12 Guides on How to Conduct a Tabletop Physical Security Exercise

12 Guides on How to Conduct a Tabletop Physical Security Exercise

A tabletop security exercise is a discussion based interactive session where stakeholders meet in either formal or informal setting (meeting or conference room) to discuss roles and expected responses in the event of a particular security breach. Other types of security simulation include drills, penetration test, seminar, or conference. A security practitioner grounded in operational risk management should leverage tabletop exercise as a vital tool for emergency preparedness and management. This should be a budget-based project; knowing that security team’s resilience and agility would depend on it. A security team who are conversant with exercises will outperform its peers who adopt nominal approach. To create and execute real-time issue-based tabletop exercise, first you should understand your organization inside out. The business’ critical assets, the threats landscape and the adversaries must be identified. The vulnerabilities which have potential to be exploited by threat actors should also be known. In the business world that is faced with increasing and complex threats; the question is no longer whether bad things would happen. They will surely happen, what is key how did the security team respond to them both during and after such incident? Typically, a facilitator would guide participants through the exercise. Taking them through a particular security incident narrative and raise question about what steps should be taken to response. It is usually better to syndicate participants for diverse perspectives and insights. Potential scenarios for tabletop exercises should include, although not limited to those threats which the organization has higher exposure to base on risk ranking. These threats will share similarity but may differ depending on the business, the industry, location, operating environment, and complexity. What should be the purpose of tabletop security exercise? The purpose of a tabletop security exercise should include to evaluate security team’s capabilities. The organization’s level of preparedness for security incidents and to educate participants of their roles during and after security breaches. Some benefits of tabletop security exercise Prepares security team for different case scenarios – that is good case, bad case and worst-case scenario. It builds team’s response skillset. Optimizes resource allocation especially during emergency. It sets up security team against adversaries and prevent them been caught unprepared. It serves as training tool – can be used to check out training requirement. It is cost effective, when compared to other types of simulation. How to conduct a tabletop physical security exercise Set objectives for the project: this will answer the question of what you want to achieve and provide clear insight to it. Reference the organization’s security plan: the organization’s security plan should be consulted to further guide on specific security incidents it has prepared for, otherwise general standard practices can suffice. Benchmark exercise on recent risk assessment: exercise should be preceded by recent security risk assessment which must have identified and prioritized the business’ security risk threshold. Consult team (downline and upline): getting input from internal stakeholders (within and outside security) as well as external stakeholders (industry practitioners) is highly recommended. Establish who is participating: identify persons or group who should play roles for the success of the exercise. Develop scenarios: create sequential narratives of security breach incident to be discussed. This should be done with open mind and a sort of intellectual humility. Run it on periodic schedule: security exercises should never be a one-off project, rather it should be scheduled to hold from time to time, e.g. monthly, quarterly, or annually. Set ground rules: rules must be set during the session to guide facilitation and moderation. For example, everyone must contribute to discussions, subject of discussion must not exceed allotted time, mobile phones to be on airplane mode, etc. Do hot wash: use hot wash to generate recommendations, insights and take-aways. This should be the crux of the tabletop exercise project. Document recommendations: for reference and archive, documentation of the entire exercise especially the hot wash is key. File project report: ensure formal communication is sent to appropriate authority. Create implementation plan: learnings from exercise will lose value if they were not practiced. An action plan to drive implementation of key learning is highly recommended. Threat actors are becoming more sophisticated in each passing day. They dedicate significant resources (funds and time) to plan and execute security breach. It is required that security team who are the defends against threats should devote sufficient time to rehearse how to frontally confront incidents when they come calling. Drill and exercise are regulatory subject in some industry, such as aviation and maritime. ALSO READ: Powerful Morning Routine Secrets: How Top Performers Start Their Day

Physical Key Management Practices for Organizations

Physical Key Management Practices for Organizations

Physical key management is important in today’s business world, although oftentimes overlooked and approached with levity. Effective key control is key for security, managing risks, and protecting assets of your organization. Whether it’s about logging and tracking issued keys, the principle of key management will play significant role in the overall security of your organization. By practicing standardized key control businesses would prevent potential security risks associated with porous practices. Organizations must be strategic in managing their building and office keys. Being tools for security protection, any compromise has potential to put critical and confidential business assets to avoidable risks. Let’s explore, simple and easy to adapt practices to keep organization office keys protected. That is, protecting the protector. Physical Key Management Practices Have policy, standard and procedure: starting point for office key management is to have policy in place. Such will make the organization’s intent known towards this direction. Following policy should be standards and procedures that would highlight step by step method of managing these keys. Staff and stakeholders must be notified, and periodically re-iterated. Establish authorized user: office keys must not be allowed to move freely from hand to hand. There should be clarity about who is an authorized user and under what condition will such authority be exercised. For example, authorized user of a particular office should have specified days and timeframe they are authorized to access key for official purpose. Create tiered access: users must be tiered. This means that authorization to use should be relative to roles, responsibilities and function. Principle of least privilege is recommended. A user can access only the office key required to perform their duties. Automate key tracking: automation of key tracking will enable managers know exactly who has what key per time. The system should also indicate when such key is been used beyond acceptable duration relative to programming. Alternate manual key log: where automation is not applicable, manual key log should be activated as substitute. Have master or valet key: your organization should endeavor to have master or valet key in place. This will come handy in the event of misplacement or loss of primary key. Store key secured: office key should be kept securely in a fire-resistant key rack. The rack location must be visible and constantly monitor directly or remotely. That is, protecting the protector. Code keys: office key should be coded with associated manifest, not labelled. Coding will conceal identity of users and prevent target unauthorized access. Simplify issuance and tracking: efforts must be made to simplify request, authorization, issue and tracking of this asset. This would eliminate drudging frustration usually associated with this exercise. Do periodic audit: ensure periodic audit is carried out. This is necessary for check and balance and accountability. Establish protocol for lost key: a lost key is a compromised key; as such protocol for lost key will ensure timely reporting, investigation and possible recovery or overhaul replacement. Building and office keys hold access to locations where vital business assets are kept. To protect these assets well; the protector must be protected. This can be achieved through simple procedures encoded into practices driven by organization’s policy. ALSO READ: Embracing Diversity and Inclusion: The Key to a Prospering Workplace Culture  

Social Engineering Attack – What Your Organization Should Know

Social Engineering Attack What Your Organization Should Know

Social engineering is a human threat vector from cybersecurity point. It simply means the criminal action of exploiting human nature rather than technical path to gain unauthorized access to people’s minds, digital systems, data and other assets. We cannot talk about this threat enough; it is oftentimes the most relegated and the most exploited of all paths. This very brief article will cover the following sub-headings; meaning of social engineering facts about it human cognition often exploited by it broad types of social engineering common tools of it anatomy of social engineering countermeasures against it Facts about social engineering It is built on manipulation, regardless of the type. It is considered the path of least resistance to cyberattacks. A high number of successful security attacks have started with or involved a social engineering method. People should be critical part of firewall – human firewall, if you don’t mind.  awareness of it must be prioritized. Human cognition oftentimes exploited In the context of this piece, human cognition involves the mental process of understanding and reacting to unfolding events.  Average criminals, have always believed that these human traits would increase chances for success, as such they can’t do without them. See the highlight below. Authority – people most of the time respect and obey authority. Trust – it is natural for most people to trust, especially someone with authority. Responsiveness – a responsible person would want to be responsive to events. Fear – people fear not to get into trouble or found wanting of anything. Urgency – urgent reaction is natural, especially under duress. Threat – people want to avoid threatening event that steal their peace. Reward – it is often enticing and enriching to be rewarded. Curiosity – the inquisitiveness and excitement to face and close out challenge. Ignorance – is a liability to the holder, and an opportunity to the exploiter. Priority – people choose what to prioritize per time. Types of social engineering  Phishing: this is email based social engineering. It can be Spear phishing – targeting certain category of persons. Whaling – targeting rich and public personalities. Smishing: this type uses sms text to attack. Vishing: this one is voice/audio based. Watering hole: uses website or social media avenue to attack. Physical types of it Shoulder surfing: unauthorized covert observation. Piggy backing or tailgating: concert entry or exit to circumvent protocol. Dumpster diving: searching dump sites or bins for confidential data. Baiting: uses infested USB or other similar gifting to entice and attack. Other types known as synthetic content Synthetic content types of social engineering include; Disinformation: intentional spread of false and misleading information. Shallow fake: refers to alteration of original media content to misrepresent fact. Deep fake: uses artificial intelligence to generate and spread deceptive content. Common tools of social engineering Website Social profile Spoofing toolkits Clothing and apparel Appeal/charisma Phishing toolkits Audio recorder Infested USB Spy cameras Romance Anatomy of social engineering attack Establish objective – from outset social engineering attackers set out what they want to achieve. Determine target – they would establish who should be targeted, oftentimes perceived success rate is used to make this choice. Do reconnaissance – background investigation would be carried out to have better insight to routine behaviors of targets. Develop tools – necessary toolkits will be developed. Mobilize resources – other resources needed to accomplish the attack will be mobilized. Launch attack – at this stage, attack would be launched, sometimes in small scale. Evaluate success rate – the rate of success would be gauged. Revise/modify – if necessary, some modification would be applied to increase success rate. Relaunch attack and keep modifying as needed. Reap results – this maybe positive or negative. Countermeasures against social engineering Technical: policy, firewalls, authentication, and alert. Non-technical: training, awareness, and simulations. Social engineering is one of the most dreadful cyber threats of modern time. It can be a stand-alone; or a path to many other cybersecurity incidents. What is more? Cyber criminals find it very handy, reliable, and result-orient. They take advantage of human nature to deploy social engineering. Awareness and knowledge are key to avoid falling victim and compromising your personal identifiable data or that of your organization. ALSO READ: 4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

Emerging Trends in Physical Security

Emerging Trends in Physical Security

Contemporary physical security is concerned with traditional security roles, assets protection, and loss prevention. All services are offered concurrent such that it cannot be cleared understood by a lay person. Emerging trends have kept the industry evolving rapidly. Traditional security refers to routine tasks that involve control of access to premises through checks, credentials authentication and authorization. Asset protection means that it has responsibility to ensure that organization’s physical assets (on-premise or on-transit) are not stolen, tampered with or damaged. Finally, loss prevention function of security demands that whatever should constitute risk with potential for loss must be prevented by security. Overtime physical security has been influenced by modern factors and realities of new world. Since 9/11/2001 terror attack on US, the perception and appreciation of security in general has been experiencing radical change. The service side is now a necessary evil. To some others it is a cost centre, yet to the conscious organization it is seen as business enabler that must be recognized and supported. This article highlights the developing and emerging trends that have kept security services on its toes. To remain relevant and command budget allocation, security must go with the tide of modernity. Below are the emerging trends in physical security. Sophisticated threat landscape: risk, threat and vulnerability are key components that is driving security service delivery. The goals are to ensure risks are strategically managed by proactive identification of threats and prompt resolutions for vulnerabilities. The threat model is increasingly evolving, threat actors have become sophisticated in knowledge, tools and collaboration. Automated Access Control System: many organizations are abandoning traditional manual access control for digitalized and automated type. This approach may adopt fingerprint, facial recognition, biometric, voice command, etc. Security Operations Centre: most businesses are currently either transforming their traditional CCTV control room to Security Operations Centre (SOC) or building new infrastructure. The centre serves as central hub for security operations. The core focus of SOC oftentimes includes Visual Surveillance System (VSS), Access Control System (ACS), and Intrusion Detection System (IDS). Security Operations Centre optimizes security service delivery for efficiency and agility where prompt response by a support Quick Response Force – QRF is the rule of thumb. Automation Of Operations: with dominance of artificial intelligence, some routine functions of security are being replaced with automated process. Such automation may include Visitor Management System (VMS), Electronic Patrol Management System (EPMS), Incident Management System (IMS), etc. This automation enables standardization, consistency and efficiency. Security Convergence: the gap between physical and cyber security is increasingly getting blurred. This novel approach enabled many organizations to integrate information technology solutions into physical security operations. For example, a facility may have physical deployment of guards at gate posts for physical security screening and digital boom barriers to compliment, at same time have a biometric access control at various access point in the buildings and restricted areas. All operations would be monitored real-time from a security operations centre. Data Analytics: physical security is traditionally not a data-driven filed however, current trend is favoring practitioners and service takers who are able to generate data that provide insights for informed decisions. Hybrid workforce: combining outsourced and proprietary security personnel to form a team with different background have become the norm in the industry. Hybrid work schedule: some middle level and executive security personnel have adopted a flexible work pattern of having some days at work and some days at home within the week. CPE & certifications: continuing professional education and certifications have become pillars of relevance and career growth for most security practitioners who are strategic about career success. Regulations and compliance: new regulations have been established to control and coordinate practices and actions in security industry. To avoid business disruptions and possible severe sanctions, organizations are duty bound to adhere and comply. Networking and collaboration: security practitioners, entrepreneurs, developers/technologists, etc. are appreciating the need to come together for mutual assistance and industry advancement. Networking and collaboration have form significant reference for stakeholders. Further to this, several organizations, institutes and interest groups have provided platforms for wiling players. In conclusion, physical security industry has established its value as a go-to business enabler. Several factors as highlighted above are playing key roles to keep it thriving in line with demands of modern business world. ALSO READ: 16 Trending Physical Security Threats Every Corporate Organization should Prepare to Deal with

Security Implications of Dark Web – Copy

Security Implications of Dark Web

Dark web is one of the three layers of web on the world wide web; other are surface web and deep web. This article highlights some of the activities on dark web and their overall security implications. Surface web: also known as clean or visible web is a part of the web for public use. This is where most people routinely use every day for their online needs through search engines like google, Bing, yahoo, LinkedIn, YouTube, Facebook, and company websites. One of the unique features of surface web is that its web resources are indexed by search engine, thereby making them searchable and accessible. It is a powerful but fraction part of the web which is said to constitute about ten percent of web resources. No login credential is required to access most websites on surface web. Deep web: this is the web beyond surface web. The web resources on deep web are not searchable by search engines; and they require authentication (that is, login credentials) for access. Deep web play host to reserved and protected data which is not for public consumption. Such reserved data may include but not limited to government record, medical record, financial record, classified military records, online library resources, organization websites for internal use and other related data. Deep web is reported to playing host to about ninety percent of entire web resources. Dark web: also known as darknet is a subset of deep web. The striking features of this layer of web is that it is the deepest part of the web and it is only accessible through a special web browser known as TOR (The Onion Router); and overlay networks such as I2P. The strongest attraction of dark web is its anonymity (secrecy) For instance, TOR resources loudly guaranteed users of protection against tracking, surveillance and censorship. Dark web is also reported to constitute about five percent of deep web. Dark web, generally known as underground web market for criminals and other merchants of illegality is also used by genuine and law-abiding people for purpose of information gathering and sharing while remaining anonymous. See below, some type of information mostly traded on dark web and their security implications: Stolen information: confidential and personal information such as login credentials, passwords, codes, pin, social security number, payment card details, etc. are exchanged on dark web for facilitation of cybercrimes. Breached data: stolen information like classified government records, account details, company trade secrets, customer details, payrolls, medical records, intellectual properties, company financial records, etc. are traded on dark platform and used to commit various crimes against the owners and sometimes the public. Fraud guide: various cyber criminal forums use dark web to recruit and train cyber fraudsters through sharing fraud guide resources. These guides further drive s and promotes multiplication of criminals. Hack guide: cyber criminals use dark web as hands-on academy to train hackers. This in turn drives and promotes multiplication of cyber criminals who prowl the internet to carry out crimes against individuals and organizations. Malwares: different types of malicious wares such Ransomware, DDoS, Trojan horses, infested USB and other plug-n-play devices are sold on dark web. These malwares are then used to lunch attacks against the public. Drug peddling: drug cartels across the globe use dark web as a market place for sourcing, distribution and retail of control substances. The substances then spread with wide implications for both users and non-users, Gun running: illegal trade of guns and ammunitions amongst criminal merchants have identified as one of the notable trades on dark web platform. Illegal use of guns inevitably drives violent crimes and leads to destructions of lives and properties. Human trafficking: criminal merchants also carry out trade of humans for purpose of forced labor and sexual exploitation through dark web. This inhuman criminality is a huge assault on humanity and a drain on human resources. In conclusion, dark web is a special kind of web, used by special kind of people and for special kind of purpose. While its original intent for creation was genuine however; like other resources, its been overtaken by criminals who hide under its anonymity to engage in trades that holds so much risks to individuals and corporate organizations. ALSO READ: Entrepreneur: 7 Reasons Why You Need A Website

Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response – [Cloned #85737]

Five Sources of Workplace Violence and How To Prepare For It

Workplace violence is an inevitable security risk which your organization should get ready to deal with. Having emergency preparedness plan in place will provide formidable leverage for your business risk and resilience team. Workplace violence is any act of verbal, physical or emotional assault and harassment carried out against a victim within the confines of a workplace. It may include abuse and shout, hitting, beating, or attack, bullying and intimidation, and sexual harassment. Here are five key questions to get your team started for this security threat. Does your organization believe workplace violence poses a security risk to be taken seriously? Does your organization have response plan in place for workplace violence? How confident is your organization in dealing with workplace violence? What kind of workplace violence have been identified to be common to your industry? What kind of workplace violence has your organization experienced in the past five years? Providing answers to above questions should not be done loosely. It requires thoughtful insight which must consider size, assets, industry, complexity, experience, capabilities and resilience of the organization. Note also, factors that could possibly motivate persons to lunch acts of violence in workplace vary; however, it may include frustration, revenge, crime, rejection, and mental instability. Here is highlight and description of five sources of workplace violence to prepare for: Criminal intent: violence of this nature oftentimes originates from an external criminal who aims to obtain by force from a target inside the workplace. This may result to injury or fatality, and damage to assets. Customer based: is when a customer aggressively acts or reacts to a situation connected to the business transaction in the workplace. Such aggression may target a worker, a fellow customer or others. For instance, when a customer assaults an employee because their expectations are not met. Worker based: violence occurs when employee attacks, assault or harasses a customer, a fellow employee, the employer or others in the workplace. For example, a worker punches a fellow worker who has offended him/her beyond breaking point or attacks a superior who has refused to recommend a promotion or pay rise. Domestic based: occurs when a relative of a worker, employer, customer or others traces them to a workplace and carries attack. For instance, a jilted or rejected lover who visits and attacks a partner in the workplace.   Ideological based: violence is a situation where an adherent of a particular belief or faith lunches attack in workplace perceived to provide or promote a service that offends such faith. For instance, a religious fanatic who carries out assault on workers or customers in a brothel and disrupt its business activities. How to prepare for inevitable workplace violence: Prepare with PPT – activate emergency response plan through people, process and technology. This requires having in place a capable security team who can follow a process backed by technology to deter, detect and promptly respond to acts of violence in the organization. Build strong security culture – strong security culture demands strong tone from the top. When an organization does not tolerate permissive behavior, it will send message that support strong security culture. In such organization, policies and standards are enforced regardless of whether an act is considered a serious one or not. Enforce background check – background check gives insight to past behaviors and profile of a candidate. It also, provides a red flag of what such person can do if granted access to join organization. For instance, someone who has history of rape in the pass will likely attempt sexual harassment in a workplace. Provide workplace violence awareness – training employees to recognize signs and safety risks associated with workplace violence and encourage them to speak up against it is a good prevention method. For example, Human Resources unit should have a dedicated channel for people to freely and fearlessly report acts of violence. Have onsite security visibility – having security personnel physically seen in a business premises promotes sense of safety, deters some would-be attackers from attempting to attack and generally promotes peace and security. Promote data driven security operation – when a security team is being guided by a verifiable data; trends and patterns can be used for planning, execution and insightful delivery.  Data driven security operation can show connection between violence and a particular season e.g. weekend, evening, end of month, festive period, etc. Integrate CCTV surveillance to security visibility – CCTV camera have strong deterrent effect on occupants of its space. The system serves to caution people to be law abiding or make attempt and get caught. Encourage open communication – “see something, say something” is a safety and security slogan that must be encouraged amongst workforce. Sometimes a victim of covert workplace violence may not have the courage to speak up, especially if the avenue for such communication is not explicitly provided. Train your team for threat identification – employees and others in the workplace should be trained to easily recognize threats of workplace violence and report same without fear or inhibition. Deploy weapon detection technology – deploying weapon detection devices at company’s main access points will prevent entrance of lite weapons into the premises. With this in place, the risks of lethal attacks will be very low. Workplace violence can originate from five main sources. However, it preventable through application of some security measures outline above. ALSO READ 10 Ways To Prevent Workplace Violence

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

Phishing is a type of social engineering attack built on manipulating and deceiving people to reveal confidential and private information which is then used to carry out further crime against them.  This attack takes advantage of gullibility and vulnerability of human emotion to steal from people. Phishing attacks have become a popular, easy to use and very dependable tool for cyber criminals. When in operation; criminals would reach out to users through any communication channel, pretend to represent a legitimate authority; maybe a financial service provider, health insurance provider, a family member or trusted friend, proffer assistance, then request for inimical action from the user. Actions that maybe required from users during phishing attacks include but not limited to; Reveal private and confidential information, e.g. password, date of birth, social security number, BVN, code, etc. Click a link that will further direct users to secondary resource where confidential information will be stolen. Open attachment which in most case will contain malwares that will launch further attack on the device and network. Request for cash to enable a staged problem to be solved. Reveal a sent code to enable completion of a proposed solution. With automation and Artificial Intelligence dominating and directing modern interactions and commerce, people shall depend more on digital channels of communication. Available facts have proven that oftentimes, phishing attacks regardless of its type have more success rate than failure. This means more people are falling victim to these exploits. Hence, the benefits of deepening your understanding about them. Let’s dive into four common types of phishing attack. And how to identify email based phishing attack. Four types of phishing attacks. Spear phishing – this type targets specific category of persons, e.g. insurance or bank customers, students, male mine workers, etc. Whaling attack: is a sub-spear type of attack that targets high net worth and high-profile individuals like company executives, politicians, celebrities, etc. Just like implication of the name “Whale” biggest fish – this attack targets only “big fish”. That is, wealthy people. Smishing attack: this is an SMS based phishing where short message service is used to deceive a receiver into providing private and confidential information or taking other action. This is catchy because, it does not require internet connectivity to hit its intended targets. Vishing attack: this type is a direct opposite of smishing. It uses voice call to reach out and deceptively request for confidential and private information from receiver. In the same vein, internet connectivity is not required to execute this attack. Ten Signs to know a phishing email It will come from a stranger: oftentimes phishing emails come from unknown person or agent. It will come from a public email domain: examples of public email domains are yahoo.com, gmail.com, hotmail.com. Domain name will either be misspelt or corrupted: when it pretends to come from private domain, such domain will never spell correctly as the genuine one. There will be a form of misspelling or corruption of it. It will disguise as proffering assistance: merchants of phishing attacks always pretend to offer one form of assistance or the other. Shylock assistance you may call it. The mail content will be poorly written: content of mail will likely lack expected quality of a business communication. Mail will include suspicious attachment or link: this would require further actions like follow or open. It calls for urgent action: whatever is the call for action from phishing attack always comes with “urgency”. It will request user to provide personal information to enable closure of an event. It may request user to send cash to enable a staged problem to be solved. It will appeal to a defined sentiment. Phishing is a low end and cost-effective tool for cybercrime. It is a social engineering attack that exploits inherent weakness in people to get through and steal from them or carry out other crimes against targets. Getting basic knowledge about method of attacks and the techniques to identify them is a better way to go to prevent being a victim. ALSO READ: Cybersecurity Threat Of Social Engineering

Travel Security Understanding TSA Approved Locks

Travel Security Understanding TSA Approved Locks

Travel security refers to measures taken by an intending traveler to ensure protection for self and luggage. In an increasing global village, travelling both local and overseas has become a routine part of most corporate duties especially for executive personnel and others based on personal demands. Travel security speaks to millions of people who throttle around the globe periodically for one purpose or the other. For each trip security and safety should be of significant concern and must be synonymous with such trip. TSA means Travel Security Administration. TSA is an agency of US Department of Homeland Security. It has authority over the security of transportation systems within the United States. This agency was created as part of response to September 11, 2001 attacks on US to improve airport security protocols in harmony with other federal law enforcement agencies. One of the key recommendations of Travel Security Administration is a specified luggage lock known as TSA lock. A TSA-approved lock is any lock that has approval of TSA and authorized to emplaced Travel Sentry logo – the red diamond. When it comes to securing your travel luggage, using a TSA-approved lock is important for hassle-free trip. These locks feature a universal master key that may allow TSA agents to open and relock a luggage without having to cut or destroy such luggage lock. TSA-approved locks are gaining traction within global air transportation system. Although, each state has their individual air travel security regulations and practices, however most of them are adapted to TSA approved type when it comes to luggage lock. It is however, recommended for intending travelers to check the country’s specific luggage lock standard in advance of any trip. See the benefits of using TSA-approved lock on your luggage when travelling. • It will give you peace of mind. • It shows your knowledge of travel security. • It will ensure security of your personal effects. • It will align you to international travel requirement • It saves you the embarrassment of having your luggage lock cut or destroyed during routine airport security checks. Types of TSA-approved luggage locks There are specific types of these locks currently in open market. One striking feature to look out for as symbol of TSA approval is the “red diamond” logo. • Combination lock: this requires a specific combination of digits to lock and unlock. • Key lock: requires insertion of key and twist of tumbler to unlock. • Cable lock: allows for a sort of chain lock of multiple luggage together. Where to buy TSA Locks Local Stores: the keys can be found in most local travel stores or malls in the airport or within the community. Online Stores: notable online stores like Amazon, and Alibaba also sell TSA locks. In conclusion, travel must be synonymous with safety and security. While thinking safety first is crucial during any trip, the security of personal belongings oftentimes packed in luggage during such travel should also receive baseline attention. By understanding what a TSA lock is and its purpose, you should align your travel security to this regulatory requirement, at same time secure your luggage within acceptable standard. ALSO READ: Solo Travels

13 Benefits Of CCTV To Your Organization

13 Benefits Of CCTV To Your Organization

CCTV surveillance system has proven to be a high value tool for safety and security as well as productivity; whether it is deployed to personal, public or industrial settings. Twenty-first century security and safety has come to depend strongly on this technology as a reliable complement to other resources. The acronym CCTV, means Closed-Circuit Television. Its origin dates back to early 1940s when it was used to observe the launch of V-2 rockets (aggregate 4) at Peenemunde Army Research Centre in a suburb of Germany by a notable German engineer Walter Bruch who was credited as the inventor. It is an integrated system that uses Network Video Recorder or Digital Video Recorder, cameras, desktop computers, monitors/video walls, joy stick, mouse and other devices to capture, record/store and broadcast live footage of activities within its coverage. Today, there are about one billion installed CCTV system all over the world. China 200 million, US 59 million, German 52 million, UK and Japan with 5 million each are the top five countries with highest number of deployments.  And the list is growing and evolving. The system has many domestic and industrial uses; its importance and acceptance are growing so fast by the day. On the field operation, the system is used to watch and monitor activities of all persons working within a facility. It is highly essential for deterrence and detection of crime as well as compliance to regulatory requirement amongst others. For your organization to reap full benefits of this surveillance system it is recommended that it must be fully optimized and functional, it should be operated and managed by competent personnel, and it must comply to privacy laws of the country of its operation. One significant subject of regulatory compliance to deployment of CCTV is “public warning”. This is a deliberate attempt to inform the public that CCTV is in operation 24/7 at the location; and that it is been used strictly for purpose of safety and security. If your organization is still asking what it stand to gain from deploying CCTV, or yet to specifically identify and place metrics and key performance indicators on its CCTV resources see below highlights of return on investment from this tool. 13 benefits of CCTV surveillance system to your organization: Enhance general perception of safety and security: the presence of CCTV surveillance in a location would generally enhance public view of safety and security in such area. Magically though; even when these resources are not fully optimized and utilized, this perception will hold water until proven otherwise by incidents related safety and security. Prevent crime: light-hearted or impulse criminals would think twice about committing any sort of crime in the presence of a visible CCTV camera.  It is only a determined attacker who can dare this surveillance to carry out criminal act regardless. Detect criminal: when a crime is committed in the presence of optimized and functional CCTV camera whether visible or hidden; the actor and the act will be captured, recorded and stored by the system. Gather evidence: when a crime is committed in the presence of optimized and functional camera the actor and the act will be captured, recorded and stored by CCTV and the footage will be presented as evidence of such crime during post incident investigation. This will enable Management to take informed decision in line with its policy and standard. Minimize security and safety incident: with presence of fully optimized CCTV surveillance system in a location, the occurrence of security and safety breach will decrease significantly. Minimize cost of security: deployment of CCTV surveillance will save your organization huge fortune comparatively to deploying physical man-guard. 24/7 coverage of locations, capability and reliability can always beat human who would be vulnerable to visibility limitation, exhaustion, fatigue and other factors. Reduce insurance premium: deploying CCTV surveillance in your facility will help lower insurance premiums by reducing the risk of theft, fire, workplace violence, vandalism and other risks. Boost productivity: when employees and others knew they are being monitored through a surveillance or any other digital device, they would most likely mind their business to meet their target. Although, this is a side perk however; it is a function to be credited to CCTV where it applied. Compliance to regulation: some industry regulations have it as mandatory requirement to deploy CCTV surveillance to complement other security and safety resources. While some organization by default deploy this resource just to check out this requirement, others deploy them to maximize the potentials. The latter is a better option – so go for it. Monitor traffic: in a heavy traffic industrial location, CCTV can assist to monitor the flow and ensure it is complying to set standard and use same to promptly respond to incident accordingly. Monitor various retail settings: in the mall, store, warehouse, gym, hotel, restaurant, event hall, etc. CCTV camera can be used to monitor not just safety and security but other human behavior or mannerism that may serve as clue to a developing or active crime incident. With this, prompt response can be activated. Make informed decision: CCTV system analytics (especially post incident) can be used to decide which safety or security concern should be addressed in ways unique to its occurrence. The system can also provide insight to corporate operational risk and its prioritization. Provide employment: CCTV system creates employment to technologists, engineers, researchers, teachers, sales/procurement practitioners, policy makers, managers, operators and others who are important players in the system value chain. In summary, the need to create and sustain a safe and secure business community has place daunting demands on business owners and managers to ensure this obligation is met. Deployment of CCTV surveillance is one sure way to attain this. Organizations who appreciate and deploy fully optimized system shall have various benefits as highlighted above as return on investment. ALSO READ: Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

20 Safety and Security Tips For Hotel Guests

20 Safety and Security Tips For Hotel Guests

Hotel is known for leisure and pleasure. It is a place where people run to when there is need for home away from home, exciting experience, relaxation, fun, corporate meetings, conferences, seminars, etc.  Everything about it revolves around exciting and exclusive experience. The industry has been enjoying very wide patronage across globe due to increasing need for people to move around, take time out, and experience a place away from regular work or home environment; sometimes it offers a combination of business and pleasure. Hotels sell excitement and experience open to anyone who can afford it; this presents peculiar challenges to ensure safety and security of guests. Challenge of maintaining improved guests experience and ensuring adequate protection for guests and assets at same time. Operators have demand to ensure integration of safety into hotel ambience. Guests and others visit hotels with various motives. Travelers, fun seekers, business people, criminals, hawkers, barons, gangs and organized underworld groups, etc. patronize hotels for one purpose or the other. The hotel must meet their expectations, else next call may not be possible. Good hotel security system will promote the vision and the mission of the business and still guarantee less security incident. The sure way to go about this is through deterrence-oriented policy and standard rooted on robust security infrastructure, personnel training and guest awareness. This article is guest-centric. It is written for hotel guests. It places the responsibility on the guest to ensure practice of recommended tips to minimize risk of safety and security incident while lodging. As a security or safety manager who has responsibility to proffer risk advisory to employees that seek accommodation in hotel this piece is a ready assistance. Every hotel guest should see themselves as personal chief security officer to self. Reason for this; in some part of the world some people operate a death row under the guise of hotel. As such, instead of selling leisure and experience, they sell pain and calamity to innocent visitors who would never think that such lodge is license to death. Some types of safety and security threats guests may be exposed to in hotel include: Food & drink poisoning Drug & substance abuse Property damage Property theft Pilfering Ritual killing Kidnapping Fire or arson Cyber attack Sexual assault Assassination Pool drowning Armed robbery Physical Assault Excessive indulgence See below 20 Safety and Security Tips To Practice When Lodging in Hotel Research the hotel ahead scheduled lodge, and check online reviews. Do quick mental assessment of the premise and the Front Office Look out for outdoor and indoor CCTV cameras. Ensure the name in public view is the same with name on receipt or transactional document. Nameless hotel has higher risk, variation in name is a clue to safety risk. Share hotel name and location with a trusted person. Note, google map or other digital tool can be used to gather this information. Check strength of the door and the lock. Check door peephole and have it covered from inside. Check all covered or hidden areas in the room; such as under bed, behind curtain, covered roof or floor, bathroom, closet, mini bar, locker/save, adjacent door (if any) etc. Locate nearest emergency exit and check to be sure it is functional. Put off all lights in the room, use your phone camera to scan for hidden cameras (note, this does not work in all phones). Ensure panic alarm device is provided in the room. Ensure Front Office and Security intercom contacts are provided. – if possible, get contact of nearby local Police. Know your room number. Never open door to strange or unexpected knocks. Keep room door partially opened during scheduled or emergency housekeeping. Avoid room on clumsy floor or area. Secure your valuables in locked pack e.g., room locker, your luggage, etc. Do not always trust free public network. Avoid sharing confidential information when using it. Maintain situational awareness at all times. Contact external source for assistance when unfolding incident seems out of hand. Hotels promise experience in form of leisure, glamor, excitement and taste. However; lurking within this cosmetics may be security threats lethal enough to cost life. Always exercise some self-help practices some of which have been highlighted on this piece. Wishing you safe and exciting experience in advance of any hotel lodge. ALSO READ: Traveling with kids: Family Travel Tips for Parents