New HoloKote FLEX™ Watermark – Flexible Visual Security Without the Cost
Magicard’s HoloKote FLEX takes ID card security to a higher level. Your custom watermark can be as large or small as you want it.

Your logo is programmed into a HoloKote FLEX Custom Key, a secure encrypted memory card which plugs into your Magicard Rio 2e, Tango 2e, or Tango +L printer.
The key benefits of HoloKote FLEX are:
Custom visual security without the high cost and long lead time of special holographic laminate or UV films. Your Magicard printer does the job, placing the watermark on your card using standard consumable ribbons.

No ongoing additional printing costs. A modest one-time set up charge gets you a custom HoloKote FLEX key within days, holding your encrypted logo. That’s it. You can then print as many cards as you want with your custom design.

Secure – your design is guaranteed to be unique.

“HoloKote FLEX is an enhancement of the popular HoloKote watermark security that thousands of Magicard customers have used to secure their ID cards.” said Andy Matko, Magicard Business Manager. “While the legendary HoloKote, available only on Magicard printers, uses a repeat pattern on the card, HoloKote FLEX is …. Flexible! It offers an excellent alternative to costly holographic laminates and is truly secure because your HoloKote FLEX logo cannot be copied.”

No tags

Getting rid of obsolete IT gear isn’t as simple as it used to be. The threat of data loss, coupled with increasingly stringent environmental regulations, has IT pros rethinking their disposal methods.

“In the past, electronic equipment disposal was more of an asset-accounting issue, handled by the financial group. Now we track computing equipment from cradle to grave, recording the final disposition and using checklists to assure that data was appropriately removed,” says James Kritcher, vice president of IT at White Electronic Designs in Phoenix.

It’s about time, analysts say. According to research from IDC, Gartner and the National Safety Council, about 1 billion computers will become potential scrap between now and 2010, and 150 million obsolete PCs are currently sitting in warehouses, storerooms and closets.

“I have yet to visit an end-user IT organization without the infamous IT closet full of aging equipment that probably holds critical data. But removing that data is still not seen as a pressing business issue,” says Joe Pucciarelli, a research director at IDC. “Anyone relying on ignorance of the threat as a business strategy will be unpleasantly surprised.”

It’s entirely possible that someone could salvage and steal data from computing equipment that is improperly disposed, Pucciarelli says. “Five or 10 years ago the risk might not have been as high, and network executives certainly weren’t aware of it,” he says. “Today a company could be considered negligent if it isn’t aware of the risk of old equipment becoming compromised. The bad guys will figure out how to get through the holes and compromise corporate data.”

If that happens, companies stand to lose millions. A 2006 study by the Ponemon Institute found data breaches cost companies an average of $182 per compromised record, a 31% increase over 2005. According to the Privacy Rights Clearinghouse, more than 330 data loss incidents involving more than 93 million individual records have occurred since February 2005.

While most IT experts are doing all they can to safeguard active systems against such breaches, they need to be equally diligent about protecting inactive equipment from prying eyes.

A data loss along the lines of what happened at University of California at Los Angeles, where a breach exposed 800,000 records, “would be crippling for us,” says Chris Holbert, COO and CIO at LaunchPad Communications in Los Angeles. “Corporate intellectual property needs to be guarded. Even if it is mundane or seems outdated, it is critical and we need to ensure no unauthorized parties gain access to that company data — even after its end of life.“

Businesses also face the threat of fines from government agencies if their equipment turns up in illegal dumping sites. While laws vary among the U.S. states, the federal Environment Protection Agency’s Resource Conservation and Recovery Act provides guidelines for both businesses and equipment makers in reference to reuse, recycling, donating and disposing of computer equipment.

Computing equipment can contain toxic or hazardous materials such as lead, mercury, cadmium and chromium. According to U.S. government researchers, 500 million computers contain some 6.32 billion pounds of plastics and more than 1.5 billion pounds of lead.

To help tackle the disposal problem, vendors such as Dell, HP Financial Services and IBM have come up with asset recovery and recycling services designed to help companies get the most of old equipment, ease the recycling process and mitigate the risks of illegal dumping.

According to HP, as much as 90% of IT equipment can be resold if it’s processed promptly after coming offline, but every day it sits in a storeroom the value drops and the likelihood of a theft or a security intrusion increases. Separately, IBM reports that with recycling and reuse options, just 2% of the equipment that is processed through its Asset Recovery Solutions business ends up in landfills.

One IT executive who wishes to remain anonymous says HP’s recycling services help ensure his company doesn’t suffer a public incident while also following an environmentally friendly approach.

“We want to keep ourselves out of landfills and out of the papers if God forbid something happened,” says the head of PC infrastructure and architecture at a financial services firm. “We are buying HP equipment and sending it back so it’s not a big financial win, costs are flat. But we like the idea that the next wave of our equipment might be made partly of recycled materials.“

Scrubbing systems clean

To ensure data is entirely removed and equipment disposed of lawfully, Kritcher says his organization revamped its processes and started working with Dell for equipment recycling services several months ago, following a string of news about other company data breaches.

“The last thing you want is to have your discarded electronic equipment sitting in a landfill with your asset tags — regardless of how they got there. Even worse, there could be recoverable data on the drives,” he says.

Also, because White Electronic Designs is a contractor with the Department of Defense, it must adhere to stringent confidentially rules. IT staff routinely erase all data from desktops, laptops and servers, for instance, using software tools or by physically destroying the media.

“We sanitize the drives and when we have 10 or more units, we send them to Dell for disposal,” Kritcher explains. “We receive reports of the items recycled, which can then be reconciled to our records for an airtight audit.“

Kritcher’s staff uses DataEraser from Ontrack Data Recovery for overwriting disks. It’s one of a handful of products — including Stellar Wipe Data Eraser Utility, KillDisk, Shred-it and the freeware application Eraser — that wipe information from hard drives by degaussing (neutralizing the magnetic field) and using patterns to eliminate data files in different directories.

At White Electronic Design, IT staff boot DataEraser from a CD or floppy. Once executed, the program performs a degaussing process by flipping each magnetic domain on the disk back and forth “as much as possible without writing the same pattern twice in a row,” Kritcher says. A minimum of three passes is required to “overwrite all addressable locations with a character, its complement and then a random character.” He says the process can take between one to three hours, depending on the speed of the computing device.

For some devices, physical destruction is warranted. It’s generally done “with a large hammer, rendering the device unusable and bending the platters,” Kritcher says. If a hard drive that once contained sensitive data has failed and is inaccessible, he will bring it to a local vendor who will “pulverize or shred the hard drive.”

DIY destruction

While some companies work with vendors to secure and dispose of old gear, others wipe data internally and resell the equipment to staff or donate it to charitable organizations.

Bruce Bonsall, CISO of MassMutual Financial Group in Springfield, Mass., says when his organization turns over PCs — a few thousand at a time — each is thoroughly scraped and tested to ensure it is clean. The IT team uses various devices to remove the data and a computer forensics expert on staff tests PCs following the cleaning process to ensure the data is gone.

“The data must be removed before the PCs can be scrapped, donated to schools and other nonprofit organizations. Allowing the confidential information of our employees, distributors and customers to fall into the hands of people who don’t have a need or right to see it would be irresponsible,” Bonsall says.

For Ross McKenzie, IS director for the Bloomberg School of Public Health at Johns Hopkins University in Baltimore, the process of removing data and recycling equipment for use among employees provides both network security and job satisfaction.

“There is a good feeling when you know you didn’t just throw something out, that you protected your organization and gave something back without being completely wasteful,” he says.

Processes in place at the university since the late 1990s include using Disk Wipe from DTI Data to scrub hard drives. A few IT staff will take on as many as 75 machines at a time, every few years, McKenzie says. In some cases staff employ less technical methods, such as using tin snips to cut up the platters on hard drives to ensure there will be no breaches down the road.

“We will go as far as physically destroying the hard drive depending on the sensitivity of the data,” McKenzie says. “We don’t take any chances.”

By Denise Dubie | Source: NetworkWorld.com
www.networkworld.com

No tags

What do you need from your ID card?

Designs can incorporate your company’s logo and colours, include a title, signature, employee number, return address, in fact the only limitation as far as card design is concerned is one of imagination.

Primary Information
When you create an ID card you need to have at least the 3 basics on the front of your card

• Name so people can identify you
• Photo so people can recognize you
• Company name/logo so people know what company you work for

 Secondary Information

• Job title
• ID number
• Expiry
• Birth date
• Barcode
• Holder

ID Card advanded
back of the card

Back of card information

• Signature panel
• Magnetic stripe
• Bulk text

ID Cards can be colour coded to easily identify different departments of a company.

If you need your card to be tamper proof and secure options such as:

• Holographic Overlaminate which is imbedded on the surface of the overlaminate and printed on to the card to reduce the possibility of successful card reproduction and enhances fraud protection.
• ID Solutions Unique Security Overprint
  The counterfeiting or creation of fake ID cards has never been easier, but now, thanks to I.D.Solutions Secure Card counterfeiting card protection feature, an affordable solution is available. Protection from forgery is simple and dependable with I.D.Solutions Secure Card .This unique security feature incorporates a reflecting underlay on the card during the manufacturing process. Most cards with secure features are generic and freely available to the general public.
  I.D.Solutions Secure cards are a unique design and only available through ID Solutions.

Creating ID Cards

No tags

12th to 15th October 2010 in Dallas USA (Tuesday – Friday)

ASIS 2010 Dallas website

No tags

To celebrate 60 years of service, KEY-BAK have released the 60th Anniversary Edition of The Original KEY-BAK® Key Reel.

KEY-BAK has an awesome story behind it. Russ Lummis, the founder of the company, saw a need for railway brakemen and switchmen to have a better, safer, more convenient way to handle their key.

Dangling key chains they wore sometimes caught on moving trains. Lummis filled that need by inventing the KEY-BAK®.

Apparently it was an instant success, first in the railroad industry and then in other industries, wherever “keys” were part of the job.

KEY-BAK now make a range of retractable key reels for security, law enforcment, maintence/janitiorial, theft deterrent, ID holders, point of purchase and other uses.

No tags

This is a guest post by Darren Whitaker-Barnett; Founder of locatingus.com, an online visitor/event management service.

In this article I examine some of the key issues every organization should consider when looking to deploy a Visitor Management solution. If you are serious about deploying a solution that meets all of your needs and not one that simply prints nice visitor labels – this is a must read.

Introduction

When considering a solution that enables your organization to manage who is on-site – few people take the time to consider all of the implications when looking to deploy a visitor management solution.

During a 22 year career in sales I have spent a lot of time visiting customers all over the world. My customer visit experiences range from corporate offices, warehouses, manufacturing plants, storage facilities, government departments, universities, branch offices, retail outlets, and even wind farms and dams. Many times I would wait around at security gates and in corporate receptions waiting for my host to arrive. So, for better or worse, I have a good deal of experience in how organizations manage visitors.

Out of every 10 visits most use one of the following visitor management processes:

1. 2 out of 10 did NOTHING: The receptionist asks me who I am visiting and then advises me to take a seat while they track down the host.
2. 2 out of 10 have SIGN-IN SHEETS: The reception or security gate team have me sign a Visitor Sheet on a clipboard, assume I must be who I say I am, and ask me take a seat while they track down the host.
3. 3 out of 10 have BRANDED SIGN-IN BOOKS: The reception or security gate team have me sign their paper-based sign-in book/register (often Kalamazoo type books), assume I must be who I say I am, and ask me take a seat while they track down the host.
4. 1 out of 10 have a PHONE HOST REGISTER: There is no receptionist or security gate and I am directed by a ‘Sign’ to look up the extension number of my host (normally printed on a laminated sheet hanging beside a phone) and to call them to announce my arrival
5. 1 out of 10 have a VISITOR LABEL PRINTER: Some organizations have purchased a label printer to issue visitors with personalized visitor labels.
6. 1 out of 10 has a VISITOR MANAGEMENT SYSTEM: A growing trend is for organizations to use a visitor management system. These will look like the Visitor Label Printer system above and may have Label printing at the kiosk, but the similarities end there. Visitor Management systems improve organizational security ten-fold. They allow organizations to pre-register visitors, check visitors in and out from a combination of kiosks and reception PC’s, send arrival alerts to staff, run reports on visitor vs. contractor presence, track responses to visitor answers, manage evacuations, hazard notices to visitors and contractors, manage multiple locations, and much more…

In most countries knowing who is on-site is a matter of compliance as well as good practice for managing evacuations in an emergency. Visitor books, sheets, or PC-based visitor label printers don’t address these issues. This always strikes me as strange since the vast majority of the companies I visit are concerned with staff safety and security.

Here are the top five reasons why you should consider improving your visitor management system:

1. You need to have a record of who is in your building/location

Let’s start with the basics: why do we care? For some companies visitor management is a matter of internal policy (Security, Health and Safety), whereas for others it is more about legal compliance or maintaining a good visitor experience at reception/security. Regardless of the motivation consider the following:

• Do you have an obligation to your staff to protect them from non-approved visitors?
• Do you have to record visitor details unique to your location? For example food processing sites might want to know if the visitor has been to South America in the last 7 days, a highly sensitive commercial site might want to know if visitors are carrying a phone with a camera, a government department might want to know if you are parked in the Visitor Car Park, and a bank might wish to know if you are an authorized contractor… and so on.
• If visitors or contractors are visiting for a specified period of time and they are overdue, do you have a responsibility to verify their safety?
• Most companies have intellectual property, private data or high-value assets that may be available to any visitor who finds him/herself in the right place at the right time. Without accurate records, there is no hope of recovery. Do the processes you have in place to manage and protect your organization’s assets, IP, and sensitive information incorporate systems for managing who is on-site if they are a non-staff member.
• If there was an Occupational Safety and Health or theft incident last week and you can’t easily identify who was on-site that day between 1.30pm and 2.30pm what would be the consequences?
• Organizations throughout Australasia are obligated under various Acts and Regulations to ensure the safety of people while on-site. In New Zealand this is covered under the Fire Safety and Evacuation of Buildings Regulations 2006 and the Health and Safety in Employment Act (1992). In Australia it is the Workplace Health and Safety Act, Regulations and Codes of Practice. Unless you have a robust process for reporting on non-staff presence in real-time, it is difficult to demonstrate compliance.

These points are not, however, unique to NZ or Australian regulation. From our own experiences we are seeing an increase in global demand for comprehensive, on-demand reporting about who is on-site, at all locations in the organizational network.

Even if regulatory compliance is not an issue for your firm, avoidance of legal liability is. Failure to provide a safe workplace is a lot harder to prove if a company has taken reasonable steps to provide access and visitor control.

2. No one else should know who is in your building/location

One of the areas often overlooked by companies with a paper log book is loss of privacy. Any visitor or contractor can tell you that the visitor log is an invaluable source of information and can tell quite a story about the deals a company is pursuing or what competitors may be bidding on a job. In the case of a multi-tenant facility, these privacy concerns can create a real liability for the landlord that can outweigh the need for security.

This is a concern that completely goes away with an automated system, since the historical information in the application will not be available to any visitor. .Information about who is visiting you should be confidential.

3. A paper log says “I never really intend to look at this again”

Have you looked at your paper log lately? How many of the names are legible? Are the purpose of the visit and the host’s name filled out? How about the arrival and departure times? Most people fill out the arrival time, but hardly anyone bothers on the way out. Even if they did, the times are notoriously inaccurate and certainly not verifiable.

If your procedure calls for verifying identity with a driver’s license, can you prove the procedure was followed? What about the logs themselves? Do you know where all old logs are? Has anyone “accidentally” removed a page? Are there back-up copies off-site? Are you gathering all of the data you should be gathering, or are you limited by the log you use and the time it takes to fill it out? How long does it take you to search through the data to find the entries you need?

If you are not sure about the answers to any of these questions, stop and think about the risk you are placing your company under if an incident does occur. An electronic visitor log program can solve all of these issues.

4. Many of your visitors are customers

One of the key reasons companies are moving to visitor management systems and away from paper logs is the impression it makes on their customers. Not only does the kiosk and/or the badges have a professional look, but the lobby process leaves the right impression. A company with long lines of visitors waiting to check in starts out a visit on a really bad note. Having Bob the security guard or Sally the receptionist misspell your customer’s name is even worse.

Having the capability to allow the visitor to self-register is another feature that many new systems have that leaves a high-tech impression on visitors. Even if it is followed up with an ID verification and badge printing a guard station, the overall process will be faster, more reliable and less of an aggravation for the visitor.

Customers or not, you also have a responsibility to protect visitors. In the event of an emergency, you have the responsibility to ensure that all employees and visitors have been marshalled to a safe area. Visitors represent a significant issue since they will have no idea what the proper evacuation procedures are. Additionally, you want to make sure none elect to remain inside with your assets while they are unsupervised.

While visitors can be accounted for using a paper log – the log must be available at potentially multiple marshalling points outside, and the information it contains must be correct. Both assumptions are easier to accomplish with a computerized visitor system.

5. Some of your visitors may not be friends

Visitor management systems have capabilities far beyond those of the paper log, and those features can make an enormous difference in your overall security. Take for example, the ability for staff to pre-register visitors. This capability is becoming very popular in the government and corporate sector. This allows reception or security to view’ a list of who is due on-site that day. If it is the policy of your organization to pre-authorize all visitors, pre-registration capabilities by staff is crucial and impossible with a visitor log book.

Logging meetings, dates and attendees can also be very useful in disputes over intellectual property. In the case of manufacturing or process plants, executing a general release helps the company avoid liability for accidents by making it clear the visitor knew the risks of being on premises. If your company is like many that I visit, maybe it’s time to have another look at the way you deal with visitors. Not only can you improve security, make your investigations easier and lower your risk, but you have a real chance to enhance your company’s image with its customers.

No tags

The 54th Annual ALOA Convention & Security Expo. is being held on the 1st to 8th August 2010 in Orlando Florida USA.

The Associated Locksmiths of America Inc. (ALOA) is an international professional organization of highly qualified security professionals engaged in consulting, sales, installation and maintenance of locks, keys, safes, premises security, access controls, alarms, and other security related endeavors.

More information at the ALOA website and their Expo website.

No tags