Several landmark ransomware attacks on enterprises in energy and food industries last year remind us that we are living in a world with constant cyber threats. Every industry has now been prompted to reinforce their network security and strengthen their online protections. The security industry is no exception, as cybersecurity is also an on-going challenge for us, too. Here, we would like to offer some basic tips and practices to harden your network and keep your security devices protected. Create strong passwords and change them regularly You have heard it all before – almost every cybersecurity guidebook tells you that you need to create strong passwords. It is indeed a common instruction, but one of the most efficient methods to improve the protection of your network and devices. Passwords are just like lock on your front door, and if they are not strong enough, unwelcome visitors can easily crack them and ‘walk right in’ to your network. Creating strong passwords is a very important first step in the process of hardening the security of your network and devices. For setting strong passwords, the following list provides some good principles to follow: Include numbers, symbols, uppercase letters, and lowercase letters. Passwords should be more than eight characters long. Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relatives or pet names, or biographical information (birthdays, anniversary etc.). Change your passwords on a regular schedule. Set only the firewall rules you actually need A firewall intercepts all communications between you and the Internet, and decides if the information is allowed to pass through to your devices. Most firewalls, by default, will block all traffic both in and out. This is what we call ‘deny all by default.’ In this default state, it is as if your devices are not even connected to the Internet. While this is a very safe state to be in, it is not very useful. So, we must create a set of rules to tell the firewall what we consider safe. Everything else is, by default, considered not safe. As you create rules to allow traffic in and out, you are creating tiny holes in your firewall for the traffic to flow through. The more rules you create in your firewall, the less secure your network becomes. You should only create minimum rules that you need, which can reduce risks of cyber threats through the firewall system. Update your firmware in a timely manner Firmware is the component that enables and controls the functionality of your network devices. It is a software program or set of instructions programmed right onto your network devices. It provides the necessary instructions for how your devices communicate with other computer hardware. Firmware updates are not just for bringing additional new features, but also often provide important security patches. It is recommended that you always use the latest firmware so that you get the best possible security updates and most recent bug fixes. Encrypt your data Another key way to safeguard your network and data includes using encryptions. This is the process of encoding your data in a way that can only be accessed through a corresponding decryption process. Data encryption is encouraged, as it keeps your data privacy safe from unauthorized hands – especially in the event of a data breach. Normally, it is not necessary to encrypt all of your data; you could make an encryption strategy to classify and assess risks of your data. Be sure to choose the right encryption tools for sensitive, non-public, and confidential data. Define clear access permission policies for all users The right users need to have access to the right applications and data for organizations to function. It’s necessary to make clear access permission polices for all users. You need first to define possible users who may access your network and security devices, and then set permission levels for each user to limit unnecessary access privileges and reduce the risk of cyber breaches.  

The subject of safeguarding in schools is challenging. It has an equal effect on teachers, parents, and administrations in addition to having a negative impression on the children. While ensuring school safety is everyone’s duty, schools should periodically remind the appropriate stakeholders of their duties. These days, children spend most of their time in school, thus it is crucial for all parties involved to assure that each student is always safe both on the school property and during daily commutes to and from it. Listed below are a few recommendations that can assist to improve school safety and transform them into safe spaces. Surveillance system As an aspect of their school security system, most schools have CCTV cameras. A school’s security policy requires a little more than installing CCTV cameras in every area of the building to record activity. When deployed exclusively, CCTV cameras cannot guarantee the entire safety of students on the school grounds. However, they can be used in conjunction with the most recent security measures to track the students and raise an alarm when the youngster is in danger. Such approaches assist schools in stepping up their security procedures. Vigilance Each student should be watched while on school property since it helps schools stop them from engaging in any dubious or improper behavior. While CCTVs can be used to keep an eye on student behavior, a smart, sensor-based security system can be quite beneficial. Schools can use real-time tracking to ensure that students are in the right place & time and out of harm’s way. When the system detects an unexpected activity in a pupil, an alarm is sent to security, safeguarding their safety. By emphasizing the value of school safety and security, school management can also teach students to inform the appropriate party of any questionable activity. Fencing the premises Most of the schools, frequently take care of this as well. Schools can make use of technology, which alerts security whenever a legitimate person enters a restricted area using sensors. After their shift, employees are not permitted to enter the classroom or even remain on the property. Students are not allowed to hang out in the building after school hours or disturb other students while they are in class. Any security infringement can be corrected right away. Smart ID Cards Every student in the school is given an identity card because it enables the administration to accurately account for all the members of the school by maintaining attendance. A Smart-ID Card, which has an integrated sensor that helps track moments, modern technologies can be linked with clever algorithms. The teachers can individually mark attendance for each student during his/ her class. The use of such technology can also assist in keeping track of instances when a student is on the school’s campus but not in class. Crisis management team & plan The school administration should form a school safety team. The safety team prepares plans for unforeseen events like fire, natural disasters, and more that could potentially pose a threat to the lives of the occupants. School ID card All the student’s smart id cards should have the names of the parent/ guardian responsible to pick them up after dismissal from the school and to be contacted in case of an emergency. This practice would assist the school in taking care of the students. First-aid The school safety plan includes first aid treatment as well as registration with the nearest hospital to stay prepared for an emergency. In addition to this, school staff, Bus attendants should be trained on basic first aid techniques. Bus lady marshals All the buses must have a lady marshal to look after the safety & well-being of the children. Lady marshals to be provided with a walkie-talkie for smoother communication in case of a mishap. The lady marshal will be responsible for handing over the kid to the parent/ guardian and maintaining the record by scanning the smart ID issued to the parent/ guardian. Fire safety plan The school safety team is responsible to develop a fire safety plan and getting it approved by the police and fire department. In addition to this schools to have necessary firefighting equipment installed in the building such as smoke detectors, automatic water sprinklers, and correct types of fire extinguishers as a backup. Emergency contacts Each classroom shall be equipped with an emergency intercom and should display all the emergency contact numbers to respond to an emergency at the earliest. This could play a major role in saving lives. Inspection There have been cases when the accidents occurred due to ignorance of a threat at a site, for example, potholes on the playground. Inspections play a vital role as they eliminate risks. This routine inspection should cover aspects like damage as well as hygiene. Restrooms Many times, kids get locked in the restroom especially when there is no attendant, periodic checks facilitate in maintaining the mishaps in this scenario. Installing an emergency button, and installation of smoke detectors are just some measures to increase safety levels concerning restrooms. Elevators Lift maintenance should be done periodically as children being stuck in the lift is the most common scenario seen nowadays. Children below the age group 10 years, should not be allowed to board the elevator alone. A lift attendant must be always present, and a glass lift can be installed. Counsellor Mental health of today’s youth is sensitive, to make them feel heard and seen, schools should consider a department dedicated to student-teacher welfare. Fixed timings included in the timetable for an easy approach for students as well as teachers. A lady counsellor to be available and offer advice to help students come out of any trauma if needed. One in three students at Indian schools, according to a report published in February 2022 by the Child Fund Alliance, an international network of 11 child-focused development organizations feels dangerous. According to the findings of a global survey carried out in 41 nations, children in India…

Sergey Ozhegov, CEO, SearchInform Information security expert’s recommendations Each company possesses valuable information assets, which are of high interest for market competitors and other organizations, groups or individuals. In the first company, it may be a VIP-client database, in the second – drawings or technological maps, the third company has created a breakthrough business-strategy, the fourth company possesses crucial financial information. And there is no guarantee for any company or organization, that a spy won’t start operating within it’s framework. The spy may be motivated by plenty of prerequisites, which include, but aren’t limited to – greed, revenge, financial interest, ideological issues. Why employees become corporate spies First of all let’s figure out, which employees may become corporate spies. There are a few categories of employees, which pose the biggest threat for an organization. First category – ‘infiltrator’. In order to ensure, that you won’t be able to unmask him or her for a long time, an employee should be a qualified specialist. Such an expert easily passes interviews, has significant work experience and seems to be a ‘priceless asset’ for a company. That’s why it’s very important to be very attentive to recently hired staff members. Usually, such infiltrators apply for positions, which require work with commercial data or with databases. Case study: the information security department of one company paid special attention to a new sales manager. Vigilance was not in vain. It was revealed, that the manager worked for market competitors and his main aim was to get access to the company’s accounting system. Gaining of such access by the manager may have led to a loss of approximately 215000$ and to a reduction in the number of clients. The second group includes those employees, who start spying because of financial problems. Such employees may had been law-abiding specialists, who began to commit illegal actions only because of financial issues. The third category – risk group employees. This group includes those, who work with critical and top secret data. Thus, such employees may be blackmailed and recruited by your competitors and detractors. Another group – resentful employees. Revenge is in fact one of the most common motives for becoming a corporate spy. Case study: an employee of a large company wanted to take a revenge, as he didn’t get the desired promotion. A resentful employee decided to leak data, revealing very precisely the amount of securities, possessed by each stockholder. The employee intended to transmit the data on securities to mass media. The employee’s actions may have led to the origin and further escalation of a conflict. Such an unpleasant situation would have helped company’s market rivals. However, information security officers revealed the threat just in time and managed to prevent the leak. The damage due to the leak, in case it had happened, would be estimated at $1,241.379. How do spies gather data? There are plenty of ways for employees to steal data: to print it on a paper or save on a device; to take a photo of confidential documents; to deliberately leak data by uploading it to a cloud; to provide third party with the access to database etc. Nevertheless, there are some typical channels for data transmitting, which are the most popular ones for organizing data leaks as well. Thus, they have to be controlled more strictly. According to SearchInform annual research, email stands for the most popular channel for illegal data transmitting, as a bit less than 50% of leaks in 2021 happened via email. So, corporate spies usually take the path of least resistance and don’t create complicated schemes for a data leak. This may be illustrated with a ridiculous case of AMD. AMD’s officials filled the claim against company’s four former top-managers, who lately joined Nvidia. Former employees took away 100.000 files, containing sensitive data on AMD’s business activities. Data volume was so tremendous, that copying of files would have taken too much time. The internal investigation revealed, that one of these employees even googled how to download this tremendous amount of data. He did it during the worktime. Nonetheless, some spies act in a very creative manner. Case study: an infiltrator joined one big manufacturing company. A river flew through the area, where the company’s plant was located, so the spy built a small raft, tied papers to the raft and floated the raft with top-secret documents of the company. How to identify corporate spies Screening check helps to detect spies, who deliberately applied a vacancy in order to leak secrets to competitors. You may test candidate the following ways: By addressing to various bases in order to obtain any mismatches in person’s autobiography; By examination of person’s letter of recommendations; By assessing the results of the interview; By the implementation of the OSINT (open source intelligence) methods. It’s a bit more complicated to identify spies of other categories. Even if a specialist has been working for many years, and no problem has occurred during this period, there isn’t a guarantee, that specific critical circumstances, such as financial problems or willingness of revenge won’t stimulate this employee to commit illegal actions. That’s why it’s important for security services to cooperate permanently with top-managers. If a team isn’t big, then it’s easier to reveal problems by examination of consequential attributes, for example, disproportionate between payment ratio and expenditures or a sudden change in behavior. If the team is quite big, than assistance of special protective software – DLP system – is required. Such systems prevent data leaks. Their functionality enables to trace suspicious messages and other activities, which can indicate employee’s motives. Advanced DLP systems’ functionality also includes behavior analytics (digital profiling, UEBA and other tools). The main advantage of this ‘computer psychologist’ is that it permanently traces behavior changes and that it can’t be treated. Prevention is very important too. It’s crucial to educate your employees in the information security related issues and to present the probable outcomes of a data leak. We also recommend to sign a…

Colonel-B-S-Nagial The world is coping-up with various problems such as document fraud, identity theft, terrorism, cybercrimes etc. There are new global regulations in place to use the emerging technologies. But there is a need to strike a balance between biometrics security tools and adherence to human rights while dealing with terrorism. One of the tools to counter the threat of terrorism is the use of emerging biometrics technology carefully. Biometrics uses a person’s physical features or personality traits like fingerprints, faces, voices, or handwritten signatures to identify and verify the antecedents. Biometric systems offer automatic, almost immediate identification of a person by translating the biometric into the digital form and then collating and verifying it against a computerised database.1 The biometric tools include fingerprints, facial recognition, vein pattern, eyes, iris print, DNA, blood, voice, gait, signature etc. The United Nations Security Council (UNSC) resolutions 2322 (2016) and 2396 (2017) dwell on the use of biometrics for counter-terrorism purposes, particularly in the context of border management and homeland security. Resolution 2322 (2016) calls on the member countries to share information about Foreign Terrorist Fighters (FTFs) and other lone wolf terrorists and terrorist organisations, including biometric and biographic information.2 Further in its resolution 2396 (2017), the UNSC resolves that all member nations will evolve and put in practice various systems to gather biometric data, including fingerprints, photographs, facial recognition, and other appropriate recognising biometric data, to responsibly and adequately identify terrorists, including FTFs, as per the policies on the subject while duly complying with the domestic law as well as international law on human rights. The UNSC also encourages the nations to share this data among other nations and with appropriate worldwide organisations, together with the International Criminal Police Organisation (INTERPOL). While implementing the resolutions passed by the UNSC, various countries have encountered gaps and challenges while using biometric technologies for counter-terrorism operations. Therefore I will reconnoitre tendencies in using these types of technologies in counter-terrorism, main challenges, and guidance developed to safeguard the use of technology for its intended purpose. Various critical trends emerging in biometric technologies Using biometrics in counter-terrorism operations is a fast escalating range of counter-terrorism-related applications for biometric systems, including authentication and verification equipment such as biometric passports (e-passports), biometric smart gates, and passport readers and digital forensics.3 The COVID-19 pandemic posed unprecedented challenges concerning biometrics to facilitate domestic and international travel. The extensive use of masks and fear of transmitting the disease via touch limited the efficacy of traditional credentials checks, including facial recognition and fingerprint scanners. As a result, many countries introduced touchless devices and iris scanners to authenticate identity while masks were worn. Biometrics has become more predominant in detecting offenders, terrorists, and inimical elements in public places, with facial identification systems combined with CCTV video surveillance systems. Technology for identification has also been combined with Unmanned Aircraft Systems (UAS) in a law enforcement and border control scenario, helping control many people by channelling and identifying them. The use of biometrics in counter-terrorism operations is often linked to evolving and using emerging technologies. These techniques are used to identify individuals of interest such as high-definition cameras, matching algorithms, and Artificial Intelligence (AI), occasionally in combination with a linked database e.g., terrorist watchlists. And also use biometrics to protect critical infrastructure sites and facilities and soft targets from terrorist attacks. Biometric technologies may also help stop terrorism financing, facilitating augmentations to know-your-client (KYC) and customer due diligence (CDD) procedures and substitutions to financial institutions’ monitoring and keeping track of associated banking operations. “The world is coping-up with various problems such as document fraud, identity theft, terrorism, cybercrimes etc. There are new global regulations in place to use the emerging technologies. But there is a need to strike a balance between biometrics security tools and adherence to human rights while dealing with terrorism. One of the tools to counter the threat of terrorism is the use of emerging biometrics technology carefully” Many countries have made some progress in introducing biometrics for counter-terrorism purposes. There are strong local trends in this practice. Half of the European countries extensively use biometrics, but only a few countries have put it into practice in the Middle East region. In Africa, only fifty per cent of countries are using biometrics systems. How biometric technologies are used for counter-terrorism could be summarised as under: Countries are intensifying the array of physical spaces, from border crossings to public spaces and digital spaces, across social media, biometric data is being validated. Countries use state-of-the-art technologies to capture, collect, process, and analyse biometric data to Counter-Terrorism. Many government officials such as intelligence agencies, national and local police forces, border guards, immigration officers and some private-sector actors e.g., contractors and suppliers, have been authorised to use biometric data. Some nations have taken initiatives to hasten the sharing of biometric data as part of counter-terrorism collaboration and sharing of information methods. Countries have more developed terrorist watch lists and databases linked with biometric databases, with biometric checks against INTERPOL notices and databases to recognise and spot inimical elements and terrorists. “Many countries have made some progress in introducing biometrics for counter-terrorism purposes. There are strong local trends in this practice. Half of the European countries extensively use biometrics, but only a few countries have put it into practice in the Middle East region. In Africa, only fifty per cent of countries are using biometrics systems” Challenges concerning the optimal use of biometric technologies in counter-terrorism could be summarised as under: Technologies has shortcomings and restrictions. Inadequate capabilities. Inadequate legal and administrative contexts. Due to an oversight of safeguarding the privacy and data duration of the data retention period. Strengthening of prevailing inequalities and disparities. Likely misappropriation of freedom rights of religion, expression, and association. Restrictions on distribution of biometric data and information to others. Non-availability of efficient solutions in the event of violations. There is a risk of scams and misuse of biometric information. Though biometric technology has notably advanced its precision and steadfastness, technological shortfalls…