INVESTIGATORS & SECURITY CONSULTANTS

Blog

Police seize £7m of Fakes in Scotland and Warn of the Link to Organised Crime

It was announced that counterfeit goods valued at around £7 million were seized by police in Scotland last year as Justice Secretary Michael Matheson launched the Government’s report into Scotland’s gangs.

Officers made nearly 3,000 arrests of people known to be involved in serious organised crime.

According to the report the most common business types are licensed premises, restaurants, building and construction companies, taxis and nail bars.

More than two thirds of the gangs operate on the west coast, just 22 per cent are based in the East and 11 per cent in the North. Sixty-seven per cent Scotland’s gangs are funded by drug crime, the report says, with cocaine the biggest seller.

The report also says the Government took £9m off individuals and companies involved in criminal activity in the last 12 months, taking the total seized through proceeds of crime legislation in the 14 years it’s been in operation to more than £100m.

Matheson said: “Tackling organised crime is about much more than police raids and court trials. We need to work collectively, in our communities to tackle the harm caused by serious organised crime, to stop the cycle of deprivation and, crucially, give those involved in these activities the chance to turn their lives around. With the right education we can prevent people, including our young people, from being recruited into a life of crime.”

New Lord Advocate James Wolffe QC, warned shoppers to be wary of buying fakes: “The public should be aware that counterfeit goods are often the product of serious organised crime and that by buying such goods you could be funding groups who deal in drugs and human trafficking. And if you buy goods which you know to be stolen then you could also be prosecuted under the Proceeds of Crime Act.”

For the full story http://www.thenational.scot/news/public-warned-over-underworld-links-as-police-seize-7m-of-counterfeit-goods.24385

How to Mitigate Risk with Pre-Audit Company Checks and Actions

Security Checks Companies can make for themselvesHow to assess the safety and security of your company

In this article we will examine how your organisation can mitigate risks by regularly carrying out essential security and safety checks.

We will consider:

  • Why is it important to review the security and safety of your organisation?

  • How to carry out a security check.

  • What are the common risks and threats that you should check and consider?

  • What are the specific threats and risks for your organisation?

  • How you can control and manage risks.

  • How often should you review your facilities, procedures and policies?

  • What are the benefits of employing a security consultant to carry out an external audit?


Why should you carry out a security and safety survey?

The ultimate purpose of undertaking a security survey is to determine the most cost-effective and practical ways to protect your assets: your people, property and information.

Imagine an onion. At the core of the onion is your business or organisation– containing all of your assets (property, people and information). All of the things that are essential to your operation are in the centre of this onion, beneath many protective layers. If you think of your organisation as being like an onion, then the more layers of security protection around your core business, then the more secure and safe you are likely to be.

Of course, the threats and opportunities for criminals or competitors to cause damage to your organisation have always existed. However, in the technological world of the twenty-first century, crime happens both in the real world as well as online, in the virtual world of the Internet. By taking these steps to review and check security, you are reducing the risk of becoming a victim of crime.

How do I carry out a security check?

You can perform many of the simple checks yourself: This article contains useful information and key questions to help you review your company’s security practice and procedures. In order to carry out an effective survey, we recommend that you:

Do not pre-announce or publicise when or where you will be carrying out a security or safety check. If your staff know when it is, then they are likely to deviate from their ‘normal bad habits’ – whereas an unannounced inspection will instantly identify any processes or policies that expose weaknesses or risks to your business. Remember, their safety and security is one of the reasons why you are carrying out this review.

  • Have floor plans and site diagrams labelled with control systems to help you identify current and potential security and safety risks. By using the plan you will be able to identify the profile of each building, number each door and be able to carry out regular checks.

  • Work systematically and thoroughly, using the guide below to help you. You have to ‘think like a criminal’ and spot existing and potential risks and weaknesses in your organisation.

  • It is recommended that you record your findings and create an action plan. This plan will state the issue and the safety and security measures and procedures you have installed to mitigate risk.

What are the common risks and threats that you should check and consider?

When you review the security of your organisational assets (property, people and information), you need to consider how you control and manage risks:

  • Fixed assets – property, physical assets (e.g. office equipment & specialist products/machines – depending on the nature of your business).

  • Technological assets – computer systems and servers, storage of information and data (both physical systems and data backup/cloud based storage).

  • Staff assets – What appropriate action do you take to safeguard your assets, when employees leave your company?

  • As you perform your security and safety checks, review your organisation’s provision, processes and policies.

Below, we have listed the simple things you can check for potential weaknesses, opportunities and threats.

Premises

  • Are fences, walls, security and locks on windows and doors secure?

  • Can perimeters be scaled or breached?

  • Are the CCTV cameras in good working order?

  • Who is responsible for the maintenance of security systems in your organisation?

  • Are the alarm systems working?

  • Are CCTV cameras and alarm systems serviced and tested regularly?

  • Where is this information recorded?

  • How easy is it for visitors to access your premises?

  • Are staff vigilant? Do they know how to report risks?

  • Are visitors challenged by staff and asked to sign visitor book and show ID?

Policies and Procedures

  • Do you have an effective passcode / key policy in place (for locks)?

  • Do you change electronic door entry codes regularly?

  • If using locks with physical keys, how effectively does your key usage policy work in action?

  • Are physical (and virtual) keys stored securely?

  • What controls are in place and fully working with respect to access to restricted access areas (e.g. mail rooms and server rooms)?

  • How effective is staff induction and training?

  • Are staff aware of their security responsibilities (e.g. they have to wear IDs at all times)?


Staff

  • Are staff following security policies?

  • Do staff pose security risks such as holding doors open to strangers and lending their passes to others?

  • Do staff know how to report security issues?

  • Are security staff trained?

  • How do you monitor their job performance?

  • Is CCTV monitored at all times?

  • What happens when they spot a potential risk?

  • How do you vet staff and ensure you are employing the right people?


Technology

  • How do you back up electronic data?

  • Is it on site?

  • Are back ups stored separately from main data? Where? How?

  • How effective are the security arrangements to protect servers?

  • Who is responsible?

  • How often you make adequate backups (so you can recover critical data or information, if it is damaged or stolen.

  • How well are you protected against Viruses, Malware or Ransomware?

What are the specific threats and risks for your organisation?

It is impossible to list all of the risks for every organisation: that is why employing an independent security consultant to review your organisation’s security and safety is a worthwhile investment. But there are some simple things you can control and manage to mitigate your risk, and reduce the chance of becoming a victim of crime.

How can you control and manage safety and security risks?

Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a sufficient budget to allocate to risk prevention. They review their policies and practices regularly:

  • A senior member of staff is appointed as ‘Security Liaison Manager’, and is responsible for resolving any security issue as soon as is practically possible. All staff are responsible for spotting and reporting security lapses or issues to this manager.

  • A strict policy is in place for Key holders and access arrangements.

  • The company belongs to a Business Watch scheme.

  • You should create a security register, where you can record:

    • Your assessment findings;

    • Details of any security systems already in place;

    • Alarm systems;

    • List of the key holders;

    • A plan of the premises, labelled with building and door numbers;

    • Your security action plan, detailing what needs to be addressed, when, who is responsible, the allocated budget and the timeframe.

How often should you review your facilities, procedures and policies?

These simple checks can be completed once a month. In practice, most companies perform these checks four times a year, but it all depends on the particular risks associated with your organisation such as your physical location and surroundings and the nature of your business. A security consultant will be able to advise you on the best course of action.

What are the benefits of employing a security consultant to carry out an external audit?

Whilst this article focused on the simple checks you can make yourself, we recommend that you appoint one of our trusted security consultants to independently assess and check security in your organization. They will expertly advise you on how to mitigate risk, based on your organisation’s unique circumstances and the specific risks you face. However, as we have explained, there are many simple checks that you can do yourself to keep your company safe and secure.

How Organisations Can Avoid Data Breaches And Thus Meet Their Security Obligations

Circuit board with lockStay on top of security developments by following these five pieces of advice

With cyber attacks becoming increasingly common in the present day, it is vital for companies to ensure that they keep their data safe from breaches. If a data breach occurs, your company’s financial information will be at risk, as will potentially sensitive customer information. As well as being bad for the image of your business (and losing you several customers), data breaches can make companies liable to pay fines. This is due to the fact that the Data Protection Act of 1998 legally requires companies and other organisations to keep people’s private information safe and secure, imposing penalties if this requirement is not fulfilled. Good security is thus not just convenient for you, it is also an obligation. Luckily, it is pretty easy to keep your IT infrastructure safe from attack – all that you need to do is to cover the five basic points listed below. If you do not feel comfortable covering all of the baselines below yourself, then hiring an IT professional to do so for you is a smart choice.

1. Keep your IT infrastructure in good health

Knowing and understanding your IT infrastructure is an essential first step for keeping it safe and sound. Get to know what types of software you are using and what new updates or patches are available. Install new security and safety features as soon as they become available. Ensure that you know where and how your infrastructure intersects with the law: what types of security are you legally obliged to provide? Make sure that you provide that level of security as a basic minimum. Under the Data Protection Act, if you take no action to attempt to prevent or to halt a data breach then you can become liable for even bigger fines. This was the case with Talk Talk last year when they were fined £400, 000 (a record amount) for a data breach that saw sensitive customer files leaked. Monitor your IT infrastructure at all times to make sure that you catch any attempted breaches as soon as possible, and, when a breach does occur, use it as an opportunity for learning: attempted breaches can teach you numerous things, including where your company’s perceived weak points are when it comes to IT infrastructure and also what hackers’ current methods are. If a data breach does occur and you have fulfilled all of your legal obligations under the Data Protection Act, then it is unlikely that you will have to pay a penalty.

2. Opt for automation to keep your security up to date

Monitoring IT security should be a 24/7 job as attacks can happen at any time. That is why it can be hard for human eyes alone to monitor every aspect of your IT infrastructure. So, why not put in place encryption policies, intrusion detection and prevention programs, regular automatic assessments (where the system checks itself for weak spots and security breaches and applies patches and updates where necessary) and backup programs that prevent files from being lost permanently if a hacker attempts to wipe your system’s memory. Another good policy to put in place is to stop new files from downloading automatically until they have been checked manually, as a key method of cyber attackers is to send you a malicious file to download as an email attachment. These automatic features will keep everything safe and secure whilst you get on with running or working for the company.

3. Educate all company members about IT security

Get everyone on board when it comes to monitoring the security of your IT infrastructure. Train employees to encrypt their information and to recognise attempted cyber attacks. Create a set of employee regulations which require employees to encrypt and password protect the data that they use and to apply software patches where necessary. Think about where your company’s hardware is, too, and where necessary prevent employees from taking hardware home. If it gets into the wrong hands, a single lost laptop can result in a huge data breach. One very good policy to implement here is data minimisation: this means only sharing data with the minimum number of top level employees. The fewer people who have access to data, the less likely it is that employees’ negligence will facilitate a data breach.

4. Have a detailed plan about what to do in the event of a data breach

Plans about how to respond to suspicious activity (which, of course, you will be monitoring as per step 1 above) should be built in to your day to day IT policies. Set up real time alerts which enable you to identify threats straight away and then have a plan that you can quickly put into action to protect sensitive information – for instance, shutting down some parts of the system or getting a resident IT professional right to work on creating barriers for hackers. Integrate prevention and response strategies into your day to day operations, for instance by informing employees about attempted data breaches so that they can change their passwords instantly. Be aware of your legal obligations when it comes to reporting attempted breaches: remember, if you take no action to repair or report a breach you can become liable for penalties. And, if an attempted breach does occur, make it part of your policy to analyse the breach to help you to be stronger against the next attack.

5. Be smart about who you hire

Hiring an IT professional (or a team of professionals) to keep your IT infrastructure safe is a very good idea. Think of this additional hire as an investment rather than a loss of money! After all, the average cost of a single data breach last year was over £100, 000 for a UK company. Do not just look close to home, either: tap in to the global talent pool to ensure that you hire the perfect person for the job. Many security professionals can work remotely for much of the time (though there are definite benefits to having an in house professional keeping an eye on your IT security) so you could even hire a team that involves someone in a different city or country if needs be. Find out who the best qualified security professionals are and offer them an attractive post to tempt them over to your company. As well as this, it is important to include some elements of IT security training for all of your staff – not just those people whose job it will be to protect your IT infrastructure. If any potential new employee comes to you and you see that they have experience or qualifications that relate to cyber security, then that should definitely figure as a huge positive for your company! Hiring a dedicated person, or group of people, to deal with your company’s cyber security, moreover, is very good for business. It shows the world that you care a lot about keeping all of your customers’ and also any business partners’ data safe and secure at all times.

Warning to Councils over Cuts to Statutory Services

A Council’s eleventh hour decision to conduct a more wide-ranging review of its trading standards function has served as a reminder to other authorities to think carefully about their statutory duties when making cuts – or risk being hauled before the courts.

Liverpool City Council has faced a two-year legal challenge from a former employee after it slashed its trading standards officers from 19 to four. The former employee is being supported by the Chartered Trading Standards Institute (CTSI).

Trading standards is responsible for discharging about 250 statutory duties1 concerning everything from disease outbreak and medical weighing equipment to product safety and rogue trading.

The council has now agreed that it will appoint an independent and professionally competent person to conduct a review. It must consider statutory and European Union consumer protection duties as well as the government’s enforcement priorities.

It is second time Liverpool City Council has faced pressure to review its trading standards services, in light of cuts. Last week’s contempt of court proceedings, at the High Court sitting in Manchester, were expected to focus on whether an earlier review was adequate.

By agreeing to the second review the council has not admitted any wrongdoing. Experts say the issue has far reaching consequences for councils that are having to make difficult choices on how to deliver essential services, while faced with unprecedented cuts.

A CTSI report found2 that the total GB budget for trading standards has fallen from £213 million to £124 million, since 2009, resulting in a 53% cut in staff. Meanwhile, shoddy goods and services are known to cost the economy £23 billion3 while fraud alone is estimated to cost a further £52 billion4.

Professor Keith Brown, director of the National Centre for Post Qualifying Social Work at Bournemouth University, said robust trading standards services are essential for the delivery of adequate adult social care5.

He said: “Section 42 of the Care Act requires local authorities to protect vulnerable people from financial abuse but most councils only prosecute one or two rogue traders a year.

“The Office of Fair Trading tell us that 6.5% of adults have fallen victim to mass marketing scams. That’s just one type of scam but it gives you an indication of the scale of the problem.”

Jonathan Goulding, a barrister with Gough Square Chambers, said well-funded and well-staffed trading standards departments are essential to protecting consumers from the many unfair practices they face.

He said: “It’s encouraging that the Liverpool review will consider consumer protection duties and it will be interesting to see the weight given to them in the exercise of decision making and the funding of essential services.”

Leon Livermore, chief executive of CTSI, said it was not just statutory duties that place obligations on councils.

He said: “Councils must also consider the government’s enforcement priorities, the first of which focuses on consumer protection, doorstep crime, counterfeit goods and mis-selling by measurement.

“Rarely have we been able to find any reference to these trading standards duties being taken into account and it will be interesting to see Liverpool consider them.”

Liverpool City Council’s trading standards services first came to the attention of the courts when its former employee, Stephanie Hudson, sought a judicial review. The council instead agreed to conduct a review by way of an undertaking.

Mrs Hudson, who has now left the trading standards profession, said it was extremely worrying that councils were making cuts with little regard to how they will discharge their duties.

She said: “Liverpool showed they have no knowledge or understanding of the value of trading standards, that’s very clear. The amount they spend on trading standards is very small, but its impact is quite immense.”

http://www.tradingstandards.uk/extra/news-item.cfm/newsid/1964

 

Conference Looks to Shape Global Response to Intellectual Property Crime

Shaping international action against evolving threats to intellectual property is the focus of the 10th International Law Enforcement Intellectual Property (IP) Crime Conference in London.

Globally recognized as the leading IP law enforcement conference of its kind, the event brings together some 500 senior police leaders, government officials, and security and industry experts from more than 100 countries. They will seek to further strengthen partnerships and best practices against IP crime, and review emerging crime trends in areas such as 3D printing.

The two-day conference (19 and 20 September) is co-hosted by INTERPOL and the City of London Police, in partnership with UL (Underwriters Laboratories).

“The global response to Intellectual Property Crime has come a long way in the last ten years, as has the global partnership work to disrupt criminality. The key to this is through the cyber disruption we coordinate with our industry partners, with the support of the Intellectual Property Office, INTERPOL, EUROPOL and overseas enforcement colleagues,” said Ian Dyson, Commissioner of the City of London Police.

“Preventing harm to consumers from potentially dangerous counterfeit goods and preventing livelihoods supported by industries affected by IP crime will remain a primary focus for us over the next decade, as we adapt our expertise in tackling every new challenge on the horizon,” added Commissioner Dyson.

INTERPOL’s Executive Director of Police Services, Tim Morris, said that since the creation of INTERPOL’s IP crime unit in 2003, its activities undertaken worldwide with partners had led to seizures valued at more than USD 500 million, and the training of thousands of law enforcement officers.

“One challenge that has remained over the years is that the demand for counterfeit or pirated goods remains widespread, due in part to consumer perception that IP crime is a ‘victimless’ crime, when the opposite is true, as testified sadly by the many victims of counterfeit cough mixtures, alcohol or electric goods,” said Mr Morris.

With IP crime fueling insecurity, impacting health safety and preventing economic growth, Mr Morris said that INTERPOL was streamlining its global efforts against rapidly evolving IP and pharmaceutical crime under its new Illicit Goods and Global Health Programme.

“This event has developed into a vital platform gathering public and private sector organizations to share best practices, develop new tools and create stronger partnerships to advance our common purpose of combatting transnational organized IP crime, promoting safety worldwide and developing joint initiatives,” said Keith Williams, President and CEO, UL.

Earlier this year a joint INTERPOL-Europol operation which also involved regulatory authorities saw the largest-ever seizures of fake food and drink in a bid to protect public health and safety and disrupt the organized crime networks behind the trafficking in fake goods.

Operation Opson V led to the seizure of more than 10,000 tonnes and one million litres of hazardous fake food and drinks across 57 countries.

“For our common response to remain relevant as transnational organized crime evolves, it must also tackle the links between this crime and others – such as human trafficking, drugs, terrorism and cybercrime, and build our capacity to address it,” said Michael Ellis, head of INTERPOL’s Trafficking in Illicit Goods unit.

In this respect, the last decade has also seen the successful development of the International IP Crime Investigators College (IIPCIC), an INTERPOL Initiative undertaken jointly with UL University.

The online training platform has evolved into a highly recognized learning tool for law enforcement globally, accessed by 12,000 users from more than 140 countries. INTERPOL plans to further evolve IIPCIC into a broader consortium of partners from academia, police and private sector, expanding especially in China with support from its Ministry of Public Security and China Police colleges.

Action Against Camden Pirates

In September alone Surelock, acting on behalf of TRAP (Trademarks and Rights holders Against Piracy) and other clients, have assisted officers from Camden Trading Standards and ACG members carry out enforcements on a major screen print factory / warehouse, seven retail stores, two large stalls dedicated to music merchandise and a street market in Camden High Street area, cleaning them all of counterfeit goods. Our thanks goes to the hard work and dedication of the team at Camden TS.

sam_2722

Are Private Investigators Only Hired By The Rich And Famous?

Portrait of confident male entrepreneur in front of car and private jet
A question I was recently asked “Are private investigators only hired by the rich and famous?”
and my answer “Absolutely no, not at all!”
In this day of ever stretching resources, private investigators certainly fill a very important gap in many different areas. We are experts in our field, qualified, accredited and professional but with something a little bit special; we are approachable. I’ve chatted to people who just want to tell someone that something awful has happened to them and get some direction of how to deal with it. Sometimes it’s just that old saying of “a problem shared”.

There are companies that know they are losing money through fraudulent activities but just don’t know where to start unravelling and making sense of what is taking place, how to prevent it happening in the future or putting a package of evidence together to obtain the desired outcome. That’s when we are more valuable than you could have envisaged, and absolutely worth thinking about. Known for tenacity, we have assisted in many a court case where just that extra search provided the evidence that swung the case in the client’s favour, saving the possibility of huge costs awarded against them. There is something quite rewarding in knowing you are right and succeeding in proving it; sometimes you just need the help of someone who knows which direction to channel the investigation to prove that fact for you.
Budgets get cut and the thought of hiring a private investigator may feel hard to justify, but what if “ghost workers” are your scary thought? You’ll be amazed how often it takes place and how easy it is to task us to prove their existence for your company. Ultimately an investigation could save you more than money in the long run; a company’s reputation is often priceless.

Unfortunately, it is a sad fact that sometimes the police just don’t have resources to find the evidence needed to classify a crime as worthy of investigation. That is where we can make a major difference. We can investigate and package the necessary evidence that makes that crime committed against you or your company one which shows there is evidence supporting the crime classification. Moreover, the eventual outcome may be the difference of a prosecution.

Health and safety audits can be put into place to check workers are adhering to company policy, which can make you significant savings in a court case. We have experience of regular checks with various companies where we report back failures and successes. Look at the bigger picture of what can be achieved; sometimes a pat on the back will keep that workforce you have trained, happy and content, sometimes it can save a life. Again, that’s priceless.

Peace of mind is sometimes invaluable. Surveillance can be performed to give you peace of mind, to prove something or to negate something. Our eyes and ears become your eyes and ears. Pictures say a thousand words. That could be a strapline!

So, how long is that piece of string? I’m not saying rich and famous are not welcome, but don’t ever let it think you are not worthy of our services because you are not rich and famous!

Subscription Trap

SUBSCRIPTION TRAP

The word trap is usually not a nice word. Instantly a device designed to catch and retain an animal springs to mind, or a trick planned to deceive someone or catch them unaware. Okay, so trap music seems to be one form that’s not so awful depending on your music taste (Oh dear – switch if off quick it really isn’t for me!) AND of course there is TRAP (Trademark and Rightsholders Against Piracy) who we know do excellent work to protect the public from purchasing counterfeit products whilst enabling artists, actors, athletes and musicians to provide their fans with official merchandise.

Someone I know recently was caught in a subscription trap and it caused me to look a little deeper into the whole trap area and it does what it says on the tin. It tricks someone into subscribing to a service or goods by offering the person a free trial believing that they will only be paying for the postage of that item by using a debit or credit card (my instinct on giving debit or credit card details makes me question anything first, but as consumers we are all getting a little less cautious using cards online).  Once the subscription trap company have those details they set up a continuous payment authority (CPA) and the trap is set.

Trading standards and Citizens Advice Bureau helped my friend who had responded to a pop up advert whilst visiting a respected High Street store’s online shop. The advert offered a sample of face cream and within seconds the trap had been activated. Luckily she realised quickly and managed to cancel her credit card so the loss was minimal. The subscription trap company tried to make her feel that by cancelling the service, she would be put on a consumers black list and her credit worthiness would be challenged on any future purchases elsewhere. Indeed cruel for an honest person who has never been in debt to contemplate.

Citizens Advice state that women aged 50 to 64 are most at risk from subscription traps offering health and beauty related products. Their survey highlights that as many as 2 million consumers in Great Britain have had a request to cancel a CPA for subscription declined by either the company or their bank/card provider. Far too many are getting caught and stuck in the trap and we need to highlight this to stop those numbers increasing.

Check out National Trading Standards eCrime which has been set up by the Department of Business, Innovation and Skills to investigate online scams and rip offs of nation significance. http://www.tradingstandardsecrime.org.uk/ and also Get Safe Online, who state they are UK’s leading source of unbiased factual and easy to understand information on online safety, offer free expert advice both personal and business https://www.getsafeonline.org/

I’ve always used the saying “If there is a bargain in one shop, I’m in the shop next door”. Maybe it’s not such a bad place to be.

Surelock is a Member of the “Real Deal”

REAL DEAL TAG &strap 2

Surelock is now a member of The Real Deal.  The Real Deal campaign is a cross-sector, partnership initiative, bringing together local authority trading standards services, market operators and traders, industry groups, and copyright and trademark owners, all of whom are united with a common commitment to tackling the problem of illicit traders at markets who sell counterfeit and pirated goods.

http://www.realdealmarkets.co.uk