Subscribe to

Blogs

Mission 500 Security Softball Game raises more than $40k

 - 
Wednesday, September 18, 2019

It probably wasn’t the best idea for me — physically speaking, that is — to try and play 7 innings (no snickering!) of softball this past Sunday in support of the Mission 500 Security Softball Game, held on a beautiful day in Overpeck Park, New Jersey.


That realization was driven home (no pun intended) late in the game when I had to score all the way from first base, which is tougher than it sounds (again, no snickering). As I high-fived my teammates and gasped for air entering the dugout, I promised that if I survived I would write about how rewarding it was to help support such a great organization as Mission 500, which organized another successful charity event to help families and children in need.

All told, more than $41,000 was raised and 400 children living in severe poverty in the South Bronx received backpacks filled with school supplies. The backpacks were assembled over the course of the day, with the opportunity to include a note of encouragement and inspiration to the children who would be receiving these backpacks. One of the things I wrote, “don’t be afraid to dream big,” for me speaks to the goal of Mission 500 — to help level the playing field for those who are less fortunate.
 
The day before, security industry executives also volunteered with Habitat for Humanity Paterson, framing walls and pouring concrete for two families in need as part of a community build project.

In addition, $2,500 was donated to the New York Firefighters Burn Center Foundation Children’s Camp, a non-for-profit dedicated to the advancement of burn care, research, prevention, education, and the proper treatment of burns. This organization sends burn victims under the age of 18 to a camp where they can come together and put their scars aside, while having fun at summer camp. Mission 500said it is “proud to support the camp for a third year in a row.”

Tom Nolan, Mission 500’s Director Strategic Partnerships, told me during the day that he was “very pleased” with the turnout for the Habitat for Humanity build and the charity softball game, and was excited about the number of people already committed to participating in the Mission 500 Service Trip to Puerto Rico, Oct. 9-13.

Security industry professionals looking to support Mission 500 can help by joining or making a donation towards this year’s service trip to Puerto Rico, volunteering to help with the Security 5K/2K at ISC West 2020, participating in a teambuilding event with their colleagues or customers, or by making financial donations.

At the charity softball game this past Sunday, American Security was the sponsor that raised the most funds, and was joined by the following sponsors for the event: Alarm Shield, Altronix, American Security, Anixter, Assa Abloy, Axis Communications, Beacon Protection, Criticom Monitoring Services, Dahua USA, DMP, ESA New Jersey Chapter, Hikvision USA, ISC Events, Ken Gould Consulting, Lensec, LRG Marketing, M2M Services, Napco StarLink, NYFAA, Rapid Response, ScanSource, Security Sales & Integration, Security Systems News, Security Today and Statewide Monitoring.

It was great to support and be a part of such a great day of giving back and having some fun. Not to gloat, but my team, the Protection Pirates, won 21-16, over the Security Sluggers, in a hard-fought game that ended in hand shakes and smiles, and personally speaking, a few scrapes, bruises and sore muscles.

Hope to see you all on the field next year! Click here for more on Mission 500.

The debate continues: do video doorbells invade privacy?

 - 
Wednesday, September 18, 2019

As a security journalist, I hate to admit that I’m a bit torn on the whole privacy vs. security of video doorbells and whether it’s unethical or not. I mean, I should take a stand, right? Either I support video doorbells or I don’t but, I really do see both sides of this hot debate. 

Here’s an example: My mom lives alone and is a very spry 73-year-old who is quite capable of looking through the peephole of her door to see who’s knocking on it. However, should someone cover her peephole, having a video doorbell, enabling her to see exactly who is at her door before she opens it, and record them, especially if they plan on causing some type of harm, I see is a must. 

But at the same time, let’s say a Girl Scout or Boy Scout rang my mom’s doorbell to sell cookies or popcorn. In my opinion, recording them, or any child for that matter, is very unethical and a huge invasion of privacy, unless, of course, the parents know and give permission. 

To my knowledge there isn’t a video doorbell (yet) that can – with 100 percent accuracy – distinguish between adults who intend to do harmful acts and children. At this point, it just seems video doorbells are an all-or-nothing device that are causing some major disruption.  

A recent ABC news story highlighted attorney, David Barnett, who specializes in privacy law. Barnett suggested letting people know they are under surveillance if using a video doorbell, and take into consideration that these cameras are aimed at property, with the expectation that places such as backyards, windows and bathrooms are private. But, even if the camera is aimed at the front of a home and let’s say children are outside playing in the camera’s recording range, recording them is wrong and what if that camera got hacked? Hackers would then be able to see those children. 

There are also the terms of service of the video doorbell manufacturers that puts a lot of the responsibility on the person installing the device. Ring’s, for example, says, “Privacy and other laws applicable in your jurisdiction may impose certain responsibilities on you and your use of the Products and Services. You agree that it is your responsibility, and not the responsibility of Ring, to ensure that you comply with any applicable laws …” (I’m quite sure people aren’t allowed to point cameras at public streets or into their neighbor’s yards, for example, which if done, can lead to privacy invasion, but where is the responsibility of the manufacturers of these products?)

Then, of course, there’s apps being connected to these video doorbells. Not to pick on Ring, but its new app, Neighbors – where most posts are captured videos – could expose people to a whole new level of privacy invasion, taking the old-school “nosey neighbor” to the extreme. Again, in Ring’s terms of service, it says: “You are solely responsible for all Content that you upload, post, email, transmit or otherwise disseminate using, or in connection with, the Products or Services …” And, again, I ask, shouldn’t the manufacturers of video doorbells take on at least some of the responsibility?

Overall, this topic is a tough one, filled with “ifs, ands and buts,” amazing use cases where lives were saved and the possibility of privacy invasion. This makes me want to subscribe to the old-school method of using the peephole, and if it’s covered, asking “who’s there,” and if there’s no answer, not answering the door. 

What are your thoughts on video doorbells and privacy? Let’s talk about it on Twitter @SSN_Ginger or email me directly at [email protected]

ADT continues its growth spurt

 - 
Wednesday, September 11, 2019

There’s been a lot of activity with ADT Commerical lately and it looks like the commercial side of business continues to grow organically and through acquisition. ADT Commerical recently acquired Design Systems Group and purchased Systems Group and Fusion Fire Protection to further broaden its commercial presence. In fact, ADT's commerial side of the business now accounts for nearly $1 billion in revenue.

Here’s a little bit about each of the acquired companies and what each company’s president has to say about the acquisition.

Systems Group is headquartered in Denver and provides commercial fire alarm detection, installation, inspection and maintenance services in Colorado. It was founded in 2004 and specializes in installation and service of integrated fire alarm, fire sprinkler, distributed antenna systems (DAS) and mass notification systems. 

“The team here at Systems Group has built a company admired and respected by the industry and customers alike,” John Ballman, Systems Group president said in the announcement. “Becoming a part of the ADT Commercial organization takes us to a higher level, both in terms of delivering for clients, and further achieving professional status for our employees.”

Fusion Fire Protection is headquartered in Hanover, Md. and serves the fire sprinkler systems needs of customers in Baltimore, Washington, D.C., and Northern Virginia. Established in 2015, in its short run, the company has earned the respect and loyalty of commercial customers. 

“Aligning with ADT Commercial reinforces our customer-centric commitment by strengthening and expanding our ability to deliver the most advanced technologies while still maintaining our agility and responsiveness,” Joe Roberts, Fusion Fire partner and president, said. 

Both companies are staffed by NICET-certified professionals enabling them to assist customers with design, project management, system installation, and testing, service and maintenance. 

“Systems Group in Denver and Fusion Fire Protection in Maryland represent the very best of the best in the fire alarm, fire sprinkler, and life safety arena, and illustrate our consistent dedication to best serve the needs of our mid-market, national and large-scale commercial customers,” Dan Bresingham, executive vice president, ADT Commercial, expressed.

Existing customers of both Systems Groups and Fusion Fire Protection will continue to work with the same people they know and trust to manage their accounts, now with ADT Commercial’s added resources and reach. 

“The addition of these tenured, well-trained professional teams furthers our aim of offering an advanced suite of end-to-end solutions for security, life safety and fire,” Michael McWilliams, senior vice president field operations, ADT Commercial said. “Backed by the strength of a nationally recognized organization, these teams will be empowered by local leadership, and will continue to provide the level of service expected by their customers.”  

I wonder what ADT’s next move will be? Rest assured that you will be the first to know as I keep my eyes and ears open and on the pulse of this company.

 

From the mouth of a director of safety and security at a U.S. school district

 - 
Wednesday, September 11, 2019

I just completed an article about perimeter school security, “The undogging debacle: perimeter security in a school environment,” in which I had the opportunity to speak with a director of safety and security for a school district, who also has a 14-year background at the local police department, most recently of which was supervisor for the School Resource Officer Unit. He told me something that really opened my eyes and I think that all security professionals involved in the school security niche need to hear. 

Here’s the question I asked: “If you could pick only one security measure that all school environments must have, what would that be and why?” 

The response: “If you limit me to just one security measure, I would have to say it would be hiring the right people, and training them properly in school safety and security,” Mike Johnson, director of safety and security at Rock Hill Schools, said.  

Read that again … limited to ONE security measure, he relies on people, but not just any people, though, trained people, not equipment or services. 

“The people we have in critical places, from administrators and teachers to support staff, are the biggest asset and the strongest point of any safety and security program,” Johnson continued. “Without quality people who are versed in safety and security, we would have nothing.”

Of course, without equipment or services, school security would be impossible in our modern day of school shootings, cyber-attacks, physical breaches, etc.; however, the key to it all is training. Equipment and service users, the people, must be properly trained to use the equipment and services to effectively and efficiently achieve their security goals. Any school could have the latest and greatest security equipment and services deployed, but if it’s not being used properly or even at all, then, really, what’s the point? 

“All the best products in the world are worthless if you don’t have the right people, who are properly trained, using them,” Johnson said. 

So, security professionals, I ask you, “Who is responsible for this training?” I would hope that every security professional, whether an integrator, consultant, sales person, manufacturer, etc., answered with, “I am responsible.” 

I would love to hear your feedback! Please comment here, over on Twitter @SSN_Ginger or email me directly

 

Global smart home market still growing

 - 
Wednesday, September 4, 2019

The global smart home market is forecast to grow by nearly a factor of five to reach more than $192 billion in 2023, up from $41 billion In 2018, according to the latest Smart Home Device Database from IHS Markit.

The research firm noted that the United States led all countries in 2018, representing about 35 percent of global market revenue. China was second, accounting for an 18 percent share.


The fastest-growing device types in the market include lighting, smart speakers and connected major home appliances, according to Blake Kozak, principal analyst for IHS.

“The brilliance of the smart home is that it can be molded to suit the requirements of any kind of consumer, from the strictest demands of power users to the simplest automation needs of dabblers,” said Kozak. “Irrespective of consumer tech-savviness, the smart-home market has bourgeoned into a consumer technology heavyweight, eager to move beyond the basics of security and single-family homes and into uncharted opportunities. However, these uncharted opportunities are coming with concerns about privacy and the technology’s readiness for primetime. The remainder of 2019 and start of 2020 will be a pivotal time for the smart-home market as companies and service providers fine-tune their strategies and reposition to compete with the smart home juggernauts — as well as newcomers looking to upend the status quo.”

Smart-home companies look to future opportunities

Kozak pointed out that companies looking to make waves in the smart home market include IKEA and newcomers such as Wyze, which offer ultra-low-cost devices.

He added that major players also will make pivotal strategy changes to enhance their competitiveness, with examples including Google, which recently ended its  “Works with Nest” program. In another example, he pointed to Amazon Alexa, which achieved compliance with the Health Insurance Portability and Accountability Act (HIPPA).

“For its part, Ring is launching into the small-medium businesses (SMB) segment,” said Kozak. “Comcast will focus on its Xfinity platform and hone its strategy around content deployment. Meanwhile, Centrica, which offers the Hive smart home, plans to focus its platform on energy and services.

Software, analytics and partnerships

A brief hiatus in hardware development has prompted smart-home companies to make advancements with software, analytics and acquisitions/partnerships, according to IHS. However, Kozak noted that another hardware push is set to arrive soon, with the arrival of new smart speakers from Google, Apple and Samsung as well as offerings for insurance companies and apartment complexes.

US smart-home penetration rises, despite privacy concerns

Although the U.S. smart-home penetration exceeded 38 percent in 2018, IHS said the market’s further progress could be impeded by privacy concerns, which is why IHS is advising technology providers to take steps to alleviate consumer apprehension.

“Rapid innovation often breeds speculation and mistrust,” Kozak said. “Because of that, smart-home companies should be as transparent as possible regarding data usage. They also should focus on edge-based processing, which reduces the need for cloud-based computing systems that send private data over the internet. The smart home should also make greater efforts to comply with standards and regulations for sectors such as security, healthcare and senior care. By having more standards and regulations in place, innovation in the smart home will be less a source of anxiety for consumers and instead become a cause for optimism and a fulcrum for peace-of-mind.”

The IHS Markit Smart Home Device Database assesses the market for smart home devices including unit shipments, installed base, housing type, route to market, system type, connectivity type, network controller, country/sub-region and market shares.

Phishing, smishing and vishing: what do they mean and how to protect yourself

 - 
Wednesday, September 4, 2019

I have a special affinity toward cybersecurity, probably because I’ve witnessed it grow from not even being a word, much less a concept to indoctrinating itself into society on a second by second basis. People must be alert, knowledgeable and actionable in order to stay safe from cybercriminals, and thankfully, there are various organizations available to help. 

During August, I attended the National Cyber Security Alliance and Infosec webinar that explored the cyber threats phishing, smishing and vishing, and offered steps of protection. Daniel Eliot, director of education and strategic initiatives, National Cyber Security Alliance moderated as Tiffany Schoenike, chief operating officer, National Cyber Security Alliance and Lisa Plaggemier, chief evangelist, Infosec took center stage.

“At their core, phish are just tools criminals use for social engineering, which is the use of deception to manipulate individuals into doing something they wouldn’t normally,” Plaggemier explained during the webinar. “Thieves are generally after two things: money and things they can turn into money, and over three billion phishes are sent every single day” to try and gain access to private information, engage with people to develop trust, present links that download malware when clicked, modify data, etc.

Here’s some common types of phish you need to know about: 

  • Spear phishing: a targeted attack that usually involves cybercriminals gathering intel to use to send emails that appear to be from a known or trusted sender.
  • Whaling: attacks that target senior-level employees. 
  • Credential harvesting: an attack that allows unauthorized access to usernames and/or emails with corresponding passwords. 

To identify phishes, Plaggemier said to look for things such as spoofed sender addresses that may be off by a letter or two; misspelled words and bad grammar; strange URLs; the use of scare tactics; buzzwords such as cool job offers and last but not least, use your own senses. If you feel something isn’t right, you’re probably correct. 

With smishing, the cybercriminal uses text or SMS messaging to try and trick people into giving out private information while vishing uses the phone via a call. 

To protect yourself and your organization against phishing, smishing and vishing, consider the following: 

  • Enable strong authentication.
  • Think before you share personal information. 
  • Never give personal information over the phone. 
  • Use unique and the longest passphrases possible as passwords
  • Keep your computer system and smartphone’s software updated. 
  • Only download apps from trusted sources. 
  • Train employees. 
  • Establish, maintain, use and enforce policies and procedures. 
  • Report all phishing incidents to DHS Cybersecurity and Infrastructure Security Agency and the Federal Trade Commission

For more information on how small and medium-sized businesses can be safer and more secure online, visit National Cyber Security Alliance’s national program, CyberSecure My Business, which consists of in-person, interactive workshops, monthly webinars, an online portal of resources and monthly newsletters that summarize the latest cybersecurity news.

Why seeing a star on your driver’s license is a good thing

 - 
Friday, August 23, 2019

I remember in elementary school those little gold, silver, red, green and blue foil star stickers the teacher would put at the top of my paper, each color reflecting my grade: gold for the perfect score of 100; silver for 90s; blue for 80s; and green for 70s. If I saw a red star, just forget it, because that meant redoing the whole assignment, usually DURING recess, or when I got home from school DURING my favorite TV shows — Woody Wood Pecker, Tom & Jerry and Heathcliff. 

Let’s see if you pass the star test or if you’ll be caught at your local Department of Motor Vehicles during your recess, what we adults commonly call our lunch break! Take out your driver’s license. Does it have a black or gold star on it? If so, you passed and your lunch break is safe. If not, looks like a trip to your state’s Department of Motor Vehicles (DMV) is in your future if you plan on using your driver’s license to fly. 

Back in 2005, Congress passed the Real ID Act, designed to ensure that people boarding a flight or entering a federal building are exactly who they claim to be in all U.S. states and territories including Puerto Rico, Guam, Northern Mariana Islands and U.S. Virgin Islands. Now, 14 years later, all states and territories are compliant or have an extension (Maine, New Jersey, Oklahoma and Oregon are extended until Oct. 10, 2019) and are awaiting each and every citizen over the age of 18 to pay a visit to their local DMVs. 

Technically you have until October 1, 2020 to get your star, but as busy security professionals, 13 months will pass faster than a hot knife through butter! (That’s Texan for “quickly.”)  So, here are some strategies and tips to make the process as painless as possible: 

Decide if you even need a Real ID. If you want to fly with only your state-issued ID, don’t have a passport or other TSA-approved ID or need to visit a security federal facility, such as a military base, then yes, you do need a Real ID. 

If you only need your state-issued ID for identification purposes, don’t mind bringing a TSA-approved ID, like a passport, starting October 1, 2020, or are under age 18, then no, you do NOT need a Real ID. 

Physically go to a DMV office. Be sure to bring along identification documents such as a birth certificate and passport. Some states are requiring up to four pieces of identification, so be sure to check your state’s requirements BEFORE standing in that long line, finally arriving at the clerk’s desk after a five hour wait (that’s the typical wait time in Texas) just to be turned away to go back home, retrieve said documents and then wait another five hours in line! (As “they” say, “Everything’s bigger in Texas;” I guess that includes these lines, too!)

  • Tip #1: To be on the safe side, at the very least, bring proof of identity, social security number and residency, proof of name change (if applicable) and of course, money (a fee is involved).
  • Tip #2: I would suggest bringing cash and/or check in case your DMV doesn’t accept credit cards or charges a fee. It looks like North Carolina is the cheapest at $13.00 and Massachusetts is the highest at $85.00. Check your particular state’s DMV website for the fee schedule. 
  • Tip #3: If your state allows it, make an appointment to visit your DMV. This will cut back on wait time and frustration. 

 

I wish you well on your endeavor to obtain your star!

 

 

Is in-home delivery driving security spending?

 - 
Friday, August 23, 2019

Anyone who has fallen victim to the dreaded “porch pirates” can understand why the current smart home trend of in-home delivery of packages continues to catch on. Nothing sucks more than having video footage — from a video doorbell or camera — of someone grabbing your goods off your stoop and having no power to do anything about it. 

It is this convergence of technology and convenience that is driving interest in, and spending on, security. In fact, nearly half of consumers who currently own or intend to buy a smart door lock, a smart garage door opener or video doorbell value the ability to remotely allow Amazon package deliveries, according to new research from Parks Associates, an internationally recognized market research and consulting company specializing in emerging consumer technology products and services.

“Battle for the Front Door: The Access Control Ecosystem” reports that one-third of owners or future buyers rate this capability as very valuable, with 37 percent of smart access control device owners or intenders willing to pay up to $1.98 per package for delivery inside their home or garage.

“The growth of online shopping from sites like Amazon and Walmart has led to an increasing problem of package theft but has also created a new use case for the smart home,” Chris O’Dell, research associate, Parks Associates, said in the announcement. “As consumers increasingly rely on home package delivery, and look for ways to make this process more secure, they have a greater awareness of access control devices like video doorbells, smart door locks and smart garage door openers.”

The prospect of package theft creates opportunity for smart home device manufacturers and service providers to boost consumer confidence by guaranteeing safe package delivery with in-home and in-garage delivery services. Amazon’s 2019 partnership with Chamberlain highlights this potential. Among consumers who own or plan to buy a smart door lock, a smart garage door opener or video doorbell, 43 percent find the ability for FedEx or UPS to perform in-garage delivery to be valuable.

“Enabling home services will ultimately drive adoption of access control devices by expanding their value to consumers,” O’Dell said. “Traditional garage door openers typically have a lifecycle of 10 or more years, so companies need a strong and unique value proposition with smart garage door openers in order to expedite growth in the market. The promise of safe package delivery, combined with partnerships that incent purchase and ease installation concerns, can be that driver.”

Found in the report is an assessment of the access control ecosystem, profiles of key players in each device category and evaluations of home services strategies. It also includes five-year forecasts of smart door lock, video doorbell and smart garage door opener adoption. For example, one-quarter of U.S. broadband households plan to purchase a video doorbell in the next year.

SIA provides analysis of rules related to NDAA

 - 
Wednesday, August 21, 2019

If you’re part of the security industry, there’s little doubt you haven’t heard about the Federal Acquisition Regulation (FAR) rule announced last week that started the ball rolling on the prohibition to procure certain Chinese telecommunications and video surveillance equipment. The key word here is “certain,” meaning not all equipment is part of the rule, and security contractors are left scrambling trying to figure out exactly what to do.

The Security Industry Association (SIA) jumped into action and released a preliminary analysis of the rule that focuses specifically on the video surveillance equipment and services covered. SIA also stated that they will update the analysis with additional insight and information as needed, and the association will host a webinar tomorrow, August 22 at 1pm ET to brief members on its analysis of the NDAA prohibition and acquisition rules.

According to SIA’s analysis, security contractors need to understand the following:

Remember the effective date, August 13, 2019. Why is this so important? Because all solicitations, contracts and contract awards issued on or after this date will include clauses prohibiting procurement of covered equipment and services.

Disclosure requirements for new contracts. Beginning on the effective date, all offerors must provide self-certification as to whether ANY of their offerings to the federal government include covered equipment or services. This also extends to subcontractors.

Reporting requirements. Beginning on the effective date, contractors and subcontractors are required to report any covered equipment, system or services provided and discovered during contract performance within one day of discovery. In addition, within 10 days, the contractor must explain mitigation actions taken or recommended.

Scope of prohibition. Extends to purchases below the minimum purchasing threshold (up to $10,000 in 2019), regardless of the commercial-off-the-shelf (COTS) waiver.

Government-only waivers. Contractors and companies cannot obtain waivers; they are only available for government entities.

Tailored approach to collected information. GSA has issued its tailored implementation rules.

For more detailed information about NDAA and FAR, including a answers to frequently asked questions relating to the ban, please check out SIA’s full analysis here, and attend SIA’s webinar.

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

Pages