Information Technology

Security, in both the physical and digital sense, is imperative for companies to deter trespassers and would-be thieves and to protect valuable equipment crucial for businesses to operate successfully.  A robust security setup can take the pressure off existing security staff and give business owners peace of mind out-of-hours. Luckily for organizations, the emergence of the Internet of Things (IoT) technology, mobile connectivity, apps, and cloud technologies has radically changed the security landscape and made it easier than ever to set up multi-room and on-premise systems. The possibilities are endless: cloud or local feed storage, customizable or automatic alerts and alarms, smartphones and tablet connectivity, wired or wireless, battery-powered or mains options, video capture, night vision, audio feeds of varying quality, and the ability to check-in, in real-time, are all on offer and can be tailored depending on the requirements of your business.  To make navigating the variety of hardware and vendor ecosystems available to today’s company owners less of a challenge, we have assembled our top ten picks for businesses. 

Flexible, mobile security solution without spending a fortune

Ring

It was once the case that to protect a business premise, heavy-duty, wired surveillance systems were the only options available. Times have changed and with the explosion in mobile solutions and the increased bandwidth offered by broadband and 4G/5G, there are mobile-friendly options for SMBs seeking a budget-conscious security option.  The benefit of the Ring camera range, including indoor, outdoor, stick-up, and floodlights, lies within its flexibility. Each camera can be connected to the same account and accessed via smartphone, alerting users to motion from all areas.  Of particular note are Stick Up Cams, which can be placed inside or outdoors and on flat surfaces or walls. Battery and wired options are available, as well as devices that come with a solar panel and backup battery pack. The Spotlight and Floodlight models, too, are of interest given their inbuilt security sirens.  As there are a variety of different cameras users can pick from, a mix-and-match set up to protect a premise is possible.Pros:Flexible and quick setupsProfessional monitoring availableBolt-on ecosystem additions available including outdoor camerasCons:Long shipping timeMultiple camera costs are high

Discreetly keep an eye out for intruders outside of hours

Nest

Google Nest cameras will be of interest to business owners already in the Nest ecosystem — including users of the Nest Thermostat, Nest CO2 alarms, as well as Nest X Yale Locks. The Nest Cam Indoor and Outdoor cameras are mobile options for on-premise security. They are best suited for budget-friendly users that need basic security measures in place. The cameras can record footage in 1080p HD, and when it comes to the outdoor version, this quality is maintained at night through infrared LEDs.  Both versions have inbuilt speakers and will alert users via their mobile devices if suspicious activity or visitors are detected by motion and noise sensors. Once the app has been installed and an account has been set up, monitoring begins.  The Nest Aware and Nest Aware Plus services will record everything 24/7 on a monthly or annual subscription basis. Nest Indoor cameras are priced at $129.99, whereas you can expect to pay $199 for an Outdoor camera. However, if you want a cheaper alternative, Google is set to roll out more budget-friendly, wired options.Pros:Easy setupMobile device monitoring and accessData analytics implemented to monitor hot spotsCons:Wired options not yet availableExpensive for single cameras

A cheap home security camera

Wyze

If you want to dip a toe into the world of IoT and intelligent home security devices, you may want to consider the Wyze Cam v3, one of the most affordable options on the market today.The Wyze Cam v3 is a $35 internet-connected camera offering 1080p recording, IP65 quality for indoor or outdoor use, a CMOS sensor designed to improve nighttime vision, a siren, and two-way communication.The camera can be part of a wider Wyze security ecosystem including outdoor cameras, motion sensors, leak sensors, keypads, and entry monitors. Pros:Additional security products on offer to create a wider security networkSmall, compact designCons:Only 14 days of cloud storage included (rolling), unless subscribed

Wireless monitoring for the workplace

Arlo

Another option is the Arlo Pro 4. This slimline, business-ready option can be used either in or outdoors, being a weather-resistant model with a variety of mounting options that can detect both sound and motion. The Arlo Pro 4, available in black or white, can work as a day-to-day camera on the shop floor; a discreet camera placed outside to act as a night watchman, or as a part of a full network of cameras in a large workplace. A spotlight to improve low-light recording is included alongside object scanning and detection.Arlo’s camera is compatible with Amazon Alexa, Google Assistant, and Apple HomeKit. Users will receive real-time alerts whenever motion or sound is detected and footage is captured in up to 2K HDR resolution. The vendor has also implemented Activity Zones which can be set to reduce unwanted or nuisance notifications.Pros:Six months of battery lifeMagnetic mountsCons:An Arlo Secure subscription is required for premium features 

Protection for multiple outdoor zones

Netatmo

The Netatmo Smart Outdoor Camera should be considered if outside security is the priority for your business.  This option is a weather-resistant camera substantial enough to be seen — and may potentially deter unwanted visitors by its presence alone — and does not purely rely on night vision. Instead, the camera is equipped with a floodlight that can be remotely enabled, disabled, or set to power up when motion is detected.  Users can also set up specific zones for immediate alerts and snapshots are taken to give users the option to check in further. The camera is compatible with iOS and Android, Apple HomeKit, Amazon Alexa, and Google Assistant. In addition, there is no subscription fee as users can choose to store recorded HD footage locally.Pros:Customizable alert preferences, useful for petsNo subscription requiredCons:Some users have reported long-term weather exposure issues

360-degree, panoramic coverage of your business premises

D-Link

The D-Link Vigilance DCS-4605EV will suit business users who want panoramic security coverage of the shop floor.  This camera is best suited for businesses concerned about vandalism as the camera has been specifically housed in a rugged casing to prevent tampering or damage. Another advantage of this camera is how weatherproof it is; being able to operate in a range of conditions and temperatures from 30 degrees C to 50 degrees C. The D-Link Vigilance includes a fixed 5-megapixel lens with a focal length of 2.8 mm and is able to record Full HD 2560 x 1920 pixel footage at a 20-foot range. Each camera can be connected to D-ViewCam, free surveillance software to manage a network of up to 32 cameras simultaneously. The camera also supports Power over Ethernet (PoE), to make deployment possible with a single cable.  The D-Link Vigilance is currently on offer for $256.Pros:Customizable video compression formatsRugged casingCons:Wired only

A must for do-it-yourself fans

Scout

Scout should be considered if you are a DIY fan and want to apply your hobby to home security.The company’s DIY system allows customers to pick the components they want — such as a hub, door panels, access and motion sensors, indoor cameras, and water detection devices. In addition, you can pick the color and finish suitable for your home (black or white) as well as the level of remote support you want. Scout’s product line is focused on mobility. Users pick their components, connect them to their mobile device, and then you’re good to go. Features include remote real-time access to activity feeds; false alarm checks; arming and disarming, and choosing how the DIY system reacts in different situations — such as how you want to be notified of motion at your front door. Packages range from a $229 starter kit containing a hub, door panel, one motion sensor, two access sensors, and two key fobs, to a large $549 package offered with a hub, door panel, one motion sensor, four access sensors, two key fobs, a smart lock, and glass break sensor. Customers can also pick-and-mix different components if they prefer.A 4G backup system is in place if home Wi-Fi cuts out and subscription-based professional monitoring is also available. Pros:FlexibilityNo hard-wiring requiredCons:Expensive start-up cost

Best for small homes and apartments

SimpliSafe

SimpliSafe is another worthy addition to our list and would suit users who need a flexible solution for smaller homes and apartments. SimpliSafe is a Wi-Fi-connected security solution backed by real-time monitoring in remote centers. While wired, in the case of a blackout, devices in the SimpliSafe range have backup batteries. The basic ‘Essentials’ package, starting at $181 (currently on sale), includes a base station, keypad, three entry sensors, and one motion sensor. At the time of writing, a free HD camera is also included in the bundle.Other packages and bolt-on options include panic buttons, freeze and water sensors, smoke detectors, and sirens. Pros:No drilling requiredStylish, discreet designCons:Assistance on offer for setup, but priced at $79

How did we choose these security cameras?

The requirements of home and business security cameras vary: the average consumer may lean toward an easy-to-install, budget-conscious product, whereas a company may be more inclined to invest in a more powerful alternative to protect valuable assets. In each case, we have considered as many aspects of a security system as possible, including recording capabilities, environmental use, and cost — both upfront and due to ongoing subscriptions.

Which is the right security camera for you?

When you are selecting your home security camera, you should consider the pain points at home or at your business location. What areas are the most important when it comes to monitoring? What assets do I need to protect? When might my home or premises be most vulnerable?If you’re working from home, for example, you might forgo constant video capture and a subscription, settling instead for clips and the ability to check-in while you’re away. However, if there is valuable stock in an office that is shut at night, you might pivot toward an option including night vision and constant video/audio feeds.

Are there alternatives worth considering?

While our top picks have included a variety of functions and uses, the below are still worth consideration.

Is it necessary to subscribe to a monitoring service?

No, but technology services now — ranging from streaming to IoT — will not usually stop at hardware: revenue models are pivoting to subscriptions, too. If you want constant monitoring and footage to be stored beyond a specific period of time, you may need to sign up.

Do I have to connect my camera to assistants like Amazon Alexa?

This bolt-on integration is usually added to make products more appealing and for the convenience for users, but you do not need to connect your home security system to anything else in your IoT ecosystem.

Will pets trigger alerts on a home security camera?

This was once a common problem with earlier forms of IoT and smart cameras, but vendors are constantly improving false-positive rates through improved object detection and the implementation of features such as ‘activity’ zones. 

ZDNet Recommends More

IBM has announced a new Secure Access Service Edge (SASE) solution designed to encourage the zero-trust security approach in the enterprise. 

On Wednesday, the tech giant said that the new service, IBM Security Services for SASE, will leverage technology provided through a partnership with cybersecurity firm Zscaler, announced in May. The new offering has been “designed to help accelerate organizations’ adoption of cloud-delivered security at the edge, closer to the users and devices that access corporate resources,” according to IBM, as well as to promote zero-trust network access (ZTNA) in the enterprise. IBM Security Services for SASE includes the firm’s zero-trust strategy protocols, SASE blueprints, a modern network architecture, and Zscaler capabilities, including the creation of processes and policies for managing SASE, as well as support for IBM Managed Security Services.  According to the company, IBM Security Services for SASE will help support a now-hybrid workforce, third-party access systems, merger acquisition execution, and network upgrades to facilitate the cloud, 5G, and Internet of Things (IoT) devices.  “Traditional approaches to network security are no longer viable in a digital world where users and applications are distributed,” commented Mary O’Brien, General Manager at IBM Security. “We’re seeing this transformation happen right before our eyes as many organizations plan to operate in a hybrid model for the foreseeable future. This new approach requires a shift in culture, processes and collaboration across teams alongside a new technology architecture.”The new solution is now commercially available. 

Earlier this year, IBM and Zscaler announced its alliance alongside the creation of a Software-as-a-Service (SaaS) implementation of IBM Cloud Pak for Security, focused on streamlining the development of zero-trust architectures in the enterprise.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

StackCommerce
Apparently, the COVID-19 pandemic is driving the next big wave of IT outsourcing. And since security is such a huge chunk of IT responsibilities, the affordable self-paced 2021 All-in-One Ethical Hacking & Penetration Testing Bundle would be an excellent choice for anyone considering a career change. Best of all, all nine courses are designed for beginners, so no previous knowledge or experience is required.

You can jump right in with “Applications & Penetration Testing: Fast Start” to find out all about the main aspects of ethical hacking. Or you might prefer to begin with the crowd favorite, “Ethical Hacking with Metasploit: Exploit & Post Exploit”, which takes you from novice to expert as a white hat hacker. Former students have given this course an impressive 4.8 out of 5 stars rating. However, that’s not completely surprising since Oak Academy was created by elite tech experts and specializes in critical skillsets for cybersecurity, game development, mobile app monetization, and more.You will learn all about spoofing, sniffing, password cracking and much more in “Ethical Hacking: Network Fundamentals & Network Layer Attacks” and “Wi-Fi Hacking & Wireless Penetration Testing Course”, which also teaches about WPS Cracking and other topics specific to Wi-Fi. You’ll get more familiar with password cracking, as well as network scanning and a variety of other useful tips in “Free Tools for Penetration Testing & Ethical Hacking”. And then you dive deeper into network scanning with “Ethical Hacking: Network Scan by Nmap & Nessus”.Find out how hackers use social engineering to access the Windows, Linux, and Android platforms in “The Complete Social Engineering, Phishing, OSINT & Malware”. You’ll learn how black hat hackers compromise applications on the web and how to fight them in “Complete Web Application Hacking & Penetration Testing”. “Cloud Security with Microsoft Azure For Beginners” covers cloud computing fundamentals and how to secure your infrastructure when working in Microsoft Azure Cloud Computing Services.Don’t pass up this opportunity to start training for a hot new career as a cybersecurity expert. Get The 2021 All-in-One Ethical Hacking & Penetration Testing Bundle today while it’s on sale for just $29.99.

ZDNet Recommends More

Cybersecurity researchers have warned of four emerging families of ransomware that could pose a significant cybersecurity threat to businesses.  Ransomware remains one of the key cybersecurity threats facing businesses around the world as cyber criminals try to compromise networks and encrypt them to demand ransom payments, which can amount to millions. This lure of potentially easy money attracts cyber criminals of all levels towards ransomware, from specialist ransomware gangs who keep the malware for themselves, to ransomware-as-a-service groups who lease out their illicit product to low-level malicious hackers who want to get in on the action. In recent months, some significant ransomware operators have seemingly disappeared. But that doesn’t mean that ransomware is any less of a problem – new groups are emerging to fill the gaps. Cybersecurity researchers at Palo Alto Networks have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. According to researchers, LockBit has compromised 52 organisations around the world since June. Perhaps most notably, criminals using LockBit compromised Accenture, although the company was able to restore from back-ups without needing to pay a ransom. 

The rise of LockBit hasn’t gone unnoticed, as Australia’s Cyber Security Centre has posted an alert warning organisations about the threat. But LockBit isn’t the only form of ansomware that’s on the rise – AvosLocker ransomware first appeared in July and offers a ransomware-a-as-service scheme that includes the operators taking care of negotiating ransoms.  The group has compromised several organisations around the world, including law firms in the United States and the United Kingdom. Like other ransomware groups, AvosLocker leaks stolen data if a ransom isn’t paid. SEE: A winning strategy for cybersecurity (ZDNet special report) Ransom demands following AvosLocker attacks are relatively low for ransomware in 2021, standing at between $50,000 and $75,000. But unlike many other ransomware groups that demand a payment in Bitcoin, AvosLocker asks for it in Monero – a cryptocurrency designed to be anonymous. Monero isn’t as high-value as Bitcoin, but the added anonymity means that it’s more difficult to trace cyber criminals who use it. Another new player in the ransomware market is Hive ransomware, which was first seen infecting organisations in June 2021. The attackers behind it also leverage stolen data and double extortion to coerce victims into paying the ransom.  In total, Hive has so far claimed 28 victims –  including healthcare providers – in attacks that have the potential to disrupt patient care. This sort of cavalier attitude to the wellbeing of the general public could make Hive a dangerous ransomware threat. The fourth emerging threat detailed by researchers is a twist on an established form of ransomware. Hello Kitty ransomware first appeared in December 2020 and primarily targeted Windows systems. Now, researchers have identified a new version of Hello Kitty that targets Linux systems, opening a whole new platform for cyber criminals to target. “Ransomware not only is after Windows systems – now with the Hello Kitty variant targeting ESxi, they are trying to get a whole different market that wasn’t explored before,” Doel Santos, threat intelligence analyst at Unit 42, Palo Alto Networks told ZDNet. Organisations around the world have been targeted with this variant of Hello Kitty, which alters ransom demands depending on the target. The criminals have demanded as much as $10 million in Monero from one victim – although the operators are also open to accepting payment in Bitcoin. The rise of these ransomware groups just goes to show that, even as established groups seemingly disappear, new players rise to take their place. Many of these will adopt the tactics and techniques of successful ransomware outfits that came before them to make attacks as effective as possible. “Many more prevalent groups paved the way for these smaller groups to emerge, giving them a business model to follow to carry out operations. That’s another reason why we see these emerging ransomware groups leverage double extortion approaches, which has become the standard since Maze ransomware,” said Santos. No matter what type of ransomware cyber criminals are using, it represents a major threat to businesses. To help protect networks from falling victim to ransomware attacks, it’s recommended that security patches are applied in a timely manner to prevent criminals exploiting known vulnerabilities. Multi-factor authentication should also be applied to all users to provide an extra barrier to attacks exploiting stolen or leaked usernames and passwords as an entry point. It’s also recommended that businesses regularly update and test their backups – and store them offline – so if the network does fall to a ransomware attack, there’s the ability to restore it without having to pay the ransom.MORE ON CYBERSECURITY More

Singapore is looking to widen access to its COVID-19 contact tracing wearable device, which soon can be delivered to the homes of new users. Current users of the TraceTogether token also will be able to replace non-working ones via more vending machines.  A home delivery service would be introduced for new users of the TraceTogether wearable device, as part of “continuous effort to support” the nation’s public health requirements, said the Smart Nation and Digital Government Group (SNDGG) in a statement Wednesday.  The government agency said more vending machines to issue replacement tokens also would be deployed progressively at more than 40 shopping malls, particularly those with high traffic, as well as all 108 community centres across the island, in the coming week. 

It added that manned booths for the collection and replacement of TraceTogether tokens then would be reduced gradually, with such booths in shopping malls to stop operating on August 31. Token counters at community centres would be pulled back at a later date.  SNDGG said it had worked with Temasek Foundation, which deployed mask dispensing machines, to retrofit these vending machines to include TraceTogether tokens.  Each vending machine would be able to hold 1,400 tokens and could be used to replace wearables that were out of battery or not working. Specifically, the machine would allow for replacement of tokens only if these were issued at least 60 days ago.  Deployment of the vending machines was slated to complete by end of October, according to SNDGG.

Singapore’s TraceTogether platform, comprising the mobile app and token, currently has a high adoption rate of more than 90%. It is widely used alongside SafeEntry, a digital checkin tool that collects visitors’ personal data when they enter venues such as supermarkets, restaurants, shopping malls, and workplaces.  The government in February 2021 passed a legislation detailing the scope of local law enforcement’s access to TraceTogether data. Then move came amidst public outcry when it was revealed the police could access the information for criminal investigations, contradicting previous assertions the data would only be used when the individual tested positive for the coronavirus.Singapore had issued the TraceTogether wearable device as part of efforts to quell data privacy concerns, touting the token as a “no internet” device that did not have GPS, internet, or cellular connectivity. Data collected only could be extracted when the wearable device was physically handed over to a health official, the government said. It also said the use of TraceTogether would cease once the pandemic was under control and contact tracing no longer necessary.Minister-in-Charge of the Smart Nation Initiative and Foreign Affairs, Vivian Balakrishnan, said last week any decision to stop using the contact tracing platform should be based on “science”, not politics. Referring to doctors, the minister said in an interview with Reuters: “Let the professionals tell us whether contact tracing to that level is necessary or helpful, and whether it secures the safety of our people. I will leave it at that. There is no need to politicise it.”In the week leading up to August 24, unlinked cases accounted for 33% of COVID-19 infections in Singapore, up from 25% two weeks before and 23% the week before, according to figures from the Ministry of Health. It recorded 269 community cases in the week leading to August 24, compared to 551 two weeks before and 372 the week before.RELATED COVERAGE More

M1 and its sister company Keppel Land have introduced 5G services that they say aim to improve maritime operations and enrich waterfront lifestyle. These include automated vessel analytics and recognition technologies to facilitate real-time surveillance. Targeted for deployment at Marina at Keppel Bay, the new suite of services would be delivered on M1’s 5G Standalone network, said the companies in a joint statement Wednesday. M1 and Keppel Land are part of the Keppel Group. 

Vessel owners at the bay would be able to tap 5G to “elevate” their waterfront lifestyle and yacht experience, as well as enhance work processes for berth operations, said M1 and Keppel. The new services would enable high speed and further automate and streamline processes, boosting productivity and efficiency for maritime operators, they said. 5G-powered monitoring devices armed with automated vessel analytics and recognition technologies, for instance, could facilitate real-time surveillance. This would ensure the safety and security of registered vessels and trigger alerts when unauthorised vessels entered the marina. Surveillance robots also could be deployed on the docks to support onsite monitoring and remote assistance. These bots would be integrated with incident management applications so data could be automatically captured, enabling communication between relevant personnel during incidents and providing 3D visualisation to assist in risk management and planning. The robots also could be leveraged to monitor and maintain the marina’s surroundings, automatically clearing any garbage identified in the waters. They then could reduce resources needed in maintaining water conditions. In addition, maintenance staff could put on 5G-powered headgears to carry out checks, handsfree. The high-speed connection would further enable them to join video conferences, share videos in real-time at any location, and receive remove support. 

M1 CEO Manjot Singh Mann said the mobile operator hoped to drive the use of 5G-enabled services across various industry sectors. Noting that this was in line with Keppel’s Vision 2030 strategy to accelerate smart cities, Mann said: “[The launch] heralds the beginning of our journey towards more viable commercial-ready 5G solutions that will advance our digital economy.”RELATED COVERAGE More

Image: ACT Policing
Two Australian law enforcement bodies will soon have the power to modify, add, copy, or delete data, after the Bill allowing such activity was waved through the Senate on Wednesday morning.The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, now awaiting Royal Assent, hands the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new powers for dealing with online crime.The first of the warrants is a data disruption one, touted as a way to prevent “continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities”. This warrant gives the cops the ability to “disrupt data” by modifying, copying, adding, or deleting it.Failure to comply could land an individual with 10 years of imprisonment.The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices or networks that are used, or likely to be used, by those subject to the warrant. The last warrant is an account takeover warrant that will allow the agencies to take control of an online account for the purposes of gathering information for an investigation. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) recommended the passage of the so-called “hacking” Bill earlier this month, provided that its 33 other recommendations were met. Shadow Minister for Home Affairs Kristina Keneally confirmed in the Senate on Wednesday the government has implemented “wholly or substantially” 23 of the 33 recommendations through legislative amendments or changes to the Bill’s explanatory memorandum.

These include strengthening the issuing criteria for warrants, including considerations for privacy, public interest, privileged and journalistic information, and financial impacts; reviews by the ISLM and the PJCIS; sunset powers in five years; and good-faith immunity provisions for assistance orders. Of the other 10 PJCIS recommendations, four have been accepted by the government and will be incorporated into its response to the national security legislation review. The House of Representatives on Tuesday passed the Bill, with a total of 60 amendments, and while Labor has thrown its support behind the Bill as a result of the amended document being a “better Bill”, the Australian Greens have not. “Unsurprisingly, the two major parties are in complete lockstep with each other and are leading us down the road to a surveillance state,” Greens Senator Lidia Thorpe said.”In effect, this Bill would allow spy agencies to modify, copy, or delete your data with a data disruption warrant; collect intelligence on your online activities with a network activity warrant; also they can take over your social media and other online accounts and profiles with an account takeover warrant.”What’s worse, the data disruption and network activity warrant could be issued by a member of the Administrative Appeals Tribunal — really? It is outrageous that these warrants won’t come from a judge of a superior court.” She said it was not clear that these warrants were even needed, noting the Bill “does not clearly identify a gap in existing powers”.”The scope of the new powers is disproportionate compared to the threats of serious and organised cybercrime to which they are directed,” she said.”There is a lack of evidence justifying the need for warrants of this nature, beyond those already available … no other country in the Five Eyes alliance has conferred powers on its law enforcement agency that this Bill will.”The Bill is now awaiting Royal Assent.MORE ON THE BILL More