Science & Tech

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

by
4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

Phishing is a type of social engineering attack built on manipulating and deceiving people to reveal confidential and private information which is then used to carry out further crime against them.  This attack takes advantage of gullibility and vulnerability of human emotion to steal from people. Phishing attacks have become a popular, easy to use and very dependable tool for cyber criminals. When in operation; criminals would reach out to users through any communication channel, pretend to represent a legitimate authority; maybe a financial service provider, health insurance provider, a family member or trusted friend, proffer assistance, then request for inimical action from the user. Actions that maybe required from users during phishing attacks include but not limited to; Reveal private and confidential information, e.g. password, date of birth, social security number, BVN, code, etc. Click a link that will further direct users to secondary resource where confidential information will be stolen. Open attachment which in most case will contain malwares that will launch further attack on the device and network. Request for cash to enable a staged problem to be solved. Reveal a sent code to enable completion of a proposed solution. With automation and Artificial Intelligence dominating and directing modern interactions and commerce, people shall depend more on digital channels of communication. Available facts have proven that oftentimes, phishing attacks regardless of its type have more success rate than failure. This means more people are falling victim to these exploits. Hence, the benefits of deepening your understanding about them. Let’s dive into four common types of phishing attack. And how to identify email based phishing attack. Four types of phishing attacks. Spear phishing – this type targets specific category of persons, e.g. insurance or bank customers, students, male mine workers, etc. Whaling attack: is a sub-spear type of attack that targets high net worth and high-profile individuals like company executives, politicians, celebrities, etc. Just like implication of the name “Whale” biggest fish – this attack targets only “big fish”. That is, wealthy people. Smishing attack: this is an SMS based phishing where short message service is used to deceive a receiver into providing private and confidential information or taking other action. This is catchy because, it does not require internet connectivity to hit its intended targets. Vishing attack: this type is a direct opposite of smishing. It uses voice call to reach out and deceptively request for confidential and private information from receiver. In the same vein, internet connectivity is not required to execute this attack. Ten Signs to know a phishing email It will come from a stranger: oftentimes phishing emails come from unknown person or agent. It will come from a public email domain: examples of public email domains are yahoo.com, gmail.com, hotmail.com. Domain name will either be misspelt or corrupted: when it pretends to come from private domain, such domain will never spell correctly as the genuine one. There will be a form of misspelling or corruption of it. It will disguise as proffering assistance: merchants of phishing attacks always pretend to offer one form of assistance or the other. Shylock assistance you may call it. The mail content will be poorly written: content of mail will likely lack expected quality of a business communication. Mail will include suspicious attachment or link: this would require further actions like follow or open. It calls for urgent action: whatever is the call for action from phishing attack always comes with “urgency”. It will request user to provide personal information to enable closure of an event. It may request user to send cash to enable a staged problem to be solved. It will appeal to a defined sentiment. Phishing is a low end and cost-effective tool for cybercrime. It is a social engineering attack that exploits inherent weakness in people to get through and steal from them or carry out other crimes against targets. Getting basic knowledge about method of attacks and the techniques to identify them is a better way to go to prevent being a victim. ALSO READ: Cybersecurity Threat Of Social Engineering

Travel Security Understanding TSA Approved Locks

by
Travel Security Understanding TSA Approved Locks

Travel security refers to measures taken by an intending traveler to ensure protection for self and luggage. In an increasing global village, travelling both local and overseas has become a routine part of most corporate duties especially for executive personnel and others based on personal demands. Travel security speaks to millions of people who throttle around the globe periodically for one purpose or the other. For each trip security and safety should be of significant concern and must be synonymous with such trip. TSA means Travel Security Administration. TSA is an agency of US Department of Homeland Security. It has authority over the security of transportation systems within the United States. This agency was created as part of response to September 11, 2001 attacks on US to improve airport security protocols in harmony with other federal law enforcement agencies. One of the key recommendations of Travel Security Administration is a specified luggage lock known as TSA lock. A TSA-approved lock is any lock that has approval of TSA and authorized to emplaced Travel Sentry logo – the red diamond. When it comes to securing your travel luggage, using a TSA-approved lock is important for hassle-free trip. These locks feature a universal master key that may allow TSA agents to open and relock a luggage without having to cut or destroy such luggage lock. TSA-approved locks are gaining traction within global air transportation system. Although, each state has their individual air travel security regulations and practices, however most of them are adapted to TSA approved type when it comes to luggage lock. It is however, recommended for intending travelers to check the country’s specific luggage lock standard in advance of any trip. See the benefits of using TSA-approved lock on your luggage when travelling. • It will give you peace of mind. • It shows your knowledge of travel security. • It will ensure security of your personal effects. • It will align you to international travel requirement • It saves you the embarrassment of having your luggage lock cut or destroyed during routine airport security checks. Types of TSA-approved luggage locks There are specific types of these locks currently in open market. One striking feature to look out for as symbol of TSA approval is the “red diamond” logo. • Combination lock: this requires a specific combination of digits to lock and unlock. • Key lock: requires insertion of key and twist of tumbler to unlock. • Cable lock: allows for a sort of chain lock of multiple luggage together. Where to buy TSA Locks Local Stores: the keys can be found in most local travel stores or malls in the airport or within the community. Online Stores: notable online stores like Amazon, and Alibaba also sell TSA locks. In conclusion, travel must be synonymous with safety and security. While thinking safety first is crucial during any trip, the security of personal belongings oftentimes packed in luggage during such travel should also receive baseline attention. By understanding what a TSA lock is and its purpose, you should align your travel security to this regulatory requirement, at same time secure your luggage within acceptable standard. ALSO READ: Solo Travels

13 Benefits Of CCTV To Your Organization

by
13 Benefits Of CCTV To Your Organization

CCTV surveillance system has proven to be a high value tool for safety and security as well as productivity; whether it is deployed to personal, public or industrial settings. Twenty-first century security and safety has come to depend strongly on this technology as a reliable complement to other resources. The acronym CCTV, means Closed-Circuit Television. Its origin dates back to early 1940s when it was used to observe the launch of V-2 rockets (aggregate 4) at Peenemunde Army Research Centre in a suburb of Germany by a notable German engineer Walter Bruch who was credited as the inventor. It is an integrated system that uses Network Video Recorder or Digital Video Recorder, cameras, desktop computers, monitors/video walls, joy stick, mouse and other devices to capture, record/store and broadcast live footage of activities within its coverage. Today, there are about one billion installed CCTV system all over the world. China 200 million, US 59 million, German 52 million, UK and Japan with 5 million each are the top five countries with highest number of deployments.  And the list is growing and evolving. The system has many domestic and industrial uses; its importance and acceptance are growing so fast by the day. On the field operation, the system is used to watch and monitor activities of all persons working within a facility. It is highly essential for deterrence and detection of crime as well as compliance to regulatory requirement amongst others. For your organization to reap full benefits of this surveillance system it is recommended that it must be fully optimized and functional, it should be operated and managed by competent personnel, and it must comply to privacy laws of the country of its operation. One significant subject of regulatory compliance to deployment of CCTV is “public warning”. This is a deliberate attempt to inform the public that CCTV is in operation 24/7 at the location; and that it is been used strictly for purpose of safety and security. If your organization is still asking what it stand to gain from deploying CCTV, or yet to specifically identify and place metrics and key performance indicators on its CCTV resources see below highlights of return on investment from this tool. 13 benefits of CCTV surveillance system to your organization: Enhance general perception of safety and security: the presence of CCTV surveillance in a location would generally enhance public view of safety and security in such area. Magically though; even when these resources are not fully optimized and utilized, this perception will hold water until proven otherwise by incidents related safety and security. Prevent crime: light-hearted or impulse criminals would think twice about committing any sort of crime in the presence of a visible CCTV camera.  It is only a determined attacker who can dare this surveillance to carry out criminal act regardless. Detect criminal: when a crime is committed in the presence of optimized and functional CCTV camera whether visible or hidden; the actor and the act will be captured, recorded and stored by the system. Gather evidence: when a crime is committed in the presence of optimized and functional camera the actor and the act will be captured, recorded and stored by CCTV and the footage will be presented as evidence of such crime during post incident investigation. This will enable Management to take informed decision in line with its policy and standard. Minimize security and safety incident: with presence of fully optimized CCTV surveillance system in a location, the occurrence of security and safety breach will decrease significantly. Minimize cost of security: deployment of CCTV surveillance will save your organization huge fortune comparatively to deploying physical man-guard. 24/7 coverage of locations, capability and reliability can always beat human who would be vulnerable to visibility limitation, exhaustion, fatigue and other factors. Reduce insurance premium: deploying CCTV surveillance in your facility will help lower insurance premiums by reducing the risk of theft, fire, workplace violence, vandalism and other risks. Boost productivity: when employees and others knew they are being monitored through a surveillance or any other digital device, they would most likely mind their business to meet their target. Although, this is a side perk however; it is a function to be credited to CCTV where it applied. Compliance to regulation: some industry regulations have it as mandatory requirement to deploy CCTV surveillance to complement other security and safety resources. While some organization by default deploy this resource just to check out this requirement, others deploy them to maximize the potentials. The latter is a better option – so go for it. Monitor traffic: in a heavy traffic industrial location, CCTV can assist to monitor the flow and ensure it is complying to set standard and use same to promptly respond to incident accordingly. Monitor various retail settings: in the mall, store, warehouse, gym, hotel, restaurant, event hall, etc. CCTV camera can be used to monitor not just safety and security but other human behavior or mannerism that may serve as clue to a developing or active crime incident. With this, prompt response can be activated. Make informed decision: CCTV system analytics (especially post incident) can be used to decide which safety or security concern should be addressed in ways unique to its occurrence. The system can also provide insight to corporate operational risk and its prioritization. Provide employment: CCTV system creates employment to technologists, engineers, researchers, teachers, sales/procurement practitioners, policy makers, managers, operators and others who are important players in the system value chain. In summary, the need to create and sustain a safe and secure business community has place daunting demands on business owners and managers to ensure this obligation is met. Deployment of CCTV surveillance is one sure way to attain this. Organizations who appreciate and deploy fully optimized system shall have various benefits as highlighted above as return on investment. ALSO READ: Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

20 Safety and Security Tips For Hotel Guests

by
20 Safety and Security Tips For Hotel Guests

Hotel is known for leisure and pleasure. It is a place where people run to when there is need for home away from home, exciting experience, relaxation, fun, corporate meetings, conferences, seminars, etc.  Everything about it revolves around exciting and exclusive experience. The industry has been enjoying very wide patronage across globe due to increasing need for people to move around, take time out, and experience a place away from regular work or home environment; sometimes it offers a combination of business and pleasure. Hotels sell excitement and experience open to anyone who can afford it; this presents peculiar challenges to ensure safety and security of guests. Challenge of maintaining improved guests experience and ensuring adequate protection for guests and assets at same time. Operators have demand to ensure integration of safety into hotel ambience. Guests and others visit hotels with various motives. Travelers, fun seekers, business people, criminals, hawkers, barons, gangs and organized underworld groups, etc. patronize hotels for one purpose or the other. The hotel must meet their expectations, else next call may not be possible. Good hotel security system will promote the vision and the mission of the business and still guarantee less security incident. The sure way to go about this is through deterrence-oriented policy and standard rooted on robust security infrastructure, personnel training and guest awareness. This article is guest-centric. It is written for hotel guests. It places the responsibility on the guest to ensure practice of recommended tips to minimize risk of safety and security incident while lodging. As a security or safety manager who has responsibility to proffer risk advisory to employees that seek accommodation in hotel this piece is a ready assistance. Every hotel guest should see themselves as personal chief security officer to self. Reason for this; in some part of the world some people operate a death row under the guise of hotel. As such, instead of selling leisure and experience, they sell pain and calamity to innocent visitors who would never think that such lodge is license to death. Some types of safety and security threats guests may be exposed to in hotel include: Food & drink poisoning Drug & substance abuse Property damage Property theft Pilfering Ritual killing Kidnapping Fire or arson Cyber attack Sexual assault Assassination Pool drowning Armed robbery Physical Assault Excessive indulgence See below 20 Safety and Security Tips To Practice When Lodging in Hotel Research the hotel ahead scheduled lodge, and check online reviews. Do quick mental assessment of the premise and the Front Office Look out for outdoor and indoor CCTV cameras. Ensure the name in public view is the same with name on receipt or transactional document. Nameless hotel has higher risk, variation in name is a clue to safety risk. Share hotel name and location with a trusted person. Note, google map or other digital tool can be used to gather this information. Check strength of the door and the lock. Check door peephole and have it covered from inside. Check all covered or hidden areas in the room; such as under bed, behind curtain, covered roof or floor, bathroom, closet, mini bar, locker/save, adjacent door (if any) etc. Locate nearest emergency exit and check to be sure it is functional. Put off all lights in the room, use your phone camera to scan for hidden cameras (note, this does not work in all phones). Ensure panic alarm device is provided in the room. Ensure Front Office and Security intercom contacts are provided. – if possible, get contact of nearby local Police. Know your room number. Never open door to strange or unexpected knocks. Keep room door partially opened during scheduled or emergency housekeeping. Avoid room on clumsy floor or area. Secure your valuables in locked pack e.g., room locker, your luggage, etc. Do not always trust free public network. Avoid sharing confidential information when using it. Maintain situational awareness at all times. Contact external source for assistance when unfolding incident seems out of hand. Hotels promise experience in form of leisure, glamor, excitement and taste. However; lurking within this cosmetics may be security threats lethal enough to cost life. Always exercise some self-help practices some of which have been highlighted on this piece. Wishing you safe and exciting experience in advance of any hotel lodge. ALSO READ: Traveling with kids: Family Travel Tips for Parents

Top Cybersecurity Threats of 2024

by
Top cybersecurity threats of 2024

Cybersecurity threat is any criminal activity that has potential to take place through the use of computer devices and the internet. There are many types of cybersecurity threats today, they come from different sources technically known as vectors. Such sources may include state actors, terrorist groups, organized criminal groups, hackers, malicious insiders like; employee, supplier, vendor, competitor, etc. Contemporary world is increasingly being shaped and controlled by automation powered by artificial intelligence, internet-of-things, cloud infrastructure and others; dependence on digital handlers are no longer optional. This development comes with its inevitable security risks. Cyberspace has become the current battle field where criminal elements have continued to innovate various methods of attacks on existing vita resources. Knowledge of these attacks and the vectors is key to planning and implementing preventive and responsive security measures. In no particular order; see below highlight of some top cyber security threats of 2024. Social engineering: this sort of crime occurs when a cybercriminal deceives internet users to provide sensitive personal information; the information given is oftentimes used to commit various kinds of crimes against the person or the organization they represent. Social engineering plays on human intelligence and emotion; it uses of tricks and games to generate personal and confidential information from ignorant people and use same to commit further cybercrimes. Third party exposure: talks about level of potential cyber threats an organization is exposure to due to its relationship with vendors and suppliers within its information technology supply chain. Configuration mistake: otherwise known as misconfiguration, refers to errors in information technology system configuration settings; examples may include fraudulent dataset, hidden data, unstructured data, wrong formatting, failure to patch or wrong patch, non-configuration of firewalls, non-segmentation of network, not using multi-factor authentication, ignorant workforce. These mistakes can occur in any stage of development, deployment and operation of an information technology infrastructure. Artificial intelligence threat: this malicious act could occur when cybercriminals use AI techniques to exploit system vulnerabilities and launch attack. Mobil device threat:  is a threat that take place through use of mobile device. Suffice to say that most known cybersecurity threats can occur via mobile devices. This power tool is also a powerful threat. Insider threat: Insider threat is any security risk that come from people within an organization. This maybe anyone who by virtue of their roles have access to sensitive information and other corporate resources capable of being used against the business. There are two types of insider threat. One is intentional threat, the other is accidental threat. The former is oftentimes premeditated and by impulse, the latter is by ignorance or accidental. State sponsored threat:  this sort of event occurs when some rogue nation states sponsor or directly carry out cyber-attacks against fellow states, prominent organizations or individuals. DNS tunneling: this sort of attack allows hackers to bypass network security by using Domain Name System as conveyor for malicious data traffic. Tunneling is a powerful tool for hackers, and a serious threat for resource owners and managers. Ransomware: this event occurs when malware takes control, locks and encrypt a resource (this could be data, files, or system), render it inaccessible, then makes a demand as condition for its release. Trojan horse: is a virus that disguise as genuine or legitimate program to gain access to a system. Attackers oftentimes use social engineering as delivery channel for this sort of threat. Drive by attack: also known as drive-by download use “exploit kits” to launch automatic download of malware onto a system without a user’s consent. It is usually associated with compromised webpages or plug n play devices. Poor cyber hygiene: cyber hygiene means maintaining healthy cyber practices for security of systems, devices, networks and data. Main goal is to secure sensitive data against attacks. When this is lacking – poor cyber hygiene is the case. Example may include poor network security, lack of configuration management, lack of cybersecurity training for employee. Cloud vulnerability: this refers to weakness in cloud infrastructure which attackers can take advantage of and gain unauthorized access to data resources. Poor data management: this refers to fluid practices that negate the security of data resources. Cyber bulling: this sort of event happens when digital communication channel is used to send intimidating, assaulting and damaging messages to a target. Cyber stalking: this sort of event occurs when digital communication channel is used to track and harass a target (usually a person). DDoS attack: Distributed Denial of Service is a malicious act of disrupting and denying normal traffic flow to a web resource through the use of overwhelming requests that renders the resource incapable. Brute force: is a hacking method that applies trial and error to crack login credentials, encryption keys and pass words to gain unauthorized access to a network or account. It is reported that brute force success rate is rising; making it a simple and reliable tool for cyber criminals. Man-in-the-middle:  also known as MITM or path attack occurs when a cybercriminal secretly intercepts and alters a flowing conversation between two parties without their knowledge or consent. Poor post incident management: this results when after-incident is not properly managed to prevent recurrence. Cybersecurity threats are a serious challenge to businesses. Managing it requires good understanding of different methods in which they may occur. What was discussed in this article is not exhaustive, as such there should be ongoing efforts to uncover and have good insight to more. ALSO READ Cybersecurity Threat Of Social Engineering

Security Implications of Dark Web

by
Security Implications of Dark Web

Dark web is one of the three layers of web on the world wide web; other are surface web and deep web. This article highlights some of the activities on dark web and their overall security implications. Surface web: also known as clean or visible web is a part of the web for public use. This is where most people routinely use every day for their online needs through search engines like google, Bing, yahoo, LinkedIn, YouTube, Facebook, and company websites. One of the unique features of surface web is that its web resources are indexed by search engine, thereby making them searchable and accessible. It is a powerful but fraction part of the web which is said to constitute about ten percent of web resources. No login credential is required to access most websites on surface web. Deep web: this is the web beyond surface web. The web resources on deep web are not searchable by search engines; and they require authentication (that is, login credentials) for access. Deep web play host to reserved and protected data which is not for public consumption. Such reserved data may include but not limited to government record, medical record, financial record, classified military records, online library resources, organization websites for internal use and other related data. Deep web is reported to playing host to about ninety percent of entire web resources. Dark web: also known as darknet is a subset of deep web. The striking features of this layer of web is that it is the deepest part of the web and it is only accessible through a special web browser known as TOR (The Onion Router); and overlay networks such as I2P. The strongest attraction of dark web is its anonymity (secrecy) For instance, TOR resources loudly guaranteed users of protection against tracking, surveillance and censorship. Dark web is also reported to constitute about five percent of deep web. Dark web, generally known as underground web market for criminals and other merchants of illegality is also used by genuine and law-abiding people for purpose of information gathering and sharing while remaining anonymous. See below, some type of information mostly traded on dark web and their security implications: Stolen information: confidential and personal information such as login credentials, passwords, codes, pin, social security number, payment card details, etc. are exchanged on dark web for facilitation of cybercrimes. Breached data: stolen information like classified government records, account details, company trade secrets, customer details, payrolls, medical records, intellectual properties, company financial records, etc. are traded on dark platform and used to commit various crimes against the owners and sometimes the public. Fraud guide: various cyber criminal forums use dark web to recruit and train cyber fraudsters through sharing fraud guide resources. These guides further drive s and promotes multiplication of criminals. Hack guide: cyber criminals use dark web as hands-on academy to train hackers. This in turn drives and promotes multiplication of cyber criminals who prowl the internet to carry out crimes against individuals and organizations. Malwares: different types of malicious wares such Ransomware, DDoS, Trojan horses, infested USB and other plug-n-play devices are sold on dark web. These malwares are then used to lunch attacks against the public. Drug peddling: drug cartels across the globe use dark web as a market place for sourcing, distribution and retail of control substances. The substances then spread with wide implications for both users and non-users, Gun running: illegal trade of guns and ammunitions amongst criminal merchants have identified as one of the notable trades on dark web platform. Illegal use of guns inevitably drives violent crimes and leads to destructions of lives and properties. Human trafficking: criminal merchants also carry out trade of humans for purpose of forced labor and sexual exploitation through dark web. This inhuman criminality is a huge assault on humanity and a drain on human resources. In conclusion, dark web is a special kind of web, used by special kind of people and for special kind of purpose. While its original intent for creation was genuine however; like other resources, its been overtaken by criminals who hide under its anonymity to engage in trades that holds so much risks to individuals and corporate organizations. ALSO READ: Entrepreneur: 7 Reasons Why You Need A Website

16 Trending Physical Security Threats Every Corporate Organization should Prepare to Deal with

by
16 Trending Physical Security Threats

Physical security is responsible for overall protection of assets, people and information in the business place. Threat is any person, group, and/or activity that have potential to cause breach of security within a defined space. While the underlie principle of physical security has universal application; what may be defined or accepted as threat is relative to time and space. Threat is synonymous with loss as such, whatever is seen as security threat must elicit thoughtful concern from organization who might suffer its impacts. For instance, pilfering may seem inconsequential in most business setting however, if was not confronted and addressed it can run down a business. The starting point for any corporate organization is to put in place a functional security team who have capability to harness available resources to prevent or frustrate potential threats. Physical security threats are constantly evolving alongside modern society. This is largely influenced by workplace culture, technology, knowledge, socioeconomic factors, globalization, and available market. To stay abreast or ahead of this trend, an organization must build agility, resilience and dominance. What can shape the kind of physical security threats a business may face include type and size of such business, industry, location, leadership and regulation, policing and criminal justice system. Here is highlight of all-time physical security threats every corporate organization should prepare to deal with. Access breach – happens when people and/or materials enter or leave business premises without authorized approval. An organization with porous access management will struggle to exist. Any state or country characterize by border (land, water, and air) porosity will be overrun by criminality. General theft – this old stealth craft may occur in form of stealing, dupe/swindle, pilfering, shoplifting, diversion, shrinkage, padding, undersupply, cargo theft, siphon, fraud, etc. regardless of its form, it is a business killer. Vandalism – this threat is a property crime. It involves willful destruction of a company property Stowaway – this sort of security threat is applicable to aviation and maritime transport sector. It occurs when people illegally board an airplane or ship with intent to enter another country without following official protocol. Burglary – this refers to act of gaining illegal access into a locked building, room or office with intent to commit crime. Oftentimes it involves forceful breaking and entry; sometimes, it may happen with ease of access. Arson – this is act of intentionally setting fire on a property to cause loss to the owner or users. It may be influenced by a disease called pyromania or by vengeance or by criminal intent. Robbery – this old coercive craft involves act of violence through the aid of a weapon to take what belongs to others. Civil unrest – this may occur in form of riot, protest, demonstration, strike, picketing, lockout or lockdown. Regardless of how it happens, it can cause business disruption. Kidnapping – involves abduction or hostage taking of people with aim for a gain. Identity theft – this crime involves intentionally taking on identity of another person and conducting relationship in the name and profile of the person. It is very common on cyber space; however, it also exists in physical world. For instance, a non-staff thief can use identity credentials of a staff to prowl, and to access or exit company premises. Natural disaster – this is an act of nature (force majeure) which may include flood, drought, storm, hurricane, tornado, and earthquake. Convergence of threat – also known as cyber-physical threat is a peculiar kind of threat that is increasingly bridging the gap between physical and cyber security worlds. When a cyber-attack impacts physical services of an organization, a convergence of threat is playing out. For instance, a ransomware or distributed denial of service can cause panic and frustration for customers of an organization thereby creating mutual insecurity. Product adulteration – this sort of security threat is applicable to manufacturing industry. It is a practice of faking a branded product that enjoy widespread industry acceptance and sometimes dominance. Workplace violence – this applies whenever any act of violence against someone happens in a business premises. It may include robbery, assault, harassment, fight, and other types of uncontrolled aggression. Fraud/embezzlement – fraud is a dishonest act of stealing money or property by deception or trick, while embezzlement involves stealing company’s money by a person of trust and authority. Sexual harassment and/or rape – this refers to intimidating act against someone for sexual pleasure; or forcefully having sexual intercourse with a person. This threat is most common with female gender; however, a male can also become victim of it. Physical security threats are realities of modern world business. The security threats exposed above are not new, however, criminals have continued to innovate new ways of committing them such that solutions which worked a decade ago may not be effective today. Proper prior planning will prevent poor performance in responding to these threats. ALSO READ: Insider Threat Management And Guide

Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

by
Five Sources of Workplace Violence and How To Prepare For It

Workplace violence is an inevitable security risk which your organization should get ready to deal with. Having emergency preparedness plan in place will provide formidable leverage for your business risk and resilience team. Workplace violence is any act of verbal, physical or emotional assault and harassment carried out against a victim within the confines of a workplace. It may include abuse and shout, hitting, beating, or attack, bullying and intimidation, and sexual harassment. Here are five key questions to get your team started for this security threat. Does your organization believe workplace violence poses a security risk to be taken seriously? Does your organization have response plan in place for workplace violence? How confident is your organization in dealing with workplace violence? What kind of workplace violence have been identified to be common to your industry? What kind of workplace violence has your organization experienced in the past five years? Providing answers to above questions should not be done loosely. It requires thoughtful insight which must consider size, assets, industry, complexity, experience, capabilities and resilience of the organization. Note also, factors that could possibly motivate persons to lunch acts of violence in workplace vary; however, it may include frustration, revenge, crime, rejection, and mental instability. Here is highlight and description of five sources of workplace violence to prepare for: Criminal intent: violence of this nature oftentimes originates from an external criminal who aims to obtain by force from a target inside the workplace. This may result to injury or fatality, and damage to assets. Customer based: is when a customer aggressively acts or reacts to a situation connected to the business transaction in the workplace. Such aggression may target a worker, a fellow customer or others. For instance, when a customer assaults an employee because their expectations are not met. Worker based: violence occurs when employee attacks, assault or harasses a customer, a fellow employee, the employer or others in the workplace. For example, a worker punches a fellow worker who has offended him/her beyond breaking point or attacks a superior who has refused to recommend a promotion or pay rise. Domestic based: occurs when a relative of a worker, employer, customer or others traces them to a workplace and carries attack. For instance, a jilted or rejected lover who visits and attacks a partner in the workplace.   Ideological based: violence is a situation where an adherent of a particular belief or faith lunches attack in workplace perceived to provide or promote a service that offends such faith. For instance, a religious fanatic who carries out assault on workers or customers in a brothel and disrupt its business activities. How to prepare for inevitable workplace violence: Prepare with PPT – activate emergency response plan through people, process and technology. This requires having in place a capable security team who can follow a process backed by technology to deter, detect and promptly respond to acts of violence in the organization. Build strong security culture – strong security culture demands strong tone from the top. When an organization does not tolerate permissive behavior, it will send message that support strong security culture. In such organization, policies and standards are enforced regardless of whether an act is considered a serious one or not. Enforce background check – background check gives insight to past behaviors and profile of a candidate. It also, provides a red flag of what such person can do if granted access to join organization. For instance, someone who has history of rape in the pass will likely attempt sexual harassment in a workplace. Provide workplace violence awareness – training employees to recognize signs and safety risks associated with workplace violence and encourage them to speak up against it is a good prevention method. For example, Human Resources unit should have a dedicated channel for people to freely and fearlessly report acts of violence. Have onsite security visibility – having security personnel physically seen in a business premises promotes sense of safety, deters some would-be attackers from attempting to attack and generally promotes peace and security. Promote data driven security operation – when a security team is being guided by a verifiable data; trends and patterns can be used for planning, execution and insightful delivery.  Data driven security operation can show connection between violence and a particular season e.g. weekend, evening, end of month, festive period, etc. Integrate CCTV surveillance to security visibility – CCTV camera have strong deterrent effect on occupants of its space. The system serves to caution people to be law abiding or make attempt and get caught. Encourage open communication – “see something, say something” is a safety and security slogan that must be encouraged amongst workforce. Sometimes a victim of covert workplace violence may not have the courage to speak up, especially if the avenue for such communication is not explicitly provided. Train your team for threat identification – employees and others in the workplace should be trained to easily recognize threats of workplace violence and report same without fear or inhibition. Deploy weapon detection technology – deploying weapon detection devices at company’s main access points will prevent entrance of lite weapons into the premises. With this in place, the risks of lethal attacks will be very low. Workplace violence can originate from five main sources. However, it preventable through application of some security measures outline above. ALSO READ 10 Ways To Prevent Workplace Violence

Your Email Security Best Practices

by
Your email security best practices

Email has become a significant part of modern-day digital relationships. You can hardly have online presence without a functional email address. Most digital interactions in one way or the other would require sign-in, sign-up, or both using email address. For instance, handheld mobile device like iPhone or android cannot function without optimizing it through email sign-in. What this means is that if you do not have working email address, you cannot fully access and activate the capabilities of these mobile devices. Our email; whether private or professional one deserves special security attention. Hackers knew the importance of this tool as introduced above, hence it has become their main route to scout for unsuspecting or ignorant online users from whom confidential private information is generated for criminal acts. For instance; through emails these hackers deploy phishing, spoofing, whaling, and baiting as popular methods to gather private information from online users. having said this, note your email can be safely used when you are conscious of the presence of cybercriminals who are targeting victims in various ways through it. Make effort to protect your emails by following best security practices. See below list and brief description of some best practices for your email security. Use strong password: for password to be considered strong, it must have minimum of eight letters. These letter must contain alphanumeric characters like abc123&*@. Strong password is a good security practice that will keep your email protected from cybercriminals who may attempt to have unauthorized access to such it with intent to steal confidential information. Keep your password confidential: your password is part of your private information, as such it should never be disclosed to anyone. protect and keep it confidential. Review and update password periodically: to use one password too long will make your email vulnerable and expose it to avoidable security risk. Change and update your password from time to time. Active two-factor authentication: this is an electronic access authentication method whereby a user will be asked to present two or more levels of private information as proof of identity and ownership before access is granted to an application. Activating two-factor-authentication (2FA) will further protect your email from unauthorized access by criminals. Avoid opening strange links: online shared links received from unexpected and unknown sources should first be seen and treated as malware. Cyber space is full of malicious files, codes, applications and software. These malwares are oftentimes shared to unsuspecting and ignorant online users as links. To protect your email; open only links received from known and trusted source, and delete the ones from unknown sources. Avoid public wifi network: free public wifi is a potent avenue for security attack. Cyber criminals sometimes provide and use it to monitor and generate confidential information from unsuspecting and ignorant users. To play safe and protect your information requires you should avoid it. Pause and check before you click: the human error of unconscious surfing internet is what hackers take advantage of to share malwares.  It is a good security practice not to haste to click on anything, e.g., pop-ups, links, download, etc. Always stop, check, and verify what it is before you decide. Avoid download from strange source: it is a good security practice to avoid random online downloads. Files shared from unexpected and strange sources should be seen and treated as malware. Download files from trusted source. Avoid strange sign-in or sign-up: most online transactions would require you to sign in or sign up. In either case, use of email is a precondition. When this request come from unexpected and strange source, it should be avoided. Update system software periodically: to keep a system (computer or mobile device) safe, its software and applications need to be updated from time to time. Such updates can enhance its security capability to protect against malwares and other security threats. Review and update security and privacy setting: your email contains privacy and security setting where it is required that updates should be carried out periodically. It is a good security practice to routinely check it and activate necessary updates. Email has become a very important part of our digital lives. It has also become prime target for cyber criminals. To use it safely requires conscious security practices. ALSO READ: Cybersecurity Threat Of Social Engineering

Domains Of Security And How They Impact Lives

by

Security appears to be synonymously connected to almost every aspect of human existence. Sociologically; society, in all ages has been functioning through contribution of interdependent human interactive silos. Every arears of human interactions although has exclusive social identity, is however, inherently designed to be mutually inclusive of others. To maintain effective functionality, such endeavor must not be threatened by any variable. Whenever any aspect of human interaction is faced with existential threat, it becomes a security concern to the society. Today’s world is increasingly becoming insecure; filled with threats from many fronts. Failed state and political instability, protracted crises and violent conflicts, persistent poverty, natural disasters, epidemics and pandemics, economic meltdown, etc. have imposed hardships on people and decrease chances for peace and stability. The above scenario is challenging to contemporary society; and it posses multiple forms of threats that overlap to create a complex domain of safety concern. Security in the context of this piece refers to a state of freedom from all threats. The concept of threat points to any person, group of persons; and any activity carried out by human, or act any of nature, etc. that has potential to disrupt or terminate the functionality of a subsystem. This “freedom from threats” is expected to translate to efficiency, peace, harmony, growth, development, increase/abundance, progress, advancement, fulfillment, happiness, joy, etc. See below, areas of human endeavor where perception of threat is oftentimes a significant source of concern to society. Human security: this aspect is concern with overall safety and security of people. United Nations refers to it as freedom from want, fear and to live a life of dignity. Anything that threatens dignity of a people is principally robbing such a group their safety. Any society deprived of human security will stagnate and be very far from peace and stability. Job security: this area deals with one’s source of livelihood and the chances that it will remain gainfully active for a reasonably long period without threat. Where this longevity is perceived to be uncertain, fear of insecurity would become the order. Food security: this aspect refers to when all people, at all times have unhindered access to sufficiently safe and nutritious foods that meet their daily needs. Any situation that disrupts food value chain is serious threats to life. Cultural security: this aspect deals with respect and regard for traditions and cultural values, and norms that are unique to a given people in a society. Health security: refers to control measures and activities required to be in place in a society to keep public health system functioning well to guarantee a healthy people. Where there is loss of confidence in public health; such a place is under threat of failed health system. Wealth security: this exists when the treasured possessions of a people are free from threats. Such possession may include technologies, buildings, money, innovations, and other assets. Financial security: this areas refers to freedom from monetary worries and debts, ability to comfortably meet all financial obligations, and availability of enough money for safekeeping. That is a condition of having stable income especially from two or more legitimate sources. Economic security: this domain points to when a society has stable, interrupted and trusted mode of wealth creation and distribution. In order words; it means a system that promotes well-regulated and unhindered flow of value creations, commercial transactions, productions, positive market forces and exchange of values. Information security: in this information age; this aspect focuses on activities centered on keeping information technology and other related infrastructure free from threats. Environmental security: refers to healthy practices of a community that assist to keep the environment free from man-made hazards, and generally promotes sustainable development. These domains highlighted above, and others not mentioned are significant to continue survival of contemporary society. Whenever they are threatened by either activity of human or by natural forces, the impacts can affect society in negative ways. ALSO READ: Determined Attacker – The Secret Destroyer