Category: NW Security

Blog posts and articles concerning NW’s IP security solutions arm, NW Systems.

Getting to grips with the EU GDPR (Part 1) – Awareness

Businessman a little daunted by EU GDPRSave the date. On 25 May 2018, the long-awaited EU General Data Protection Regulation (GDPR) will come into force!

In recent weeks, I’ve presented GDPR awareness for a variety of audiences ranging from local business forums to security professionals at an ASIS International security seminar, and one thing is clear – many firms aren’t up to speed with what the EU GDPR means for their organisation, or how to prepare for it.

In response to the head-scratching and consternation I’ve witnessed in recent weeks, I’ve set out to explain the core principles of the new regulation in a three-part blog series. The aim is to break the topic up into three bite-sized pieces and for this first blog, the best place to start is simply with awareness.

Continue reading “Getting to grips with the EU GDPR (Part 1) – Awareness”

NW presents EU GDPR input at ASIS International security seminar

Nigel Peers, Senior Consultant and Data Protection Practitioner presenting to ASIS InternationalOn 2nd November 2017, Nigel Peers – Senior Consultant and Data Protection Practitioner at NW Systems Group, presented an overview and discussion of the impending EU GDPR to an audience of security professionals and members of ASIS International.

ASIS International, a leading organisation for security professionals worldwide, normally hold their UK-based events in London, but on this occasion, Axis Communications hosted the seminar at its new head office in Luton.

The Security of Security

The seminar’s theme was “The Security of Security” and focused on the challenges of security in the digital age; highlighting supply chain security and how procurement decisions can impact business as the regulatory landscape shifts ahead of the biggest changes in data protection legislation that the UK and Europe have faced in twenty years.

Continue reading “NW presents EU GDPR input at ASIS International security seminar”

Why NW Systems made Cyber Essentials Plus a priority in 2017

Cyber Essentials Plus logoIn June 2014 the UK government launched a scheme that was to encourage businesses to adhere to best-practice in IT security. Called Cyber Essentials, it started as a requirement for all suppliers to central UK government and had one simple aim: to protect information and data from online threats.

Three years on and more than 6,000 Cyber Essentials certificates have been awarded to businesses, demonstrating their proficiencies in boundary firewalls and internet gateways; secure configuration; access control; malware protection and patch management. At NW Systems, we’re incredibly proud to announce we’ve gone one step further, and are currently the only systems integrator to achieve Cyber Essentials Plus certification. But why?

Continue reading “Why NW Systems made Cyber Essentials Plus a priority in 2017”

GDPR and the Data Protection Officer: are schools ready?

Who will fill the DPO role in schools?GDPR is on its way. If you work within an educational institution, there is no doubt you will have already seen preparations ahead of the impending 2018 deadline. There is a great deal to consider to be certain schools, academies, colleges and universities will meet its requirements. And many will now be well-versed in the potential ramifications of non-compliance, with fines of up to €20m, or 4% of an institution’s annual turnover, regularly being raised to motivate the less eager into action.

But while there is a lot to think about and prepare, there is still time. Questions that need to be answered include what data do we hold and what was its source? Who has access to this data now and who should have privileges to access it in future? How is our data being stored and utilised? And finally, who is going to manage this process? Under the GDPR, you must appoint a Data Protection Officer (DPO) if you are a public authority or body, or carrying out large scale systematic monitoring of individuals. While the interpretation of these criteria is still being debated in some circles, it is nevertheless clear that it would be prudent for any educational establishment to have somebody take responsibility for ensuring compliance.

Read now: Best practice and compliance for your data security needs

Continue reading “GDPR and the Data Protection Officer: are schools ready?”

Security health checks – are your systems ready for the new academic year?

A new academic year, new security challengesThe next academic year is just around the corner and new security challenges are sure to present themselves along the way. The previous year saw a number of emerging and growing concerns, ranging from physical dangers including the rise of weapons in schools, to cybersecurity and a proliferation of ransomware attacks against public bodies such as the NHS. As students across the UK head back to the classroom, educational facilities must conduct their own security health checks to ensure they are effectively safeguarding their students and staff.

This will be no easy feat; it is imperative that educators themselves are fully informed regarding the convergence between physical and cyber threats. Creating a bespoke mitigation strategy, encompassing a thorough review of all systems to effectively tackle the double-threat, is of critical importance this coming academic year.

Download our 8-point security health checklist

Continue reading “Security health checks – are your systems ready for the new academic year?”

Joining the pieces in the physical and cyber security puzzle

Security integrator and IT manager - where physical and cyber security meetFor the last couple of decades, physical security and cyber security have generally been treated as separate aspects of security provision in most organisations – served by two different industries growing alongside each other and using technology that’s been steadily converging.

It’s this convergence that has seen physical and cyber security become increasingly more entwined, leaving many security integrators and IT professionals puzzled about the blurring of lines and responsibilities. This has now culminated in the current frenzy around “Cyber”, the new General Data Protection Regulation (GDPR) and a wider discussion on personal freedoms and privacy.

The increasing overlap between physical security and cyber security is changing both industries, but what does this mean for security integrators, the end user and their IT departments?

Continue reading “Joining the pieces in the physical and cyber security puzzle”

GDPR and compliance: what does it mean to an Academy Trust?

image of classroom and data protectionWith the Information Commissioner’s Office (ICO) recently reporting a 40% growth in data security incidents in the education sector1, it comes as no surprise that regulation is also increasing. The topic of compliance is rising up the agenda for senior leadership and operational management professionals, and top of the agenda should be the new General Data Protection Regulation (GDPR) – due to come into force on 25th May 2018.

The GDPR contains requirements pertinent to the education sector, outlining how organisations should process and safeguard Personally Identifiable Information (PII). This includes ensuring data breaches are reported to relevant authorities within 72 hours and policies to secure data portability. The new regulation is expected to not only simplify the complex regulatory environment, but to ensure adequate protection of student, staff and stakeholder data.

See the 8-point compliance and best-practice checklist in our education security white paper

Continue reading “GDPR and compliance: what does it mean to an Academy Trust?”

The key to the crown jewels; why supply chain security is essential under GDPR

Why supply chain security is essential under GDPRData breaches have shifted from being a rare occurrence to an almost daily challenge for businesses across the UK. In today’s climate of insecurity, industry giants across multiple sectors have been affected, ranging from Tesco and TalkTalk, to as of this month, The AA. While media attention is often focused on high-profile organisations, the security threat is affecting all parts of the supply chain, with almost two thirds of businesses in the UK reporting a cyberattack or breach in 2015/16. To help manage the growing threat, the UK Government introduced the Cyber Essentials scheme, a set of best practice security recommendations to minimise the risk of cyber-attack.

Security is rising up the agenda for many organisations and an area currently under scrutiny is the use of third-party systems. The use of poorly-secured endpoints, ranging from IoT devices to poorly manufactured or installed CCTV technology is still common, providing backdoor access to a company’s network for any given attacker. In an environment where a company’s data represents its crown jewels, businesses must ask themselves whether they can really afford to trust an unknown party in their business. Are the systems and processes in place to avoid letting an unsecured third-party supplier into their supply chain, or are they exposing themselves to unnecessary and significant risk – operational, reputational and financial in nature?

Continue reading “The key to the crown jewels; why supply chain security is essential under GDPR”

A changing regulatory landscape: safeguarding in education

Understanding the latest regulations applicable to the use of security systems in educationManaging the pressures of safeguarding in education is no easy task. With a growing number of pupils in the system, funding cuts, occurrences of crime, and pressures to make greater use of advanced technology, senior leaders already face a series of challenges in maintaining or improving student safety and security. A number of facilities have integrated advanced security systems such as CCTV in schools and access control in colleges to help ease the burden of keeping people and assets secure. With the capabilities of this technology increasing, and adoption continuing to rise, the regulatory landscape is evolving to match, with bodies such as the Information Commissioner’s Office (ICO) and ATL, The Education Union updating guidance relating to surveillance technologies.

See the 8-point security checklist in our white paper

Continue reading “A changing regulatory landscape: safeguarding in education”

Crime in education: Are ageing security systems keeping up with the threat?

Crime in education: Are ageing security systems keeping up with the threat?With the recent news that close to 1,400 weapons were seized in UK schools over the last year , representing a year-on-year rise of 20 per cent, it is clear security remains high on the agenda for leaders in the education sector. While many organisations have sought to effectively manage this risk with the use of advanced security systems such as CCTV and access control, the practice has also introduced questions as to how effective these systems are, and whether institutions are adhering to best practice set out by professional bodies such as the NUT and NAHT, the Information Commissioner’s Office (ICO) and the Department for Education.

Download our whitepaper for a best practice and compliance checklist:
Security: A need for effective risk mitigation in education

Continue reading “Crime in education: Are ageing security systems keeping up with the threat?”