“NW Systems Group Limited” has formally changed name to “NW Security Group Limited” – it’s just one word that’s different, but our business has evolved significantly in recent years and the change reflects our comprehensive range of security-related services.
Co-founder and Managing Director, Frank Crouwel, reflects on the evolution from technology company to specialist security provider:
“Back when the company was founded in 2004, IP video was just starting to take off and IP cameras were often referred to as “Network Webcams” – it’s the reason our supply service and online IP Camera store is called Network Webcams and it’s also the origin of “NW” in the group name.
As we enter 2018, time to prepare for the EU General Data Protection Regulation (GDPR) is running out. 25th May is the deadline to ensure compliance, and in part two of this three-part blog series we discuss one of the most hotly debated aspects of the new legislation: has the data owner consented to having their Personally Identifiable Information (PII) stored and processed?
Perhaps the greatest change to the new EU GDPR compared to the outgoing Data Protection Act is the strict approach to user consent. As the proliferation of connected systems and technologies accelerates the magnitude of personal data, ensuring PII is not only securely stored, but also used with the data owner’s permission, is vital to achieve compliance with the new legislation.
In recent weeks, I’ve presented GDPR awareness for a variety of audiences ranging from local business forums to security professionals at an ASIS International security seminar, and one thing is clear – many firms aren’t up to speed with what the EU GDPR means for their organisation, or how to prepare for it.
In response to the head-scratching and consternation I’ve witnessed in recent weeks, I’ve set out to explain the core principles of the new regulation in a three-part blog series. The aim is to break the topic up into three bite-sized pieces and for this first blog, the best place to start is simply with awareness.
On 2nd November 2017, Nigel Peers – Senior Consultant and Data Protection Practitioner at NW Security Group, presented an overview and discussion of the impending EU GDPR to an audience of security professionals and members of ASIS International.
ASIS International, a leading organisation for security professionals worldwide, normally hold their UK-based events in London, but on this occasion, Axis Communications hosted the seminar at its new head office in Luton.
The Security of Security
The seminar’s theme was “The Security of Security” and focused on the challenges of security in the digital age; highlighting supply chain security and how procurement decisions can impact business as the regulatory landscape shifts ahead of the biggest changes in data protection legislation that the UK and Europe have faced in twenty years.
In June 2014 the UK government launched a scheme that was to encourage businesses to adhere to best-practice in IT security. Called Cyber Essentials, it started as a requirement for all suppliers to central UK government and had one simple aim: to protect information and data from online threats.
Three years on and more than 6,000 Cyber Essentials certificates have been awarded to businesses, demonstrating their proficiency in boundary firewalls and internet gateways; secure configuration; access control; malware protection and patch management. At NW Security Group, we’re incredibly proud to announce we’ve gone one step further, and are currently the only systems integrator to achieve Cyber Essentials Plus certification. But why?
GDPR is on its way. If you work within an educational institution, there is no doubt you will have already seen preparations ahead of the impending 2018 deadline. There is a great deal to consider to be certain schools, academies, colleges and universities will meet its requirements. And many will now be well-versed in the potential ramifications of non-compliance, with fines of up to €20m, or 4% of an institution’s annual turnover, regularly being raised to motivate the less eager into action.
But while there is a lot to think about and prepare, there is still time. Questions that need to be answered include what data do we hold and what was its source? Who has access to this data now and who should have privileges to access it in future? How is our data being stored and utilised? And finally, who is going to manage this process? Under the GDPR, you must appoint a Data Protection Officer (DPO) if you are a public authority or body, or carrying out large scale systematic monitoring of individuals. While the interpretation of these criteria is still being debated in some circles, it is nevertheless clear that it would be prudent for any educational establishment to have somebody take responsibility for ensuring compliance.
This year’s annual Wirral Business Awards were held at Thornton Manor on Friday 22nd September 2017 and attended by over 500 of the region’s leading figures in business. The gala dinner is held by the Wirral Chamber of Commerce and year-on-year, the event has continued to grow – it is now established as a regional showcase for successful businesses.
For the last 3 years, NW Security has sponsored an award category and this year we sponsored the category Business of the Year (50+ employees) – congratulations to CPL Training Group for their win!
The next academic year is just around the corner and new security challenges are sure to present themselves along the way. The previous year saw a number of emerging and growing concerns, ranging from physical dangers including the rise of weapons in schools, to cybersecurity and a proliferation of ransomware attacks against public bodies such as the NHS. As students across the UK head back to the classroom, educational facilities must conduct their own security health checks to ensure they are effectively safeguarding their students and staff.
This will be no easy feat; it is imperative that educators themselves are fully informed regarding the convergence between physical and cyber threats. Creating a bespoke mitigation strategy, encompassing a thorough review of all systems to effectively tackle the double-threat, is of critical importance this coming academic year.
For the last couple of decades, physical security and cyber security have generally been treated as separate aspects of security provision in most organisations – served by two different industries growing alongside each other and using technology that’s been steadily converging.
It’s this convergence that has seen physical and cyber security become increasingly more entwined, leaving many security integrators and IT professionals puzzled about the blurring of lines and responsibilities. This has now culminated in the current frenzy around “Cyber”, the new General Data Protection Regulation (GDPR) and a wider discussion on personal freedoms and privacy.
The increasing overlap between physical security and cyber security is changing both industries, but what does this mean for security integrators, the end user and their IT departments?
With the Information Commissioner’s Office (ICO) recently reporting a 40% growth in data security incidents in the education sector1, it comes as no surprise that regulation is also increasing. The topic of compliance is rising up the agenda for senior leadership and operational management professionals, and top of the agenda should be the new General Data Protection Regulation (GDPR) – due to come into force on 25th May 2018.
The GDPR contains requirements pertinent to the education sector, outlining how organisations should process and safeguard Personally Identifiable Information (PII). This includes ensuring data breaches are reported to relevant authorities within 72 hours and policies to secure data portability. The new regulation is expected to not only simplify the complex regulatory environment, but to ensure adequate protection of student, staff and stakeholder data.
Data breaches have shifted from being a rare occurrence to an almost daily challenge for businesses across the UK. In today’s climate of insecurity, industry giants across multiple sectors have been affected, ranging from Tesco and TalkTalk, to as of this month, The AA. While media attention is often focused on high-profile organisations, the security threat is affecting all parts of the supply chain, with almost two thirds of businesses in the UK reporting a cyber-attack or breach in 2015/16. To help manage the growing threat, the UK Government introduced the Cyber Essentials scheme, a set of best practice security recommendations to minimise the risk of cyber-attack.
Security is rising up the agenda for many organisations and an area currently under scrutiny is the use of third-party systems. The use of poorly-secured endpoints, ranging from IoT devices to poorly manufactured or installed CCTV technology is still common, providing backdoor access to a company’s network for any given attacker. In an environment where a company’s data represents its crown jewels, businesses must ask themselves whether they can really afford to trust an unknown party in their business. Are the systems and processes in place to avoid letting an unsecured third-party supplier into their supply chain, or are they exposing themselves to unnecessary and significant risk – operational, reputational and financial in nature?
In response to questions from some of our Streamdays customers regarding Flash and HTML5 support, I’d like to explain a bit about our recent live stream player update and when the use of HTML5 will be enforced.
Until recently, Flash was the main means of delivering live video over the web into your browser and our Streamdays webcam hosting service used Flash for many years to showcase thousands of live webcams around the globe to a huge audience. As is always the case with technology, eventually things move on and Flash is no longer the go-to multimedia app for the web – the world has already begun moving to HTML5, a new standard for web pages, interactivity and video playback.
Managing the pressures of safeguarding in education is no easy task. With a growing number of pupils in the system, funding cuts, occurrences of crime, and pressures to make greater use of advanced technology, senior leaders already face a series of challenges in maintaining or improving student safety and security.
A number of facilities have integrated advanced security systems such as CCTV in schools and access control in colleges to help ease the burden of keeping people and assets secure. With the capabilities of this technology increasing, and adoption continuing to rise, the regulatory landscape is evolving to match, with bodies such as the Information Commissioner’s Office (ICO) and ATL, The Education Union updating guidance relating to surveillance technologies.
With the recent news that close to 1,400 weapons were seized in UK schools over the last year , representing a year-on-year rise of 20 per cent, it is clear security remains high on the agenda for leaders in the education sector. While many organisations have sought to effectively manage this risk with the use of advanced security systems such as CCTV and access control, the practice has also introduced questions as to how effective these systems are, and whether institutions are adhering to best practice set out by professional bodies such as the NUT and NAHT, the Information Commissioner’s Office (ICO) and the Department for Education.
Today sees the launch of the national surveillance camera strategy for England and Wales, headed up by Tony Porter, the government’s Surveillance Camera Commissioner.
The three year strategy is a welcome step forward but it also comes with a stark warning from Mr. Porter, the government’s CCTV watchdog, who is concerned that regulators and the government were struggling to keep up with the pace of technological change.
What most worries me is the impact of big data and integration of video surveillance… I’m worried about overt surveillance becoming much more invasive because it is linked to everything else.
The new strategy acknowledges that most people currently support the use of CCTV in public places but the Commissioner’s concerns are whether this support can continue because of the way surveillance is changing. As technology advances and converges, the possibilities for its use are expanding at breakneck speed and there are undoubtedly some cases where it’s been invaluable – such as drones helping the police solve crimes and hunt for missing people but, it’s also creating problems with privacy.