Reference Library – England – West Yorkshire
Yorkshire is waging a war on criminals who could wreak havoc on the UK s economy. Sometimes it pays to be slightly paranoid . In an age when crippling cyber-attacks can be launched from a teenager s bedroom, there is much to be said for creating a chain of distrust to protect yourself and your colleagues. A Yorkshire seminar about the rise of ransomware a type of malicious software designed to block access to a computer system until a ransom is paid heard that many firms still needed to take tougher action to vet files and data that could have been sent by criminals. Earlier this year, more than 300,000 computers in 150 countries were infected with the WannaCry ransomware virus after a cyber-attack crippled organisations, government agencies and global companies. The NHS was also badly affected . Some 47 trusts in England including a number in Yorkshire and 13 Scottish health boards were compromised when the virus targeted computers with outdated security.
This crisis provided food for thought when experts in the field of cybersecurity gathered at the Leeds head office of smart telecommunications business aql, whose CEO, Dr Adam Beaumont, is the regional business champion for CiSP, the Cyber Information Sharing Partnership. CisP is a national initiative operated by CERT, the Computer Emergency Response Team, which is part of the Cabinet office. One of the speakers, Thomas Chappelow, the director of Leeds-based Nimbox, a provider of cloud-based secure file collaboration and storage tools, said companies could make ransomware attacks pointless by securing data in a chain of distrust . He said companies should never take for granted where a file has been. Stuart Hyde, the regional leader for CiSP, who was appointed by aql, said there was every likelihood of further attacks, although not necessarily of the same type as the attack which hit the NHS. He said: It s a call out to say these types of attacks can occur and there are lots of things you can do to protect yourself.
Attacks do take place in Yorkshire and the Humber, but luckily we ve got quite a good level of skills to be able to tackle some of those. A number of Yorkshire firms are doing their bit to thwart cybercriminals of all sizes. The Leeds-based technical marketing agency SALT.agency has expanded its services into cybersecurity by releasing a CyberScanner service. CyberScanner is a tool designed by SALT.agency s in-house team which has the ability to scan and analyse websites to test thousands of security vulnerabilities. John Ward, director of operations at SALT.agency, said: Yorkshire is a diverse and forward-thinking region that s attracting some of the most talented people in the industry . It stands the chance of becoming a leader in cybersecurity.
However, he warned that many sizeable businesses were still being complacent about the issue. He said: There s always going to be some sort of hole in the net that will let in the sharks and of course, the bigger the net, the more damage there is going to be. He believes that many leading professionals are unaware of the risks of using unsecure wifi in public places. He recalled: A member of our team set out to simply capture all the wifi signals in a well-known coffee shop in Leeds, to see what we could discover . We found about 85 per cent of all the traffic that came from laptops was unprotected, so we could see exactly which websites they were visiting, and over 72 per cent of the mobile traffic was the same. Although the majority of people were looking at websites like the BBC and LadBible, two per cent contained sensitive information including websites, passwords and other personal information.
Although a number of people use VPN apps (virtual private networks) to communicate, there are still a surprising amount of people who don t. There might only be a handful of companies dedicated to cybersecurity throughout the region, but it s the damage prevention that will really help the economy grow . Cybercrime cost UK businesses 29bn last year and that s not acceptable . Businesses close and people lose their jobs because of preventable security flaws and mild negligence . Take those issues away and we re set for a bright future. David Wall, professor of criminology at Leeds University, believes that smaller SMEs sometimes lack computer security awareness.
He said: Nation-state attacks tend to be on infrastructure, like utilities and other services . Britain seems to be well equipped to counter such attacks, although you do not hear about many of these. Businesses and organisations can be attacked, but they do seem to have, or they are developing, business continuity plans . The recent WannaCry ransomware attack was a major wake-up call with regard to cyber-attacks in the region. Prof Wall believes Yorkshire has built up a critical mass of talented people who can send cybercriminals packing. He added: We have a history of developing experience in this area . Don t forget that we have had a number of major online banking and finance businesses in the region for many years, and the security experience from these has helped motivate others to think about cybersecurity. We have also had the two main universities in Leeds working on different aspects of cyber-security. It is now 20 years since Leeds University first started researching and teaching cyberlaw and cybercrimes, subjects that have remained popular ever since.
Leeds Beckett has recently developed a cybersecurity unit in its computing department and there is also expertise in Sheffield Hallam University. David Porter, the cybercrime investigator at Yorkshire & Humber Regional Cybercrime Team, added: The businesses I have interacted with across the region take cybersecurity seriously, and invest heavily in their systems, processes and people to safeguard personal data, business infrastructure and their clients. Recent events in the UK have tested organisations and businesses, but it s a testament to their approach to cybersecurity that there has been minimal impact in Yorkshire.
Yorkshire s businesses are increasingly exposed to cyber-attacks, accidental breaches, and an ever-changing regulatory environment, according to Thomas Chappelow of Nimbox, which specialises in protecting confidential data. Mr Chappelow said: According to the Government s 2017 Cyber Security Breaches Survey, just under half of all UK businesses admitted at least one cybersecurity breach or attack in the last 12 months . This number rises to two-thirds among medium-sized and large firms . In short, cyber-breaches affect most businesses. We are living in an age of big data , whether we re prepared for it or not . We re all collecting more and more data, without necessarily adapting our business systems and processes to protect.
We started our company in Yorkshire, because we saw an opportunity to tap into the huge pool of both qualified and aspiring and I dare say, underused cyber-professionals in the region . In Leeds, we have access to three university cybersecurity centres, filled with academics who produce valuable research into the issues we re all facing; a vibrant technology hub; and a specialist police unit that helps businesses to fight back against the tide of attacks.
On 18 August, at Leeds Magistrates Court, Aaron Mohammed was fined for working without an SIA licence. His company, Twenty Four 7 Security & CCTV Ltd, was also prosecuted for supplying unlicensed guards. Aaron Mohammed pleaded guilty to all the offences, on 21 August. The court fined him 100 and ordered him to pay costs of 2,251 and a victim surcharge of 30. The company itself was also fined 100 and ordered to pay costs of 2,251 and a victim surcharge of 30.
The court stated that all the fines must be paid in full by August 2018 when Aaron Mohammed is released from the custodial sentence he is currently serving for unrelated matters. Our Head of Criminal Investigations, Nathan Salmon, said:
Aaron Mohammed was not licensed to manage or supervise those engaged in licensable activity. He supplied unlicensed security operatives to his customers and ignored numerous attempts by us to engage with him. Throughout 2017, we have been investigating a number of security businesses in West Yorkshire, all appear to be closely linked to each other. We will continue to pursue and take action against those businesses that flout the regulation and are determined to root out poor business practices.
We began investigating Twenty Four 7 Security & CCTV Ltd as part of a crackdown on security companies who were suspected of deploying unlicensed guards. We established that Aaron Mohammed had secured a contract to guard at seven sites across the Leeds and Bradford area of West Yorkshire.
On several occasions, from December 2016 to January 2017, we requested information relating to contracts. All the attempts we made to engage with Aaron Mohammed and his company were ignored. To investigate further, in December 2016, our investigators inspected several sites and found two security guards working without a licence at two sites. Deploying unlicensed security operatives constitutes an offence under the Private Security Industry Act 2001.
The security guards stated that they were employed by Twenty Four 7 Security & CCTV Ltd and explained that Aaron Mohammed was their boss. This led our investigators to check whether Aaron Mohammed was licensed as director of the company; he was not and this is also an offence. Aaron Mohammed was formally interviewed in June and admitted to being unlicensed as a director, supplying unlicensed guards and ignoring our requests for information.
- The Security Industry Authority is the organisation responsible for regulating the private security industry in the United Kingdom, reporting to the Home Secretary under the terms of the Private Security Industry Act 2001.
The SIA’s main duties are: the compulsory licensing of individuals undertaking designated activities; and managing the voluntary Approved Contractor Scheme.
- For further information about the Security Industry Authority or to sign up for email updates visit www.sia.homeoffice.gov.uk.
AUGUST is a good month for break-ins, because many of us leave our homes unoccupied while we hightail it to Tuscany or Torremolinos . But a remotely controlled security camera back home can be as good as – or better than – a house sitter. The current fad for home automation products has spawned a raft of cameras that record what is going on and allow you to access the footage from wherever you are . They don t actively deter intruders but they do arm you with the evidence if you need it . More importantly, perhaps, they provide some peace of mind when home is far away. All of them work in more or less the same way, connecting to the internet and uploading footage to a cloud, from where it can be accessed by PC or phone . Most have sensors that can start recording when movement is detected, and some can be panned and swivelled remotely.
But while the technology is similar, the business models of the manufacturers vary greatly . In particular, some require you to pay a monthly fee to record and play video; others include everything in the purchase price. Recording and playing back your footage is a must for practical use . Any camera will let you watch live, and many will alert you when they detect something, but unless you can search and see events retrospectively, your evidence will vanish into the breeze. Less essential but still useful features on some models include the ability to store footage on an SD card in the camera itself, and two-way audio to communicate with someone back home. All security cameras have companion apps that let you watch footage on your phone, but the design and functionality of these varies enormously . The market has matured greatly in recent years, and the interface of my BT Smart HomeCam from 2014 seems rudimentary now. The Evo range from Y-Cam is among the newer entrants to the market, offering seven days rolling cloud storage of video clips for the first three years, as part of the upfront 129 . The range includes indoor and outdoor models, and can he had as bundles at a slight cost saving.
It is by selling you more than one camera that manufacturers try to lock you into whatever subscription model they are offering . The outlay is too great for you to replace them all and go elsewhere, they figure . But there are also advantages to you, since you can view and control all your cameras from a single app, like a security officer in a shopping mall. Security cameras typically record video in high definition, though not necessarily the highest available, and HD recording tends to be used as a sales incentive . In fact, for security use the definition hardly matters – the ability to compensate for bright sunlight and to shoot clearly at night is far more useful . A lens with a wide field of vision is also worth having, so you can position it without blind spots. Where to place these cameras is an art in itself . Nearly all need mains power, and it s a challenge to run cables discreetly along walls without compromising the view . It s also worth bearing in mind that if the power to your home is cut, so is the video feed.
Your intended use for a security camera – child minder, pet monitor, web cam – will dictate the functions you need, but even from those few examples, it s plain to see how easily they could become part of your life.