their daily needs. Any situation that disrupts food value chain is serious threats to life. Cultural security: this aspect deals with respect and regard for traditions and cultural values, and norms that are unique to a given people in a society. Health security: refers to control measures and activities required to be in place in a society to keep public health system functioning well to guarantee a healthy people. Where there is loss of confidence in public health; such a place is under threat of failed health system. Wealth security: this exists when the treasured possessions of a people are free from threats. Such possession may include technologies, buildings, money, innovations, and other assets. Financial security: this areas refers to freedom from monetary worries and debts, ability to comfortably meet all financial obligations, and availability of enough money for safekeeping. That is a condition of having stable income especially from two or more legitimate sources. Economic security: this domain points to when a society has stable, interrupted and trusted mode of wealth creation and distribution. In order words; it means a system that promotes well-regulated and unhindered flow of value creations, commercial transactions, productions, positive market forces and exchange of values. Information security: in this information age; this aspect focuses on activities centered on keeping information technology and other related infrastructure free from threats. Environmental security: refers to healthy practices of a community that assist to keep the environment free from man-made hazards, and generally promotes sustainable development. These domains highlighted above, and others not mentioned are significant to continue survival of contemporary society. Whenever they are threatened by either activity of human or by natural forces, the impacts can affect society in negative ways. ALSO READ: Determined Attacker – The Secret Destroyer

Determined Attacker – The Secret Destroyer

September 5, 2024 by Azubuike Nwenewo

The strength of your security system comes to huge test during the clandestine actions of a determined attacker. It is said; a chain is as strong as its weakest links. A determined attacker is any complex person or group who are hell-bent on compromising the security system of a facility in order to carry out a preplanned criminal act. Such act may include financial fraud, corruption, theft of sensitive information, theft of assets, diversion or adulteration of products, direct attack on properties, disruption of operation. In some other cases, it may involve robbery, theft, rape, assault, and murder. Hardly can any security design deter a determined attacker. At most it becomes win-win or win-lost battle; however, attempt would have been made and an incident created. A determined attack is carried out by criminal(s) who are motivated, mobilized and ready to breach security and disrupt peace at any cost. The consequence of the act holds no meaning to them; sometimes the consequence is perhaps the motivation. A determined attacker may be anyone – the diehard/disgruntled employee, a jail-prone criminal, a business partner (current or former), supplier, vendor, contractor, a customer, etc. In other case, a determined attacker maybe a close family relative such as sibling, child, a spouse/lover, a domestic staff, a friend, a foe, a fellow club/association or religious member, a passer-by, a teacher/student, a worker, the list is endless etc. The only limit to who becomes a determined attacker is the function of the mind. Make no mistakes about this, yes! Anyone can be a potential determined attacker. A determined attacker may be a professional or impulse criminal. A determined attack maybe motivated by some personal, pecuniary, religious/political and ideological interest, socio-economic, emotional factors. Anything could serve as motivation for the attack. The type and method of attack may just be the difference. A determined attacker can mobilize and deploy just any kind of resources required to accomplish the mission; failure is the last on their mind. Obsession is their possession. In same vein, a determined attacker is ready and patient to work along, work with the organization; assist the would-be victim, romance, care and love the would-be victim, worship at same place, trade/negotiate with you, contest with you, etc. However, in all of these, he/she studies the organization. Taking note of the strengths and the weaknesses, uses same to build the strategy required to execute the mission while waiting for the appropriate time to attack. Some measures against determined attacker include; Awareness of Their Existence: it is the goal of this article to draw attention and give insight to existence of these peculiar criminals amongst us. Strong Security System: as much resource can afford, put in place effective security controls for both preventive and reactive response. E.g., physical barriers; fences, gates, doors, locks, burglary proof, fire extinguishers, guardforce, procedures, CCTV and intrusion system; panic buttons, etc. Routine Due Diligence: this requires that background check must be carried out prior to activation of employment or engagement. Audit/Quality Control: periodically carry out audit of all risks control systems. Look out for and properly investigate anything that may seem out of place no matter how unimportant they appear. Teamwork/Networking: teamwork bring different brain and heart in the game, oftentimes produces better results. Problem is, victim oftentimes relegate or ignore them. Pay attention to these. Recognition Of Early Warning: please note, there is always a clue, sign, or redflag underneath any criminal project. Emergency Preparedness: at all times, hope for the best, prepare for the worst. Note this; our contemporary society is full of determined attackers in various shades. These are individuals who are feeling frustrated, disenchanted and incapacitated in their worlds thus, find solace in giving back to society whom they held responsible for their predicaments by breaching security, disrupting peace and unleashing harm with impunity. They are found everywhere! ALSO READ: Security Guides for Hiring Domestic Workers