On 2nd November 2017, Nigel Peers – Senior Consultant and Data Protection Practitioner at NW Systems Group, presented an overview and discussion of the impending EU GDPR to an audience of security professionals and members of ASIS International.
ASIS International, a leading organisation for security professionals worldwide, normally hold their UK-based events in London, but on this occasion, Axis Communications hosted the seminar at its new head office in Luton.
The Security of Security
The seminar’s theme was “The Security of Security” and focused on the challenges of security in the digital age; highlighting supply chain security and how procurement decisions can impact business as the regulatory landscape shifts ahead of the biggest changes in data protection legislation that the UK and Europe have faced in twenty years.
In June 2014 the UK government launched a scheme that was to encourage businesses to adhere to best-practice in IT security. Called Cyber Essentials, it started as a requirement for all suppliers to central UK government and had one simple aim: to protect information and data from online threats.
Three years on and more than 6,000 Cyber Essentials certificates have been awarded to businesses, demonstrating their proficiencies in boundary firewalls and internet gateways; secure configuration; access control; malware protection and patch management. At NW Systems, we’re incredibly proud to announce we’ve gone one step further, and are currently the only systems integrator to achieve Cyber Essentials Plus certification. But why?
GDPR is on its way. If you work within an educational institution, there is no doubt you will have already seen preparations ahead of the impending 2018 deadline. There is a great deal to consider to be certain schools, academies, colleges and universities will meet its requirements. And many will now be well-versed in the potential ramifications of non-compliance, with fines of up to €20m, or 4% of an institution’s annual turnover, regularly being raised to motivate the less eager into action.
But while there is a lot to think about and prepare, there is still time. Questions that need to be answered include what data do we hold and what was its source? Who has access to this data now and who should have privileges to access it in future? How is our data being stored and utilised? And finally, who is going to manage this process? Under the GDPR, you must appoint a Data Protection Officer (DPO) if you are a public authority or body, or carrying out large scale systematic monitoring of individuals. While the interpretation of these criteria is still being debated in some circles, it is nevertheless clear that it would be prudent for any educational establishment to have somebody take responsibility for ensuring compliance.
This year’s annual Wirral Business Awards were held at Thornton Manor on Friday 22nd September 2017 and attended by over 500 of the region’s leading figures in business. The gala dinner is held by the Wirral Chamber of Commerce and year-on-year, the event has continued to grow – it is now established as a regional showcase for successful businesses.
For the last 3 years, NW Systems has sponsored an award category and this year we sponsored the category Business of the Year (50+ employees) – congratulations to CPL Training Group for their win!
The next academic year is just around the corner and new security challenges are sure to present themselves along the way. The previous year saw a number of emerging and growing concerns, ranging from physical dangers including the rise of weapons in schools, to cybersecurity and a proliferation of ransomware attacks against public bodies such as the NHS. As students across the UK head back to the classroom, educational facilities must conduct their own security health checks to ensure they are effectively safeguarding their students and staff.
This will be no easy feat; it is imperative that educators themselves are fully informed regarding the convergence between physical and cyber threats. Creating a bespoke mitigation strategy, encompassing a thorough review of all systems to effectively tackle the double-threat, is of critical importance this coming academic year.
For the last couple of decades, physical security and cyber security have generally been treated as separate aspects of security provision in most organisations – served by two different industries growing alongside each other and using technology that’s been steadily converging.
It’s this convergence that has seen physical and cyber security become increasingly more entwined, leaving many security integrators and IT professionals puzzled about the blurring of lines and responsibilities. This has now culminated in the current frenzy around “Cyber”, the new General Data Protection Regulation (GDPR) and a wider discussion on personal freedoms and privacy.
The increasing overlap between physical security and cyber security is changing both industries, but what does this mean for security integrators, the end user and their IT departments?
With the Information Commissioner’s Office (ICO) recently reporting a 40% growth in data security incidents in the education sector1, it comes as no surprise that regulation is also increasing. The topic of compliance is rising up the agenda for senior leadership and operational management professionals, and top of the agenda should be the new General Data Protection Regulation (GDPR) – due to come into force on 25th May 2018.
The GDPR contains requirements pertinent to the education sector, outlining how organisations should process and safeguard Personally Identifiable Information (PII). This includes ensuring data breaches are reported to relevant authorities within 72 hours and policies to secure data portability. The new regulation is expected to not only simplify the complex regulatory environment, but to ensure adequate protection of student, staff and stakeholder data.
Data breaches have shifted from being a rare occurrence to an almost daily challenge for businesses across the UK. In today’s climate of insecurity, industry giants across multiple sectors have been affected, ranging from Tesco and TalkTalk, to as of this month, The AA. While media attention is often focused on high-profile organisations, the security threat is affecting all parts of the supply chain, with almost two thirds of businesses in the UK reporting a cyberattack or breach in 2015/16. To help manage the growing threat, the UK Government introduced the Cyber Essentials scheme, a set of best practice security recommendations to minimise the risk of cyber-attack.
Security is rising up the agenda for many organisations and an area currently under scrutiny is the use of third-party systems. The use of poorly-secured endpoints, ranging from IoT devices to poorly manufactured or installed CCTV technology is still common, providing backdoor access to a company’s network for any given attacker. In an environment where a company’s data represents its crown jewels, businesses must ask themselves whether they can really afford to trust an unknown party in their business. Are the systems and processes in place to avoid letting an unsecured third-party supplier into their supply chain, or are they exposing themselves to unnecessary and significant risk – operational, reputational and financial in nature?
In response to questions from some of our Streamdays customers regarding Flash and HTML5 support, I’d like to explain a bit about our recent live stream player update and when the use of HTML5 will be enforced.
Until recently, Flash was the main means of delivering live video over the web into your browser and our Streamdays webcam hosting service used Flash for many years to showcase thousands of live webcams around the globe to a huge audience. As is always the case with technology, eventually things move on and Flash is no longer the go-to multimedia app for the web – the world has already begun moving to HTML5, a new standard for web pages, interactivity and video playback.
Managing the pressures of safeguarding in education is no easy task. With a growing number of pupils in the system, funding cuts, occurrences of crime, and pressures to make greater use of advanced technology, senior leaders already face a series of challenges in maintaining or improving student safety and security. A number of facilities have integrated advanced security systems such as CCTV in schools and access control in colleges to help ease the burden of keeping people and assets secure. With the capabilities of this technology increasing, and adoption continuing to rise, the regulatory landscape is evolving to match, with bodies such as the Information Commissioner’s Office (ICO) and ATL, The Education Union updating guidance relating to surveillance technologies.
With the recent news that close to 1,400 weapons were seized in UK schools over the last year , representing a year-on-year rise of 20 per cent, it is clear security remains high on the agenda for leaders in the education sector. While many organisations have sought to effectively manage this risk with the use of advanced security systems such as CCTV and access control, the practice has also introduced questions as to how effective these systems are, and whether institutions are adhering to best practice set out by professional bodies such as the NUT and NAHT, the Information Commissioner’s Office (ICO) and the Department for Education.
Today sees the launch of the national surveillance camera strategy for England and Wales, headed up by Tony Porter, the government’s Surveillance Camera Commissioner.
The three year strategy is a welcome step forward but it also comes with a stark warning from Mr. Porter, the government’s CCTV watchdog, who is concerned that regulators and the government were struggling to keep up with the pace of technological change.
What most worries me is the impact of big data and integration of video surveillance… I’m worried about overt surveillance becoming much more invasive because it is linked to everything else.
The new strategy acknowledges that most people currently support the use of CCTV in public places but the Commissioner’s concerns are whether this support can continue because of the way surveillance is changing. As technology advances and converges, the possibilities for its use are expanding at breakneck speed and there are undoubtedly some cases where it’s been invaluable – such as drones helping the police solve crimes and hunt for missing people but, it’s also creating problems with privacy.
As a company formed in the very early years of IP video and geared from the beginning to work with and deliver solutions around video over IP networks, we have seen many video management systems (VMS) come onto the market and many disappear, and our exposure to a large number of them has been significant.
We are well-placed to form an opinion on the state of the VMS marketplace and as a Milestone Platinum Partner, I’d like to explain why we have chosen to focus mainly on Milestone XProtect as the go-to VMS.
NW Systems and Axis Communications are hosting a CCTV & Security Technology keynote event at FACT in Liverpool on Thursday, 3rd November.
The event is aimed at IT and Security Managers, technicians and security technology decision makers.
If you’d like to learn about the latest trends in connected CCTV & security, this event will be of great interest – you’ll come away not only knowing about the full benefits of an IP-based system but also, how to get the most out of your investment.
NW Systems picked up the highly-coveted Enterprise Project of the Year Award UK & Ireland in this year’s Axis Communications’ VIP Northern Europe Partner Event, held in Liverpool on the 21st September.
The event which was attended by more than 40 of Axis’ top-performing Gold partners from Denmark, Sweden, Norway, Finland and the UK & Ireland, saw NW Systems being recognised for its work in upgrading Chester Zoo’s CCTV systems to a state-of-the-art IP video system which now provides surveillance, animal welfare and crowd management benefits to this world-class zoo.
The award was received by Frank Crouwel, Managing Director at NW Systems from Ray Mauritsson, CEO at Axis and Dave Needam, Axis UK and Ireland Sales Manager.
The two-year project, which continues to see expansion, has involved migrating from 150 ageing analogue-based CCTV cameras to almost 300 Axis network cameras – all being managed via Milestone XProtect Expert video management platform.
We will give you more on this project in a more detailed case study later this year.