Physical Key Management Practices for Organizations

Physical Key Management Practices for Organizations

Physical key management is important in today’s business world, although oftentimes overlooked and approached with levity. Effective key control is key for security, managing risks, and protecting assets of your organization. Whether it’s about logging and tracking issued keys, the principle of key management will play significant role in the overall security of your organization. By practicing standardized key control businesses would prevent potential security risks associated with porous practices. Organizations must be strategic in managing their building and office keys. Being tools for security protection, any compromise has potential to put critical and confidential business assets to avoidable risks. Let’s explore, simple and easy to adapt practices to keep organization office keys protected. That is, protecting the protector. Physical Key Management Practices Have policy, standard and procedure: starting point for office key management is to have policy in place. Such will make the organization’s intent known towards this direction. Following policy should be standards and procedures that would highlight step by step method of managing these keys. Staff and stakeholders must be notified, and periodically re-iterated. Establish authorized user: office keys must not be allowed to move freely from hand to hand. There should be clarity about who is an authorized user and under what condition will such authority be exercised. For example, authorized user of a particular office should have specified days and timeframe they are authorized to access key for official purpose. Create tiered access: users must be tiered. This means that authorization to use should be relative to roles, responsibilities and function. Principle of least privilege is recommended. A user can access only the office key required to perform their duties. Automate key tracking: automation of key tracking will enable managers know exactly who has what key per time. The system should also indicate when such key is been used beyond acceptable duration relative to programming. Alternate manual key log: where automation is not applicable, manual key log should be activated as substitute. Have master or valet key: your organization should endeavor to have master or valet key in place. This will come handy in the event of misplacement or loss of primary key. Store key secured: office key should be kept securely in a fire-resistant key rack. The rack location must be visible and constantly monitor directly or remotely. That is, protecting the protector. Code keys: office key should be coded with associated manifest, not labelled. Coding will conceal identity of users and prevent target unauthorized access. Simplify issuance and tracking: efforts must be made to simplify request, authorization, issue and tracking of this asset. This would eliminate drudging frustration usually associated with this exercise. Do periodic audit: ensure periodic audit is carried out. This is necessary for check and balance and accountability. Establish protocol for lost key: a lost key is a compromised key; as such protocol for lost key will ensure timely reporting, investigation and possible recovery or overhaul replacement. Building and office keys hold access to locations where vital business assets are kept. To protect these assets well; the protector must be protected. This can be achieved through simple procedures encoded into practices driven by organization’s policy. ALSO READ: Embracing Diversity and Inclusion: The Key to a Prospering Workplace Culture  

Emerging Trends in Physical Security

Emerging Trends in Physical Security

Contemporary physical security is concerned with traditional security roles, assets protection, and loss prevention. All services are offered concurrent such that it cannot be cleared understood by a lay person. Emerging trends have kept the industry evolving rapidly. Traditional security refers to routine tasks that involve control of access to premises through checks, credentials authentication and authorization. Asset protection means that it has responsibility to ensure that organization’s physical assets (on-premise or on-transit) are not stolen, tampered with or damaged. Finally, loss prevention function of security demands that whatever should constitute risk with potential for loss must be prevented by security. Overtime physical security has been influenced by modern factors and realities of new world. Since 9/11/2001 terror attack on US, the perception and appreciation of security in general has been experiencing radical change. The service side is now a necessary evil. To some others it is a cost centre, yet to the conscious organization it is seen as business enabler that must be recognized and supported. This article highlights the developing and emerging trends that have kept security services on its toes. To remain relevant and command budget allocation, security must go with the tide of modernity. Below are the emerging trends in physical security. Sophisticated threat landscape: risk, threat and vulnerability are key components that is driving security service delivery. The goals are to ensure risks are strategically managed by proactive identification of threats and prompt resolutions for vulnerabilities. The threat model is increasingly evolving, threat actors have become sophisticated in knowledge, tools and collaboration. Automated Access Control System: many organizations are abandoning traditional manual access control for digitalized and automated type. This approach may adopt fingerprint, facial recognition, biometric, voice command, etc. Security Operations Centre: most businesses are currently either transforming their traditional CCTV control room to Security Operations Centre (SOC) or building new infrastructure. The centre serves as central hub for security operations. The core focus of SOC oftentimes includes Visual Surveillance System (VSS), Access Control System (ACS), and Intrusion Detection System (IDS). Security Operations Centre optimizes security service delivery for efficiency and agility where prompt response by a support Quick Response Force – QRF is the rule of thumb. Automation Of Operations: with dominance of artificial intelligence, some routine functions of security are being replaced with automated process. Such automation may include Visitor Management System (VMS), Electronic Patrol Management System (EPMS), Incident Management System (IMS), etc. This automation enables standardization, consistency and efficiency. Security Convergence: the gap between physical and cyber security is increasingly getting blurred. This novel approach enabled many organizations to integrate information technology solutions into physical security operations. For example, a facility may have physical deployment of guards at gate posts for physical security screening and digital boom barriers to compliment, at same time have a biometric access control at various access point in the buildings and restricted areas. All operations would be monitored real-time from a security operations centre. Data Analytics: physical security is traditionally not a data-driven filed however, current trend is favoring practitioners and service takers who are able to generate data that provide insights for informed decisions. Hybrid workforce: combining outsourced and proprietary security personnel to form a team with different background have become the norm in the industry. Hybrid work schedule: some middle level and executive security personnel have adopted a flexible work pattern of having some days at work and some days at home within the week. CPE & certifications: continuing professional education and certifications have become pillars of relevance and career growth for most security practitioners who are strategic about career success. Regulations and compliance: new regulations have been established to control and coordinate practices and actions in security industry. To avoid business disruptions and possible severe sanctions, organizations are duty bound to adhere and comply. Networking and collaboration: security practitioners, entrepreneurs, developers/technologists, etc. are appreciating the need to come together for mutual assistance and industry advancement. Networking and collaboration have form significant reference for stakeholders. Further to this, several organizations, institutes and interest groups have provided platforms for wiling players. In conclusion, physical security industry has established its value as a go-to business enabler. Several factors as highlighted above are playing key roles to keep it thriving in line with demands of modern business world. ALSO READ: 16 Trending Physical Security Threats Every Corporate Organization should Prepare to Deal with

Security Implications of Dark Web – Copy

Security Implications of Dark Web

Dark web is one of the three layers of web on the world wide web; other are surface web and deep web. This article highlights some of the activities on dark web and their overall security implications. Surface web: also known as clean or visible web is a part of the web for public use. This is where most people routinely use every day for their online needs through search engines like google, Bing, yahoo, LinkedIn, YouTube, Facebook, and company websites. One of the unique features of surface web is that its web resources are indexed by search engine, thereby making them searchable and accessible. It is a powerful but fraction part of the web which is said to constitute about ten percent of web resources. No login credential is required to access most websites on surface web. Deep web: this is the web beyond surface web. The web resources on deep web are not searchable by search engines; and they require authentication (that is, login credentials) for access. Deep web play host to reserved and protected data which is not for public consumption. Such reserved data may include but not limited to government record, medical record, financial record, classified military records, online library resources, organization websites for internal use and other related data. Deep web is reported to playing host to about ninety percent of entire web resources. Dark web: also known as darknet is a subset of deep web. The striking features of this layer of web is that it is the deepest part of the web and it is only accessible through a special web browser known as TOR (The Onion Router); and overlay networks such as I2P. The strongest attraction of dark web is its anonymity (secrecy) For instance, TOR resources loudly guaranteed users of protection against tracking, surveillance and censorship. Dark web is also reported to constitute about five percent of deep web. Dark web, generally known as underground web market for criminals and other merchants of illegality is also used by genuine and law-abiding people for purpose of information gathering and sharing while remaining anonymous. See below, some type of information mostly traded on dark web and their security implications: Stolen information: confidential and personal information such as login credentials, passwords, codes, pin, social security number, payment card details, etc. are exchanged on dark web for facilitation of cybercrimes. Breached data: stolen information like classified government records, account details, company trade secrets, customer details, payrolls, medical records, intellectual properties, company financial records, etc. are traded on dark platform and used to commit various crimes against the owners and sometimes the public. Fraud guide: various cyber criminal forums use dark web to recruit and train cyber fraudsters through sharing fraud guide resources. These guides further drive s and promotes multiplication of criminals. Hack guide: cyber criminals use dark web as hands-on academy to train hackers. This in turn drives and promotes multiplication of cyber criminals who prowl the internet to carry out crimes against individuals and organizations. Malwares: different types of malicious wares such Ransomware, DDoS, Trojan horses, infested USB and other plug-n-play devices are sold on dark web. These malwares are then used to lunch attacks against the public. Drug peddling: drug cartels across the globe use dark web as a market place for sourcing, distribution and retail of control substances. The substances then spread with wide implications for both users and non-users, Gun running: illegal trade of guns and ammunitions amongst criminal merchants have identified as one of the notable trades on dark web platform. Illegal use of guns inevitably drives violent crimes and leads to destructions of lives and properties. Human trafficking: criminal merchants also carry out trade of humans for purpose of forced labor and sexual exploitation through dark web. This inhuman criminality is a huge assault on humanity and a drain on human resources. In conclusion, dark web is a special kind of web, used by special kind of people and for special kind of purpose. While its original intent for creation was genuine however; like other resources, its been overtaken by criminals who hide under its anonymity to engage in trades that holds so much risks to individuals and corporate organizations. ALSO READ: Entrepreneur: 7 Reasons Why You Need A Website

5 Food Security Measures to Ensure In Your Homes – Copy

5 Food Security Measures to Ensure In Your Homes

                                          5 Food Security Measures to Ensure In Your Homes   Food security is a critical global issue that needs to be addressed, with 1 out of 9 people suffering from hunger. Food security according to the World Health Organization (WHO), is defined as ‘when all people have physical, social, and economic access to sufficient, safe, and nutritious food that meets their dietary needs and food preferences for an active and healthy life’. We live in a time of economic instability and uncertain climate. Accessing nutritious food, is important now than ever. The foundation of food security starts at home but it is now a major challenge for households worldwide. Ensuring your family’s access to nutritious food is crucial for stability and sustainability. This will protect your household from food shortages and increase your resilience. This article will discuss 5 ways to can protect your home, each offering a practical guide on how to empower your household against food insecurity.   Proper Meal Planning Meal planning is a very essential tool that helps protect your home from food insecurity. It ensures food availability, reduce unnecessary food wastage and promotes healthy living. A proper guide to carry out this plan is; Assessment of each family member’s dietary needs- it is important to put this into consideration while planning. Creation of a weekly food plan- meals for an entire week should be planned Making a food item or grocery list- this itemizes everything you need for meal preparation. Shopping for food items- purchase of listed items should been done, also, remember to check the expiry date of good products you purchase if you’re going to be buying in bulk or storing for a long time.   2. Proper Food storage This is another important means to ensuring food security in your home. Food storage will help prevent spoilage and contamination of food items, prevent wastage and increase the shelf life of food. Some tips to ensure proper food storage are; Dry storage for grains- clean and air tight containers should be used to store grain products such as beans and rice to help prevent contamination and spoilage. Refrigeration of perishable products at 40°F(4°C) Proper labelling of containers or bags used for storage for proper identification. Non-perishable goods such as canned foods should be stored well too.   3. Growing your own food Cultivating your own food in your backyard or that unused land can help boost food security. It helps to increase food availability, reduce cost of external food supply, as a food source during emergencies. If you want to start cultivating your own food; Prepare an organic fertilizer rich soil Start will small crops to grow Plant the seeds, water them regularly to ensure efficient growth When it’s harvest time, harvest carefully to avoid wastage and properly store the excess product harvested.   4. Pest Control Pests are organisms that destroy plant and crops. This can cause food insecurity in a home. Effective pest control helps protect your crops or food items against damage, reduce food wastage and contamination. Reduce pest infestation by; Proper food storage Ensuring the kitchen and storage area is clean always. Use of pest repellants plants.   5. Emergency food supply During financial or economic crises, emergency food supply will protect your household against food insecurity.  Stock non-perishable food items such as canned goods in bulk. Examples of food items that should be classified as emergency food supply are canned meat, vegetables, grains, water.   In conclusion, each home has to be protected against food insecurity by all means. Therefore, proper meal planning, food storage, encouraging gardening, pest control and emergency food supply will help empower a household against food insecurity. All these should be known and implemented to promote food security in a home! Also Read : How To Promote Food Security Through Security In Nigeria

Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response – [Cloned #85737]

Five Sources of Workplace Violence and How To Prepare For It

Workplace violence is an inevitable security risk which your organization should get ready to deal with. Having emergency preparedness plan in place will provide formidable leverage for your business risk and resilience team. Workplace violence is any act of verbal, physical or emotional assault and harassment carried out against a victim within the confines of a workplace. It may include abuse and shout, hitting, beating, or attack, bullying and intimidation, and sexual harassment. Here are five key questions to get your team started for this security threat. Does your organization believe workplace violence poses a security risk to be taken seriously? Does your organization have response plan in place for workplace violence? How confident is your organization in dealing with workplace violence? What kind of workplace violence have been identified to be common to your industry? What kind of workplace violence has your organization experienced in the past five years? Providing answers to above questions should not be done loosely. It requires thoughtful insight which must consider size, assets, industry, complexity, experience, capabilities and resilience of the organization. Note also, factors that could possibly motivate persons to lunch acts of violence in workplace vary; however, it may include frustration, revenge, crime, rejection, and mental instability. Here is highlight and description of five sources of workplace violence to prepare for: Criminal intent: violence of this nature oftentimes originates from an external criminal who aims to obtain by force from a target inside the workplace. This may result to injury or fatality, and damage to assets. Customer based: is when a customer aggressively acts or reacts to a situation connected to the business transaction in the workplace. Such aggression may target a worker, a fellow customer or others. For instance, when a customer assaults an employee because their expectations are not met. Worker based: violence occurs when employee attacks, assault or harasses a customer, a fellow employee, the employer or others in the workplace. For example, a worker punches a fellow worker who has offended him/her beyond breaking point or attacks a superior who has refused to recommend a promotion or pay rise. Domestic based: occurs when a relative of a worker, employer, customer or others traces them to a workplace and carries attack. For instance, a jilted or rejected lover who visits and attacks a partner in the workplace.   Ideological based: violence is a situation where an adherent of a particular belief or faith lunches attack in workplace perceived to provide or promote a service that offends such faith. For instance, a religious fanatic who carries out assault on workers or customers in a brothel and disrupt its business activities. How to prepare for inevitable workplace violence: Prepare with PPT – activate emergency response plan through people, process and technology. This requires having in place a capable security team who can follow a process backed by technology to deter, detect and promptly respond to acts of violence in the organization. Build strong security culture – strong security culture demands strong tone from the top. When an organization does not tolerate permissive behavior, it will send message that support strong security culture. In such organization, policies and standards are enforced regardless of whether an act is considered a serious one or not. Enforce background check – background check gives insight to past behaviors and profile of a candidate. It also, provides a red flag of what such person can do if granted access to join organization. For instance, someone who has history of rape in the pass will likely attempt sexual harassment in a workplace. Provide workplace violence awareness – training employees to recognize signs and safety risks associated with workplace violence and encourage them to speak up against it is a good prevention method. For example, Human Resources unit should have a dedicated channel for people to freely and fearlessly report acts of violence. Have onsite security visibility – having security personnel physically seen in a business premises promotes sense of safety, deters some would-be attackers from attempting to attack and generally promotes peace and security. Promote data driven security operation – when a security team is being guided by a verifiable data; trends and patterns can be used for planning, execution and insightful delivery.  Data driven security operation can show connection between violence and a particular season e.g. weekend, evening, end of month, festive period, etc. Integrate CCTV surveillance to security visibility – CCTV camera have strong deterrent effect on occupants of its space. The system serves to caution people to be law abiding or make attempt and get caught. Encourage open communication – “see something, say something” is a safety and security slogan that must be encouraged amongst workforce. Sometimes a victim of covert workplace violence may not have the courage to speak up, especially if the avenue for such communication is not explicitly provided. Train your team for threat identification – employees and others in the workplace should be trained to easily recognize threats of workplace violence and report same without fear or inhibition. Deploy weapon detection technology – deploying weapon detection devices at company’s main access points will prevent entrance of lite weapons into the premises. With this in place, the risks of lethal attacks will be very low. Workplace violence can originate from five main sources. However, it preventable through application of some security measures outline above. ALSO READ 10 Ways To Prevent Workplace Violence

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

Phishing is a type of social engineering attack built on manipulating and deceiving people to reveal confidential and private information which is then used to carry out further crime against them.  This attack takes advantage of gullibility and vulnerability of human emotion to steal from people. Phishing attacks have become a popular, easy to use and very dependable tool for cyber criminals. When in operation; criminals would reach out to users through any communication channel, pretend to represent a legitimate authority; maybe a financial service provider, health insurance provider, a family member or trusted friend, proffer assistance, then request for inimical action from the user. Actions that maybe required from users during phishing attacks include but not limited to; Reveal private and confidential information, e.g. password, date of birth, social security number, BVN, code, etc. Click a link that will further direct users to secondary resource where confidential information will be stolen. Open attachment which in most case will contain malwares that will launch further attack on the device and network. Request for cash to enable a staged problem to be solved. Reveal a sent code to enable completion of a proposed solution. With automation and Artificial Intelligence dominating and directing modern interactions and commerce, people shall depend more on digital channels of communication. Available facts have proven that oftentimes, phishing attacks regardless of its type have more success rate than failure. This means more people are falling victim to these exploits. Hence, the benefits of deepening your understanding about them. Let’s dive into four common types of phishing attack. And how to identify email based phishing attack. Four types of phishing attacks. Spear phishing – this type targets specific category of persons, e.g. insurance or bank customers, students, male mine workers, etc. Whaling attack: is a sub-spear type of attack that targets high net worth and high-profile individuals like company executives, politicians, celebrities, etc. Just like implication of the name “Whale” biggest fish – this attack targets only “big fish”. That is, wealthy people. Smishing attack: this is an SMS based phishing where short message service is used to deceive a receiver into providing private and confidential information or taking other action. This is catchy because, it does not require internet connectivity to hit its intended targets. Vishing attack: this type is a direct opposite of smishing. It uses voice call to reach out and deceptively request for confidential and private information from receiver. In the same vein, internet connectivity is not required to execute this attack. Ten Signs to know a phishing email It will come from a stranger: oftentimes phishing emails come from unknown person or agent. It will come from a public email domain: examples of public email domains are yahoo.com, gmail.com, hotmail.com. Domain name will either be misspelt or corrupted: when it pretends to come from private domain, such domain will never spell correctly as the genuine one. There will be a form of misspelling or corruption of it. It will disguise as proffering assistance: merchants of phishing attacks always pretend to offer one form of assistance or the other. Shylock assistance you may call it. The mail content will be poorly written: content of mail will likely lack expected quality of a business communication. Mail will include suspicious attachment or link: this would require further actions like follow or open. It calls for urgent action: whatever is the call for action from phishing attack always comes with “urgency”. It will request user to provide personal information to enable closure of an event. It may request user to send cash to enable a staged problem to be solved. It will appeal to a defined sentiment. Phishing is a low end and cost-effective tool for cybercrime. It is a social engineering attack that exploits inherent weakness in people to get through and steal from them or carry out other crimes against targets. Getting basic knowledge about method of attacks and the techniques to identify them is a better way to go to prevent being a victim. ALSO READ: Cybersecurity Threat Of Social Engineering

Travel Security Understanding TSA Approved Locks

Travel Security Understanding TSA Approved Locks

Travel security refers to measures taken by an intending traveler to ensure protection for self and luggage. In an increasing global village, travelling both local and overseas has become a routine part of most corporate duties especially for executive personnel and others based on personal demands. Travel security speaks to millions of people who throttle around the globe periodically for one purpose or the other. For each trip security and safety should be of significant concern and must be synonymous with such trip. TSA means Travel Security Administration. TSA is an agency of US Department of Homeland Security. It has authority over the security of transportation systems within the United States. This agency was created as part of response to September 11, 2001 attacks on US to improve airport security protocols in harmony with other federal law enforcement agencies. One of the key recommendations of Travel Security Administration is a specified luggage lock known as TSA lock. A TSA-approved lock is any lock that has approval of TSA and authorized to emplaced Travel Sentry logo – the red diamond. When it comes to securing your travel luggage, using a TSA-approved lock is important for hassle-free trip. These locks feature a universal master key that may allow TSA agents to open and relock a luggage without having to cut or destroy such luggage lock. TSA-approved locks are gaining traction within global air transportation system. Although, each state has their individual air travel security regulations and practices, however most of them are adapted to TSA approved type when it comes to luggage lock. It is however, recommended for intending travelers to check the country’s specific luggage lock standard in advance of any trip. See the benefits of using TSA-approved lock on your luggage when travelling. • It will give you peace of mind. • It shows your knowledge of travel security. • It will ensure security of your personal effects. • It will align you to international travel requirement • It saves you the embarrassment of having your luggage lock cut or destroyed during routine airport security checks. Types of TSA-approved luggage locks There are specific types of these locks currently in open market. One striking feature to look out for as symbol of TSA approval is the “red diamond” logo. • Combination lock: this requires a specific combination of digits to lock and unlock. • Key lock: requires insertion of key and twist of tumbler to unlock. • Cable lock: allows for a sort of chain lock of multiple luggage together. Where to buy TSA Locks Local Stores: the keys can be found in most local travel stores or malls in the airport or within the community. Online Stores: notable online stores like Amazon, and Alibaba also sell TSA locks. In conclusion, travel must be synonymous with safety and security. While thinking safety first is crucial during any trip, the security of personal belongings oftentimes packed in luggage during such travel should also receive baseline attention. By understanding what a TSA lock is and its purpose, you should align your travel security to this regulatory requirement, at same time secure your luggage within acceptable standard. ALSO READ: Solo Travels

13 Benefits Of CCTV To Your Organization

13 Benefits Of CCTV To Your Organization

CCTV surveillance system has proven to be a high value tool for safety and security as well as productivity; whether it is deployed to personal, public or industrial settings. Twenty-first century security and safety has come to depend strongly on this technology as a reliable complement to other resources. The acronym CCTV, means Closed-Circuit Television. Its origin dates back to early 1940s when it was used to observe the launch of V-2 rockets (aggregate 4) at Peenemunde Army Research Centre in a suburb of Germany by a notable German engineer Walter Bruch who was credited as the inventor. It is an integrated system that uses Network Video Recorder or Digital Video Recorder, cameras, desktop computers, monitors/video walls, joy stick, mouse and other devices to capture, record/store and broadcast live footage of activities within its coverage. Today, there are about one billion installed CCTV system all over the world. China 200 million, US 59 million, German 52 million, UK and Japan with 5 million each are the top five countries with highest number of deployments.  And the list is growing and evolving. The system has many domestic and industrial uses; its importance and acceptance are growing so fast by the day. On the field operation, the system is used to watch and monitor activities of all persons working within a facility. It is highly essential for deterrence and detection of crime as well as compliance to regulatory requirement amongst others. For your organization to reap full benefits of this surveillance system it is recommended that it must be fully optimized and functional, it should be operated and managed by competent personnel, and it must comply to privacy laws of the country of its operation. One significant subject of regulatory compliance to deployment of CCTV is “public warning”. This is a deliberate attempt to inform the public that CCTV is in operation 24/7 at the location; and that it is been used strictly for purpose of safety and security. If your organization is still asking what it stand to gain from deploying CCTV, or yet to specifically identify and place metrics and key performance indicators on its CCTV resources see below highlights of return on investment from this tool. 13 benefits of CCTV surveillance system to your organization: Enhance general perception of safety and security: the presence of CCTV surveillance in a location would generally enhance public view of safety and security in such area. Magically though; even when these resources are not fully optimized and utilized, this perception will hold water until proven otherwise by incidents related safety and security. Prevent crime: light-hearted or impulse criminals would think twice about committing any sort of crime in the presence of a visible CCTV camera.  It is only a determined attacker who can dare this surveillance to carry out criminal act regardless. Detect criminal: when a crime is committed in the presence of optimized and functional CCTV camera whether visible or hidden; the actor and the act will be captured, recorded and stored by the system. Gather evidence: when a crime is committed in the presence of optimized and functional camera the actor and the act will be captured, recorded and stored by CCTV and the footage will be presented as evidence of such crime during post incident investigation. This will enable Management to take informed decision in line with its policy and standard. Minimize security and safety incident: with presence of fully optimized CCTV surveillance system in a location, the occurrence of security and safety breach will decrease significantly. Minimize cost of security: deployment of CCTV surveillance will save your organization huge fortune comparatively to deploying physical man-guard. 24/7 coverage of locations, capability and reliability can always beat human who would be vulnerable to visibility limitation, exhaustion, fatigue and other factors. Reduce insurance premium: deploying CCTV surveillance in your facility will help lower insurance premiums by reducing the risk of theft, fire, workplace violence, vandalism and other risks. Boost productivity: when employees and others knew they are being monitored through a surveillance or any other digital device, they would most likely mind their business to meet their target. Although, this is a side perk however; it is a function to be credited to CCTV where it applied. Compliance to regulation: some industry regulations have it as mandatory requirement to deploy CCTV surveillance to complement other security and safety resources. While some organization by default deploy this resource just to check out this requirement, others deploy them to maximize the potentials. The latter is a better option – so go for it. Monitor traffic: in a heavy traffic industrial location, CCTV can assist to monitor the flow and ensure it is complying to set standard and use same to promptly respond to incident accordingly. Monitor various retail settings: in the mall, store, warehouse, gym, hotel, restaurant, event hall, etc. CCTV camera can be used to monitor not just safety and security but other human behavior or mannerism that may serve as clue to a developing or active crime incident. With this, prompt response can be activated. Make informed decision: CCTV system analytics (especially post incident) can be used to decide which safety or security concern should be addressed in ways unique to its occurrence. The system can also provide insight to corporate operational risk and its prioritization. Provide employment: CCTV system creates employment to technologists, engineers, researchers, teachers, sales/procurement practitioners, policy makers, managers, operators and others who are important players in the system value chain. In summary, the need to create and sustain a safe and secure business community has place daunting demands on business owners and managers to ensure this obligation is met. Deployment of CCTV surveillance is one sure way to attain this. Organizations who appreciate and deploy fully optimized system shall have various benefits as highlighted above as return on investment. ALSO READ: Five Sources of Workplace Violence and How To Prepare For Its Prevention and Response

20 Safety and Security Tips For Hotel Guests

20 Safety and Security Tips For Hotel Guests

Hotel is known for leisure and pleasure. It is a place where people run to when there is need for home away from home, exciting experience, relaxation, fun, corporate meetings, conferences, seminars, etc.  Everything about it revolves around exciting and exclusive experience. The industry has been enjoying very wide patronage across globe due to increasing need for people to move around, take time out, and experience a place away from regular work or home environment; sometimes it offers a combination of business and pleasure. Hotels sell excitement and experience open to anyone who can afford it; this presents peculiar challenges to ensure safety and security of guests. Challenge of maintaining improved guests experience and ensuring adequate protection for guests and assets at same time. Operators have demand to ensure integration of safety into hotel ambience. Guests and others visit hotels with various motives. Travelers, fun seekers, business people, criminals, hawkers, barons, gangs and organized underworld groups, etc. patronize hotels for one purpose or the other. The hotel must meet their expectations, else next call may not be possible. Good hotel security system will promote the vision and the mission of the business and still guarantee less security incident. The sure way to go about this is through deterrence-oriented policy and standard rooted on robust security infrastructure, personnel training and guest awareness. This article is guest-centric. It is written for hotel guests. It places the responsibility on the guest to ensure practice of recommended tips to minimize risk of safety and security incident while lodging. As a security or safety manager who has responsibility to proffer risk advisory to employees that seek accommodation in hotel this piece is a ready assistance. Every hotel guest should see themselves as personal chief security officer to self. Reason for this; in some part of the world some people operate a death row under the guise of hotel. As such, instead of selling leisure and experience, they sell pain and calamity to innocent visitors who would never think that such lodge is license to death. Some types of safety and security threats guests may be exposed to in hotel include: Food & drink poisoning Drug & substance abuse Property damage Property theft Pilfering Ritual killing Kidnapping Fire or arson Cyber attack Sexual assault Assassination Pool drowning Armed robbery Physical Assault Excessive indulgence See below 20 Safety and Security Tips To Practice When Lodging in Hotel Research the hotel ahead scheduled lodge, and check online reviews. Do quick mental assessment of the premise and the Front Office Look out for outdoor and indoor CCTV cameras. Ensure the name in public view is the same with name on receipt or transactional document. Nameless hotel has higher risk, variation in name is a clue to safety risk. Share hotel name and location with a trusted person. Note, google map or other digital tool can be used to gather this information. Check strength of the door and the lock. Check door peephole and have it covered from inside. Check all covered or hidden areas in the room; such as under bed, behind curtain, covered roof or floor, bathroom, closet, mini bar, locker/save, adjacent door (if any) etc. Locate nearest emergency exit and check to be sure it is functional. Put off all lights in the room, use your phone camera to scan for hidden cameras (note, this does not work in all phones). Ensure panic alarm device is provided in the room. Ensure Front Office and Security intercom contacts are provided. – if possible, get contact of nearby local Police. Know your room number. Never open door to strange or unexpected knocks. Keep room door partially opened during scheduled or emergency housekeeping. Avoid room on clumsy floor or area. Secure your valuables in locked pack e.g., room locker, your luggage, etc. Do not always trust free public network. Avoid sharing confidential information when using it. Maintain situational awareness at all times. Contact external source for assistance when unfolding incident seems out of hand. Hotels promise experience in form of leisure, glamor, excitement and taste. However; lurking within this cosmetics may be security threats lethal enough to cost life. Always exercise some self-help practices some of which have been highlighted on this piece. Wishing you safe and exciting experience in advance of any hotel lodge. ALSO READ: Traveling with kids: Family Travel Tips for Parents

Top Cybersecurity Threats of 2024

Top cybersecurity threats of 2024

Cybersecurity threat is any criminal activity that has potential to take place through the use of computer devices and the internet. There are many types of cybersecurity threats today, they come from different sources technically known as vectors. Such sources may include state actors, terrorist groups, organized criminal groups, hackers, malicious insiders like; employee, supplier, vendor, competitor, etc. Contemporary world is increasingly being shaped and controlled by automation powered by artificial intelligence, internet-of-things, cloud infrastructure and others; dependence on digital handlers are no longer optional. This development comes with its inevitable security risks. Cyberspace has become the current battle field where criminal elements have continued to innovate various methods of attacks on existing vita resources. Knowledge of these attacks and the vectors is key to planning and implementing preventive and responsive security measures. In no particular order; see below highlight of some top cyber security threats of 2024. Social engineering: this sort of crime occurs when a cybercriminal deceives internet users to provide sensitive personal information; the information given is oftentimes used to commit various kinds of crimes against the person or the organization they represent. Social engineering plays on human intelligence and emotion; it uses of tricks and games to generate personal and confidential information from ignorant people and use same to commit further cybercrimes. Third party exposure: talks about level of potential cyber threats an organization is exposure to due to its relationship with vendors and suppliers within its information technology supply chain. Configuration mistake: otherwise known as misconfiguration, refers to errors in information technology system configuration settings; examples may include fraudulent dataset, hidden data, unstructured data, wrong formatting, failure to patch or wrong patch, non-configuration of firewalls, non-segmentation of network, not using multi-factor authentication, ignorant workforce. These mistakes can occur in any stage of development, deployment and operation of an information technology infrastructure. Artificial intelligence threat: this malicious act could occur when cybercriminals use AI techniques to exploit system vulnerabilities and launch attack. Mobil device threat:  is a threat that take place through use of mobile device. Suffice to say that most known cybersecurity threats can occur via mobile devices. This power tool is also a powerful threat. Insider threat: Insider threat is any security risk that come from people within an organization. This maybe anyone who by virtue of their roles have access to sensitive information and other corporate resources capable of being used against the business. There are two types of insider threat. One is intentional threat, the other is accidental threat. The former is oftentimes premeditated and by impulse, the latter is by ignorance or accidental. State sponsored threat:  this sort of event occurs when some rogue nation states sponsor or directly carry out cyber-attacks against fellow states, prominent organizations or individuals. DNS tunneling: this sort of attack allows hackers to bypass network security by using Domain Name System as conveyor for malicious data traffic. Tunneling is a powerful tool for hackers, and a serious threat for resource owners and managers. Ransomware: this event occurs when malware takes control, locks and encrypt a resource (this could be data, files, or system), render it inaccessible, then makes a demand as condition for its release. Trojan horse: is a virus that disguise as genuine or legitimate program to gain access to a system. Attackers oftentimes use social engineering as delivery channel for this sort of threat. Drive by attack: also known as drive-by download use “exploit kits” to launch automatic download of malware onto a system without a user’s consent. It is usually associated with compromised webpages or plug n play devices. Poor cyber hygiene: cyber hygiene means maintaining healthy cyber practices for security of systems, devices, networks and data. Main goal is to secure sensitive data against attacks. When this is lacking – poor cyber hygiene is the case. Example may include poor network security, lack of configuration management, lack of cybersecurity training for employee. Cloud vulnerability: this refers to weakness in cloud infrastructure which attackers can take advantage of and gain unauthorized access to data resources. Poor data management: this refers to fluid practices that negate the security of data resources. Cyber bulling: this sort of event happens when digital communication channel is used to send intimidating, assaulting and damaging messages to a target. Cyber stalking: this sort of event occurs when digital communication channel is used to track and harass a target (usually a person). DDoS attack: Distributed Denial of Service is a malicious act of disrupting and denying normal traffic flow to a web resource through the use of overwhelming requests that renders the resource incapable. Brute force: is a hacking method that applies trial and error to crack login credentials, encryption keys and pass words to gain unauthorized access to a network or account. It is reported that brute force success rate is rising; making it a simple and reliable tool for cyber criminals. Man-in-the-middle:  also known as MITM or path attack occurs when a cybercriminal secretly intercepts and alters a flowing conversation between two parties without their knowledge or consent. Poor post incident management: this results when after-incident is not properly managed to prevent recurrence. Cybersecurity threats are a serious challenge to businesses. Managing it requires good understanding of different methods in which they may occur. What was discussed in this article is not exhaustive, as such there should be ongoing efforts to uncover and have good insight to more. ALSO READ Cybersecurity Threat Of Social Engineering