RMA Presents at CSI Week at Meredith College

Posted on 25, Oct | Posted by RMA

Chris Peterson presented Enemies at the Gate – or Are They Already Inside? as part of CSI Week at Meredith College. CSI Week allows students at Meredith to explore career opportunities in law enforcement and related fields. The event is sponsored by the Sociology and Criminology Programs, and the Sociology & Criminology Club (and with the support of Political Science, Accounting, & Social Work).

Other presenters during the week included:

  • Special Agent Jahaira Torrens spoke about Homeland Security Investigations.
  • Cat Flowers, owner of Cat Eye Detective Agency, presented.
  • Police Officer and Social Worker Renea Lockhart spoke about domestic violence and being both an officer and a social worker.
  • U.S. Marshals talked about the work they do tracking down fugitives and other law enforcement activities.
  • Wake Country Prosecutors spoke about their work.
  • RPD Gang Unit talked about their work with gang prevention and dealing with gangs in Raleigh.
  • Crime Scene Analysis, RPD patrol officer, CCBI investigator (the local CSI) and a detective from Raleigh Police talked about how they work and investigate a crime scene.
  • Cary Police Department crime mapping analyst Elise Pierce spoke about her work in the use of Crime Scene mapping to facilitate the work of police in Cary.

Chartered in 1891, Meredith College is one of the largest independent private women’s colleges in the U.S. Meredith also offers coeducational graduate programs in business, education and nutrition, as well as post-baccalaureate certificate programs in pre-health and business, a dietetic internship program, a didactic program in dietetics and a paralegal program. Meredith’s programs – undergraduate and graduate — challenge each individual student to think deeply, push hard, discover new strengths and grow even stronger. Meredith has been cited as one of the “best colleges” in the region and the country by U.S. News & World Report, The Princeton Review and Forbes.com.

Continue reading

RMA Completes Security Assessment of RTP

Posted on 18, Sep | Posted by RMA

Risk Management Associates, Inc. has completed a security assessment of Research Triangle Park. The Research Triangle Foundation has developed and is in the process of implementing a new master development plan for the Research Triangle Park (RTP) community. As a critical component of that plan, the foundation decided to conduct a security assessment to provide stakeholders with the current security posture of RTP. A security assessment is one of the most cost effective means to assess the current security people, processes, and technology that are in place today and plan for the security needs of the community moving forward.

The Research Triangle Park is home to more than 170 global companies – including IBM, GSK, Syngenta, RTI International, Credit Suisse, and Cisco – that foster a culture of scientific advancement and competitive excellence. RTP is located between three major universities: Duke University in Durham, North Carolina State University in Raleigh, and the University of North Carolina at Chapel Hill.

Through five decades, the Park still holds to its founders’ aspirations: to generate economic activity, engage the talents of local graduates and citizens and carry North Carolina forward to ever-greater prominence and prosperity.

Continue reading

WRAL: Security measures not foolproof, consultant says

Posted on 17, Sep | Posted by RMA

Continue reading

Held Hostage by a Dishonest Employee

Posted on 16, Sep | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

power shiftI recently was involved in a case in which a company employee was discovered using a company credit card for personal reasons. This happens occasionally, and one would think that immediately terminating the employee would resolve the issue. But what happens when the employee is the one and only IT person for the company?

Many companies have only one person to manage all of their IT needs. There is nothing wrong with this. Considering that 99.7 percent of U.S. employer firms are a small business (http://www.sba.gov/sites/default/files/FAQ_Sept_2012.pdf), having a sole IT person may be very common. The problem with this situation is the lack of oversight and management of the IT person by company executives and owners. What are the consequences caused by this scenario? How can companies and organizations prevent the backlash experienced when a single person has the “keys to the kingdom”?

This issue can occur in any business with a small IT staff. This particular case involved an employee who had been with the company for eight years. In that time, the employee came to be the only person who dealt with all IT issues. He managed the website, the phone system, the internet service, all servers, all workstation, the data connections for multiple facilities – you get the point. The employee could have brought the company to a standstill for several days if not several weeks, if he had wanted to do so. It was not until deciding that he needed to be fired that someone finally asked the question “What does he do and can we do it without him?” The answer was, “No.”

In this case, the employee was being terminated for cause. What if he had been hit by a bus? The company would still be in the same position. The only option left for the company was to hire someone to come in and inventory the network to help them prepare for the employee’s termination. This involved hundreds of man hours. Fortunately, the transition was successful and the company lost no production time.

There are several steps that can be taken to prevent this from occurring in your business. The person responsible for a company’s IT needs should document everything and provide this documentation to management or ownership in a reviewable format on a regular basis. This document should be considered a living document, and any time there is a network change or system change, the document should be edited to reflect the change. The document should include but not be limited to:

  • A list of service providers and all information needed to contact this service provider for support or changes. This includes the Internet service provider, phone service provider, web hosting company, cell phone provider, cloud services, or any other service provider used by the company.
  • Administrator passwords. These can be sealed in an envelope and/or put in a safe.
  • Device passwords and configuration. Think about firewalls, switches, wireless routers, and other equipment.
  • Software passwords and configurations. The IT administrator may be the only person aware of specialized software used in the office that requires specialized configuration or passwords. Make sure this information is documented and available to company executives.
  • Procedures for backing up and restoring systems.
  • A “What if…” document. This document would include instructions on how to deal with and recover from system outages, power outages, or other unique IT failures.

Depending on your network, the information needed in this document will differ. The best way to determine what you may need to document is to sit back and think of the problems created if your IT person were gone. What questions would you have? The document should answer all of these questions. It is also important to make the person responsible aware that this document is a “Continuity of Operations” document. There are many reasons why an IT employee may not be able to come to work, but their absence should not disable any part of the IT infrastructure.

It is also critical to make sure there are two people on the point-of-contact list with all service providers. The second person on the list should be an owner or executive of the company. If the IT person should be unable to perform his or her duties for any reason, the executive or owner of the company can call the service provider and make necessary changes without jumping through a lot of hoops to gain ownership of the service.

Finally, have a third party review this information at least once a year. That third party could be an outside consultant or even a current employee with knowledge of the network and need for business continuity. An outside consultant has the advantage of being objective when looking at an environment and utilizing their experience to help direct and drive a “Continuity Plan” that will protect the company in the event of any number of unexpected events.

Continue reading

Security in the Office – A Checklist

Posted on 30, Jul | Posted by Christine L. Peterson, CPP, ISP

  • Comply with and support your company’s safety and security program and regulations, and insist that others do the same.
  • Protect wallets, keys, purses, and other personal valuables on the job. This especially includes smartphones and tablets.
  • Challenge strangers in restricted areas. The best way to approach this is from a helpful perspective, such as “Can I help you?”
  • Do not discuss company affairs off the job.
  • When leaving the office, even for a short period of time, clean up and secure your work space, with special attention to confidential documents. Also provide for the protection of company equipment assigned to you.
  • If you handle money as a part of your job, insist on positive identification before you cash checks, and refuse obviously counterfeit or questionable currency.
  • If you work in a retail establishment or any other business, guard against shoplifting and employee theft within the frameworks of the law. To deter shoplifting, speak to all customers in your area. Be wary of bulky coats, large shopping bags, partially opened umbrellas, and folded newspapers. Know your company’s policy on dealing with shoplifters, and adhere to it.
  • Make certain your employer has clear and adequate guidelines for handling complaints of sexual harassment.
  • Retain security guards, because they provide a substantial deterrent to the criminal’s expectation of success.
Continue reading

Security Assessment of RTP

Posted on 10, Jun | Posted by RMA

Risk Management Associates, Inc. will be conducting a security assessment of Research Triangle Park. The Research Triangle Foundation has developed and is in the process of implementing a new master development plan for the Research Triangle Park (RTP) community. As a critical component of that plan, the foundation needs to conduct a security assessment that will provide the stakeholders with the current security posture of RTP. A security assessment is one of the most cost effective means to assess the current security people, processes, and technology that are in place today and plan for the security needs of the community moving forward.

The Research Triangle Park is home to more than 170 global companies – including IBM, GSK, Syngenta, RTI International, Credit Suisse, and Cisco – that foster a culture of scientific advancement and competitive excellence. RTP is located between three major universities: Duke University in Durham, North Carolina State University in Raleigh, and the University of North Carolina at Chapel Hill.

Through five decades, the Park still holds to its founders’ aspirations: to generate economic activity, engage the talents of local graduates and citizens and carry North Carolina forward to ever-greater prominence and prosperity.

Continue reading

Hidden Costs of Security Problems

Posted on 7, Jun | Posted by Tasha D. Dyson

strikeOn Wednesday, April 10, 2013, staff members at the Louvre in Paris staged a protest, and the museum did not open. (Read the full story from the BBC here.) They were not protesting about wages, benefits, or hours.

They were protesting about a security problem.

Pickpockets are apparently a huge problem at the museum, so much so that over 200 workers were willing to protest. According to news reports, employees were afraid of the thieves who were becoming “increasingly aggressive”.

When we think of the cost of security problems, we tend to think in terms of the monetary value of direct losses. In this example, if someone stole a painting from the Louvre – or even attempted to steal a painting – the response would be swift.

Although the protest lasted only a single day, how much revenue was lost? What damage was done to the museum’s reputation?

How bad does a security problem have to be before action is taken?

Continue reading

Where’s Your Wallet?

Posted on 31, May | Posted by Kevin M. McQuade, CPP

walletIdentity theft is talked about constantly, and when it happens to someone, their response is normally “I don’t know how this happened to me”. Sometimes it is just too easy.

On a recent business trip – to a security conference no less – as we walked into a restaurant for breakfast we passed an empty booth with no one close to it. In the booth was a woman’s purse, open and just waiting to be taken.

Shortly after that, we boarded the bus that transports us to the security conference. When I took my seat, I looked over to the seat beside me. There was a man’s wallet just lying on the seat next to his backpack. The owner of these items – who works for a large security integration company – was sitting in the seat in front of his belongings. It would have been very easy to take either the wallet or the bag without his knowledge.

Maybe because this was a bus full of security professionals going to a security conference, this individual thought he was safe. He was this time, but he may not be the next time.

Let’s not make it any easier for those who insist on stealing your identity. Keep your purse, wallet, credit cards, and other items secured at all times and not left for someone to take.

 

Continue reading

Campus Alert – Lessons from Lone Star College System

Posted on 24, May | Posted by Tasha D. Dyson

On January 22, 2013, gunshots were heard on the North Harris campus of Lone Star College System. It was later learned that an altercation between to individuals (one of whom may have been a student) had escalated to gun violence. The shooters were injured along with an innocent bystander.

Incidents such as this immediately bring to mind topics such as crime, gun control, workplace violence, weapons on campus, mental health issues, or law enforcement response – topics which are covered extensively in the media and will not be discussed here.

What we noticed was the alert system of Lone Star College System.

During the lockdown on January 22, visitors to the homepage of Lone Star College System saw this:

Lone Star College System Alert

Important information about the current situation was included at the top of the page surrounded by a red outline. More general emergency information was included lower on the page with links to Lone Star’s Office of Emergency Management and the LSCS Emergency Preparedness Guide. Specific information topics included Personal Preparedness Checklist, Tips for People with Special Needs or Disabilities, Weather Emergencies, Terrorism, Building Explosion, Bomb Threats, Shelter in Place, Epidemic, Preventing Crime, Contact Information, and Automated External Defibrillators (AEDs). A link to the standard “non-lockdown” homepage of Lone Star College System was also included.

Based on the design of the page, it appears that Lone Star College System has created an alert template to be used in an emergency situation. With this arrangement, college representatives can simply add relevant information and activate the page, thereby increasing the speed with which they can provide information to students, faculty, staff, and visitors. Although we did not test it, the design of this page suggests that it would be easily viewed on a mobile device or a tablet.

We do not know what other communication methods were used by Lone Star College System, if any, and used alone, this website replacement may not be a comprehensive notification strategy.

However, when used in conjunction with other means of notification such as phone, text, and email, this alert webpage is a fast and efficient was to communicate information to students, faculty, staff, visitors, and the general public.

On April 9, 2013, the CyFair campus of Lone Star College System was placed on lockdown because of an individual who stabbed fourteen people. During the incident, the main webpage of Lone Star College System was again replaced with an “alert” page. Although the design of the page had changed slightly from January to April, the important information was present and highly visible.

Continue reading

Who’s Watching You?

Posted on 17, May | Posted by Emily Liner

Predators could be spying on you through your computer’s webcam. Criminals are now able to hack in and watch your every move – without you ever knowing it. Scary, right?

webcam

We’re all guilty of it: we use our computer, get distracted with something, and just walk away. We forget the computer is still on – and this is the key action criminals are counting on. Now they can access your webcam remotely, watching your most intimate moments from the kitchen to the privacy of your own bedroom. The worst part is, you may never even know.

Not only must we remain aware of our surroundings in public or walking through parking lots and decks, now we must stay vigilant in the privacy of our own home. Though there is little we as the public can do to fight crime against hacking, we are not completely helpless to this threat. The basics solutions are all ones we’ve heard before. Have good anti-virus software on your computer. Do not click any links in your email – especially the ones from “Facebook”. Because Facebook has so many users worldwide, it’s the perfect cover to trick people into thinking the link is legitimate.

The best advice is to learn more about webcam hacking to better understand the risks. Luckily, just like many other appliances and technology, there is a light or another indication that the device is on or in use. Watch your webcam light to know if it has been activated. When it is not in use, cover the lens. This physically stops hackers from watching and recording your activities.

Continue reading