COVID-19 has encouraged fast-paced innovation and new approaches to property management
Smart buildings and smarter security
Building managers are utilizing smart technology to help with occupancy challenges while constantly re-evaluating security policies to deal with a new reality.
By Alanna Fairey
Meeting the cyberskills challenge
Many security professionals begin their careers with a focus on the physical. Honing cyberskills can help take your career to the next level.
By Josh Darby MacLellan
The rules of WFH
With so many office workers swapping their workstations for kitchen tables, security professionals can offer much needed guidance and support.
By Thomas R. Stutler
The power of personal branding
Taking charge of your virtual identity can help you communicate professionalism and effectively build your network.
By Suzanna Alsayed
Patriot One adapts tech for fight against pandemic
AToronto-based technology company is using its threat detection and weapons detection expertise to help detect potential COVID-19 carriers, in some cases in the very early stages of infection.
Patriot One Technologies is pairing its PATSCAN AI software with off-the-shelf thermal cameras to scan for elevated body temperature — a logical extension of what the software was designed to do, says Martin Cronin, CEO and director, Patriot One, which is to detect anomalies. “It was a fairly short stretch for us. We’ve been working with thermal cameras anyway for weapons detection — detecting a cold weapon on a warm body — so we had a good understanding of thermal cameras,” he explains.
Prior to the pandemic, Patriot One was in the test phase for its detection tools with several clients, including sports facilities and event centres. While venues
that rely on mass gatherings haven’t been able to operate in recent months due to the pandemic, they are very much in preparation mode, says Cronin.
“Although they’re shut down, they are looking at how do they reopen and what does the security architecture look like? Obviously, they are also looking at the health and safety aspect of screening for fever, etc. Our health and safety
modules are elevated body temperature detection and mask detection combined, so there is interest from those kinds of event centres.”
Patriot One is also working directly with health-care facilities to help them identify the risk of COVID-19 infections earlier. The company’s B.C.-based Xtract. ai division is collaborating with Amazon Web Services, Vancouver General Hospital, the University of British Columbia (UBC), and SapienML to help radiologists analyze data generated from CT and X-ray scans. The thinking is that the lungs may provide early indicators that the onset of the virus is imminent.
“I think the world is waking up finally to the notion of investing in technologies for preparedness and viral threats,” says Cronin. “We intend to be a key part of that.”
—Neil Sutton
Study: remote workers taking some liberties with IT policies at home
Anew study indicates that most erstwhile office workers, now working from home during the pandemic, take their organization’s cybersecurity policies to heart, but that doesn’t mean they’re following all the rules.
A Trend Micro study called “Head in the Clouds,” based on interviews with 13,200 remote workers across 27 nations, indicates that almost three-quarters (72 per cent) are “more conscious” of their organization’s cybersecurity requirements during lockdown.
Among the other encouraging results:
• 85 per cent claim they take instructions from their IT team seriously
• 81 per cent agree that the cybersecurity of their organization is partly their responsibility
However, according to the study, respect for the rules does not always indicate that they are going to be followed to the letter of the law.
Blurring the lines between work and personal
Four out of five (80 per cent) survey respondents say they use work laptops for personal browsing and two out of five (39 per cent) express that they use a personal device to access corporate data.
For many workers, convenience trumps IT policies, as one out of three respondents (34 per cent) indicate they don’t consider whether the apps they
use are approved by IT or not, as long as the work gets done.
“There are a great number of individual differences across the workforce,” said Linda K. Kaye, a cyber-psychology academic at U.K.based Edge Hill University in a statement published by Trend Micro. “This can include individual employee’s values, accountability within their organization, as well as aspects of their personality, all of which are important factors which drive people’s behaviours. To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organizations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”
September 1-3, 2020 IAHSS Annual Conference and Exhibition Online www.iahss.org
September 21-25, 2020 GSX+ Online www.gsx.org
October 1, 2020
Canadian Security Honours Online www.canadiansecuritymag.com/ virtual-events
October 5-7, 2020 ISC West Online www.iscwest.com
October 7-8, 2020
Ontario Disaster and Emergency Management Conference Online www.demcon.ca
October 20-21, 2020 Sector Online www.sector.ca
October 21, 2020 Focus on Cannabis Security Online www.canadiansecuritymag.com/ virtual-events
October 21-22, 2020
Securing New Ground Online sng.securityindustry.org
November 16-18, 2020 (ISC)² Security Congress Online www.isc2.org/Congress
November 18-19, 2020
ISC East
New York, N.Y. www.isceast.com
December 2-4, 2020
PM Expo Toronto, Ont. www.pmexpo.com
Knightscope finds investment opportunity in Canada
In 2013, in the aftermath of the Sandy Hook elementary school shooting and the Boston Marathon bombing, William Santana Li and Stacy Stephens began to brainstorm ways to help law enforcement and security officers be safer and aggregate data in a way that was going to give them better situational awareness.
“After [Sandy Hook and the Boston Marathon], people were literally running around trying to figure out as much information as possible, but there was no one place to go to try to distill that information,” said Stephens, a former police officer, in a recent interview with Canadian Security. “That got us to thinking how we provide more intelligent eyes and ears for people in public safety.”
“We were constantly getting notes from companies up north who wanted to invest,” Stephens said. “We never had an avenue to do that.”
In May, Knightscope announced that it is able to accept investments in support of the company’s Regulation A+ Offering from Canadian investors through FrontFundr.
According to FrontFundr founder and CEO Peter-Paul Van Hoeken, the relationship between the two companies was established two years earlier.
The concept of robots as a security solution came up in a conversation between Santana Li and Stephens when discussing the aftermath of those terrible events.
One month later, the company had its first robot, which would inspire their signature line of security robots, and Silicon Valley, Calif.-based Knightscope Inc. was born with Santana Li and Stephens as co-founders.
According to Stephens, the purpose of the robot is to create a platform that can place different types of sensing technologies and capabilities to then report back to a security operations centre.
The security robots are applicable to anyone in the U.S. with a physical security program in a commercial application.
Having raised capital in the U.S. under Regulation A+, a type of offering which allows private companies to raise up to $50 million from the public, Stephens shared that Knightscope did not have the ability to do that in Canada.
“Knightscope called us and they wanted to essentially maximize their investor outreach and open up their investment opportunity for as many investors as they can in Canada, and that’s where we came in,” said Van Hoeken.
“We brought them on our platform, then we support them as we opened them up to Canadian investors and to all investors or creditors, and smaller retail investors.”
The Regulation A+ Offering closed on July 20.
Stephens also said that while Knightscope is currently only selling in the U.S. market, the company would consider exporting their security robots internationally as a secondary market.
Believing that the move to Canada is a natural fit for the company, Stephens said that the opportunity to invest up north would be a significant one.
“The need to provide public safety in both Canada and the U.S. is very similar,” Stephens concluded. “It’s not just your next social media app, it actually has meaning and purpose to it. The goal is just to make people safer.”
— Alanna Fairey
Ontario’s new privacy commissioner takes on COVID-19 challenges
In many ways, the abilities of security professionals are being tested in remarkable ways by the COVID-19 pandemic. Whether it’s resource allocation, emergency response, safety protocols or other measures, they have been required to look at them through a new lens.
It’s in this challenging environment that Patricia Kosseim recently began her role as Ontario’s Information and Privacy Commissioner (IPC), taking over from Brian Beamish, who departed after his five-year term.
“In this time of global turmoil and change, upholding privacy and access rights is more important than ever,” states Kosseim in her welcome message, published on the IPC office’s blog on July 2, her first official day.
“The health, social and economic upheavals we are currently facing continue to test our sense of normalcy, posing some of the toughest privacy and accountability challenges yet.”
A career in privacy
Kosseim was counsel for the privacy and data management group at Toronto law firm Osler before accepting the commissioner role, and before that served as director general and senior general counsel in the Federal Privacy Commissioner’s Office in Ottawa.
Her legal career began in Quebec at the same time as the province was adopting the Private Sector Act which, in 1993, became the first private-sector privacy law in Canada. “[That] was my introduction to the field, particularly to guiding and educating organizations on these new privacy obligations, which were, in fact, quite novel for many organizations at the time,” says Kosseim, who spoke to Canadian Security during her first week as commissioner.
Kosseim’s career has also intersected with the health-care field — prior to her time in the federal privacy office, she
led the ethics office for the Canadian Institutes of Health Research in Ottawa.
“There, amongst other national ethics guidelines and issues we dealt with, was the secondary use of personal health information for health research purposes and public health, which is very germane to the current context we’re living in,” says Kosseim.
Testing the boundaries
Kosseim says that privacy laws in Canada (and elsewhere) account for public health emergencies such as the COVID-19 pandemic and may allow for some flex when public health interests are at stake.
“I can certainly say that so far, we’ve seen those boundaries tested in several ways, as you can anticipate,” she says. “In many privacy laws, there is the opportunity to collect, share or disclose information where the public interest outweighs privacy concerns. So how you weigh and balance those countervailing values in a context such as this — which is so unprecedented — is certainly one of the issues we’re seeing right now.”
Kosseim says that her office is reviewing a voluntary COVID-19 exposure notification app, which uses non-identifiable information to let users know if they’ve been in contact
with someone who has tested positive for COVID-19. The app was originally due to launch in Ontario in early July before rolling out to other provinces but was recently delayed for further development. “Ontario is first out of the gate; my staff is being consulted by the Ontario government officials,” she says.
At press time, the app was still in a test phase with a launch possibly imminent.
Kosseim’s welcome letter also explores the recent expansion of the IPC office’s powers, allowing for potential punitive action in breach cases where personal health-care data is compromised.
“One of the things that excites me about this new mandate is to assume the position at a time when there’s been some very thoughtful reform initiatives in recent years,” she explains, “including some very recent changes to the Personal Health Information Protection Act in Ontario, that introduces, among other things, administrative monetary penalties for actors that breach the privacy laws and privacy obligations in particularly egregious cases.”
Kosseim has published three more blog posts in her first month as the province’s privacy commissioner. One, dated July 23, is a reminder that privacy policies are as relevant today in the home as they are in public spaces, given the number of Canadians who have swapped their office spaces for hastily arranged home-working situations.
“As the province begins to reopen and remote working conditions continue to evolve, let’s keep the conversation going, so organizations and their staff know how to mitigate risks to access, privacy and security even from home,” writes Kosseim.
A Privacy Fact Sheet with guidelines addressing the current workfrom-home situation is available on the IPC website (www.ipc.on.ca).
— Neil Sutton
Patricia Kosseim began her five-year term as Ontario’s Information and Privacy Commissioner in July.
Commissionaires offers a complete suite of services including threat-risk assessments, guarding, mobile patrol, digital fingerprinting and cyber security solutions.
A virtual GSX+ experience would allow more Canadians to attend
GlobalSecurity Exchange, the annual ASIS International conference and expo, is one of the major events on the security calendar that has fully embraced the move to virtual meetings. ASIS announced in June that it was adopting a totally online experience called GSX+ rather than the original plan of hosting the event in Atlanta, Ga., principally for safety reasons.
“ASIS leadership concluded that transitioning GSX to a virtual-only environment for its 2020 event was the correct course of action, in the best interests of its members, attendees, speakers, exhibitors and the public,” noted a press release issued June 22.
A few weeks later, the association announced its keynote line-up, including General Stanley McChrystal, four-star general and former commander of U.S. and international forces in Afghanistan; and cybersecurity expert Keren Elazari. Also announced, more than 100 live and on-demand education sessions organized into five categories: National Security; Physical and Operational Security; Risk Management; Digital Transformation/Information Security; and Leadership and Managing within an Organization.
“What I like about the fully virtual event is it’s on your time.”
— Tim McCreight, ASIS International
While the transition to an all-virtual conference was largely unavoidable due to the challenges posed by the COVID-19 pandemic, there are some advantages to this style of event. “GSX+ is a truly virtual experience. You have a chance to be there during the session itself, or after the session once the recording is available,” noted Tim McCreight, acting chief security officer for the City of Calgary, who also serves on ASIS International’s global board of directors.
“What I like about the fully virtual event is it’s on your time. All of the sessions
will be recorded and made available to attendees. This is such a great opportunity to really immerse yourself in the online experience. Now I have this opportunity to go back into the GSX+ [platform] and listen to sessions, go over some of the Q&As, or look at demonstrations that will be provided by different organizations,” added McCreight, who also pens a regular column for Canadian Security (see p.12).
Bill VanRyswyk, Senior Regional Vice President, Canada, ASIS International, said he will miss the in-person networking opportunities that typically come with attending a GSX conference, but is also enthusiastic about the advantages of virtual engagement, particularly for Canadian security professionals who may not have been able to travel down to Atlanta. “It opens the door for a lot of people who could never go to GSX. I anticipate the GSX attendance this year — virtually — will be very strong,” he said.
Canada Night, the social mixer typically hosted by ASIS’s Canadian contingent the night before the GSX exhibit hall opens, will unfortunately be cancelled this year along with the GSX in-person event. Virtual options for Canada Night are under consideration, said VanRyswyk, but nothing had been finalized at press time.
However, ASIS Canada’s Annual General Meeting, which was originally scheduled for GSX week, will go ahead, he said, in a virtual format. VanRsywyk said he is hopeful that by moving the AGM online, many more Canadian ASIS members will be able to participate rather than the few dozen who normally attend in-person. “This year, there’s no reason why we can’t have hundreds [of people attend].”
The Ron Minion Memorial Award, also known as the Canadian Security Industry Pioneer Award, will be presented (virtually) during the AGM as well, said VanRsywyk. The annual award is conferred upon a Canadian security professional who has contributed to the growth and integrity of the industry. Last year VanRsywyk himself received the award during Canada Night celebrations in Chicago.
Bill VanRyswyk (left) received the Ron Minion Memorial award from Mark Folmer in Chicago at Canada Night in 2019. The award will be presented virtually this year.
ALWAYS ESSENTIAL
The versatility of security professionals has come to the forefront during the pandemic
Of the many images that will come to define the COVID-19 era — healthcare workers labouring tirelessly for days on end, seniors’ homes on weeks-long lockdowns, mask-wearing politicians providing daily caseload updates — the sight of security guards servicing everything from supermarkets to hospitals will surely rank among them.
Since the pandemic struck, we’ve seen a shift in the perception of the role that security professionals play in protecting not only our security, but also our health and safety. Indeed, now more than ever, the value that front line security professionals can deliver has become glaringly obvious.
“It’s about doing what it takes to maintain perspective.“
their health and safety responsibilities. Yes, security guards can be educators, too. Because while most individuals don’t want to break the rules, they live busy lives and simply forget (or don’t fully understand) the expectations being placed upon them. Factor in rules and regulations that may not only vary by province or regions within each province, but even across municipalities and from one retailer or institution to the next, and you have a perfect storm of confusion — but also a great opportunity for education.
In many cases we’ve seen organizations — in particular institutions such as hospitals, retailers and commercial property management firms — struggle to hire security talent as demand has surged throughout the pandemic. Maintaining a robust security team, or outsourcing those duties to an experienced security firm, has meant the difference between maintaining customer service levels or becoming overwhelmed by the new realities of life and business in a pandemic.
We’ve learned that while a strong security presence is vital, it needs to be deployed and managed strategically. In that sense, forwardthinking organizations have leveraged their security teams as brand ambassadors. This is particularly important as lockdown and social-distancing fatigue has created a perfect storm of factors with the potential to spur conflict. And make no mistake, the stress and frustration of having our everyday routines entirely disrupted — not to mention the mental health impacts and financial implications that have made this crisis difficult for so many Canadians — will linger for a long time yet. That’s where security guards can make a difference. They have the ability to:
• Engage with the public or customers in a positive way. A friendly, fair and equitable interaction can ease the burdens weighing on so many of us, while helping keep businesses safe, secure and even profitable.
• Inform customers or the public about
• Remind customers or the public of responsibilities. Note the deliberate use of the word “remind” rather than an emphasis on enforcement. With tensions running high, organizations need to mitigate the risk of conflict stemming from issues such as building access limitations, mask requirements or socialdistancing rules, among others. Having a robust security presence and professionals who can work with stakeholders to maintain policy compliance can help navigate these challenges in a productive and even (relatively) pleasant way.
Of course, for any of this to work, it’s vital for security professionals (whether an internal or outsourced team) to be properly vetted and trained.
What does effective security training look like in the COVID-19 era? It’s about covering the standard considerations such as loss prevention and property protection using leading-edge technology, but also deescalation and non-violent crisis intervention. It’s about doing what it takes to maintain perspective and not over-reacting when a situation boils out of control, and always remembering that a security professional’s job is to represent the client’s brand as much as the security firm that employs them.
In that sense, security is very much a public relations position — and an essential one at that. It’s simply taken a public health crisis to underscore the point.
Winston Stewart is the president and CEO of Wincon Security (www.wincon-security.com).
By Tim McCreight
ARE WE READY?
Adopting an ESRM framework to manage today and face the future
COVID-19 continues to alter the course of our plans for 2020.
Even while we watch some areas of the globe ease restrictions, we’re seeing the resurgence of the virus in areas that perhaps went too far, too fast. We all want to get back together, to increase our personal “bubble,” add people to our close cohort, be able to feel “normal” again.
“Our security teams have become very creative in their approach.”
That’s not going to happen for the foreseeable future. There is no vaccine developed yet to battle COVID-19, and the surges in case counts across the globe reminds us that a second wave (or more) of this virus is on the horizon.
In our profession, we’ve seen changes to events we all look forward to attending every year. The annual GSX event for ASIS is now virtual, as is ISC West. We’re also seeing conferences across the different specialties of security turn to virtual events to try to keep professionals informed and engaged.
We’ve had to quickly adjust to this new normal — using virtual platforms to connect, share ideas and experiences. We’re able to collaborate over Microsoft Teams, sit in on Zoom conferences, and use FaceTime or Messenger to catch up over a virtual coffee.
But are we ready for this change? Have we embraced the notion that we can be functional in a COVID-19 world? How can we continue with this new approach for the next six months or a year? How do we remain effective if we have to work remotely and maintain social distancing?
I’ve been impressed watching security professionals in my organization adjust and thrive in this altered version of normal. Our Enterprise Security Risk Management (ESRM) based security program continues to grow,
even during a pandemic. Our departments are using Microsoft Teams and other avenues to continue assessing risks against our assets. We’re able to build on the work we began last year, migrating to an ESRM framework, and accelerate the launch of our technical platform to record and assess risks. Our security teams have become very creative in their approach to dealing with clients, conducting interviews, assessing risks, and providing mitigation strategies. Their virtual meeting skills have increased dramatically, and I’m seeing how efficient they’ve become managing their tasks and time.
During our immediate response to COVID-19 we asked all our staff who could work from home to do so as long as practical. By the early part of April, we saw an 1,800 per cent increase in the number of users logged in remotely to our systems. We worked closely with our information technology department to identify additional risks this sudden surge in remote connectivity posed to our networks, and implemented controls to reduce these risks. Our cybersecurity team then started to automate their response to the increased number of phishing attacks and malware campaigns that tried to capitalize on COVID-19.
Our physical security teams remained customer-facing during our COVID-19 response. Whether they were repairing a card access panel or conducting mobile patrols of our facilities, these professionals continued to address our physical security requirements while following strict health and safety protocols. To date, we have provided our critical services (and more) by continually addressing risks facing our team, our employees and our citizens.
I am amazed at how our team can now assess the risks facing our people, property and assets and then collaborate with other departments to reduce these risks. We’re not researchers trying to find a vaccine, or health care workers helping you recover, but using an ESRM approach has given me hope, and we’re ready for what’s next.
Tim McCreight is the acting chief security officer for The City of Calgary (www.calgary.ca).
HYPERNOVA CYBER PROTECTION™
Your trusted partner, Today and tomorrow.
> Risk Advisory Services
> Firewall and WAN Monitoring
> SIEM Services - Realtime Detection and Response
> Web Filtering and Application Control
> Wireless Access Point Security
> Intrusion Prevention Services
> End-User Protection
> SOC Expertise
By Yves Duguay
STATE OF UNCERTAINTY
Effective preparation will determine your capacity to deal with emergencies
The solution to managing the perils associated with a state of uncertainty lies in your preparedness and response capacity, and how effectively and quickly you will be able to activate and implement your incident management plans.
Time is indeed of the essence. Whether you’re looking at attacks that took place in airports like Brussels, Istanbul or in cities like Paris, Manchester, Nice and Ottawa, most of the damage inflicted by the assailants occurred within the first five minutes.
This is also the conclusion of an FBI study1 concerning active shooters, in which they found that in 60 per cent of cases, the incident ended before the arrival of the police and in 70 per cent of the cases, the events unfolded within a period of five minutes.
Assessing your preparedness and effectiveness
You can start this analysis by auditing yourself against North American standards for your industry (CSA, NFPA, NIST and CERT), to assess, adjust and improve your level of preparedness. Whether you are dealing with an airport scenario, a conference centre, a company’s headquarters or a cultural event, the same questions apply and must be answered in order to develop a nimble and agile capacity to respond to incidents, by fully leveraging the potential that is found within your workforce and partners.
Leveraging your workforce and partners
Biologists have determined that we have an innate and natural willingness to help,2 which is influenced by our societal values.
We have witnessed this noble human trait during the response to emergencies and natural disasters. Our challenge lies in co-ordinating and leveraging this collaboration, especially in today’s complex organizations.
When an emergency is declared, we rely on the fact that our employees and partners will apply the procedures that were developed to respond to such events. However, more often than not, procedures are not always well understood or complied with, which leaves us vulnerable to more damage, losses and ineffective actions. It is essential for companies and government agencies alike to build a capacity to ensure that the right information will be communicated at the right time to the right person, possessing the right knowledge and skills.
These procedures must be communicated quickly, and ideally through real-time bidirectional communications, pushing information or directions to the employee or partner, who will then be able to confirm that the task was accomplished or that additional assistance or guidance is required. This communication tool can be developed partly through the digitalization of security processes and standard operating procedures (SOPs).
The other part of the solution resides in today’s innovative and enabling technologies which leverage the high percentage of smart phone users and the general preference for data utilization over voice, which also maximizes the bandwidth.
These new tools could enable your employees, partners and even customers to access warnings, alerts and other critical information in real-time, with personalized response plans. This could allow you to push mass notifications to employees and stakeholders and receive communications from them based on their geolocations.
We are of the opinion that organizations that are developing this resilient capacity to anticipate, detect and respond quickly and effectively to unplanned events are ensuring their permanence. This is why the C-suite and board members should pay particular attention to this capacity.
However, this leveraging of the workforce cannot be accomplished by technology alone. Human factors and human performance must also be addressed, particularly through
communications, training, exercises and simulations.
Increasing situational awareness and compliance
Researchers in the United States who investigated the causes of errors and accidents have discovered that approximately 80 per cent of all accidents or failures can be attributed to human factors.3 As we did with the assessment of our capacity to respond to unknown and unplanned events, we should engage our workforce and assess its preparedness and performance.
We believe that this can be accomplished by developing a systematic approach based on training, regular security communications, tests, exercises and performance management. The success of this approach, as with any other strategy, will be determined by its execution and how effectively it can be controlled and adjusted, as required.
Investing in resilience during these uncertain and troubled times is investing in the long-term sustainability of your organization. You can learn from past mistakes, training your workforce to recognize and recover from errors and look for system reforms instead of local repairs.4
And indeed, it’s a system reform that is required to better respond to expected and unexpected events. By increasing the speed, accuracy and effectiveness of your response, leveraging new technologies and human performance, you can develop a
systematic approach to anticipate, detect, report and respond quickly during these crucial first minutes, as well as better manage and recover from all hazards.
Auditing your preparedness to face various sources of hazards, along with your effective capacity to react to unplanned events and incidents, against existing standards and best practices, is certainly under your total control.
It will allow you to determine where you are as compared to where you want to be, to fill the gaps, if any, with judicious and efficient investments in your incident management capacity, which will yield high dividends for your organization in the short and long term. The security landscape won’t change anytime soon, in fact it will only increase in complexity. It’s up to you to reflect and manage how you approach and deal with such challenges diligently.
Yves Duguay is the president of HCiWorld, a security consultancy group based in Montreal (www.hciworld.ca).
1. Blair, J. Pete, and Schweit, Katherine W. (2014). “A Study of Active Shooter Incidents, 2000 – 2013.” Texas State University and Federal Bureau of Investigation, U.S. Department of Justice, Washington D.C. 2014.
2. Tomasello, Michael. (2009), “Why we collaborate”, Boston Review Book (MIT).
3. U.S. Department of Energy (DOE) Standard, (2009), “Human performance improvement handbook, Vol. 1”, p. 1-10; retrieved from http://energy.gov/sites/prod/files/2013/06/f1/ doe-hdbk-1028-2009_volume1.pdf.
4. Reason, James (2000), “Human error: models and management”, BMJ Volume 320, 18 MARCH 2000 www.bmj.com, pages 768-770.
By Kenrick Bagnall
BACK TO BASICS
In an era of disruption, it’s time to focus on the fundamentals
One of the key factors when performing a cybersecurity vulnerability risk assessment is understanding what your environment looks like under normal conditions, both from a personal and corporate security perspective.
The basic premise is that with a clear picture of what normal operations looks like, abnormal occurrences become clearer and can be recognized and acted on quickly.
This can be challenging at the best of times — even more so when you consider the complex environments that have evolved because of COVID-19.
Organizations have changed their business models, resource allocations, budgets and their physical footprints with so many staff now in full work from home mode.
With change being the only constant, getting a true view of what normal looks like is virtually impossible. Faced with this challenge, one of the best strategies both individuals and organizations can follow is to simply get back to basics. Focusing on the basics of cybersecurity and weaving them into the very fabric of day to day operations, can go a long way to improve your security posture and lower your risk of susceptibility to current and emerging cyber threats.
are both housing and protecting those assets. The general school of thought is that the shorter the path between your digital assets and monetization, the more susceptible those assets may be. There is not much that can be done to change your data but you can reduce your susceptibility by ensuring that all systems are up to date and fully patched at all times.
“Just because a data breach is digital in nature, does not mean that the police won’t need the video.”
Vendors will provide software and firmware updates for two reasons: to provide increased functionality and or to provide improved security. More frequently it is for the latter. So apply updates regularly and develop a system to properly test them if needed before moving them to a production environment. I should mention here that data encryption is always a good practice when it comes to the protection of sensitive information and the reduction of system susceptibility. Just be very careful because encrypted data can only be recovered with the right key, or through brute force depending on the type of encryption. It may be a good idea to utilize the services of your internal audit department to be the trusted keeper of these keys. Remote workers should have data partitions on laptop storage encrypted, to reduce susceptibility if those devices are ever lost or stolen.
There are a few very good standards out there that can be used as a guideline for developing your own custom cybersecurity best practice. The NIST Framework and ISO 27001 are two of the most common, depending on your industry and requirements for certifications. Some standards are more complex than others and, in some cases, depending on the size and scope of your organization, may take considerable resources to research and properly implement.
Let’s look at three important pillars of cybercrime risk assessment and examine some back to basics ideas within each one.
System susceptibility: There are two points to consider here. The first is the value of your digital assets to a potential attacker, and the second is the vulnerability of the systems that
System susceptibility can also apply to hardware from a change control perspective. There is little point in upgrading hardware without properly decommissioning the old device(s).
Leaving legacy hardware connected to your network can potentially leave a back door to your network that you just don’t want to leave open. Be sure to double-check that any steps you take to reduce your system susceptibility also keep you compliant with any regulatory statutes that may govern how you must run your business.
Threat accessibility: As a former computer network designer, implementer and analyst, I’ve always been intrigued by this pillar. This is where the worlds of information security and physical security meet head on. There’s a reason why “defence in depth”
is always a good practice. Pouring all of your resources into five-star information security while your physical infrastructure is ignored is pointless. Doing this right goes beyond locks on your wiring closet doors with controlled access to keys. From a cybercrime perspective, in the face of a breach, the crime scene can extend to your parking lot with its physical card access control and video surveillance systems. Just because a data breach is digital in nature, does not mean that the police won’t need the video.
Threat capability: This is perhaps the most challenging pillar because it’s the one you have the least control over. Threat capability speaks to the capability of the cyber adversary, the level of their skill set, and the tools, techniques and resources they may have access to.
The level of capability varies from the so-called “script kiddies” up to
organized nation state adversaries. When it comes to levelling the playing field of threat capability, knowledge can be your strongest asset. Continuing education around cybersecurity is very important. Knowing what the latest malware threats are and how to defend against them can go a long way towards helping to maintain the integrity of, and accessibility to, your data.
Ransomware remains a serious cyber threat. Learning about the latest variances and how they can impact your data will help you develop designs and best practices for creating reliable and recoverable backups. Good backups remain one of the best ways to help facilitate a quick recovery from ransomware.
Train your staff on phishing scam avoidance. Human beings remain the weakest link in the chain of cybersecurity — it only takes one click or even just opening the wrong email and, in a nanosecond, it’s over.
A great source of current and reliable information is the Canadian Centre for Cyber Security at cyber.gc.ca. Take some time to visit this site for some of the latest intelligence and alerts around cyber threats. Also, always remember that cybercrime is a crime. As a victim of criminality, you should report the incident to law enforcement to allow for a proper investigation. Contacting law enforcement in the event of a breach represents the only punitive measure in combating cybercrime. Contact your local law enforcement office to have the initial report taken. Cyber investigation resources are available across Canada at the municipal, provincial and federal levels, so get to know your first point of contact and include that information in your back to basics plan.
Kenrick Bagnall is a Detective Constable with the Toronto Police Service Computer Cybercrime Unit (C3) Twitter: @KenrickBagnall.
BACKGROUND
There are approximately 140,000 licensed front-line security professionals in Canada. These individuals interact with the public daily, in every facet of their lives, through work, their residences, and entertainment facilities - literally where the public works, lives and plays.
Through conversations with industry experts it was identi ed that beyond the perceived role of ‘enforcement, prevention and reporting’ there were multiple examples of generally unrecognized incidents in which security personnel during the course of their duties and through their direct actions saved individuals’ lives.
The Canadian Security Lifesaver Association (CSLA) initiative seeks to celebrate the contributions that front-line security teams bring to the communities in which they serve. CSLA is a community-based, not-for-pro t organization. We are focused on recognizing acts of heroism and raising awareness of the security guard profession.
SPONSORSHIP
All sponsorship money received will go directly to the awards initiative. Namely, the administrative costs of creating and mailing certi cates, the creation of the awards, the costs of transporting (Uber, Taxi, Flight) the incumbent and one guest to the annual award ceremony.
No worthwhile program can operate without support of interested and engaged parties. Whereas the Board is fully prepared to commit their time and energies to the successful recognition of Security Professionals, there is some costs associated with creation of the physical artefacts themselves (medallion, pin, cabinet, certi cate, printing), as well as administrative requirements (website, marketing, AGM booking, ancillary supplies, equipment and some travel).
utmost important is one of the features that we are using at Related properties.”
Reid shared that The BOW has taken a look at touchless access points in the form of readers and access buttons as a means to secure the property, while also assessing the risk and retrofitting the technology effectively.
“We’ve also made adjustments on our elevator capacity and utilizing existing software in the elevator systems and adjusting these to only allow a certain number of people on the elevator,” Reid said. “We’re at the three person maximum per elevator, so we’ve been able to adjust the weight limits where if it has three people in the elevator, it’ll bypass all of the floors and won’t stop.”
camera may not work properly or there’s ways to spoof it.”
Describing this time as a “Wild West,” Schonberger notes that a number of technology companies have begun trying to sell applications, cameras, widgets, sensors or services.
“It’s about writing service contracts — getting their vendors to declare they have not been travelling.”
— Andy Schonberger, Intelligent Buildings
As a modern building (The BOW opened less than 10 years ago) Reid shared that The BOW already had an extensive technology base prior to the pandemic.
Built to a high standard, “it allowed us to show the value in some of the technology that we did have in place.”
“COVID has really increased that need to use technology to access the building and within a lot of risks,” Schonberger said.
Intelligent Buildings focuses on cyber and technical security — Schonberger shared that those issues have become a huge eye opener for many of their clients. “They’ve had so many breaches as a result from operations staff not using best practices or not being given proper tools to securely access their building.”
Tech talks
The rise of COVID-19 has seen a plethora of technology solutions for smart buildings, according to property management experts.
“What we’re seeing now is an acceleration of the use of technology,” Schonberger said, “and a lot more comfort with technology being something that can solve business problems for clients and what I think is that COVID has been an accelerant to strategy.”
Nada Ebeid, Genetec Canada’s business development property management, who also took part in BOMA’s webinar, said that technology can play an essential role in making sure that smart buildings are secure and safe as they start to reopen.
“Technology can really enable us all to work smarter and more efficiently,” Ebeid said in her presentation.
“Look at how technology can help you manage the flow within your building, your lobbies, your open spaces — how it can help you manage the access control process and the approvals for tenants and visitors and provide you the means to as touchless as possible.”
However, Ebeid warned that just because the technology is “cool,” safety should still be the No. 1 priority.
While technologies such as infrared cameras and temperature detection software have soared since the pandemic, Schonberger warns property managers to not be sold on a dream.
“Everybody I think is enamored with the idea that there’s some single technology that is going to solve their problem,” Schonberger said. “Temperature detection is not enough to just catch the virus, or catch someone who may be symptomatic because you may not be symptomatic or the
Utilizing existing analytics tools along with their surveillance cameras, Reid said these technologies have helped bring to light some of the challenges that the property has faced in keeping the building and its occupants safe.
“When we’re taking a look at bringing the tenants back in phases and wherever the hot areas were where people congregate, we were able to use existing technology,” Reid said. “We really saw the value in that equipment that maybe was not recognized by the rest of the property management team prior to so that’s been a huge feather in our cap.”
While the property is not utilizing temperature screening, Reid said that the discussion was brought up in the early stages of the pandemic with tenants.
“With some of that technology comes some privacy concerns from the tenant perspective,” Reid said. “Some of our tenants are utilizing some of that technology, but within their own space.”
Added Reid: “We have not done it from a property perspective.”
Fine line
While there may not be a technological answer, Schonberger said that it’s all a matter of reviewing policy.
“It’s about writing service contracts, getting their vendors to declare they have not been travelling and doing the standard screening questions and getting them to sign off,” stressed Schonberger.
“A lot of our clients are trying to show they’re doing their due diligence while being a bit overwhelmed with everything else in the market right now and public health agencies changing mandates and courses every couple of weeks.”
Solutions to consider vary from enterprise grade IP tools, firewalls, remote access controls and virtual private networks.
However, the challenge can be those tools and technologies are expensive and require a skill set that a lot of people in the buildings world just do not have, which will continue to be an area of discussion amongst property managers.
“The response to COVID-19 from a property management perspective has probably increased everybody’s operational budget,” Reid said.
“I think in the next couple months, we’ll get a better understanding of the direction forward so that has to be a consideration.”
Meeting the cyberskills challenge
When your skills are rooted in physical security, it requires dedication to take on the logical, but there is a path to success
By Josh Darby MacLellan
I’m often asked how I am able to work in cybersecurity without having the classic information technology (IT) background or cybersecurity degree. I ponder the same question — how was I able to convince enough people that I could do something that I don’t have the direct academic training or experience for? I will address two issues in my answer: how I entered the field and how I’ve managed to stay in it.
Effective networking
Anyone who has read anything I have written on careers will know I am a strong advocate of networking. I’ll explain why with a story. I came to Canada to study political science at the University of Waterloo and part of the program involved a co-op semester. I secured a Threat Intelligence Analyst co-op in the corporate security department of a financial institution which involved me moving to Toronto. I only knew three other people from Waterloo who lived there and knew even fewer in my industry of corporate/physical security.
This meant I had to put in the work. Coffees, lunches, post-work drinks, and co-op social events — I did them all and rarely let myself miss out on the opportunity to socialize with colleagues. There were many times when I was exhausted, on a caffeine crash, or just wanted to visit the gym and shut people out. However, I knew my network wouldn’t grow an inch without investing quality time in relationships.
You may question why I’m talking about my first coop position if it wasn’t in cyber security. This is because the friendships I forged during this experience were pivotal in landing my first contract as a non-student and my first position in cybersecurity. Without nurturing those relationships, I wouldn’t have kept in touch with the people I met during my co-op and they wouldn’t have thought of me when positions opened up on their teams.
More importantly, I wouldn’t have thought it possible for someone with a political science background to switch into a cybersecurity career. I observed a friend with a similar academic/professional background to me secure a job in Cyber Threat Intelligence (CTI). My friend illuminated the way, expanding my imagination to realize that I could change the area of security I specialize in. He proved that there is a niche in the cyber field wherein my experience as a security and intelligence analyst could transfer effectively. CTI is a new field in cybersecurity that indicates employers are realizing the value that people with non-traditional backgrounds have. I had mentally closed myself off from working in cyber security and if I didn’t challenge myself to change my mindset, I would not have dared to make the leap.
Leveraging transferable skills
Deciding a career in cybersecurity was possible was the first step in a long process. Next, I had to convince the leaders of the CTI team that I would be an asset to them. This was an interesting challenge that required creative problemsolving. (Side note, for a great book that has invigorated my creative problem-solving, I highly recommend “What I Wish I Knew When I Was 20” by Stanford Professor Tina Seelig.) I needed to build a convincing case and utilize the power of persuasion. I scanned my resume for transferrable skills and relevant experience.
Deciding what was relevant began with researching CTI in-depth — what do job descriptions for CTI positions require? What do current members of the CTI team say about the job? I focused on my analytical and intelligence skills developed during university and in my co-op, contract, and full-time positions. I had meetings with the director and the manager. In both instances, I listened carefully to what their needs were regarding the ideal employee and then presented the case for why I happened to be that person. Being present and active, and listening during these meetings was essential. I highlighted how producing threat intelligence on physical security threats was a similar process to gathering CTI, the main difference being the threat landscape is virtual.
It was daunting at times. I was halfexpecting to be accused of being an imposter attempting to dress up my skillset as something it isn’t. However, I was determined not to let fear decide the limits of my ambition.
Attitude to learning
Personal professional policies
After I convinced them to offer me the job, I had to — and still have to — prove they made the right decision. The private sector isn’t as ruthless as the stereotype depicts but you still need to provide continuous value, especially during economic downturns or the occasional pandemic. To achieve this, I have what I call personal professional policies: a set of rules and standards I abide by in the workplace.
“I had meetings with the director and the manager. In both instances, I listened carefully to what their needs were regarding the ideal employee. “
Moving into cyber security is a steep learning curve for someone with an IT or cyber degree and an even steeper curve without one. Hence, your attitude towards learning is paramount. If you make it to an interview, you are likely one of five shortlisted candidates from dozens of applicants. At that point, the hiring manager has seen your resume, decided you tick enough boxes, and is now assessing who you are. The interview is about your professional conduct, soft skills, communication, attitude and understanding of the job. For a transition to cyber, you need to demonstrate an appreciation of continuous learning. This is because the cyber threat landscape moves rapidly and it’s imperative you keep up. There’s a monumental amount to learn and you will start from scratch. What helped me distinguish the nice-to-know from the must-know information was learning my organization’s footprint well. This is key to determining the relevance of a threat.
Transitioning to CTI was like hitting reset on my career because I was back to knowing very little about a job. After a few years in corporate security departments, I understood enough to be comfortable but now faced being far outside of my comfort zone. Someone once told me “development happens at the edge of your comfort zone,” and I can attest this. To help with the move, I read about the CTI field in-depth. The book that helped the most was “Intelligence-Driven Incident Response: Outwitting the Adversary” by Scott J. Roberts and Rebekah Brown.
However, learning how CTI is done versus how my organization does it are different kettles of fish. For the first few months on the team, I encountered tasks that required cybersecurity knowledge which I had not yet developed. To overcome this challenge, I used two strategies: 1) use the research skills I developed in university and online resources to quickly self-teach the topic; and 2) ask my team members and wider network for help. Again, this is where investing in relationships yields dividends.
Examples include being reliable and credible by meeting deadlines and following through on my commitments. I am human and I make mistakes but I always aim to stick to my word. When you’re a young professional or new to a department, it’s important to prove your reliability.
Another policy is not dragging any personal stress into the office. Part of this involves learning to address work-related stress in a healthy way. I use the gym straight after work to ensure any residual stress is channelled into a workout and not taken home or bottled up. I have many other policies but they are personal to me — I encourage you to develop your own.
Certifications and training
Certifications and training courses are a brilliant way to prove your interest in cybersecurity and indicate you understand the subject matter. Fortunately, there are a wealth of certifications and courses to choose from and many are accessible to beginners. However, it can be confusing process to determine which ones are worthwhile. In fact, the negative impact that too many choices can have on our happiness was recently covered in my favourite podcast series. I know I’ve already recommended two books but this podcast is needed now more than ever: The Happiness Lab with Yale’s Dr. Laurie Santos.
I didn’t complete any cyber-centric certifications before getting the job in CTI but am pursuing the CISSP (Certified Information Systems Security Professional) certification which is considered the gold-standard for cyber professionals. To help choose which one(s) is right for you, take note of the certifications listed as desirable in job descriptions for roles you want. Also, Reddit and YouTube are fantastic resources for discussions of certifications and study techniques.
The road to cybersecurity is long and has its hurdles but your career is a long-term project that requires persistence. I managed to switch careers to cybersecurity and I am not a special case. You can do it too. There is a major factor on your side: cybercrime is destroying organizations across the world. We need more talent in the industry. I challenge you to step up.
Josh
Darby MacLellan is Assistant Regional Vice-President for ASIS Canada’s Young Professionals (YP) program and chairperson for the ASIS Toronto chapter YP program (www.asiscanada.ca).
The rules of
WFH
A virtual employee survival guide for security professionals
By Thomas R. Stutler
“Everyone who undertakes, or has the authority, to direct how another person does work or performs a task is under a legal duty to take reasonable steps to prevent bodily harm to that person or any other person, arising from that work or task.”
Whether the high number of virtual employees due to COVID-19 causes a paradigm shift remains to be seen.
Until then, security and life safety professionals need to assume traditional office employees will be working at home well into the year 2021. This article will cover five areas to consider related to virtual employee safety and security, as well as provide suggestions to minimize legal risks. A bonus challenge is championing change now when your traditional office employees were turned into virtual employees unexpectedly back in March in an unprecedented way.
Let’s begin this journey with an optional primer to level set. The government uses the term “teleworking” for people who perform office duties from outside the traditional office. Teleworkers maintain contact with work and essentially perform
their job using the internet and a telephone. Security professionals are encouraged to learn the difference between a traditional office employee working temporarily from home during a global pandemic, and a designated teleworking employee who has no workspace at the business. The Ministry of Labour, the Canada Revenue Agency and the law does treat these employees differently, so make sure your proposed guidance aligns with your legal and accounting opinions. For our purposes, all employees working at home pursuant to COVID-19 will be called virtual employees.
Governance
“Security and life safety professionals need to assume traditional office employees will be working at home well into the year 2021.”
If your company is new to using virtual employees, they probably do not have all the governance and guidelines in place to address the relevant health, safety and security practices and risk. At minimum, your company should create (or update) and publish a teleworking policy and standard; consider a formal agreement between employer and the virtual employee; publish guidelines for people managers on supervision and performance monitoring; consider an agreement that addresses equipment and furniture used by the virtual employee; and provide clarity on administrative details such as hours of work being rigid or flexible. Existing governance such as the Code of Conduct should also reflect the new normal. For applicable companies, your operating documents may need to be developed within the provisions of relevant collective bargaining agreements and translated into different languages. Bienvenue dans la nouvelle normalité.
Employer responsibilities
A recommended initial step is to confirm the laws and collective agreements that apply to the virtual employee environment for your business. Across Canada, there are 14 independent jurisdictions, and all of them have three components: The Act, Regulations and Standards. You want to know these because they provide the best way to support your virtual employees, and because, in some situations, there is a strict liability legal standard. Those not familiar with strict liability — this means there are no defences if an investigator determines that you have not met your responsibilities. While this article is not giving out legal advice and all legal questions should go through your legal team, it is critical to understand that if your company is charged with a violation, you will need to show you exercised due care and diligence to avoid the violation, and it was not practicable to do better than what was done.
Reminding your legal department and other approvers about the potentially strict liability standard may help achieve support. One could argue that the government is giving a lot of companies a pass right now due to COVID-19 for not having formal virtual worker programs, but predictably as virtual employee complaints increase and more inspectors are allowed to do their jobs, the enforcement will increase.
The next step is to know that all the relevant Acts in Canada have a general duty clause that clearly states that employers are accountable for the health and safety of employees. For instance, the Ontario Act states, “An employer shall take every precaution reasonable in the circumstances for the protection of the worker.”
This is very general, but then the governance gets more prescriptive and requires that the employer ensure compliance with the Act; the employer shall prepare a written policy and set up a program; must supervise employees to protect their health and safety; provide protective equipment; and establish health and safety committees.
Additional responsibilities are given to people managers. They need to ensure the employees comply with the Act; advise employees of hazards; provide written instructions for working safely; take reasonable precautions to protect employees; and ensure employees are using equipment safely.
Employees’ responsibilities
In the same way that employers have a duty of care, employees have a duty of loyalty to the company to comply with health and safety regulations, and understand that security practices at work such as the clean desk policy apply at home, too.
Company code of conducts should be updated to reflect that virtual employees have a duty to report hazards; not to remove protective devices required by employer or by the regulations; not use any equipment that may endanger themselves or others; participate in health and safety activities; and understand their rights.
All Canadian jurisdictions require employers to establish health and safety committees, but specific requirements vary by jurisdiction. These committees, used properly, serve a great purpose of transparency for all parties. For those new to the virtual employee world, an unfortunate reality is that the employer is held accountable for the health and safety of the employee but the employer will have limited rights to inspect. Only some health and safety acts include provisions for the inspection of a workstation in a private residence. One suggestion for those facing this challenge is to establish an audit schedule that selects a sample group of virtual employees. In lieu of an in-person inspection, conduct a phone interview that goes over a checklist; require the employee to provide photographic evidence to confirm the workstation; and make sure annual acknowledgements include reference to virtual employee’s duty of loyalty.
Security
Security leaders who focus on physical security should use this unique opportunity to understand and assist with all the risks to the company that are present in the virtual employee ecosystem, including the cyber threats. Most importantly, making sure that remote access does
not introduce more risk. Cyber terrorists know that when companies sent millions of people home, many understaffed IT departments were opening remote access ports to keep up with demand, and not all companies have gone back to configure and test the firewalls to only respond to certain static IP addresses. Regardless of your cybersecurity skills, you are still in a position to engage IT to understand their decisions to take certain actions (or not take action) to implement measures such as two factor authentication or use virtual private networks. Also, you can work together to educate virtual employees on COVID-19 scams, and update acceptable use policies for employees. Beyond aligning with the cybersecurity team, security leaders should ensure that virtual employees feel safe, and, as mentioned above, are adhering to company rules such as the clean desk policy, shredding documents and storing sensitive materials. An easy win is to communicate and overcommunicate with virtual employees by leveraging town halls, lunch and learns, and posting FAQs on the intranet. There is a steep learning curve for all sides during these times, and sometimes virtual employees have great ideas that you can share with everyone else.
The dark side of virtual work
An area where security leaders can really make a difference is appreciating that many virtual employees will struggle with working in isolation and the abrupt changes to their work-life balance. While some will thrive, many will suffer with scheduling conflicts and feeling overwhelmed.
All of these unresolved conflicts lead to more stress, and excessive stress can lead to poor health and even injury on the job. COVID-19 only exacerbated these known virtual employee concerns for families with kids (who can’t attend school or camps), and by adding more job insecurities to the equation.
When communicating with employees as the security leader, use the opportunity to mention the importance of mental health; what the early warning signs or symptoms of stress can include; and always speak positively about employee assistance programs, and encourage employees to reach out for help during these times.
“When communicating with employees as the security leader, use the opportunity to mention the importance of mental health.”
Health Canada research puts work-life conflicts into four categories; namely role overload, work-to-family interference, family-towork interference and caregiver strain.
Conclusion
If all these moving parts sound confusing or overwhelming, put on your investigator hat and imagine what happens when a virtual employee files an anonymous complaint with the Minister of
Labour. Complaints can range from straightforward ones based on ergonomic needs the virtual employee believes were not addressed to absurd ones, such as an employee who wanted his employer to pay for a bay window, so he could enjoy the view of his garden while working.
If the government accepts the complaint, the assigned inspector may show up unannounced. Most likely, the inspector will request your company to produce governance (at a minimum, the virtual employee policy); any signed agreements with the virtual employee; annual acknowledgments; and proof that the company maintained communication with the virtual employee in a meaningful way on topics such as health, safety and security. The ability to provide all these artifacts will help establish that your company has taken reasonable steps to prevent harm to the employee, and met their duty of care. Fortunately, you are only a few Google searches away from all the checklists, laws, resources and templates you need to succeed.
Thomas R. Stutler is the vice-president, national security operations at Cadillac Fairview Corp. Ltd. (www.cadillacfairview.com).
Custom Branded COVID-19 Screening Apps
Custom Branded Organizational App
All AppArmor Safety apps are white labelled to the organization. The app will be downloaded 50-100 times more than other apps in market; your sta trust your brand.
In-App Self Assessment Forms
Provide your users with a step by step in-app COVID-19 assessment tool that confirms if they should or shouldn’t return to premises. The user and the organization are provided a record.
Over 50 Additional Features
The AppArmor Safety pla orm has many more powe ul features including unlimited push notifications, Friend Walk, o line-ready emergency plans and much more.
Quick and Easy Implementation
AppArmor will provide you with a dedicated and well experienced team member who will assist in unlimited project management, training, and support inquires.
Privacy is Paramount
We take end user privacy extremely seriously; that’s why all our systems are secure, data is hosted in appropriate jurisdictions and the organization owns all the data.
Seamless Integration with Existing Systems
We're always open to exploring integrations with your existing systems. Whether it’s your active directory, incident reporting, or mass notification system, we’re happy to make it work.
Pictured Client: CDW Guardian app by AppArmor
THE POWER OF PERSONAL BRANDING
How security professionals can build an effective online identity to communicate strengths and network well with others
By Suzanna Alsayed
The way we perceive information has changed a lot in the past decade, especially with most organizations moving to an online platform.
The internet has allowed us to embrace globalization and removed any geographical restrictions that existed before. These days, the way we conduct ourselves on the internet affects the overall perception of who we are in our personal and professional lives.
In our day and age, we automatically have a “personal brand.” When you search for yourself on Google, what comes up? Arguably, the results of that search will automatically develop into your brand and will also become the first impression that someone will have of you. No matter if you are an employer, employee and/or an entrepreneur, fostering a personal brand has become extremely important.
Social media is a powerful tool, when used correctly. There are many positives that can come from having an online presence — it is an opportunity to
showcase yourself through your unique vision and ideas. But there are several fallacies about personal branding — this article aims to provide a few reasons why you should attempt to enhance your online brand, how to do it, its benefits, and also how to pinpoint immediate changes you can make to start this journey.
Benefits of personal branding
Having a personal brand gives you an opportunity to demonstrate the exact value that you can bring to the table. It is about sharing your story, your expertise, and knowledge that you have collected along the way to become the person you are today. Your personal brand can help you with:
Standing Out: The way you brand yourself will help you to stand out from your peers and competition. It will give you an opportunity to discover and promote your niche. Your brand can become a platform where you can also convey your message and values.
Different Opportunities: Your brand can help you gain a loyal following that not only shares your values, but also can
create more opportunities for yourself to showcase your expertise within new or existing ventures.
Trust and Credibility: Ultimately, your personal brand becomes your reputation. You are basically proving that there is a face behind your brand and confirming to your targeted audience that they can trust you. Today, a logo and website are not enough to build trust; it is about knowing who the individual is behind the curtains and how they uniquely approach their mission.
Reflection
It is not a clear-cut process to start building your personal brand. It requires time, courage, ambition, discipline and a lot of self-reflection. These are some good questions to ask yourself, when beginning your personal branding journey:
1. What motivated me to start my selfbranding journey?
2. What are my core values?
3. What is my passion, and what motivates me?
4. What experience and knowledge can I share with others?
SKILLS & EDUCATION
5. What are my strengths and weaknesses?
6. What makes me unique and special?
7. What and who inspires me?
8. What can I do to revolutionize my industry?
TIP: When self-reflecting, try using a pen and paper to avoid any distractions.
Using LinkedIn as your personal branding platform
LinkedIn is an online professional networking platform, and a tool to acquire new skills and find employment. LinkedIn has over 690 million users worldwide. Your LinkedIn presence is essentially your online resume. Yet, even though numerous professionals comprehend the value of LinkedIn, possibly many do not use the platform to its fullest capacity. Below you will find tips that will help you set up a LinkedIn profile that stands out. It is important to note that your profile needs to be updated regularly to reflect your current activities and affiliations. Start with the following:
LinkedIn Photo: Your LinkedIn photo should be a representation of who you are professionally. Do not be afraid to smile. Have someone take a photo of you with a plain background, to avoid any distractions. Try to avoid selfies. Background Photo: LinkedIn comes with a generic blue background photo, however, adding a unique background will help you stand out and make your profile look more professional.
Headline: The headline gives you an opportunity to summarize and showcase what you do in your industry in a few words. You can choose to display your current role, or showcase your skills, awards and future aspirations.
Summary: The summary section is not a ‘biography section.’ It should be used to highlight your experience, unique skills and abilities, education, knowledge, and any other items that differentiate you from others. Do not be afraid to make your message personable — this is your story!
Experience: In the experience section, attempt to list out all pertinent jobs
that relate to your industry. You can simply fill out the job title and company or put a description of what you have accomplished within that role. To separate your profile from others, try adding images to highlight your activities during your work engagement.
Education: Include all of your licences, certifications, diplomas and degrees to showcase your academic and specialized background.
Other Elements:
• Location: should reflect where you are situated or where you want to work.
• Skills: should reflect not only your professional experiences, but also demonstrate your personable skills, and core competencies.
• Volunteer Experience: indicates that you are not just a corporate persona, but you also have good time management skills, and have a commitment to your community.
• Recommendations: securing a couple of recommendations from other colleagues acts as a reference for others. Do not be afraid to ask your network for recommendations!
• Languages: makes you a competitive candidate within the workforce, and simultaneously allows you to network with multilingual professionals.
• Accomplishments: should be used to highlight projects, publications, awards and other credentials you have earned.
Network
Once your profile is created or updated, it is important to begin networking. There are many ways that can be achieved on LinkedIn:
• Adding connections online
• Liking or commenting on other posts
• Following or joining groups within your industry
• Creating and making your own posts to engage your network
It is important to not only add a person or join a group; make sure that you also participate and engage yourself with others. Engaging with others not only ensures exposure to your personal brand but also gives you an opportunity to learn from others.
Content and statistics
Creating content takes time, focus and creativity. Viewers do not want to read about “perfection,” they want to be part of a message or something that they can relate to.
When you are ready to post on LinkedIn, consider the following:
• Plan ahead and experiment with your content (try posting outside of your comfort zone!)
• Have a blend between professional and personal posts
• Post about the work that you do and your expertise
• Stay consistent with your posts — post regularly
• Use hashtags and tag your network accordingly
Additionally, it is important to track your statistics on LinkedIn, to see who, where and when people are viewing your posts, and if they are responding to the content that you are producing. It is important to understand where your views and reactions come from, as it will allow you to cater your future content to that specific audience, demographic and location.
We never get a second opportunity to make a first impression, which is why it is crucial to utilize all the resources we have at hand and put the best version of ourselves forward. Due to our lifestyles, everyone already has a digital footprint; yet it is never too late to redefine yourself and explore a new area.
But remember, by building an online personal brand, you are exposing yourself to feedback, and when things do not go according to plan, it is important to not get discouraged, and keep pushing your platform forward.
A brand is not built overnight — it will take a lot of time, commitment and consistency to gain trust and loyalty from your followers. Remember, continuously working on yourself and your vision is not a zero-sum game. Believe in yourself and your message, and there will be no limit.
Suzanna Alsayed is the founder of Evolutz and Hilt International Security (hiltsecurity.com).
Fixed thermometer pole
Prod360
Prod360 announced it has been given a mandate, along with its partners, to provide governments with products that could help mitigate the risks of COVID-19. The company’s fixed thermometer pole is designed to be used at the entry of head offices, command posts and other essential infrastructure. It allows the temperature of employees (and other visitors) to be monitored. Unlike some body heat scanners or manual equipment, this product does not mobilize the intervention of additional staff. It can be installed and left at reception, and then synced with pre-existing access control devices. www.prod360.ca
Operator partitions
Winsted Control Room Solutions
Winsted has unveiled new protective operator partitions. The new partitions were developed to bring a higher degree of safety to control room operators who are working through the COVID-19 pandemic. The new Winsted protective operator partition is an easy-to-install solution that creates a physical barrier between operators in control rooms and operations centres. The partitions define the personal workspace and reinforce social distancing. These partitions are a high-quality original equipment solution that can be easily repositioned as needed. The partitions feature: extended height and depth for extra protection; easy-to-clean acrylic partitions; temporary or permanent installation options; clear or frosted surface; smooth bullnosed edges; and radius corners.
www.winsted.com
Temperature monitoring Automatic Systems
Temperature Monitoring Integrated Solutions, developed for the Automatic Systems pedestrian products, detect if an individual seeking access is wearing a face mask and also verifies their body temperature while in motion. Equipped with the COVID-19 software predisposition option, Automatic Systems’ pedestrian gates deliver an automated process to help preserve social distances. Access is granted only to authorized people when used in conjunction with the facility’s access control system. When indicated for pre-identification authorization, however, the system can monitor for mask and body temperature detection without the need for credentials.
www.automatic-systems.us
Emergency response system
Maxxess Systems
Maxxess Systems announce a partnership with SmartPTT by Elcomplus to deliver an integration with Motorola Digital Radios designed to improve response times to critical events. This new SmartPTT integration with Maxxess InSite allows InSite to automatically communicate over Motorola Digital Radios in the event of an emergency. With the SmartPTT integration, when someone triggers a mobile panic alert from the InSite mobile app, the SmartPTT software triggers the Motorola Digital Radios to annunciate that a panic alert has been initiated, including the location and identity of the person who triggered it.
www.maxxess-systems.com
Incident management system
Vismo
Vismo Incident Management allows organizations to alert travelling staff to incidents that are a threat or potential threat to their well-being. Alerts are sent via the company’s mass notification system, direct from its portal. The service integrates external data incident feeds into the portal. This ensures that users of the Vismo Global Traveller App in any affected area are automatically identified, then rapidly notified via mass notification. Users can respond to notifications through the app, sending their safety status and other information to the portal. Operations teams use the portal for monitoring and aiding travellers in crisis and potential crisis situations, regardless of where those users are. The notifications are sent via multiple channels including SMS, email, in-app and phone, targeting the individual not just the device. vismo.com/incident-management
Health screening system
Robotic Assistance Devices
Robotic Assistance Devices (RAD) has enhanced its autonomous security and property management devices with a new mask detection feature. This feature supports building owners and property managers with an autonomous tool to identify face mask usage, create automatic alerts, and generate ongoing face compliance scores. This enhancement is integrated into RAD’s Health Screening system and can be used to automatically prevent people who are not wearing masks from entering buildings. When a person without a mask is detected, the system can generate alerts to remind people to mask up. www.roboticassistancedevices.com
