Assessment Completed at University of Maryland Eastern Shore

Posted on 14, Nov | Posted by RMA

Risk Management Associates, Inc. completed its assessment of the University of Maryland Eastern Shore security program. The assessment began with the review of security-related policies and procedures and other related documents. Members of the RMA team visited the UMES campus to conduct independent observations and interviews with approximately 100 individual stakeholders. Local law enforcement was contacted, and both police calls for service and reported crime data at each campus and the surrounding areas were requested and reviewed. Copies of any internal security-related incident reports were obtained and evaluated. A report of findings and recommendations was provided.

The University of Maryland Eastern Shore (UMES) is a land-grant, historically black college founded in 1886 as the Delaware Conference Academy. Since its beginning, the institution has had several name changes and governing bodies. It was Maryland State College from 1948 until 1970, when it became one of the five campuses that formed the University of Maryland. In 1988, it became a member of the then eleven campus (now thirteen) University of Maryland System, now known as the University System of Maryland. UMES is approved by the state of Maryland and fully accredited by the Middle States Association of Colleges and Schools.

Continue reading

RMA Presents at CSI Week at Meredith College

Posted on 25, Oct | Posted by RMA

Chris Peterson presented Enemies at the Gate – or Are They Already Inside? as part of CSI Week at Meredith College. CSI Week allows students at Meredith to explore career opportunities in law enforcement and related fields. The event is sponsored by the Sociology and Criminology Programs, and the Sociology & Criminology Club (and with the support of Political Science, Accounting, & Social Work).

Other presenters during the week included:

  • Special Agent Jahaira Torrens spoke about Homeland Security Investigations.
  • Cat Flowers, owner of Cat Eye Detective Agency, presented.
  • Police Officer and Social Worker Renea Lockhart spoke about domestic violence and being both an officer and a social worker.
  • U.S. Marshals talked about the work they do tracking down fugitives and other law enforcement activities.
  • Wake Country Prosecutors spoke about their work.
  • RPD Gang Unit talked about their work with gang prevention and dealing with gangs in Raleigh.
  • Crime Scene Analysis, RPD patrol officer, CCBI investigator (the local CSI) and a detective from Raleigh Police talked about how they work and investigate a crime scene.
  • Cary Police Department crime mapping analyst Elise Pierce spoke about her work in the use of Crime Scene mapping to facilitate the work of police in Cary.

Chartered in 1891, Meredith College is one of the largest independent private women’s colleges in the U.S. Meredith also offers coeducational graduate programs in business, education and nutrition, as well as post-baccalaureate certificate programs in pre-health and business, a dietetic internship program, a didactic program in dietetics and a paralegal program. Meredith’s programs – undergraduate and graduate — challenge each individual student to think deeply, push hard, discover new strengths and grow even stronger. Meredith has been cited as one of the “best colleges” in the region and the country by U.S. News & World Report, The Princeton Review and Forbes.com.

Continue reading

Termination Guidelines

Posted on 16, Oct | Posted by Julius Stanley Carroll, CPP, CFE

pink slipTerminations are often a stressful situation, both for the terminated employee and for the individual responsible for conducting the termination. Listed below are some guidelines that could help diffuse volatile situations and make the process run more smoothly.

  1. Always plan the termination. Think it through.
  2. Always have two supervisors/managers present during the termination. The meeting should be cordial and professional but also attempt to accommodate the employee’s feelings and concerns. Regardless of whether the employee becomes angry or upset, do not resort to harsh words or language.
  3. If you feel the termination might become heated, contact security and discuss prior to the termination. If you don’t have a security director, obtain guidance from a company like RMA that has security professionals who have participated in hundreds of outplacements.
  4. If the employee is known to be highly volatile and potentially prone to violence, consider having security present and ensure you have an appropriate plan to respond to those concerns. Provide reason(s) for the termination. However, do not engage in a debate. The decision has been made and arguments should be avoided.
  5. Carefully choose the room to be used for the termination.
    • When possible use a room with two access points.
    • Remove or hide things that can be used as a weapon. Keep the room “clean” (sanitize).
    • The setting should be private. Allow the employee to retain their dignity.
  6. Try to avoid Thursday and Friday as a day for the termination. Monday and Tuesday is better. Select a time during the day when there are fewer employees around.
  7. If offering a separation package, avoid a detailed review of the package at the termination meeting. The employee will likely remember little of that discussion. Do, however, tell the employee that the package is confidential and must not be discussed with others.
  8. If the termination goes as planned:
    • Retrieve all company property i.e. keys, ID badge, monies, etc.
    • Do not let the individual go back to his or her personal workspace but ascertain if the individual has personal belongings such as a purse or medications that you need to retrieve for them. Advise the individual all their personal property will be mailed/shipped to them.
    • Do not let the individual leave the facility and come back into the facility.
    • Walk the individual out of the facility and watch them leave the property but do it in a cordial way.
    • Notify the proper facility managers of the termination so the individual can’t get back into the facility.
    • Have the individual removed from the card access system immediately
  9. If the termination becomes heated, never challenge or argue with the employee.
    • Advise the individual to leave the property. If they don’t comply, call 911.
    • Do nor challenge or argue.
    • Report to HR and Safety/Security immediately.
    • Be prepared to go into lock-down.
Continue reading

Held Hostage by a Dishonest Employee

Posted on 16, Sep | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

power shiftI recently was involved in a case in which a company employee was discovered using a company credit card for personal reasons. This happens occasionally, and one would think that immediately terminating the employee would resolve the issue. But what happens when the employee is the one and only IT person for the company?

Many companies have only one person to manage all of their IT needs. There is nothing wrong with this. Considering that 99.7 percent of U.S. employer firms are a small business (http://www.sba.gov/sites/default/files/FAQ_Sept_2012.pdf), having a sole IT person may be very common. The problem with this situation is the lack of oversight and management of the IT person by company executives and owners. What are the consequences caused by this scenario? How can companies and organizations prevent the backlash experienced when a single person has the “keys to the kingdom”?

This issue can occur in any business with a small IT staff. This particular case involved an employee who had been with the company for eight years. In that time, the employee came to be the only person who dealt with all IT issues. He managed the website, the phone system, the internet service, all servers, all workstation, the data connections for multiple facilities – you get the point. The employee could have brought the company to a standstill for several days if not several weeks, if he had wanted to do so. It was not until deciding that he needed to be fired that someone finally asked the question “What does he do and can we do it without him?” The answer was, “No.”

In this case, the employee was being terminated for cause. What if he had been hit by a bus? The company would still be in the same position. The only option left for the company was to hire someone to come in and inventory the network to help them prepare for the employee’s termination. This involved hundreds of man hours. Fortunately, the transition was successful and the company lost no production time.

There are several steps that can be taken to prevent this from occurring in your business. The person responsible for a company’s IT needs should document everything and provide this documentation to management or ownership in a reviewable format on a regular basis. This document should be considered a living document, and any time there is a network change or system change, the document should be edited to reflect the change. The document should include but not be limited to:

  • A list of service providers and all information needed to contact this service provider for support or changes. This includes the Internet service provider, phone service provider, web hosting company, cell phone provider, cloud services, or any other service provider used by the company.
  • Administrator passwords. These can be sealed in an envelope and/or put in a safe.
  • Device passwords and configuration. Think about firewalls, switches, wireless routers, and other equipment.
  • Software passwords and configurations. The IT administrator may be the only person aware of specialized software used in the office that requires specialized configuration or passwords. Make sure this information is documented and available to company executives.
  • Procedures for backing up and restoring systems.
  • A “What if…” document. This document would include instructions on how to deal with and recover from system outages, power outages, or other unique IT failures.

Depending on your network, the information needed in this document will differ. The best way to determine what you may need to document is to sit back and think of the problems created if your IT person were gone. What questions would you have? The document should answer all of these questions. It is also important to make the person responsible aware that this document is a “Continuity of Operations” document. There are many reasons why an IT employee may not be able to come to work, but their absence should not disable any part of the IT infrastructure.

It is also critical to make sure there are two people on the point-of-contact list with all service providers. The second person on the list should be an owner or executive of the company. If the IT person should be unable to perform his or her duties for any reason, the executive or owner of the company can call the service provider and make necessary changes without jumping through a lot of hoops to gain ownership of the service.

Finally, have a third party review this information at least once a year. That third party could be an outside consultant or even a current employee with knowledge of the network and need for business continuity. An outside consultant has the advantage of being objective when looking at an environment and utilizing their experience to help direct and drive a “Continuity Plan” that will protect the company in the event of any number of unexpected events.

Continue reading

RMA Presents Bring-Your-Own-Device Policies at RTP CFO Forum

Posted on 6, Sep | Posted by RMA

Chris Peterson and http://www.rmasecurity.com/about-rma/team-profiles/russell-w-gilmore/ presented BYOD (Bring Your Own Device): Issues and Implications for Companies at the September RTP CFO Forum. The program discussed security issues and considerations for companies when employees connect personal devices to the company network. What issues need to be considered to accommodate lawsuits, audits, and records requests? How can companies prepare for lost or stolen devices? What steps can and should be taken when terminating employees?

The RTP CFO Forum serves the greater Raleigh, Durham and Chapel Hill region, supporting over 200 senior financial executives. The Forum is designed to provide interactive networking and discussion of technical and strategic topics in an environment created exclusively for senior-level peers. CPE is provided on select topics.

The RTP CFO FORUM is scheduled for the first Friday of every month, from 7:30AM – 9:00AM. Attendance is limited to CFOs or senior financial professionals in similar positions. The RTP CFO Forum is sponsored by Hughes Pittman & Gupton, LLP.

Continue reading

Stealing on the Way Out

Posted on 12, Aug | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

Having to terminate an employee is never easy. To make the process even more difficult, consider the recent survey conducted by Harris Interactive on behalf of Courion which stated that 19% of employees age 18 to 34 would take company data with them if they knew they were about to be fired. Read the full story here.

Depending on the employee’s position at the company, the termination process could be quite cumbersome. Before terminating an employee, it is good to think about their role in the company and what they have access to or control over. Each situation is different and should not be handled in a cookie-cutter fashion. Terminating the IT manager will involve different issues than terminating a sales person.

What steps can you take to minimize risk? Strong policies and procedures are a good starting point. If an employee knows that severe repercussions may result for data theft, he or she may decide against the theft.

As we’ve said before, there are opportunities for companies to preserve data and protect themselves prior to the termination process or as part of the termination procedure itself (When Employees Leave Data Should Stay). When it is evident that an employee must be terminated, steps should be taken to image the computer or devices used by the employee, even if a future computer forensic analysis is not needed. It may even be beneficial to image the computer prior to termination and again after termination. I have often been called to recover data deleted by an employee after they have learned of their impending termination.

As a consultant, I have assisted in a number of terminations, and they are all different. Proper preparation and forethought will not only benefit the company but protect the employee as well.

Continue reading

Security in the Office – A Checklist

Posted on 30, Jul | Posted by Christine L. Peterson, CPP, ISP

  • Comply with and support your company’s safety and security program and regulations, and insist that others do the same.
  • Protect wallets, keys, purses, and other personal valuables on the job. This especially includes smartphones and tablets.
  • Challenge strangers in restricted areas. The best way to approach this is from a helpful perspective, such as “Can I help you?”
  • Do not discuss company affairs off the job.
  • When leaving the office, even for a short period of time, clean up and secure your work space, with special attention to confidential documents. Also provide for the protection of company equipment assigned to you.
  • If you handle money as a part of your job, insist on positive identification before you cash checks, and refuse obviously counterfeit or questionable currency.
  • If you work in a retail establishment or any other business, guard against shoplifting and employee theft within the frameworks of the law. To deter shoplifting, speak to all customers in your area. Be wary of bulky coats, large shopping bags, partially opened umbrellas, and folded newspapers. Know your company’s policy on dealing with shoplifters, and adhere to it.
  • Make certain your employer has clear and adequate guidelines for handling complaints of sexual harassment.
  • Retain security guards, because they provide a substantial deterrent to the criminal’s expectation of success.
Continue reading

NC companies’ secrets at risk, cyber terrorism experts say

Posted on 22, Jul | Posted by RMA

In this day and age, sometimes it is difficult to discern truth from fiction. Greg Baker is an expert in the area of cyber terrorism and a leader in developing public/private relationships that work. In the later years of his career with the FBI, he was the face of InfraGard North Carolina.

InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

We recommend this article on cyber terrorism and data theft. Both Greg Baker and Ryan Johnson provide good insight on the problem and steps that can be taken to lessen the possibility of your company becoming a victim of this costly crime. Take stock in what your company should do to enhance the security surrounding its sensitive and important data. Do some research and don’t be afraid to ask questions. It can be beneficial to have someone from the outside review and analyze the strengths and weaknesses of you company’s network and provide advice on what steps can be taken to secure your company network, systems, and data.

Whether a company works on classified contracts or not they are at risk of cyber terrorism. Most of the time, companies do not even realize that they may be a target. No one wants to find out that their systems have been compromised, but most either have or will be. How does your company address its cyber vulnerabilities?

Read the original article here.

Meat, tobacco, furniture and surgical products are just a few of the North Carolina exports booming in the Chinese market. North Carolina businesses’ secrets are also in high demand overseas, and cyber terrorism experts say many companies are not doing enough to fend off hackers.

Continue reading

RMA Awarded Project for BCBSNC

Posted on 27, Jun | Posted by RMA

RMA will conduct a comprehensive Security Assessment of the Chapel-Hill, Durham and Winston-Salem Campuses of BlueCross and BlueShield of North Carolina. The objective of this project will be to provide a precise and accurate assessment of the threat environment and security profile toward the end of identifying discrepancies or gaps between threat or desired performance and the reality of practice and preparation found in the field. The typical result of this assessment is the formulation of recommendations based on prioritized threats and operational deficiencies that fall within the limits of the client’s budget and ability to make the needed changes.

For generations, Blue Cross and Blue Shield of North Carolina (BCBSNC) has offered its customers high quality health insurance at a competitive price and has led the charge toward better health and health care in our state. BCBSNC is a fully taxed, not-for-profit North Carolina company with headquarters in Chapel Hill and major operations centers in Durham and Winston-Salem. BCBSNC employs more than 4,000 North Carolinians and serves more than 3.7 million customers.

Continue reading

RMA Completes Assessment of Cape Fear Community College

Posted on 14, Jun | Posted by RMA

Cape Fear Community CollegeThe purpose of the assessment was to perform a physical security plan survey, evaluate the security threats at each of the campuses, identify gaps in the current security program, and recommend measures that CFCC should consider going forward to mitigate the probability and criticality of a future security event. Included in this assessment were surveys that were done at each of the three Cape Fear Community College sites located in Wilmington, Castle Hayne, and Burgaw. During these surveys, consultants focused on the security elements of the culture and operation at each of the sites and specifically the elements of physical security, security systems, security operations and the overall security program. In assessing risk at each campus site, RMA evaluated the physical risk to employees, students, and guests, evaluated risks to property, and determined the potential threats to employees and/or property. RMA created a Student and Employee Security Survey to provide valuable intelligence about the culture at the college, gaps in the security program, and gaps in the stakeholders’ understanding of the security program at CFCC.

With over 28,000 students enrolling in classes every year, Cape Fear Community College is the sixth largest community college in the state and is a major economic development partner in southeastern North Carolina. CFCC is dedicated to providing world-class workforce training and quality higher education for the citizens of New Hanover and Pender counties.

CFCC’s main campus is located in historic downtown Wilmington, North Carolina on the banks of the Cape Fear River and a North Campus in northern New Hanover County. The College also offers classes for Pender County residents in Burgaw and Surf City. Day and evening classes are offered at all campuses. CFCC also offers a large number of online classes through an expanding distance education program.

CFCC was founded in 1958 and is accredited by the Commission on Colleges of the Southern Association of Colleges and Schools.

Continue reading