Posts

Security Officers Post Covid-19

Has the time come to recognise the dynamic role good security officers play? Or do we need to recognise that post Covid-19, when economic realities bite, their role will be back to what it was pre the crisis, at best?

Those are just some of the questions that will be debated by Mike Bluestone from Corps Security and other panellists at an upcoming webinar at 3.30pm on Tuesday 9 June.

>> Register Here

The thought leadership webinar, run by the OSPAs, Perpetuity Research and TECAs, will also explore whether the involvement of security officers in more varied tasks, spell a dilution of the security officers’ roles or an enhancement of their position?

Sign up for your free place here.

For further information on how Corps is working to support our colleagues and customers during this time please take a look at our dedicated Covid-19 page or contact us on covid19@corpssecurity.co.uk and we’ll do our best to help.

Supporting Security Staff During The Pandemic

The Government’s decision to classify SIA licence-holding security professionals as critical workers has meant that in many cases security officers are the last people standing in a building. Overall the Coronavirus outbreak has meant significant change for our front-line security officers.

In some instances, their shift patterns have changed where we’re required to provide day cover to maintain a presence in a largely empty building, whereas before it was mainly nights and weekends. Some relief officers are now mobile, serving a number of different sites where it’s safe to do so, whereas before many were based in just one building. Others are supporting critical infrastructure sites and are working longer shifts. Our colleagues at our remote monitoring centre in Glasgow are busier than ever as many clients turn to technology to protect empty premises rather than have an officer on site.  At the same time, our officers are playing a vital role in supporting the Police service, which is already stretched.

Meanwhile, like many others on the front line, some of our officers are unwell, or self-isolating because a member of their family has the virus. Many have caring responsibilities in their household to work around. In our offices, our people are busy managing constantly-changing customer needs with our security officer’s constantly-changing availability. It’s a tricky balancing act for everyone.

The key to making it work – and ensuring that people remain engaged, motivated and healthy – is good communication. Usually that would be through regular site visits, but obviously that’s not an option now. Instead, we’re using our colleague portal, emails, phone and video calls, letters and other channels to share advice so that they feel confident in their role and supported.

Many of our officers are faced with dealing with people who are showing symptoms of Covid19, so we’ve provided step-by-step advice on how to support those customers while also protecting themselves. Giving them the correct Personal Protective Equipment (PPE) is obviously a key part of that, as well as instructions on how to use it properly. Public transport has been reduced in some areas, and helping colleagues plan their journeys, which are often at anti-social hours, is key, with our central scheduling department and local management teams supporting them with route planning. Our previous approach to getting people to site in an emergency – known as lift to shift – isn’t appropriate in these circumstances so we’re adopting new ways of working.

Regular one-to-one check-ins with our security officers is also important. Their line manager will know them better than anyone and there’s already a trusted relationship in place. Making sure they’re feeling well, both mentally and physically, and taking the time to recharge is essential. We’re long-term supporters of Combat Stress and have a strong understanding of how people can be affected mentally by being on the front line and how mental wellbeing is important.

Overall we’re listening to what our security officers need – they’re on the front line of this outbreak.  The next few weeks and months are challenging times for us all. By listening to our front-line teams, we can ensure they provide the best possible care to our customers while also looking after themselves.

We’ve set up a dedicated coronavirus support team to answer any questions about the impact of coronavirus on your business. Please contact us on covid19@corpssecurity.co.uk and we’ll do our best to help.

How is Technology Helping and Hindering Security

To what extent is technology offering new opportunities for better security and where is it floundering?

How are these technologies interacting with people? After the Coronavirus crisis will there be more or less interest in technology? Those are just some of the questions that will be debated by Mike Bluestone from Corps Security and other panellists at an upcoming webinar at 3.30pm on Thursday 23 April.

>> Register Here

The thought leadership webinar, run by the OSPAs, Perpetuity Research and TECAs, will also explore what we are learning about security technologies as the pandemic unfolds; to what extent offenders are exploiting technology and where are the opportunities for security technologies?

Sign up for your free place here.

We’ve set up a dedicated coronavirus support team to answer any questions about the impact of coronavirus on your business. Please contact us on covid19@corpssecurity.co.uk and we’ll do our best to help.

COVID-19 and IT Security Flexible Working

Mimecast CISO Mark O’Hare has provided the following tips on what you can do to make you, your colleagues & your families safer online during the COVID-19 coronavirus outbreak.

Key points:

  • COVID-19 is being used as a phishing lure by cybercriminals & nation states
  • Expect to see an increase in exploits related to COVID-19 as publicity around the virus increases
  • Cybercriminals are using trusted brands, like World Health Organization (WHO) & U.S. Centre for Disease Control & Prevention (CDC), to build credibility & entice users into opening attachments

What can you do?

  • Don’t click on any COVID-19 related links or attachments you receive via email or messaging apps. This includes messages to personal email providers like Gmail
  • Don’t be fooled by legitimate-looking branding on messages you receive, there are good fakes doing the rounds. Cybercriminals will also often use language that conveys a sense of urgency, so be alert
  • If you want COVID-19 news, navigate directly to the WHO & CDC websites. Use best practices by typing URLs into your web browser & use Google Search to search for sites
  • Don’t put your credentials into third-party sites unless you’re 100% sure you’re on the correct site
  • Report any suspicious messages to Mimecast’s SOC by email: soc@mimecast.com

10 STEPS FOR MAINTAINING WEB SECURITY (AND SANITY) WHILE WORKING FROM HOME DURING THIS SITUATION

Governments across the globe have put extreme measures in place to limit the spread of coronavirus, prohibiting large public gatherings and encouraging “social distancing” to keep new coronavirus cases as low as possible. Where possible, office based colleagues are on strict work-from-home schedules to mitigate COVID-19’s spread.
While many people have a home office setup already, the same cyber hygiene and web security standards that can be found at corporate offices are not generally in place at home.

With that in mind, the following 10 steps can be used to help avoid cyber-related mistakes, which may linger long after global recovery from COVID-19.

  1.  Maintain regular working hours, but also plan breaks to avoid breaches caused by human error. Working from home requires a different kind of discipline than the typical workplace and it can be difficult to adapt. Planning your working hours and pencilling in suitable breaks will allow you to focus on what needs to be done and when. Similarly, it can be easy to get caught up in a task as you make progress, but regular breaks from a computer screen are essential to avoiding fatigue, strain or headaches from excessive use. All these factors may increase the chances of human error and therefore the chance of a breach.
  2. If sharing your home with others, designate a workspace and ground rules. Family members or roommates can present a distraction during any self-quarantine, particularly if there’s limited space to work and live in. Be clear from the outset as to where your working space is, and the hours you’ll be working.
  3. Take precautions around web security at home. For example, ensure your home router is secure, does not use a generic default password, is utilizing encryption and has its firewall switched on. All these measures will help to secure your home network for personal as well as work use and increase the likelihood of being able to work safely and securely without compromise. This is even more prudent in the age of connected devices. Today, TVs, baby monitors, smart speakers, doorbells, and even lightbulbs can be connected to your network, presenting potential routes into your home network to compromise your more secure work devices and web security. Two-factor authentication, a password, your router and your firewall may be all that keeps them secure. Ensure all your devices have been changed from their default passwords and that any available security measures are enabled.
  4. Keep an eye on bandwidth, which may be more limited than usual due to the increased numbers of people working from home. Increased usage of the internet at home will place greater strain on home networks, and in many cases, the capacity of local infrastructure is shared. Be aware that you may experience slower speeds than usual. If sending work files, resist any temptation to work around existing security measures or the network to save time. Risking compromise of the whole network and its existing web security standards is not worth a few seconds’ expediency.
  5. Mobile data and networks will likely suffer the same issues. Data usage may significantly slow and calls may not connect. Ask yourself: Is the communication urgent? Consider alternative but approved workplace communication via Slack, Skype, Zoom or other approved applications if necessary. Do not use less secure communication channels.
  6. Resist the temptation to use unfamiliar Wi-Fi for work or private browsing. It might be tempting to connect to a neighbour’s or public unsecured Wi-Fi if the signal appears stronger and your connection appears to be very slow, but it’s critical not to do this for private or work-related purposes, since it’s impossible to discern whether you’re inadvertently giving away your credentials to a tech-savvy attacker.
  7. Ensure you’re using encryption. Webmail or private email are unencrypted, leaving your devices at significant risk of compromise via interception or “man in the middle attacks,” and can make your home network vulnerable to compromise as attackers may piggyback on you to compromise an otherwise secure environment.
  8. Supplement encryption with a Virtual Private Network. For an extra layer of web security and encryption, always use a VPN. Most workplaces now have these installed on workplace or business machines and these should be used when available.
  9. Use Multi-factor/two-factor (MFA/2FA) authentication whenever possible. This extra layer of web security may prevent compromise of work applications. Be particularly wary of social engineering during this time, such as contact which may seek to obtain disclosure of an MFA/2FA code.
  10. Be aware of increased phishing and other forms of cyberattack through electronic communication. With many people self-isolating and working from home there will be significant appetite for news on developments. However, colleagues must be aware that this is almost certainly not going to be delivered via any unsolicited electronic communication. Do not click links or attachments in any unsolicited communications offering help or advice, particularly relating to COVID-19 (or really any other significant global events that may be occurring). Stay up to date using reputable news providers and trustworthy government websites for informed and credible updates.

According to Mimecast threat intelligence researchers, threat actors and criminals will almost certainly seek to exploit the increased numbers of colleagues working from home and see them as an opportunity to compromise secure workplace networks. Working from home presents additional complexities, potential weak points and vulnerabilities for attackers to exploit, particularly if colleagues let cyber hygiene slip.

Workplace safety measures and social distancing will almost certainly result in threat actors targeting individuals at home and via their more vulnerable home Wi-Fi networks. Mimecast researchers believe there may well be a significant increase in spam mail and phishing attacks against individuals as well as businesses.

Human error accounts for over 90% of cyber incidents, with at least 90% of breaches involving email as a delivery vector at some stage. The overarching aim of any attack is to encourage the target to type credentials into forged sites, or to covertly install malicious software that will permit data exfiltration or network access, from clicking on malicious links.

Take your time and apply the usual diligence to any electronic communication and do not click on links within these emails.

Nick Gilroy
Quality & Compliance Manager