Source: www.nationalterroralert.com
In the 7½ years since America’s worst bioterror attack — when letters laced with anthrax spores killed five people, closed Congress and the Supreme Court and crippled mail service for months — U.S. agencies have spent more than $50 billion to beef up biological defenses.
No other anthrax attacks have occurred. But a flood of hoaxes and false alarms have raised the cost considerably through lost work, evacuations, decontamination efforts, first responders’ time and the emotional distress of the victims. That, experts say, is often the hoaxsters’ goal.
“It’s easy, it’s cheap and very few perpetrators get caught,” said Leonard Cole, a political scientist at Rutgers University in Newark, N.J., who studies bioterrorism. “People do it for a sense of power.”
Among the recent targets:
• Nearly all 50 governors’ offices
• About 100 U.S. embassies
• 52 banks
• 36 news organizations
• Ticket booths at Disneyland
• Mormon temples in Salt Lake City and Los Angeles
• Town halls in Batavia, Ohio, and Ellenville, N.Y.
• A funeral home and a day-care center in Ocala, Fla.
• A sheriff’s office in Eagle, Colo.
• Homes in Ely River, N.M.
The FBI has investigated about 1,000 such “white-powder events” as possible terrorist threats since the start of 2007, spokesman Richard Kolko said. The bureau responds if a letter contains a written threat or is mailed to a federal official.
Advice on what your organization can be preparing to do for such an eventuality can be found at:
www.hse.gov.uk/biosafety/diseases/anthrax.htm
Tuesday, April 14, 2009
Flash Drives - Greatest Threat to Sensitive Corporate Data?
Flash drives are probably the greatest menace to sensitive corporate data. They can store vast amounts of data and are plug-and-play in most computers.
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Thursday, April 9, 2009
Microsoft PowerPoint Warning
On 3 April Microsoft announced that it was investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, the UK Govt is aware only of limited and targeted attacks that attempt to use this vulnerability.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
Wednesday, April 8, 2009
Terrorism - Identifying Suspicious Activity
Templates for guidance on what to do if employees spot suspicious activity, possibly indicative of terrorist planning, can be found at:
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
Tuesday, April 7, 2009
Managing the Risk of Piracy at Sea
The US Department of Transportation Maritime Administration posts useful advice on its website on how to deter piracy attacks, based on experiences off the coast of Somalia. The advice includes:
- An awareness that most attacks occur in daylight.
- Vessels moving at less than 16 knots and with a low freeboard (less than 6 metres) are at high risk.
- Establishing a secure and pre-designated area for crew members to muster.
- Establishing a secure alternative steering location.
- Preparing a list of contact numbers and email addresses for assistance.
- Posting more security personnel and establishing roving watches, and 360 degree surveillance.
- Establishing duress codes for staff.
- Staging of anti-piracy equipment, such as fire hoses and spotlights.
- Removal of any equipment hanging over the side that could be used to gain access.
- Practice anti-piracy drills.
- Using established safe corridors.
- Transiting dangerous areas at maximum possible speed.
- Fullest possible utilization of radar.
- A single point of entry into the house.
- Securing deck lighting, except for mandatory navigation lights.
If under attack:
- Muster, man high pressure hoses etc., and provide a visible deterrent.
- Alter course, fire flares, turn on all lights if at night.
- Sound alarm signals.
- Activate SSAS.
- Notify nearest centre.
If pirates open fire:
- Change course repeatedly if unable to outrun pirate vessel.
- Hose team to remain behind cover until it can be used effectively.
- Use hoses to prevent boarding.
- Remainder of crew to secure location.
- If pirates succeed in boarding, cease resistance.
The link to the site, and other resources on Maritime Security, can be accessed by clicking on:
http://www.arc-tc.com/pages/resources_publications.asp#M
ARC Training offers a one-week course in Maritime Security, in accordance with the ISPS Code, during the period 5-9 October 2009. For more information contact Janet or go to
http://www.arc-tc.com/pages/other_accredited_sm.asp#s3
ARC is an approved TRANSEC (UK Government Agency) maritime training provider.
How Exposed Are You to Fraud?
The Association of Certified Fraud Examiners has produced a useful checklist that tests your company’s “fraud health”. You can access this document at the following link:
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
Monday, April 6, 2009
Guide to Emergency Management
The US Federal Emergency Management Agency produces an excellent guide to emergency management.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
Subscribe to:
Posts (Atom)