A guide to mobile access control systems 

Posted on by Caitlin Duncan

This article was originally published by IFSEC Insider.

There is greater demand than ever for convenient solutions to enter and exit buildings and facilities from users, and to manage and issue credentials from administrators – is mobile access control the answer?

Here, we provide a guide to mobile access control, which is one of the fastest growing methods of secure access provision, according to industry analysts such as Omdia.  

What is ‘mobile access control’?  

Mobile access control is a method of providing people with authorised access into a site, building or room via a digital credential on a smartphone or other wearable technology. 

The ‘mobile’ part of this access control allows users to use their smartphones for entry instead of a traditional key, badge, access card or fob. 

The solution works through a downloadable mobile app, which would then act as a ‘virtual key’ providing access.   

In many cases, mobile access control is powered by Bluetooth, where the phone communicates with a mobile-capable reader on a gate, door or barrier. Other methods include using Wi-Fi and Near Field Communication (NFC) for the electronic devices within a specific distance apart.  

Currently the majority of access control, according to IFSEC Insider’s 2022 State of Physical Access Control Report, is used through identification badges (ID) with 60% of the market adopting this. Following this, 50% use time and attendance as a way to track check in and out of employees and 49% use parking/gate control. 

Though mobile access control is a relatively new type of technology used by a smaller number of organisations, the report showed that there was significant uptake of it in the marketplace, with 32% of respondents saying they were actively using mobile IDs. 

In addition, the data from the report highlighted that there has been a growth in demand for mobile access control systems. In 2020, 16% of the industry had already upgraded to mobile capable readers – in 2022 this rose to 24%, while 42% of industry professionals are still planning to upgrade. 

The top day-to-day challenge for security professionals, cited in the report, was as improving user convenience with systems, and 43% would like to make the administration of physical access control easier. 

In an ever-advancing technological landscape, the ease of use for a mobile device providing entry is often perceived to be a more convenient way to control access instead of a separate physical card, but it also can be seen to align with many company objectives of sustainability, cost-saving and heightened security.  

Mobile-first approach  

An expert on the access control and smart lock industry, Lee Odess said that while the industry has been characterised by the words ‘no and slow’ when it comes to adopting new technology, this is no longer the case.

“What’s happened is that Covid has accelerated a handful of changes, particularly around digital transformation.”

According to Odess, although many commentators talk about IT convergence as the biggest impact the industry faces, it is also likely from enterprise software, as well as cloud and mobile computing.

He said that rather than looking at mobile as an ‘iteration of existing legacy systems’, external companies such as Apple and Amazon (which owns companies in the security sphere, such as Ring) are focusing on a mobile first approach.

“Complete systems are being built around the concept of an admin and an end user providing total control from a mobile computing device.”

And the market appears to be following this trend. For example, HID Global has been working in partnership with Apple to ensure its credentials can be accessed via the Apple Wallet system. The partnership resulted in HID, Apple and SmartSpaces all working together on a project at 22 Bishopsgate, London, to create a building that uses mobile access control throughout its entire ecosystem.

What are the benefits of mobile access control? 

As mentioned, mobile access control can provide organisations with convenient entry that’s also secured through unique mobile device credentials. 

Since an increasing number of organisations have added mobile access as their method to control entrance and safeguard employees, let’s take a look at some of the benefits::

Enhanced security: There are unique credentials for the user such as biometric authentication, plus using access through an app allows for easy conditions to be placed such as temporary or revoked access. – assigning credentials. Two factor authentication can also be embedded in the process, with the option to ensure users unlock their phone before using the mobile credential. 

User experience/convenience: Users may prefer to have their virtual key on their smartphones instead of a separate physical item to carry. Since they may carry their phone more often there are potentially less instances of users being locked out of areas accidently.

Remote management: When assigning credentials, security managers and administrators don’t have to be physically present as they would for other methods of access control, allowing for real-time, remote control. This works well for an increasingly hybrid working landscape.

Cost savings: Although the initial upgrade to a mobile-enabled access system can be costly, in the long-term it removes the need purchase or print cards, badges or fobs and any maintenance that may come with traditional locks.

Integration and scalability: Mobile access control can be integrated and upgraded with existing or new security systems and can scale to grow with an organisation. 

Environmental impact: With no manufacturing production or shipping of plastic cards or fobs, it can contribute to sustainability objectives with a lower environmental impact. 

Audit trail and reporting: Like other digital or electronic credential management systems, the logging of users can also be tracked with mobile access control for entry and exit times and can therefore be useful if needed for security scrutiny. 

Mass notification: Emergency or important company notifications can be sent via the mobile app to relevant users or the whole organisation for faster broadcasting.

What are the challenges around implementing mobile access control? 

Although mobile access control can provide organisations with plenty of benefits,  like any system there remain challenges or potential barriers:

Initial cost: With 38% of those asked in IFSEC Insider’s report selecting this as their biggest obstacle to upgrading, the initial cost of upgrading to a mobile access control enabled system could be an initial barrier.

Potential hacking: One system that is centralised could have the potential for hacking which would mean all access and user information is compromised- similar to any digital/electronic access management system. Similarly, if a user’s phone is stolen information could be hacked into this way.

Smartphone users: the use of mobile access control comes with the expectation that all employees have smartphones, which may not be the case for all. There is also the added challenge of whether an organisation would require all employees to have company devices. 

Disruption: Upgrading can mean changing access control devices internally and having to introduce the use of a mobile app on a large scale. Some users may find it difficult to learn and navigate. 

User privacy: Users may be uncomfortable installing a company application on their personal device due to privacy concerns. 

Not suited to all sectors: Mobile access control may be easier to integrate into an office building rather than a building site or food production plants where mobiles aren’t allowed, for example, meaning that it may not be as convenient an upgrade for all sectors.

The future 

Mobile access control is on the rise as a modern and convenient method to manage and track physical access, and its benefits can be greater than just security – with the use of mass notification, sustainability benefits, and more. However, there are some drawbacks as listed above that may be more of a challenge depending on the sector and smartphone users in a company.

In any case, it is likely that mobile access control could play a leading role in the future of physical security access control systems. 

Advice and support from ESA Risk

For Security advice and support, contact Liam Doherty, Security Consultant at liam.doherty@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

AI and machine learning for enhanced video surveillance security

Posted on by Caitlin Duncan

Originally published on IFSEC Insider

Dakota Murphey provides an overview of the opportunities and precautions the security industry must consider as adoption rates in video surveillance grow.

From smart alarms to CCTV camera monitoring solutions integrated with intelligent analytical algorithms to analyse video footage and detect anomalies in real time, the surveillance landscape is rapidly seeing evolution at the hands of AI/ML technology.

Not only this, but AI-powered facial recognition software provides a whole new dimension to biometrics and access control.

This isn’t even mentioning the amount of data that can be autonomously aggregated and condensed to inform top-level strategic decisions – as far as surveillance system integrators and providers are concerned.

In short, it’s clear that AI/ML tech in video surveillance provides numerous promises, from enhanced security to greater productivity and actionable insights collated more quickly. As a result, it may be evident to begin integrating more AI/ML programmes and tools into your operations, however, you should be mindful of certain risks and limitations when adopting this technology at scale.

The promise of AI in video surveillance

Automated Monitoring: AI allows surveillance systems to continuously and autonomously monitor environments for abnormalities and threats. The consistency and high level of accuracy allows security teams to dedicate more resources and time to higher-level tasks. Machine learning algorithms can be trained to identify signs of trespassing, loitering, vandalism, violence and fire.

Real-Time Alerts: Intelligent cameras with built-in analytics can immediately notify security personnel when a high-risk event is detected, allowing for rapid response. This is far more effective and efficient than manual video reviews that are subject to human error.

Facial Recognition: AI facial recognition provides a touchless biometric solution for visitor management, access control and watchlist screening. Stadiums, airports and other high-traffic facilities are employing this technology to identify individuals of interest for swift containment and referrals to authorities if needed.

Crowd Analysis: Computer vision algorithms can scan crowds to detect high-density levels, suspicious abandoned objects, abnormal noise levels, higher-than-normal temperatures, smoke and many other hazardous scenarios. This allows officials to manage crowds proactively and avoid situations from escalating into dangerous ones.

Investigations: AI enables intelligent video search to easily surface clips of interest from vast surveillance archives. Security staff can use visual data mining to quickly investigate incidents and find correlations.

Concerns around AI-powered video surveillance

While the benefits of widespread AI adoption in a security or surveillance environment seem apparent, unsupervised use can yield some concerns for both integrators and end users.

Cyber security: Connected camera networks – along with incumbent enterprise infrastructure – create plenty of attack surfaces vulnerable to compromise by malicious hackers. Steps must be taken to encrypt video feeds, install software updates, and follow cyber security best practices. This includes prioritising continuous software patching, stringent access controls, encryption, MFA (multi-factor authentication) and investing in off-site penetration testing solutions to identify hidden vulnerabilities.

Privacy: Many organisations have raised concerns about the privacy implications of widespread public camera systems coupled with technologies like facial recognition. There are fears about constant monitoring and tracking of individuals without consent, along with suspected unscrupulous use of this data to be given to mysterious third parties.

Bias: Like any technology, AI models reflect the unconscious biases inherent in their training data. Critics point out that facial recognition systems often perform worse on women and people of colour. Therefore, measures must be taken to ensure fair, unbiased usage and continual improvement.

Over-reliance: There are worries that over-dependence on AI surveillance could lead to complacency and substandard human oversight. There are also concerns that AI/ML adoption could put workers at risk of employment termination if organisations look at the bottom line; the technology should augment security staff, not replace their expertise.

Balancing innovation with responsibility

The risks highlighted above should not deter the adoption of AI in surveillance outright, but rather compel companies in the industry to deploy the technology responsibly and not at the extent of human supervisors and operatives.

In short, while security firms advocate the application of AI to help security teams do what they already do, albeit faster and with greater accuracy, there is still a need for responsible human input.

With careful oversight and governance, AI/ML can make monitoring environments more secure and alleviate security personnel from low-level tasks that can instead be entrusted to computers and algorithms.

A balance of healthy AI/ML integration with resource optimisation can help companies adopt a more secure and less time-intensive process with teams fulfilling more high-value work.

Here are some other best practices to follow:

  • Conduct thorough, conclusive assessments on privacy and data protection before deploying organisation-wide facial recognition, profiling, and aggregation technologies. If end-users express concerns, be forthcoming and transparent about the use and monitoring of data, with clear and unambiguous policies.
  • Train AI models on diverse, unbiased datasets to avoid inaccurate or discriminatory results. Rigorously test systems for fairness defects and ensure that any known flaws are rectified promptly and without prejudice.
  • Clearly define the division of task management between AI and human workers. Maintain the ideal amount of experienced security operatives and personnel and upskill them – if necessary – on casting judgement, overriding errors and validating decisions that AI programmes make.
  • Develop strict policies and safeguards around data retention and lawful use that align with regulations like GDPR. Give individuals visibility and control over their personal data.

The future of AI-enabled surveillance

AI promises to unlock safer, more data-driven security and monitoring capabilities than ever before. However, thoughtful governance and diligent oversight are imperative as these powerful technologies continue evolving and proliferating.

The video surveillance industry must lead by example, pioneering AI applications that enhance security while still upholding privacy, accountability and fairness.

Get your corporate physical security risk assessment

You may think your corporate security is iron-clad. However, the risks to businesses are constantly evolving. Staying on top of risk management will protect your bottom line and your employees.

Arrange your security risk assessment today – contact Liam Doherty, Security Consultant, at liam.doherty@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

How to mitigate supply chain risk

Posted on by Caitlin Duncan

By guest author Chris Bristow of Real Business Rescue.

A degree of unpredictability will always be present in this challenging business area so it is important to identify the risks most likely to materialise and plan a strategy to deal with them.

External issues, such as adverse weather conditions and customs issues, can severely compromise the success of projects and transactions, and potentially damage a business’s reputation in the long term.

It is vital, then, that some control is regained so how can supply chain risk be mitigated?

Diversifying suppliers

Expanding their supplier base offers businesses flexibility if one supplier cannot fulfil or deliver an order. Operating with just one or two regular suppliers creates a challenging situation if a problem arises, introducing a greater risk of the supply chain breaking down.

A geographical spread of supplier locations mitigates the risk of localised issues affecting the entire supply chain. Identifying suitable ‘backup’ suppliers can also help to keep the supply chain moving.

Creating a supply chain risk management plan

Preparing for supply chain difficulties via a risk management plan is key to operating a robust but agile business that can continue to operate effectively despite supply chain challenges.

A plan might include building flexibility into production or service delivery processes, for example, or expanding the supplier base as mentioned. Considering current supply chain risks is important, but potential risks that could affect a business in the future also need to be identified.

Narrowing these down to the most likely to occur, and those that would have the biggest impact on the supply chain, helps businesses to better manage risk and act immediately if a particular scenario materialises.

Using technology to mitigate supply chain risk

Transparency and collaboration are key elements in building a resilient supply chain and both can be achieved using technology. Being able to view each part of a supply chain allows for decisive action to be taken after an adverse event and keeps the supply chain intact.

Technology also enables real-time collaboration between supply chain members. This reduces the likelihood of irresolvable problems being experienced, and crucially, limits the negative impact as all members work towards a common goal.

Reviewing the risks regularly

Supply chain risks can alter considerably over time. Political unrest in supplier locations or on the supply chain route, for example, as well as climate change and industrial strikes, may not currently appear on a business’s risk radar but they might become an issue unexpectedly.

By regularly reviewing likely supply chain risks the management plan can be amended and potential disruption avoided. The risk management document can also be reviewed when a business uses a new supplier or changes its transportation routes or methods.

Benefits of mitigating supply chain risk

By staying one step ahead of supply chain issues a business can smooth out transactions and projects and ultimately improve profitability. It is difficult to underestimate the potential damage to a business when supplies or finished goods do not reach their destination on time, or services cannot be delivered because of supply chain delays.

Mitigating supply chain risks, therefore, is a key element in operating a competitive business that develops a solid reputation for efficiency and reliability. A clear and dynamic risk management plan and the use of technology are the foundations for this.

About the author – Chris Bristow is a business debt expert at Real Business Rescue, company rescue, restructuring and liquidation specialists with a wealth of experience in supporting company directors in financial difficulty.

Contact ESA Risk today

Managing and mitigating your risks effectively is key if you want to safeguard your commercial assets, enhance your reputation and maintain commercial advantage.

The risks businesses face will continue to evolve. Whether they are related to compliance, finance, operations, the political landscape, regulations or security, it’s critical that you have a well-defined strategy in place and can respond quickly to events and incidents.

If you require advice on risk management strategy, contact Mike Wright, Risk Management and Investigations Consultant at mike.wright@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

What’s next for AI in the security sector?

Posted on by Caitlin Duncan

This article was originally published on IFSEC Insider.

With the use cases for AI ever-expanding, IFSEC Insider asked several experts to give their predictions for the future of AI in the security sector and possible barriers to adoption for 2024 and beyond.

James Chong, Chairman at Advancis

 

“The next decade will be dominated by AI applications in the security industry. AI can be very helpful when it comes to assessing and analysing massive amounts of data to help monitor critical security threats, such as detecting anomalies captured on digital video cameras.

“However, AI can also be leveraged for identifying trends and patterns to enable proactive mitigation measures, which otherwise may have gone unnoticed or undetected.

“This means AI will not only be used for forensic use cases in the near future, such as sifting through hundreds or even thousands of hours of recorded video and other data, but it can also help prevent possible future incidents through predictive analysis by recognising common threats and vulnerabilities based on historical data, combined with real-time situational awareness.

“To most effectively leverage the power of AI, it all starts with the quality and integrity of data, which can be significantly enhanced when you are able to help secure, integrate and harmonise data coming from disparate security sensors and systems. Through next generation data unification software such as Advancis Open Platform, the security industry will be able to apply different AI algorithms to create best-of-breed solutions, at scale.”

Paul Dodds, Country Manager UK & Ireland at Genetec

 

“We’ll always need trained security operators to take decisions. However, AI is already proving its value in trawling through huge data sets to identify meaningful patterns and trends. For example, it can take over arduous tasks such as monitoring occupancy levels or combing through hours of video footage for specific people and objects.

“Machine learning, a subset of AI, is also already contributing to tangible improvements in accuracy rates. For example, we’ve successfully adopted it in our own AutoVu ANPR solutions to minimise false positive readings.

“The major barrier to long-term adoption is the setting of unrealistic expectations. When introducing a new solution, manufacturers, integrators and end users all have a shared responsibility to seek clarity not just on what it can do but also what it can’t do.

“Additionally, we need to be thinking about deepfakes which use deep learning to create convincing but entirely fictional images, videos, voices or text. Detecting deepfakes is a challenge because the technology is evolving so quickly. Right now, deepfakes train on images of the fronts of faces. So, one way to detect them is to focus on the sides of faces and heads. As detection techniques evolve, I can foresee a future in which our VMS would incorporate a deepfake detection component.”

Mike Gips, Security Industry Commentator

 

“Like all technology, AI is a double-edged sword for security. Use of generative AI, such as ChatGPT, has skyrocketed, because it enables security providers to develop competent marketing copy in an instant, helps security professionals draft reports, simplifies research, and so on.

“However, generative AI is often confidently and forcefully wrong. This could expose users to liability. For example, consider the case of a query about a law professor in which ChatGPT, citing a Washington Post article, stated that the professor sexually harassed a student on a trip to Alaska.

“Not only didn’t the article exist, but the professor never faced such an accusation, hadn’t been to Alaska, and never taught at the law school. The results would be exponentially worse if a bad actor could contaminate generative AI’s data source.

“AI tools are being used productively to automate and optimise fraud detection, patch management, threat prediction, and vulnerability identification. But AI is also being weaponised to create more pernicious malware, mimic and enhance successful misinformation campaigns, and improve phishing emails. As in the case of video surveillance, drones and facial recognition, we should expect an ongoing battle with adversaries determined to use technology to attack and exploit us.”

Pauline Norstrom, Founder and CEO at Anekanta Consulting

 

“As the CEO of a leading AI safety company, my team are experts in governance, compliance, risk, and impact mitigation for biometric AI in security and safety applications. We have researched mature task-driven narrow AIs which improve intruder detection and predict that commoditisation will lead to market saturation and reduced profit.

“The sector needs to use new AI to add value. LLM/GenAIs (Gen AI) are accessible through providers such as IBM and Microsoft, and open source communities such as Hugging Face. A diverse and talented in-house AI team can solve facilities management problems including frictionless enrolment and access control, visitor tracking and employee safety monitoring.

“However, the dark side of Gen AI produces blatant lies, fake audio, and images. Automated threat detection reliant on inferences from infected sources including internet-trained Gen AI and social media can poison the evidence chain. A capable human-in-the-loop who makes the high-impact decisions is an essential element of safe AI governance and deployment.

“On one hand, AI may take jobs and when poorly governed may create serious legal liabilities. On the other hand, it will drive growth opportunities and create fulfilling employment if organisations drive their responsible and compliant AI strategy from the top down.”

David Quinn, Product Manager at G4S UK (an Allied Universal company)

 

“Contrary to popular opinion AI has developed incrementally; it’s only able to mimic human behaviour and relies on being fed data. In the next decade, I suspect security professionals will use AI platforms to differentiate between animals and humans remotely – or even between people – based on attributes like smell, movement, heartbeat and heat signature.

“We’re already seeing that parts of our company are using access control systems that flag behaviours or events that are out of the ordinary. It learns normal behaviours of a building user over time.

“An employee may use a building between 8.30am – 5pm from Monday to Friday. If that person starts entering at different times, it could be an indication of a security risk that needs to be further explored.

“Similarly, if a person starts to access an area they have not previously, the system will flag this for further examination. At no time is the system given the rules to apply, it uses machine learning to observe patterns and look for anomalies.”

Mats Thulin, Director of Core Technologies at Axis Communications

 

“The advancements of deep learning on the edge are a key driver for AI in the security sector. The integration of deep learning enhances analytics accuracy, forming the basis for reliable, scalable and bandwidth-efficient cloud solutions. The combination of edge processing, advanced metadata from the edge and additional processing in server or cloud – what we refer to as hybrid solutions – creates a scalable and cost-efficient model for more advanced analytics solutions. These solutions often generate events or alerts, or the data is the basis for site insights which are often consumed in the form of dashboards.

“In 2023, the discussion centered on AI risks. Large language models (LLMs) also entered the spotlight, becoming the foundation for generative AI, and we anticipate seeing more security applications powered by LLMs in 2024.

“Looking ahead more broadly, new regulation together with the formation of industry norms will have an impact on the development and adoption of AI as a technology, but it would be incorrect to refer to this process as a challenge. Rather, this is about laying a solid foundation for future innovation where ethics, responsibility and accountability are default.”

Jason Towse, Managing Director of Business Services at Mitie

 

“Intelligence-led services have been the gold standard for the security industry for quite some time and the use of AI is a natural evolution of this. Especially within retail security where it is fast becoming a key factor in tackling different types of retail crime, ranging from shoplifting to the more violent and prolific thefts committed by organised crime groups.

“For example, AI-powered security cameras can analyse and learn the typical movements and behavioural patterns associated with shoplifting including position in the stores, suspicious behaviour at self-checkout aisles, and the number of items someone is carrying without a basket.

“This intelligence can be shared with in-store security detectives and analysts based in operations centres who can evaluate the situation and intervene where appropriate before a potential incident can take place.

“It’s this type of high-quality intelligence that Mitie is already harnessing to combat retail crime and ensure the safety and security of our customer’s retail stores. AI technology is a welcome addition to the tools we can use to unlock another layer of intelligence that will keep us a few steps ahead of prolific offenders and more sophisticated and organised crime groups.”

Security solutions from ESA Risk

Our experienced consultants can give advice on and install practical security solutions including GPS trackers, overt and covert cameras, alarm systems and more. We also provide manned security services.

Contact Liam Doherty, Security Consultant, at liam.doherty@esarisk.com, on +44 (0)343 515 8686 or via our contact form to learn more.

What legal action can a creditor take against a business?

Posted on by Caitlin Duncan

By guest author Sharon McDougall of Scotland Debt Solutions.

Creditors have a range of legal actions available to them if they have unsuccessfully attempted to recover their debts from a business. Reminder letters and warnings are typically sent initially but, if these are ignored and the debt remains unpaid, legal action may follow.

So, what is likely to be the first step in recovering their money through the courts and how serious can these actions be for a business?

County Court Summons

A County Court Summons is an official demand for payment of a debt and the business has 14 days in which to respond. They might pay the debt, negotiate a payment plan, or challenge the legitimacy of the claim. If the Summons is ignored or payment is not made, the court can issue a County Court Judgment (CCJ) against the business.

County Court Judgment

There is still time for the business to pay the debt or arrange a payment plan, even if a County Court Judgment (CCJ) has been made. The CCJ allows 30 days for the debtor to meet the court’s demands before it is registered with the credit reference agencies.

Once the CCJ is officially registered it remains on the business’s credit file for six years and can severely hinder its ability to obtain borrowing. Importantly, it also provides formal proof of insolvency if a creditor wants to forcibly close down the business.

Notice of Enforcement

A creditor can send a Notice of Enforcement when a County Court Judgment is not paid. This means that a bailiff visit will take place to the business premises with a view to seizing business assets to the value of the debt.

The business can still arrange a payment plan with the bailiff if they sign a Controlled Goods Agreement. This allows the bailiff to return and seize the goods if the business does not maintain the repayments.

Statutory Demand for Payment

Creditors can also send a statutory demand if a County Court Judgment is not paid. This is the precursor to one of the most serious types of legal action that can be taken against a business for non-payment of a debt.

If the business does not challenge the statutory demand within 18 days or pay the debt within 21 days, their creditor can present a winding-up petition to the court. This allows the business a further seven days to pay the debt.

Winding-up petition

Seven days after the winding-up petition is presented a notice is placed in the Gazette and the business’s financial situation becomes public knowledge. The bank then freezes the company’s accounts, effectively rendering the business inoperable without court approval for certain transactions.

If the court ultimately grants a winding up order against the business it will enter liquidation and be forced to close down. A further consideration for the company’s directors is the investigation that takes place into their conduct leading up to insolvency.

Financial instability and unpaid debt

The combination of carrying unpaid debt and long-term financial instability can prove fatal for some businesses given that their creditors have access to such effective debt recovery and enforcement measures.

When a business is financially unstable it risks serious legal actions from its creditors and can quickly be forced into liquidation in some cases, especially if a high-value debt is involved.

The risks of financial decline are severe for businesses, but they can protect themselves from financial decline by carefully monitoring their cash flow against cash needs and acting quickly to deal with any upcoming cash shortages.

Article written by Sharon McDougall of Scotland Debt Solutions, part of Begbies Traynor Group. Their team specialises in helping Scottish companies deal with debt, has extensive experience of Creditors’ Voluntary Liquidation, and can help establish whether CVL is the best option, or whether other choices are available.

Instruct ESA Risk today

If you’re looking for an experienced company to reliably serve documents, such as statutory demands and winding-up petitions, look no further than ESA Risk. Our extensive network of process servers covers the whole of the UK (as well as overseas locations).

Whether you require us to serve relatively straightforward, standard documents or to organise complex time-synchronised, multi-location services, either in the UK or overseas, we’ll work with you to understand your specific requirements and tailor our services and fees accordingly.

Need to confirm an address before sending documents? We also provide tracing services, ensuring you serve the right people in the right place at the right time.

Email us at process.serving@esarisk.com, or call us on +44 (0)343 515 8686 and select option 2.

Graeme McGowan has died aged 69

Posted on by Admin Admin

It is with sadness that we report the death of Graeme John McGowan, one of ESA Risk’s Cyber Security consultants.

Graeme passed away on Wednesday 29th November 2023 at the age of 69, following a period of poor health.

Graeme McGowan - cyber risk and security consultantGraeme will be fondly remembered for his humour, character, and love of football, cricket and Pink Floyd. He had an enviable worldwide network of friends, colleagues and contacts, including a huge group of what Graeme called his ‘alumni’ – people who had worked and trained with him over his many years of public service in government agencies.

Graeme’s mission was to keep people safe online. He worked tirelessly towards this goal during his nearly 40 years in the public sector and in the many private sector roles he held after taking early retirement from a government agency in 2008. Among his many achievements, post the 7/7 London bombings, Graeme was seconded to the Home Office as the first senior government communications officer where he was responsible for developing the code of practice for, and the enactment of, the Regulation of Investigatory Powers Act 2000 (RIPA) Part III.

His work in cyber security was recognised by the Chartered Institute of Information Security when he was made a Fellow in 2021.

Graeme’s motto of ‘training, education and awareness’ lives on in the work of the organisations he was part of.

Graeme is survived by his two daughters and two grandsons. Our thoughts are with his family and friends, at this time.

Charity fraud prevention and information security

Posted on by Admin Admin

With charitable funds being raised to help the most vulnerable in society, the aftermath of fraudulent activity can be devastating. This makes the prevention and investigation of all financial crimes against charities crucial.

Charities will rarely have the expertise within their ranks to focus effort on prevention of fraud and financial crime. The reality for most of the 169,000 registered charities in England and Wales, along with the millions worldwide, is that they often have low levels of security to all the funds they hold, and little awareness or education on the preventative controls required to prevent fraud against them.

This is demonstrated in the statistic from Action Fraud that charity fraud figures had risen by 44% at the end of 2022 with a total estimated loss of £2.3 million and that’s only what has been reported.

There’s no getting away from it, financial crime in the charity sector is a serious problem and it is only getting worse.

Importance of information security in charity fraud prevention

As with all organisations, charities collect and store personal and sensitive data relating to a variety of stakeholders, such as donors, partners, employees, and volunteers. A data security breach instigated by cyber criminals can cost a charity dearly, both in financial terms and through the harm it can do to the charity’s reputation.

Investment in a charity’s information security should be seen as vital. However, with charitable activities being (understandably) prioritised for funding, that data security investment is often made as a last resort, if at all.

The importance of information security in charity fraud prevention cannot be understated. Imagine your charity is a house with wads of cash sitting inside and the doors have been left unlocked. From the outside, your house looks secure, but it isn’t. A fraudster is able to walk up, enter the house without issue and walk away with the money, by which time the damage is done.

If you do not have the appropriate security in place for your charity’s physical and digital systems, you are leaving your door unlocked. A failure to take the necessary steps to ‘lock up’ your charity’s information is a failure to secure the donations and data essential to your charity’s activities.

Information security best practice

To secure your charity’s money and data from fraud, it’s important to have multiple security processes in place. Alongside physical security measures, such as access control, CCTV and alarms, the following preventative measures should be implemented for any sensitive information stored within digital systems.

Encryption

If digital data is encrypted, then it remains secure even if it falls into the hands of cyber criminals. That’s because without the decryption key, it is practically impossible for them to read the data, rendering it useless.

Passwords

Most encryption systems require users to enter a password before their data can be decrypted so that it can be used. This means that encryption only provides security if the password is secure. A secure password is at least 12 characters, combines upper and lower-case letters, numbers and special characters, does not contain personal information and is unique to that account only.

Access to funds/payments

Ensure that only the people that require access to charity funds, and have the authority to make payments, have access to the data related to your charity’s or donor’s bank accounts, such as account numbers or PINs. If you store this data on a central computer network, access can be controlled by implementing permission rights, which determine what actions individuals are allowed to perform in relation to stored data or accounts.

Different control levels can also be put in place, e.g. having two signatories or approvers required to make payments and ensuring large payments/withdrawals are reviewed and approved by multiple personnel.

Use multi-factor authentication for added security

You can make it harder for hackers or other unauthorised people to access accounts and the data they contain by enabling multi-factor authentication (MFA), if it is available.

MFA systems add security steps to the login process after a password is entered, for example, by requiring users to enter an access code sent to their phone or a biometric measure such as a fingerprint. The most commonly used MFA system is two-factor authentication (2FA), which requires a password and one other security step.

Data loss prevention

It is not always possible to keep hackers out of computer systems, but a data loss prevention (DLP) system makes it harder for hackers to steal data if they do break in. A DLP system works by recognising certain types of data such as credit card numbers, or a particular file type such as a spreadsheet, and then blocking any unusual attempts to download large amounts of such data from your charity.

How ESA Risk can provide fraud prevention expertise in the charity sector

At ESA Risk, we have an experienced team of risk, investigations and consulting experts that are here to help any organisations in the charity sector with carrying out due diligence checks on donors, beneficiaries and local partners, and monitoring the end use of funds.

We can undertake financial crime risk assessments, advise on Know Your Donor and Know Your Partner procedures and help you set up and maintain a Suspicious Donations Log. ESA Risk can also assist with the reporting of any fraudulent activity to the Charity Commission. If you’re a charity trustee who is signing up to the Stop Fraud Pledge, we can support you with all six of the pledge’s steps: Appoint, Ensure, Consult, Create, Perform and Assess.

Please get in touch for an initial chat with our experienced consultants. You can contact Ali Twidale, Banking & Financial Fraud Consultant at ali.twidale@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

This article was published as part of Charity Fraud Awareness Week 2023.

Black Friday 2023: Stay cyber-safe

Posted on by Admin Admin

For many, Black Friday marks the official start to the Christmas shopping season and, excitingly, many retailers announce time-limited sales that promise huge savings to consumers. But it’s also the prime time for cyber criminals to cash in, too.

Some digital threats to watch out for on Black Friday 2023

Phishing attacks

While consumers rush to grab themselves a bargain, they may get caught out in a phishing scandal. Phishing links commonly lead to fake login pages, prompting victims to authenticate themselves on their web account. For instance, victims may think they are logging into their favourite retailer account, when, really, they are handing their username and password over to an attacker, who can use it to their advantage later. Although this affects users directly, it also negatively impacts the retailer’s reputation, which can be difficult to recover.

PayPal – a platform used to handle payments by many online retailers – is one of the most commonly mimicked websites. It is not only the retailer’s site that you need to be able to trust, but third-party applications used by that site, as well.

Malware  

Malware (as the portmanteau suggests) refers to any malicious software designed to harm a computer system by tracking user activity, hijacking functionality or stealing, deleting or encrypting data. Most malware enters your systems via email (widely reported at more than 90%). Statista reports that there were 5.5 billion malware attacks last year.

Malware is constantly proliferating and changing. AV Test describes how the total amount of malware has grown every year since 2008 (their first data point), with a vast amount of new malware created in the last five years.

This should be seen as a high-risk Black Friday cyber threat.

Formjacking

Formjacking is a form of ‘Magecart’ where malicious code is injected into the checkout forms of a website and can go undetected for a long time. Cyber criminals then hijack web forms to steal personal and payment information from shoppers.

Ransomware  

Ransomware encrypts files, so they are made inaccessible to the owner. The cyber criminal then demands a ransom payment in return for releasing the locked files. Ransomware occurs when legitimate ads are hacked (‘malvertising’), or through phishing emails and exploit kits. This will have consequential impact on consumers and retailers/businesses.

How can you reduce the risk of cyber threats on Black Friday 2023? 

The above attacks take place daily and are not specific to the holiday season or large events like Black Friday, but the volume and frequency of these attacks significantly increase during these times, as more consumers make purchases online.

Being aware of these threats is a step closer to preventing cyber attacks on Black Friday and during the 2023 holiday season to come. Businesses should balance their investments in security awareness training for employees and putting robust security measures in place that can help to scan their systems for suspicious activity. Similarly, consumers need to be better educated and made aware of potential threats.

If you find yourself the victim of a cyber incident, ESA Risk can help you with your response to the attack and to make you cyber-secure in the future, through the design and execution of a strong cyber security plan. Reach out to us at advice@esarisk.com, on +44 (0)343 515 8686 or via our contact form to find out more.

Mike Wright to drive to Ukraine to deliver Christmas presents to children

Posted on by Admin Admin

As an investigator, I am no stranger to interesting phone calls with insolvency lawyers. However, I can safely say that Chris Keane (of Clarke Willmott) is the first to ask me to drive to a warzone to deliver Christmas presents.

I said yes, of course.

On 26th November 2023, we are due to travel to Chernivtsi in Ukraine to deliver Christmas presents and humanitarian aid to children housed across three orphanages and more than 20 shelters.

Making the return trip of around 3,250 miles from Manchester alongside me and Chris Keane will be Keir Merrick (also of Clarke Willmott), Niall McCulloch (Enterprise Chambers), Mark Jeffries (Camel and Rotary Club of Wakefield Chantry) and Nicholas Ellis (Ellis & Co Accountants).

Working with the Charitable Organization of the Chernivtsi Diocese, we will attempt to improve the quality of the lives of:

  • Over 250 children across three orphanages in and around Chernivtsi.
  • Over 500 displaced children that are currently being housed in temporary shelters across 23 parishes in the Chernivtsi region that may have lost one or both of their parents as a result of the war.

Prof. Mariia Fedoriak and Fr. Liubomyr Ivanochko, the directors of the charity in Chernivtsi, inform us it is critical that any aid arrives prior to 1st December 2023. After this date, new customs regulations come into effect in Ukraine and the charity cannot afford to pay the legal fees required to process the necessary paperwork to ensure the aid can get through prior to Christmas.

We are hoping to raise £30,000 in support of this cause. If you are able to, please donate via our Just Giving page.

In addition to any Christmas presents we may choose to take with us, the following items are desperately needed:

  • School supplies to include stationery, notepads, art and drawing materials etc.
  • School backpacks.
  • Sports equipment to include balls, nets, tables tennis equipment etc.
  • Children’s games (including a special request for large Lego or Duplo blocks for children with learning disabilities).
  • Hygiene products to include nappies, sanitary products, shampoo, deodorant, body wash, shower gel, toothbrushes etc.
  • Winter coats.
  • 20 – 30 tents and associated camping equipment such as sleeping bags, sleeping mats/airbeds, lamps etc. so they can be used for summer camps to take the children away from the orphanages/shelters for a much-needed break.
  • An off-grid solar power system to be installed at the remote summer camp the charity has currently been gifted the use of.

We will be taking a week away from our ordinary routines to make the trip through France, Belgium, Germany, Poland, Slovakia, Hungary and Romania to reach Chernivtsi in the southwest of Ukraine, 25 miles from the border with Romania.

We currently have two vehicles in which to make the trip, but we would like to travel with three. If you are in a position to assist us by loaning a van (standard or Luton) for the trip, please get in touch.

In announcing the trip last week, Chris Keane said:

“As a father of two beautiful little girls, it really saddened me to read of the plight of the thousands of orphans and other children displaced by the war in Ukraine, especially with Christmas just around the corner.

“Whilst we are seeking cash donations to pay for the items listed on the Just Giving page, we would also really welcome the direct donation of some or all of the items. If you or your organisation can directly supply any of the items listed, we would be very grateful indeed.”

Any support really is appreciated by our group and by the charity in Ukraine.

If you are able to donate money, please do so via our Just Giving page.

If you can donate any of the items listed above, please contact me.

If you can support our efforts on social media, please use the hashtag #ChernivtsiChristmasAppeal.

Thank you.

Bounce Back Loans: September 2023 news roundup

Posted on by Admin Admin

As we’ve been reporting, the Insolvency Service’s recent press releases have been awash with director disqualifications and bankruptcy restrictions related to misuse of the Bounce Back Loan Scheme (BBLS).

While there was only one such update in September from the Insolvency Service last month, there was an important statistical update from the Department for Business & Trade with one statistic, in particular, widely reported by the press…

Marked increase in Bounce Back Loans flagged as suspected fraud

In the ‘Covid-19 loan guarantee schemes performance data‘ quarterly update to the end of June 2023, published by the Department for Business & Trade, the value of BBLS loans “flagged by lenders as suspected fraud” rose to £1.65 billion – a near 40% increase since the March 2023 update.

The official commentary on the statistics states: “Since fraudulent loans are likely to be among the first to default, it is assumed that the proportion of guarantee claims linked to loans with a suspected fraud flag should decline as the scheme matures, although this will only become apparent over time.”

As we have seen from the number of Bounce Back Loan Scheme fraud cases discussed on this website over the past couple of years, the scheme was open to fraudulent activity, as lenders were encouraged to provide businesses with financing as quickly as possible.

The loans handed out under the scheme were, of course, 100% guaranteed by the UK government and the public purse has so far paid out on £1.27bn of loans with a suspected fraud flag (around 18% of the total paid out so far under the BBLS guarantee scheme).

The data release from the Department of Business & Trade (formerly the Department for Business, Energy & Industrial Strategy) includes a set of notes specifically relating to suspected fraud reporting, which admits that the “figures for suspected fraud will vary from quarter to quarter” as lenders evolve their “processes for identifying and combatting fraud”. The release also notes that a flag of suspected fraud will not always mean actual fraud, and that reporting will differ by lender depending on their “fraud tolerance thresholds”. The general message is that the figures for this metric are “indicative” as at a moment in time.

First Bounce Back Loan compensation order secured in court

The Insolvency Service has secured its first compensation order in court, which orders Marian Ghimpu to repay £52,163 for his abuse of the Bounce Back Loan Scheme.

Ghimpu, from Croydon, obtained the maximum £50,000 Bounce Back Loan in October 2020 after he claimed his company’s turnover was £200,000 in his application. In fact, his company, Deea Construct Ltd, was only eligible for the minimum loan amount of £2,000. There was no activity at all for the year to October 2020 in the company’s bank accounts, and only around £4,000 in revenue in summer 2019 (which fell in the qualifying period for the loan application).

On receiving the loan funds, Ghimpu transferred more than £40,000 to his personal bank accounts and withdrew the remaining money in cash.

Just six months after acquiring the loan, the director placed Deea Construct Ltd into liquidation, which in turn led to an Insolvency Service investigation. The company’s liquidator, from Capital Books, was unable to recover the loan money. As a result, the Insolvency Service sought a compensation order, which was imposed on Ghimpu by Chief ICC Judge Briggs at High Court of Justice, Rolls Building on 25th July 2023 (but only reported by the Insolvency Service on 1st September 2023).

Ghimpu also received a thirteen-year director disqualification order.

Nina Cassar, Deputy Head of Investigations at the Insolvency Service, said: “Marian Ghimpu’s actions, providing false information to the bank, allowed Deea Construct Ltd, and himself, to have an unfair advantage over other businesses impacted by Covid-19. Abuse of taxpayers’ money will not be tolerated and I am delighted we have secured this compensation order. Where there have been similar cases of abuse by company director, we will be seeking further compensation orders and disqualifications.”

Insolvency and debt investigations

Seeing the whole picture in insolvency and debt cases is key to maximising returns to creditors. For more information on how ESA Risk can help to identify hidden assets or locate targets who have gone to ground, contact Mike Wright, Investigations and Risk Management Consultant, at mike.wright@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

You can also learn more from our Insolvency & Debt Investigations brochure:

 

Download your copy
Deep dive for the answers you need
TAKE A DEEP DIVE
Or contact us on +44 (0)343 515 8686 or at advice@esarisk.com.

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?

Take a deep dive
Continue browsing