Business Security

dimanche 13 août 2017

Two Security Cameras that Overcome Difficult Lighting Situations

Images of customers or visitors walking into a room are important surveillance shots to capture. They can also be very difficult images for your security camera to handle since your subject is often moving from bright sunlight into a relatively dark room. The resulting images often show little more than a bright rectangle where the sun is shining in through the entry door. Here are two security cameras that will allow you to capture these difficult images.
Honeywell HCCM474M
Bright Light Operation

The HCCM474M uses backlight compensation to deal with variances in light. With this feature, you can program the camera to ignore hotspots in your picture, such as those created by sun shining through windows and doors. This feature allows the camera to maintain its adjustment to the overall lighting condition of the room.
You can use this security camera with a variety of lenses, which you will have to order and install separately. When using the HCCM474M in bright light situations, choose a manual iris lens. The iris in a camera lens adjusts automatically to let in more or less light. If your camera is aimed at an open door, sun shinng through the door will cause the iris to close in much the same way that bright light causes you to squint. As a result, anyone walking through that open door will appear as a dark silouhette. With a manual iris lens, you can adjust for bright light and then leave the lens locked onto that setting.
Small Size
A physical advantage of this camera is its very small size, making it ideal for covert applications. The camera body is slightly larger than 1.5" wide and 1.5" high so it makes for a very unobtrusive installation.
Speco CVC7WMTD
Bright Light Operation
The Speco CVC7WMTD also utilizes backlight compensation, but it's the electronic shutter that makes it especially useful in bright light situations. The Speco Dome Camera comes with a 4-9mm auto iris lens installed. This lens is ideal for taking a wide view of an entire room, but it can also focus in on a set of double doors. Thanks to the electronic shutter, the auto iris lens works very well in bright-to-dark transitions.
Vandal Resistant Construction
A helpful physical feature, this camera's vandal resistant housing will will survive a blow from a 10lb. sledge hammer. The housing is also weather resistant, making it ideal for outdoor applications.

How to Choose a Deadbolt Lock

Selecting the Proper Deadbolt to Protect Your Business

Choosing a Deabolt
A deadbolt is a physical security standard for protecting exterior doors. When selecting a deadbolt protect your business, there are several factors that you should consider.

ANSI Grade 1
ANSI stands for American National Standards Institute. They are a non-profit group that oversees the development of standards for a variety of industries. In order for a deadbolt to be considered commercial grade, it must meet the ANSI Grade 1 specification. This means that the deadbolt

Has been tested to 250,000 open/close cycles
Has a bolt that projects 1 inch into the door frame
Can withstand 10 hammer blows without giving way

Double or Single Cylinder?
Deadbolts come in both double and single cylinder models. A double cylinder deadbolt requires a key to operate the deadbolt from either side of the door. A single cylinder deadbolt can be locked or unlocked from inside by a thumb turn.
Conventional security wisdom has dictated that double cylinder deadbolts be used on doors with windows. This eliminates the danger of someone breaking the glass and reaching inside to unlock your door. However, there are a few reasons to re-think this approach and use a single cylinder deadbolt in most applications.
The first reason is a concern for life safety. A double cylinder deadbolt may prevent you from exiting quickly in case of emergency. You don't want to be fumbling for a key when your building is burning. Some manufacturers do make a "captive thumb turn" key - basically a removable thumb turn that transforms the lock from a single to a double cylinder. But the fact that the thumb-turn can be removed means that it may not be handy when you need it.
The second reason to reconsider this policy is the strength of modern windows. Back when single-pane glass was the norm, the single cylinder deadbolt was a bigger risk. The glass on most newer doors is nowhere near as flimsy.
My recommendation is that you use single cylinder, Grade 1 Deadbolts on all your exterior doors. If possible, use solid doors with no glass.
UL 437
Underwriters Laboratories is another well-known organization that tests products and writes standards. The UL 437 is the standard for high security locks accepted across the security industry. In order to pass the UL 437 test, locks must resist a variety of attacks including drilling, picking, prying, etc.
Proper Installation
The "strike" is the metal plate the attaches to your door jamb and receives the bolt. This should be installed using 3 inch screws. Using long screws secures the strike to the door frame, not just the jamb. In addition, your lock should also have a reinforced strike plate with off-set screw holes. The off-set holes ensure that the screws aren't driven into the same grain of wood. When someone is trying to kick in your door, the jamb will normally give way before the deadbolt; but the extra long screws and reinforced plate will stand up to some serious pounding.
Key Control
All of this physical security is powerless to stop someone with a key. This is why you also need to pay close attention to your key control policy.
Locksmith or DIY?
If you're the do-it-yourself type, and you only have a few doors to protect, the information in this article should help you to make a wise choice regardless of whether you purchase your locks from a locksmith or a big-box store. If, however, you require a master key system or patented key control it would behoove you to spend the extra money and use the services of a professional locksmith.

Do You Need an Armed Guard?

The Pros and Cons of Armed Deterrence

Deadly force. Just using the phrase has a sobering effect. When you decide to hire an armed guard, you are choosing to introduce a deadly force into your business or institution. Not a decision to make without careful consideration.

Pros and Cons
Uniformed guards are chiefly used for deterrence. When those guards are armed, the deterrent effect is amplified. The presence of a gun may be all that is needed to convince a robber or attacker to leave you alone and find a softer target.
You may also save lives — an unarmed guard has limited tools to defend you; in the proper hands, a gun is an instrument of protection.
On the negative side, you may escalate a situation. Once an armed guard reaches for his or her weapon, expect shots to be fired – by the guard, by the assailant, or by both.
Armed guards are also more expensive. Not only are you paying your security contractor for a higher level of training and responsibility, but your insurance costs may rise, as well.
Some Points to Consider
Assess the need carefully. Does your line of business or location make you liable to a violent attack? If so, armed protection may be necessary.
Another decision-making factor is whether or not surrounding businesses use armed protection. If so, you may be the softest target in the area, and become more attractive to violent offenders. If theft is the main threat, it may be better to let the robber get away than to invite a gun battle.
Ideally, armed guards should have military or police experience, in addition to formal training. If you are using contract guards, inquire into the background and experience of the officers assigned to you facility. You may also want to consider hiring an off-duty police officer. You can usually expect a higher level of training and experience with a sworn officer. Check with your local police department to see if they allow off-duty personnel to moonlight.
Consult your legal and insurance advisors to help you weigh the potential benefits and liabilities. One serious question to ask you insurance provider is whether you are covered in the case of a wrongful shooting.
Finally, communicate with your employees. If you bring an armed guard into your facility, make sure they understand why you’ve made the decision, and why you think this change will make them safer. This will most likely be a sensitive cultural issue. Many employees will feel safer with armed protection, however, some may resent the introduction of weapons into the workplace. As with any policy change, communication is critical.
A Real Life Example
Early Sunday morning, on December 9, 2007, a gunman named Matthew Murray walked into a missionary training center in Arvada, Colorado. He opened fire, killing two. As a result of the shooting, area churches and businesses went on high alert.
Later that day, Murray entered New Life Church, a 10,000 member congregation in nearby Colorado Springs. He was carrying an assault rifle and two handguns. He opened fire, killing two more victims.
New Life had already developed a security plan which included the use of volunteer, undercover guards. One of the guards was Jeanne Assam, a former Minneapolis Police Officer. As the attack began on December 9, Assam confronted the assailant, identified herself and opened fire. She wounded the attacker, who then took his own life.
While these twin shootings were a horrible tragedy, the loss of life could have been deeper. Two things went right in this scenario. First, New Life recognized the need to provide discreet protection and had a proactive policy in place. Second, Ms. Assam drew on her professional training and reacted appropriately to the threat.
This incident underscores the seriousness of providing armed protection. While five lives were lost, many more would almost certainly have been killed without a well considered security plan.

Facial Recognition (and Identity Theft) Made Easy

Today, Facial Recognition scans require specialized tools. But the time may be near when anyone with a webcam can obtain your name, birth date and Social Security Number.

Alessandro Acquisti (the same Carnegie Mellon professor who figured out how to reverse engineer your Social Security number) has developed a method for identifying individuals with only a webcam image.
Acquisti's process goes something like this:

Take a webcam photo of the subject;
Use a facial recognition tool called PittPatt (developed by Carnegie Mellon researchers) to match the webcam image to a Facebook profile image;
Using the profile information posted on Facebook and the professor's previously developed SSN formula, divine the subject's Social Security Number.

Don't have a Facebook profile? That's ok, because a tagged image of you on someone else's page may work too.
Acquisti says that this method has "ominous implications for privacy." Facial recognition and search engine technologies are developing to the point where you may soon be able to snap a picture with your BlackBerry and instantly pull down enough information to steal an identity.
Two intersecting trends are set to challenge the very concept of privacy. The first trend is the enormous amount of personal information available online. The second trend is the ever increasing speed at which that information can be searched and analyzed.
So, short of going through life with a bag over your head, what can you do? First of all, limit the information you share online. Second, establish a Social Media Policy for your company. Third, invest in an identity protection service such as LifeLock. Finally, if all else fails, try the bag. Who knows. It may catch on.

Using Security Cameras While Respecting Privacy

4 Tips for Implementing a Reasonable Surveillance Policy

Preventing internal theft, drug use and workplace violence; these are all valid reasons for using security cameras in the workplace. Such activities can cost your business plenty in terms of lost inventory, decreased productivity and injury. But while you are responsible to protect your company's bottom line, you also need to respect your staff's right to privacy. This article will give business managers and owners some guidelines for using security cameras as part of a reasonable security policy.
Communicate

I know of a company whose IT people installed a web cam on a factory floor. They were preparing for a web cast from a trade show, and wanted to run some tests before going live. The conspiracy theories that started to fly when workers noticed the new camera would have made Jerry Fletcher proud. The camera came down, and fears were laid to rest, but the entire dust up might have been avoided by a simple memo explaining why and for how long the camera would be used. If you plan on deploying security cameras in your organization, please communicate with your employees and explain the new initiative to them. Express your concerns with theft, or safety, or whatever the motivation happens to be and give employees the opportunity to ask questions. This kind of openness will go a long way to alleviate the suspicions that security cameras can raise.
Communicating - whether via email, memo, or company-wide meeting - gives you another advantage. When you require employees to acknowledge your surveillance policy, you may be saving yourself from legal challenges down the road.
Stay Visible In my opinion, security cameras should be kept in full view whenever possible. Not only do visible cameras have a strong deterrent value, but they are another way to encourage trust. Employees may be less likely to believe they are being watched covertly if they know where your cameras are stationed.
However, there are times when covert cameras are necessary. If a crime has been committed, recorded evidence may be necessary to prosecute the crime or prevent further instances. In such cases, a fascinating array of hidden cameras are available. Thanks to advances in miniaturization and wireless technology, cameras can be hidden in computer speakers, smoke detectors, eye glasses, neck ties, pagers, clocks, pens, exit signs and more. Just search on the term "covert cameras" or visit a company like Supercircuits to learn more.
Keep Quiet The recording of audio is restricted under the Electronic Communications Privacy Act of 1986. The legal considerations for recording audio are outside the scope of this article. Suffice it to say that when you record audio, you are essentially wiretapping and you have to meet strict requirements in order to do so legally. Silent video recordings are not covered by the ECPA, so limit your surveillance to video.
Be Reasonable There are certain areas, such as restrooms, that you just shouldn't monitor. The law recognizes a "reasonable expectation of privacy" when considering surveillance issues. Public dressing rooms, restrooms and phone booths are all examples of places designed for privacy, and so a person can reasonably assume they are not being watched in these locations. Public areas such as shopping malls, sports stadiums, hallways and parking lots are not built for privacy and so monitoring and recording in such locations is usually legal. Let common sense be your guide when deciding where to install cameras. If you have questions, it's in your best interest to speak with an attorney familiar with your state's privacy laws before you begin your monitoring program.

The News of the World Phone Hacking Scandal

The Tracking Methods that Brought Down a Historic Newspaper

One of journalism's most notorious security scandals involved the British tabloid, News of the World. NOTW was part of Rupert Murdoch's media empire. Founded in 1843, it was at one time the most popular English language newspaper on the planet.
But in 2011, wide-spread privacy breaches brought the once proud paper to sudden, ignominious end. Log on to the NOTW website and (as of the this writing) the only words you'll find are "The World's Greatest Newspaper 1843-2011. Thank You & Goodbye."
Growing Scandal
The chain of events that would eventually silence NOTW's presses traces back to 2002 and the death of British teenager, Milly Dowler. In the early days of Dowler's disappearance a NOTW investigator, along with journalists covering the story, hacked into the missing teen's voicemail box. They listened to Dowler's messages and even deleted some, destroying potential evidence and leading to speculation that the missing girl was still alive.
As it turns out, Dowler's was not the only voicemail box that NOTW agents had surreptitiously accessed. The weight of the collected phone hacking scandals reached critical mass in 2011 and forced the historical publication to close its doors.
Phone Hacking
The common references to News of the World "phone hacking" are a little misleading. Reporters and investigators didn't actually intercept anyone's calls or plant spyware on phones. Rather, they invaded voicemail accounts to gather private information.
The dirty deeds were pretty low-tech. Some perpetrators used a technique known as pretexting. Pretexting is simple; I call your phone company and pretend to be you. Your phone company gives me the password I need to access your voicemail. Now I can hear your messages. Others may have dialed into voicemail accounts by simply guessing at weak passwords.
It should be noted that intercepting cell phone calls is relatively easy, though, provided you can gain physical access to the phone on which you want to spy. Many inexpensive applications allow you to remotely listen in on phone conversations, and even turn on a phone's speaker or camera to do a little eavesdropping.
In order to load one of these applications, however, you need to be in possession of the handset. Therefore, one of the best defenses against this type of attack is simply to password protect your smartphone.
Pinging
Besides invading voicemail boxes, News of the World reporters also engaged in a practice called "pinging" to stalk the subjects of their investigative journalism.
More precisely, they paid the police to ping for them.
Pinging works by reading a phone's signal strength at cell towers. Whenever a mobile phone is powered up, it constantly sends out a signal to determine the closest tower. The towers record the strength and direction of the signals they receive, so with the data from two cell towers and some basic trig, you can dial in on a phone's location.
Under the UK's Regulation of Investigatory Powers Act (RIPA), pinging data must be requested by a senior police officer on a case by case basis. But the late Sean Hoare, a former News of the World reporter turned whistleblower, had said that the paper could purchase pinging data directly from the Metropolitan Police. The pinging requests cost the paper the equivalent of about $500 each. News of the World is said to have used this technique to locate, among others, author James Hewitt, a former paramour of Princess Diana. RIPA requests, however, are intended for national security and crime prevention purposes, not for tracking pop stars and royals.
Summary
The News of the World scandal was one of the more notorious privacy breaches of the digital tracking age. The mobile devices we've come to rely on spray tracking data around like so many digital bread crumbs. That being the case, there will always be a strong temptation for those who value this information to snatch at it with no regard to our privacy or security. Each of us has the responsibility to guard private data. And those, such as the Metropolitan Police, who have the power to either guard or invade our privacy must do so without compromise.

High Profile Data Breach Cases

Data breaches are high stakes, high drama crimes. Not only do they impact the target companies, but milllions of innocent consumers can have their financial worlds turned inside out as a result of one breach. Here is a run down of some high profile data breach cases.
Aetna Insurance
On May 28, 2009, Aetna Insurance contacted 65,000 users to let them know that their personal data may have been compromised. The company was alerted to the breach when customers began complaining of spam emails asking for personal information. While it wasn't clear if any Social Security Numbers had been compromised, Aetna erred on the side of caution, notifying 65,000 current and former employees of the breach and offering free credit monitoring services.
Corneilus Allison, a former employee is the plaintiff in a class action lawsuit alleging that Aetna failed "to adequately protect the private personal information of its current, former and potential employees."
This wasn't Aetna's first experience with data loss. In 2006 a laptop containing sensitive information was stolen from an employee's car. Aetna notified 38,000 customers of the breach, offering free credit monitoring to the victims. According to a company spokesman, the employee carrying the laptop did not follow corporate data protection policies.
LexisNexis
On May 1, 2009, LexisNexis disclosed a data breach to 32,000 customers. Although the data theft took place between June 2004 and October 2007, notification was withheld while the US Postal Service investigated. The USPS was investigating, apparently, because the thieves has set up phony post office boxes as part of the scam. LexisNexis bills itself as the "world’s largest collection of public records, unpublished opinions, forms, legal, news, and business information." According to Douglas Curling, COO of parent company ChoicePoint, the database company has suffered 45-50 breaches.
Heartland Payment Sytems
In 2008, credit card processor Heartland Payment Systems was breached. The exact number of financial records stolen remains a mystery, but on August 17, 2009 Albert Gonzales was indicted for stealing more than 130 million credit and debit records. Heartland was one of his high-profile victims, and the system he hacked processess 100 million card transactions every month.
Commonwealth of Virginia
Virginia was the victim of an interesting twist on identity theft. On April 30, 2009 a hacker posted a ransom note on the website of the Prescription Monitoring Program. The hacker claimed to have stolen a database containing millions of customer pharmaceutical records.
The note read "You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid".
The hacker demanded $10 million by May 7 in return for a password that would access the stolen records. The Commonwealth elected not to pay the ransom. As of this writing, the disposition of the database containing 8 million patient records and 35 million prescriptions is still unclear.
RBS Worldpay
In 2008, RBS Worldpay, a division of the Royal Bank of Scotland, admitted to a massive data breach involving 2.6 million records. In 2009, they were awarded an IRS contract to process taxpayer credit card payments.
Senator Norm Coleman
Norm Coleman was embroiled in a legal battle over his photo finish election loss to Al Franken. Adria Richards was an IT pro who exposed an unprotected donor data base stored on his campaign website. She says she did not download any information.
But the database turned up on Wikileaks, a website devoted to "untraceable mass document leaking." Whoever was responsible, one thing is clear; 4,700 of Coleman's on-line donors had their financial data strewn all over the Internet.