As part of the process, district administrators and staff reevaluated all infrastructure elements and their approach to campus safety, selecting AtlasIED IPX technology to modernize their intercom, audio announcements, and emergency communications systems.

The district began renovating in phases, prioritizing schools based on the state of the school buildings and the level of urgency of repairs. Before renovations, the schools in the district used similar audio communications technologies that had been in use for 10-20 years, including the public address (PA) system, clocks and blue light systems for emergencies.

However, the systems were siloed and did not integrate. During routine use, such as all-school announcements at the beginning of school days, the system functioned as needed, but during drills, the number of systems in operation caused the schools challenges.

“With the old system, when we conducted a lockdown drill, school staff needed to activate the different systems manually, which created steps and more possibilities for human error,” says Matt Erwin, director of facilities for North Syracuse Central Schools. Erwin manages maintenance and operations, plus security, health and safety, and the capital work for the district.

AtlasIED IPX Series for Campus Audio & Communication System

The district had two primary goals when upgrading the campus audio and communications systems: to improve the audio quality and find a plan to increase the speed at which a school could react and contact first responders during an emergency. They wanted to achieve these goals without having to install a system that was too complicated for staff and personnel.

Because the district used a Cisco phone system, Erwin and his team wanted a platform that integrated with these devices. As they researched and discussed options, their partners at Day Automation, a building automation and security solution provider, introduced them to AtlasIED, which they eventually chose as their long-term audio and communications solution. The AtlasIED IPX Series met all of the criteria for the district.

AtlasIED’s IPX Series features a range of communication endpoints that interconnect. The IPX endpoints integrate multiple functions into single products, including loudspeakers, two-way microphones, flashers, and an LED display for a clock, date, or other text-based messages that can be updated in real-time during an emergency.

Installing IPX Endpoints at Bear Road and Smith Road Elementary School 

Karl W. Saile Bear Road Elementary, known simply as Bear Road Elementary, became the district’s first school to install a new audio and communications system. Originally built in 1958, Bear Road Elementary was one of the district’s oldest buildings. During the Bear Road project, the school renovated half the building at a time to avoid a full closure and completely modernized the interior and infrastructure to accommodate staff and student needs.

The team at Day Automation identified locations for IPX endpoints throughout the school and ran Ethernet cable to each site in preparation to connect the endpoints. The IPX endpoints are Power over Ethernet (PoE+)-enabled, receiving power and network signals through the same IT network the school uses to deliver Internet access. The IPX platform helped simplify the installation process for integrators by reducing the number of cable types needed.

Another NSCSD school, Smith Road Elementary, began its retrofit project in 2022 to update various technologies, including its audio and communications technology systems, and upgrade building infrastructure. Working around class schedules to avoid disrupting students, the school expanded and updated its campus IT network and created plans to locate IPX endpoints.

Once the construction teams pulled Ethernet cabling to predetermined locations in both schools, the contractor teams began installing IPX endpoints, including the dual-sided IP-DDS endpoint mounted from side walls and hung over high-traffic areas like hallways.

They also added IP-SDMF indoor wall-mount endpoints in classrooms, the main office, the cafeterias, the gymnasiums, nurses office, and all rooms to ensure comprehensive building coverage. On the ceilings, the district installed the IP-8SM in multiple locations, which offer a loudspeaker and an omnidirectional microphone to allow two-way communication and monitoring from the speaker location to any PC or phone handset.

Related: How Mass Notification is Evolving to Manage Emergencies

Mass Communications through Singlewire and IPX Devices  

The IPX Series also helped NSCSD incorporate campus safety capabilities with the help of InformaCast Mass Notification Software from Singlewire. Using InformaCast, during an emergency, designated school personnel can initiate the software from a mobile device wherever they are on or off campus. The software then instantaneously sends text messages to faculty, students, parents’ mobile devices, alerts law enforcement, and activates attention-grabbing audio communication, flashing visual alerts and LED text messages on the installed IPX devices throughout campus.

Also, using InformaCast, the IP-8SM ceiling speakers can be configured to allow first responders to communicate with people near the loudspeaker or listen in to that area. The speakers can be critically important when personnel, students, or perpetrators barricade themselves in classrooms or other rooms.

When connected to InformaCast, the loudspeakers become a critical two-way hands-free communications tool for law enforcement or school personnel to deliver directions, provide or receive real-time updates near the speak location, or listen to activities within a space.  The loudspeakers are especially important when staff, students, or perpetrators barricade themselves in classrooms or other rooms.

The district has implemented new routine and emergency safety procedures in the schools with InformaCast and IPX due to the upgraded capabilities offered by the technology. It has begun to train staff regularly to help them become more familiar with operating the equipment. Training staff for both routine operation and operating the system during an emergency when people are under much more stress has the potential to lead to human error. This is why automating the system using pre-recorded messages offered via InformCast can help reduce the chance of human error during a real incident.

While the expectation is that much of the system’s use will be for routine daily announcements, InformaCast software helps automate many of the formerly manual steps in the older system’s procedures.

“Gone are the days when we had to find a panic button or go to a specific location to access the PA system,” says Erwin. “The new AtlasIED systems give us much more functionality at every point within the building. Based on the successful installation at Bear Road and Smith Road, we now look at mass notification across the entire district differently.”

A Better, Safer Experience 

From the district’s experience at Bear Road Elementary and Smith Road Elementary, it plans to install IPX and InformaCast throughout the rest of the district school buildings. As plans develop and ongoing training continues at the schools currently outfitted with IPX and InformaCast, Erwin and his team are eager for additional school buildings to use the new technology and create a better and safer experience district-wide for the students and staff moving forward.

Click ‘View Slideshow’ to see additional photos of the district’s IPX technology upgrade at Bear Road Elementary and Smith Road Elementary schools.

Another version of this article originally appeared on our sister-site Commercial Integrator on November 6, 2023. It has since been updated for My TechDecisions’ audience.

The post North Syracuse Central School District Streamlines Communications with AtlasIED IPX Technology appeared first on My TechDecisions.

As expected from authorities anticipating an increase in threats to the education sector, cyberattacks are continuing to wreak havoc on colleges and universities across the United States. As of the beginning of May, there had already been 27 confirmed ransomware attacks against U.S. institutions. These ransomware numbers only tell part of the story as data breaches, malware attacks, and more account for an even greater number of threats, not all of which are reported to the public as they occur.

The second quarter of 2023 has seen a flurry of cyberattacks strike higher education institutions, including West Virginia’s Bluefield University, Tennessee’s Chattanooga State Community College, and Georgia’s Mercer University, among others. Beyond the obvious consequences of ransom payments and leaked personal data, some of the most severe attacks in recent memory have culminated in the delay and cancelation of classes, as well as the closure of one college in Illinois entirely.

With attacks against higher education on the rise year-over-year, campuses have become one of the top targets for attempted data breaches, ransomware attacks, malware, and more. Feeling the effects of various financial and/or technological hurdles, most schools are not currently equipped with the security controls to adequately defend themselves from increasingly sophisticated cyber threats that continue to hamper the community.

This increase in cyberactivity should serve as a wake-up call for higher education institutions to reevaluate and enhance their cybersecurity postures. Here are some of the top considerations for higher education leaders seeking to plug the gaps in their cybersecurity strategy.

Securing Data

One of the recurring themes in attacks against higher education is the vulnerability of sensitive data. From student, staff, and faculty information to sensitive school records, there are countless data assets that, if breached, can be weaponized against institutions.

Data exfiltration, or unauthorized data transfer, is a leading threat to data security in higher education. To help prevent data loss, colleges and universities need to be able to monitor user and entity behavioral analytics (UEBA) and they need to be able to watch their network using a network detection and response (NDR) tool. This allows schools to detect, qualify, and remediate any anomalous activity at the individual level, as well as malicious or unauthorized attempts at exfiltration.

Managing Access

For colleges and universities, student information, research data, and assessment criteria are all critical to daily operations. However, it can be common for institutions to encounter unauthorized access to these types of crucial information due to a lack of IT resources and necessary safeguards. This can result in the loss of confidentiality, integrity, and availability of technological assets, among other things.

To better facilitate and manage user access to sensitive data, schools should implement an effective IT security strategy intentionally designed to protect critical assets. This strategy should include the compartmentalization of data and provide a least privileged approach to accessing that data. Utilizing a least privileged approach, users are only granted access to the data required for their specific roles. This helps to prioritize the protection of intellectual property that is so valuable to higher education institutions. In doing so, schools can better protect the privacy of their students and employees and their reputations.

Detecting Threats

Even with cybersecurity mechanisms in place, no security threat can be resolved if it falls undetected. Colleges and universities must be able to detect, alert and automate security response capabilities when threats arise. Institutions should consider adopting security orchestration, automation, and response (SOAR) tools to help standardize and scale their incident response.

By relying on SOAR, schools can automate workflows to accelerate various stages of the threat investigation and response processes. Given the severity of a particular threat, it can be escalated to key decision-makers for a manual response or remediated automatically (or semi-automatically) from a playbook of preselected actions. Ultimately, SOAR is intended to help security teams cut through the noise and allow them to prioritize and direct their attention toward the most pressing threats.

Protecting and Prospering

Given the attack patterns of the last two years, cyberattacks in higher education are not going away overnight. Colleges and universities continue to be targeted by malicious actors for a reason. As long as institutions remain underequipped to monitor and respond to cybersecurity threats, they will find themselves with a target on their back.

Regardless of an institution’s budgetary constraints, there are tried and true precautions that can be taken to better protect their campus. Implementing threat detection, stricter access controls, and stronger data security measures are all foundational components of an effective cybersecurity strategy. By solidifying that foundation, colleges and universities can do their part to avoid being next in the line of higher education victims.

Another version of this article originally appeared on our sister-site Campus Safety on August 14, 2023. It has since been updated for My TechDecisions’ audience.

Kevin Kirkwood is Deputy CISO for LogRhythm.

The post Spike in Cyberattacks Exposes Vulnerabilities in University Security Measures appeared first on My TechDecisions.

According to CNN, the C919’s first flight left Shanghai at 10:32 am. Sunday and landed at the Beijing Capital International Airport at 12:31 p.m. This is being hailed as an important moment in China’s strategy to boost domestic manufacturing by 2025 and reduce reliance on foreign companies in the aviation sector.

While manufactured in China, many of the airplane’s components do come from Western companies. Leading to further scrutiny of the aircraft’s development are allegations that a Chinese state-aligned adversar conducted cyber intrusions against several of those companies that make the C919’s components. These allegations are detailed in a lengthy and detailed 2019 report from cybersecurity firm CrowdStrike as well as a series of indictments against both cyber actors and insiders.

CrowdStrike could not be reached for comment, so this article is sourced entirely from the firm’s report and U.S. Department of Justice indictments.

In CrowdStrike’s report, the company says its research corroborates a series of DOJ indictments released over the course of two years during the C919’s development that highly suggests cyber actors from China, company insiders and state directives targeted foreign companies to fill key technology and intelligence gaps to better compete with against the western aerospace industry.

“What follows is a remarkable tale of traditional espionage, cyber intrusions, and cover-ups, all of which overlap with activity CrowdStrike Intelligence has previously attributed to the China-based adversary TURBINE PANDA,” CrowdStrike said in the 2019 report, alleging that the operations can be traced back to China’s Ministry of State Security’s (MSS) Jiangsu Bureau, the alleged perpetrators of the infamous 2015 U.S. Office of Personnel Management (OPM) breach.

Cyberattacks beginning in 2010

According to CrowdStrike, Turbine Panda, conducted cyber intrusions against between 2010 and 2015 against foreign manufacturers of aviation components, including many that were chosen for the C919.

The state-owned enterprise (SOE) Commercial Aircraft Corporation of China announced in December 2009 that it had chosen CFM International’s (a joint venture between U.S.-based GE Aviation and French aerospace firm Safran, formerly Snecma) LEAP-X engine to provide a custom variant engine, the LEAP-1C, for the then-newly announced C919.

Despite the deal, both COMAC and fellow SOE the Aviation Industry Corporation of China were believed to be tasked by China’s State-owned Assets Supervision and Administration Commission of the State Council (SASAC) with building an “indigenously created” turbofan engine that was comparable to the LEAP-X, CrowdStrike says in its report. In 2016, the Aero Engine Corporation of China produced the CKJ-1000AX engine, which bears multiple similarities to the LEAP-1C engine.

While CrowdStrike admitted that it is difficult to assess if the Chinese engine is a direct copy, the cybersecurity firm said it is highly likely that its makers benefitted significantly from the cyber campaign of the Jiangsu Bureau of the MSS (JSSD).

CrowdStrike, citing its own intelligence reporting and U.S. government sources, says the Chinese government uses a “multi-faceted system” of forced technology transfer, joint ventures, physical theft from insiders and cyber espionage to acquire information to fill key knowledge gaps.

One DOJ indictment, CrowdStrike says, describes initial preparatory action that included compromising Los Angeles-based Capstone Turbine servers and later using a doppelganger site as a strategic web compromise (SWC) in combination with DNS … to compromise other aerospace firms.”

From 2010 to 2015, the linked JSSD operators are believed to have targeted a variety of aerospace-related targets … using two China-based APT favorites, PlugX and Winnti, and malware assessed to be unique to the group dubbed Sakula.

Many individuals associated with the campaign are “assessed to have storied histories in legacy underground hacking circles within China dating back to at least 2004,” CrowdStrike says, citing the DOJ.

Indictments

As detailed in CrowdStrike’s report, the U.S. Department of Justice released several indictments from 2017 through October 2018, charging several individuals with activities related to theft of trade secrets and hacking related to the development of the C919.

The indictments were against Sakula developer YU Pingan, JSSD Intelligence Officer XU Yanjun, GE employee and insider ZHENG Xiaoqing, U.S. Army Reservist and assessor JI Chaoqun, and 10 JSSD-affiliated cyber operators.

“What makes these DoJ cases so fascinating is that, when looked at as a whole, they illustrate the broad, but coordinated efforts the JSSD took to collect information from its aerospace targets,” CrowdStrike says in its report. “In particular, the operations connected to activity CrowdStrike Intelligence tracked as TURBINE PANDA showed both traditional human-intelligence (HUMINT) operators and its cyber operators working in parallel to pilfer the secrets of several international aerospace firms.”

Insiders

CrowdStrike and the DOJ also detail how insiders and IT employees helped steal information and coverup the cyber activities, offering new insight into how adversaries leverage a wide variety of tools and techniques to accomplish their goals.

According to CrowdStrike and the DOJ, a GE insider was charged with using “an elaborate and sophisticated means” to steal GE trade secrets after being recruited by a Chinese aerospace official closely aligned with the country’s Ministry of Industry and Information Technology.

In addition, IT employees at the Canada-based International Civil Aviation Organization (ICAO), the United Nations body that sets global aviation standards, allegedly covered up a cyber intrusion by another alleged China state-sponsored actor that had been observed targeting the aviation industry.

CrowdStrike, citing public reporting, says the intrusion at ICAO was “likely designed to facilitate a strategic web compromise (SWC) attack … that would easily provide a springboard to target a plethora of other aerospace-related as well as foreign government victims.”

“Upon being alerted to the breach by the Aviation Information Sharing and Analysis Center (AISAC), the ICAO internal IT investigation staff was reportedly grossly negligent, and the cyber intruders may have had direct access to one of their superuser accounts,” CrowdStrike says in its report. “In addition, a file containing a list of all the potential organizations who were compromised by the incident mysteriously disappeared during further investigations.”

Both the ICAO IT supervisor in charge of the mishandled internal investigation and the ICAO’s secretary general who shelved recommendations to investigate the IT supervisor and his four team members, were both found by CrowdStrike to have ties to China’s aviation industry, CrowdStrike says.

Takeaways from four years later

This article is just a snippet of CrowdStrike’s reporting and what Turbine Panda and other associated groups are alleged to have done to help boost the Chinese aviation sector. But more than that, it tells the tale of how advanced persistent threat (APT) groups and other sophisticated threat actors will go to extraordinary means to accomplish their end goals.

That includes advanced hacking techniques, leveraging insiders, physical theft and collaborating with the massive underground cybercrime community to launch multi-faceted attacks against a particular organization or industry.

The post The Cyberattacks and Insider Threats During The Development of China’s C919 Passenger Jet appeared first on My TechDecisions.

While the FTC only mentions consumer customers, Ring does offer commercial security solutions under its Ring for Business arm. In addition, the allegations in the FTC’s complaint further demonstrate the risks that many IT and security professionals say are inherent in IoT devices. 

Under a proposed order, which must be approved by a federal court before it can go into effect, Ring will be required to delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

California-based Ring LLC, which was purchased by Amazon (Nasdaq: AMZN) in February 2018. According to My TechDecisions’ sister-site CE Pro’s 2023 100 Brand Analysis, Ring is the No. 1 video doorbell product installed by integrators with 66% of leading integrators installing the solution.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment.”

— Samuel Levine, Director of FTC’s Bureau of Consumer Protection

In a complaint, the FTC says Ring deceived its customers by failing to restrict employees’ and contractors’ access to its customers’ videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards.

According to the complaint, these failures amounted to egregious violations of users’ privacy. For example, one employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn’t stopped until another employee discovered the misconduct. Even after Ring imposed restrictions on who could access customers’ videos, the company wasn’t able to determine how many other employees inappropriately accessed private videos because Ring failed to implement basic measures to monitor and detect employees’ video access.

The FTC also said Ring failed to take any steps until January 2018 to adequately notify customers or obtain their consent for extensive human review of customers’ private video recordings for various purposes, including training algorithms. Ring buried information in its Terms of Service and Privacy Policy, claiming it had a right to use recordings obtained in connection with its services for “product improvement and development,” according to the complaint.

Ring’s Alleged Security Failures

According to the complaint, Ring also failed to implement standard security measures to protect consumers’ information from two well-known online threats—“credential stuffing” and “brute force” attacks—despite warnings from employees, outside security researchers and media reports. Credential stuffing involves the use of credentials, such as usernames and passwords, obtained from a consumer’s breached account to gain access to a consumer’s other accounts. In a brute force attack, a bad actor uses an automated process of password guessing—for example, by cycling through breached credentials or entering well-known passwords—hundreds or thousands of times to gain access to an account.

Despite experiencing multiple credential-stuffing attacks in 2017 and 2018, Ring failed, according to the complaint, to implement common tactics—such as multifactor authentication—until 2019. Even then, Ring’s sloppy implementation of the additional security measures hampered their effectiveness, the FTC said.

 “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

— SAMUEL LEVINE, FTC

As a result, hackers continued to exploit account vulnerabilities to access stored videos, live video streams, and account profiles of approximately 55,000 U.S. customers, according to the complaint. Bad actors not only viewed some customers’ videos but also used Ring cameras’ two-way functionality to harass, threaten, and insult consumers—including elderly individuals and children—whose rooms were monitored by Ring cameras, and to change important device settings, the FTC said. For example, hackers taunted several children with racist slurs, sexually propositioned individuals, and threatened a family with physical harm if they didn’t pay a ransom.

In addition to the mandated privacy and security program, the proposed order requires Ring to pay $5.8 million, which will be used for consumer refunds. The company also will be required to delete any customer videos and face embeddings, data collected from an individual’s face, that it obtained prior to 2018, and delete any work products it derived from these videos. The proposed order also will require Ring to alert the FTC about incidents of unauthorized access or exposure of its customers’ videos and to notify consumers about the FTC’s action.

The Commission voted 3-0 to authorize the staff to file the complaint and stipulated final order. The FTC filed the complaint and final order in the U.S. District Court for the District of the District of Columbia.

A version of this article originally appeared on our sister site CE Pro. 

The post FTC Accuses Ring of Watching Private Videos, Poor Security Practices appeared first on My TechDecisions.

The property is owned by the City of Memphis and is managed by global sports and entertainment company Oak View Group (OVG), which announced a strategic partnership with Xtract One in October 2022.

Fan Safety Ahead of USFL Season

“As we began preparations for the start of the USFL season, we wanted to optimize our security screening technology,” Thomas Carrier, Oak View Group’s General Manager at Simmons Bank Liberty Stadium, said in a statement.  “At the stadium and across Oak View Group, we prioritize fan safety, while simultaneously leveraging innovation to enhance the fan experience. The kickoff of the new USFL season was a logical starting point to introduce Xtract One’s SmartGateway screening solutions. It is one of many prevention strategies coming to the venue for the safety and security of fans, teams, talent and staff, which we will continue using throughout the year, including during Memphis Tigers games and for the Southern Heritage Classic and AutoZone Liberty Bowl.”

Xtract One SmartGateway System

The SmartGateway system was designed for large, ticketed venues to enable high throughput, but with customizability based on the customer’s individual needs and security requirements. SmartGateway delivers fast, reliable, and accurate patron screening, replacing intimidating metal detectors. This solution unobtrusively scans patrons for guns, knives and other prohibited items as they enter the facility, using AI-powered sensors to detect threats without invading patrons’ sense of privacy and comfort.

“It is important for community and commercial enterprises to work on collaborative solutions that allow guests to focus on fun and togetherness and cheering on their teams,” said Mayor Jim Strickland, in a statement. “The City of Memphis, Oak View Group and Xtract One are together enhancing the safety of the fans and our community.”

Simmons Bank Liberty Stadium will deploy SmartGateways in two phases. Phase one, beginning April 15, will leverage SmartGateways for games of the Memphis Showboats (USFL).

“We are thrilled to have been chosen by Simmons Bank Liberty Stadium, Oak View Group, and the City of Memphis to implement our SmartGateway technology for the safety and security of their patrons. This partnership showcases our commitment to revolutionizing the security landscape, enhancing fan experiences, and streamlining entry processes for large-scale venues,” said Peter Evans, CEO of Xtract One, in a statement. “We look forward to continuing our work with Oak View Group, and providing advanced, unobtrusive security solutions for their growing portfolio of world-class venues.”

The post Xtract One Elevates Fan Experience with SmartGateway, AI Security Screening Technology appeared first on My TechDecisions.

According to the Redmond, Wash. tech giant, Defender for IoT helps organizations manage assets, track emerging threats and control risks across enterprise and mission-critical networks in both connected and air-gapped environments.

In a blog, Microsoft says cloud-powered IoT and OT security solutions offer advantages over traditional solutions, including discovery of assets-end-to-end, detecting and responding to threats in real-time, defending against known and unknown threats, compliance reports, and workflows and integrations that leverage the cloud.

The solution also helps organizations solve OT security issues faster by unifying the security operations center (SOC) for both IT and OT assets, the company says.

“With Microsoft Defender for IoT, you can achieve faster time-to-value, improve agility and scalability, increase visibility, and strengthen the resiliency of your network and infrastructure without making significant changes,” Microsoft IoT and OT security experts write in a blog. “The Defender for IoT cloud is designed to augment your on-premises processing power while providing a source of centralized management for global security teams—raising the bar for OT defense.”

The company gives one scenario showing how Defender for IoT works in which a new vulnerability is published with information that could impact an organization’s OT devices, and threat actors are currently trying to exploit the bug.

“With Microsoft Threat Intelligence, the new CVE is ingested automatically and shared across our cloud-based security services, including Defender for IoT,” the company says.

Organizations can use the Microsoft Azure Portal to monitor for the new vulnerability across all devices and sites, resulting in a faster response time to secure IoT and OT environment.

Other scenarios where security professionals can benefit from Defender for IoT include OT security and compliance audits, attack surface reduction consulting and tabletop exercises, the company says.

The Defender for IoT solution also includes a new device inventory feature that allows SOCs to manage OT devices through the Microsoft Azure Portal. The feature supports unlimited data sources, including manufacturer, type, serial number, firmware, and more, helping organizations gain a complete picture of their IoT and OT assets to address any vulnerabilities.

In addition, Defender for IoT integrates with Microsoft Sentinel to provide security information event management for both OT and IT environments, and the solution also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud and other products like Splunk, IBM QRadar and ServiceNow, Microsoft says.

The post Microsoft Launches Defender for IoT Cloud-Managed Platform appeared first on My TechDecisions.

Interface Systems, a Missouri-based provider of security, managed network, communications and business intelligence solutions to distributed enterprises, says retailers should heighten their awareness of organizations retail crime, which the firm says has increased by more than 25% since last year.

In addition, nearly 53% of retailers reported external theft to the National Retail Federation, according to Interface Systems.

Sean Foley, senior vice president of customer success at the managed service provider, says the holiday season brings longer hours, a larger inventory and more crowds to stores, all of which increase risk.

“What should be ‘the most wonderful time of the year for both shoppers and retailers, is becoming increasingly stressful due to an increased risk of theft and violence against employees,” Foley says. “Technology solutions can offer effective deterrents for retailers who face security risks every day.”

Interface Systems recommends investing in digital surveillance technology to help augment loss prevention professionals, such as remote security services leveraging cameras, speakers and microphones. These solutions provide discreet, always-on surveillance without degrading the shopper experience and allow remote security professionals to identify suspicious individuals and alert in-store staff or law enforcement.

In addition, the managed service provider recommends retailers use motion-triggered, AI-powered cameras that can be deployed in conjunction with speakers and lighting systems that can automatically warn loiterers during non-business hours. Designed to be installed in parking lots or loading areas, these solutions can be programmed to play different audio messages based on the context and even alert remote security professionals.

To maximize return on investment, Interface Systems recommends integrating video surveillance and security systems with point-of-sale systems to allow for transactions to be mapped to video recordings to help retailers find instances of theft, including coupon fraud, refunds made without customers, sweethearting and unauthorized price overrides.

As with cybersecurity, employee training and awareness is equally important in physical security, according to Interface Systems.

The company recommends implementing a robust training and communications program to help keep employees and customers safe, including training for both seasonal and existing employees. Training should include role-playing scenarios, drills, and a synopsis of the security technologies deployed. An emergency communication plan should also be clear to all employees.

“Retailers need a comprehensive safety program to prepare and protect their associates from a variety of dangerous situations,” says Tyson John, senior vice president of security monitoring operations at the firm. “When employees know that their safety is the priority, it creates peace of mind and can boost morale and productivity.”

The post Security Technology Tips for Retailers During Holiday Shopping appeared first on My TechDecisions.

The winners of the commercial category are as follows:

• Access Control: Genetec — Genetec Enclosure Management powered Cloud Link Roadrunner
• AV Collaboration: Biamp — Parlé VBC 2500 all-in-one conferencing bar
• Fire/Intrusion: Alula — BAT-Fire
• Video Surveillance: Axis Communications — AXIS M4308-PLE Panoramic Camera
• Miscellaneous: IPVideo — HALO IoT Smart Sensor 3C

Knott also announced the IoT/Connected Product Awards winners in the resident category. They are as follows:

• Home Enhancement: Crestron — Crestron Home
• Lighting: Crestron — Crestron LED Light Fixtures
• Network Communication: Google Nest — Nest Wi-Fi Pro
• Physical Security/Access Control: Doorbird — A1121
• Physical Security/Surveillance: Nest Doorbell (Second Generation)

Total Tech Summit co-locates CE Pro Summit, Commercial Integrator Summit and Security Sales & Integration Summit, all sister brands of TechDecisions. The event thus drives noteworthy progress in the custom, commercial and security integration industries.

Total Tech Summit 2022 is ongoing from October 26 to October 28, 2022 in Orlando, Fla. For more updates on this event, follow Twitter updates from Dan Ferrisi (@DanFerrisiEdit) and Commercial Integrator (@commintegrator), and check out the hashtag #TotalTech22!

This article originally appeared in our sister publication Commercial Integrator. 

The post IoT/Connected Product Awards 2022 Announced appeared first on My TechDecisions.

DO

1. Look at Multiple Solutions

Many vendors will claim they have a mass notification solution, but not all tools are created equal. Some only send SMS text messages and push notifications. Some have limited ability to integrate with other technology. Some include incident management capabilities while others require organizations to make an additional investment in a separate solution. Researching different solutions will make it easy to spot differences to help make the right choice.

2. Bring in Other Departments

Too often, the responsibility of selecting mass notification software will fall on one person or department. The problem is that different departments may have different goals they are trying to achieve and needs they are working to address. The IT team may have different requirements than the security team, who may have different ideas for what the best solution would be than HR or the facilities team. Bringing different groups together will help identify what everyone wants to accomplish by implementing mass notification software, the different use cases it will be deployed for, and potential issues that may arise before any decisions have been made.

3. Ask Questions

When choices have been narrowed down, solutions may begin to look similar, so it’s important to ask vendors questions to determine what sets them apart. If a vendor says their solutions has a certain feature or can perform a certain task, ask to see it demonstrated. If there are questions about whether the software can connect to other technology, ask if there is a way to make it work together. The more questions posed to the vendor the more confident an organization can be in their selection.

4. Think About More Than Emergencies

Mass notification software is often seen as a solution for emergency communication, and while this is a primary use case for most tools, those that can handle non-emergency tasks can offer more value. Whether it is a school looking to schedule its bells, a hospital trying to automate announcements for visitor hours, or an office letting employees know a company-wide meeting has started, being able use mass notification software outside of emergencies will help keep people familiar with how to use it and incorporate it into an organization’s daily operations.

DON’T

1. Rely on Patchwork Solutions

Organizations can sometimes fall into the trap of checking a box when it comes to selecting a software solution. When the time comes to implement it though, they may discover they are missing critical components which require additional investments, but mass notification software should bring disparate technology together, not create more silos to manage. Solutions that do more may seem expense up front but can provide long-term value by doing more work with a single tool rather than multiple ones.

2. Invest in Additional New Technology

For some organizations, the need for mass notification software may be urgent. This may lead to selecting a solution that fulfills all the requirements but is incompatible with much of the technology that is already in place in an organization. This can result costly equipment replacements and delay implementation. Being able to leverage existing tools like desk phones, paging systems, desktop computers, digital signage and more with simple integrations helps organizations get more value out of existing technology investments and allows them to get up and running sooner.

3. Overlook the Value of Reaching Everyone

The most valuable component of mass notification is having a tool that gives an organization the ability to reach all their people with consistent messaging when it matters most. Select software that gives the option to use text and audio delivered to a wide range of on-site and mobile devices. This gives organizations the best opportunity to interrupt ongoing activities and get information to their people no matter where they are or what they are doing.

By following these guidelines, organizations should be able to set themselves up on the right path to select mass notification software that meets their needs and helps keep their people safe and informed during a crisis.

The post The Dos and Don’ts of Selecting Mass Notification Software appeared first on My TechDecisions.

However, more systems doesn’t always mean better security. And with more passwords, logins, and network-connected technologies at play, expect to see an uptick in hacking attempts and security risks. In fact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified 10 common cybersecurity vulnerabilities linked to physical security weaknesses. When it comes to maintaining the security of workplace IT and technology systems, a holistic approach to physical and cybersecurity can help teams create a more robust, efficient, and future-proof security posture.

What is security convergence, and why does it matter? 

When it comes to physical security and cybersecurity strategies, many companies still structure these teams and technology stacks as separate entities, managed entirely independently of one another. But by bringing them together, also known as security convergence, IT and security teams work in collaboration, with shared goals and datastreams. 

Migrating to this holistic approach can be a big undertaking, but that’s where technology plays a role. Cloud-based IT and security technologies are generally more interoperable, and primed to function as an interconnected system, giving teams a broader view of security network activity.

While some on-premises systems support integration and offer cloud-connected options it’s important to understand any limitations of your existing system when it comes to establishing a truly future-proof IT and security stack. Because speed is critical to identifying and mitigating security vulnerabilities, an efficient, interoperable security technology stack that addresses both cyber and physical security as a single system is a powerful tool in future-proofing the workplace. 

The impact of security technology convergence for business IT

In any business organization, change is inevitable. The need for organizations to be able to adapt quickly to new standards and expectations is crucial to success. A future-proof security technology system is one that provides all the necessary protection and features now, but is also ready to support the newest features and functionalities (preferably with easy and automatic updates) to address new vulnerabilities and challenges. Converged technology systems help create a more future-proof environment in three key ways: 

• Collaboration between systems and teams
  With more hybrid and remote work happening across industries, technology plays a vital role in keeping disparate teams informed and focused. Convergence takes a more proactive approach to security, giving teams the ability to detect potential problems before they occur, rather than reacting after the fact. Being able to identify and address issues remotely is essential in today’s IT landscape. Investing in mobile-ready and cloud-based systems allows remote teams to respond as needed, without sacrificing productivity or convenience. 
• Opens the door for automations and smarter operations
  A future-proof technology stack should help teams work smarter, not harder. When considering a converged security technology infrastructure, interoperability is one of the most important factors to consider. If existing systems can’t communicate with each other, or are not compatible with the new systems you plan to implement, there will be redundancies, lag time in reponses, and more frustration among staff. New cloud technologies that leverage inter-system automations can help streamline day-to-day operations, such as running reports, freeing up teams to focus on what’s most important. AI technology is also a great way to do more with less investment, helping staff pinpoint potential vulnerabilities before they become a larger problem.
• Combined data streams for improved business insights
  One of the most overlooked benefits of security technology convergence is all of the data that is now at your fingertips. With connected, cloud-based security systems, data can be aggregated from across different technologies, making for more informed decision-making and improved analytics. With combined data from a commercial door entry system, video analytics software, identity services, and cybersecurity reports, technology managers can more easily identify trends in usage and activity. Leveraging AI business analytics tools can also help improve the accuracy and efficiency of audits over time.  

Questions to ask before updating your business’s security technology

There are many different security system integrators and technology providers in the market, but not all of them offer future-proof or the right customized solutions for your business.

Before you start investing in all-new security technologies for your business, it’s important to take a look at what you currently have, and if it’s working.

Ask yourself these five questions to determine what security technology systems need to be updated, and how to plan a successful migration to a converged security strategy:   

1. Where are there redundancies across teams and processes, and can they be streamlined with convergence?
2. Where is there a lack of visibility, or gaps within the existing security systems? 
3. Can the current system support cloud-based operation with remote functionality?
4. Do existing systems have the capability to support the integration and automation necessary to address security gaps or redundancies? 
5. How scalable are your current solutions, and do they have the ability to adapt quickly should your security needs change?

The post Why Security Technology Convergence is Crucial to Future-Proofing the Workplace appeared first on My TechDecisions.