New Zealand Security - October-November 2021 by Defsec New Zealand

October / November 2021

New Zealand Security Magazine

OUR NEW ERA OF FRAUD AND CORRUPTION New Zealand Security Awards

Security Systems with Smoke Detectors

Corruption in the Public Sector

The best of the best in security for 2021 named in a star-studded virtual week of award announcements.

Consultant Lincoln Potter PSP writes that SSWS should not be subject to fire alarm system compliance requirements.

Sue Trezise provides anticorruption agency insights on misconduct, fraud and corruption in the public sector.

www.defsec.net.nz

e c u r i ty I

S ’s

mited 30 y Li e

Loktr

y tr s u

ervicing N

Three great brands that stand for QUALITY and VALUE

CMY

from Loktronic Limited SERVICE and SUPPORT drive us. Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 • Fax 64 9 623 3881 • 0800 FOR LOK mail@loktronic.co.nz • www.loktronic.co.nz

ISO 9001:2015

REGISTERED COMPANY Certificate No. NZ1043

AcuSense Liveguard

Upgrade

AX PRO

Video Intercom ColorVu Easily connecting everything with your devices Share with your family/ colleagues For IOS or Android download from appstore.hikvision.com

HIKCONNECT ECO SYSTEM Bring Peace Of Mind With All Your Security Devices At Your Fingertips.

Distributed by Australia

www.csd.com.au

New Zealand

www.nesscorporation.com

www.videosecurityproducts.com.au www.atlasgentech.co.nz

Hikvision New Zealand

www.nfs.co.nz

www.hikvision.com T +64 09 217 3127 E salesnz@hikvision.com Follow us on |

Hikvision Oceania

CONTENTS ISSN Print 1175-2149 • ISSN Online 2537-8937

From The Editor............................................................................................................................................................................................... 6 Discover Hikvision’s latest ColorVu technology: sharper imaging with brighter colour, 24 hours a day............................. 8 Integrity Matters: Misconduct, fraud and corruption in the public sector.................................................................................. 10 One Eye Open: Mental health blind spot in counterterror efforts................................................................................................. 12 The importance of place in understanding physical security risk................................................................................................. 16 Interest in keyword ‘cybersecurity’ on Google Search hits an all-time high.............................................................................. 19 The Global Fraud Landscape.....................................................................................................................................................................20 FMA sees spike in investment scam complaints since start of COVID-19.....................................................................................22 Board directors least likely to receive fraud training.......................................................................................................................... 24 Think Pandemic-Related Fraud Is Going Away? Think Again...........................................................................................................25 New Zealand Security Awards delivers a week of winners.............................................................................................................. 26 NZSA CEO’s September Report.................................................................................................................................................................36 Insights from consumer survey highlight young consumers are at risk...................................................................................... 39 Cybersecurity: The crucial email double check....................................................................................................................................40 Commerce Commission gets tough on anti-collusion...................................................................................................................... 42 Security Systems with Smoke Detectors: An Explainer.....................................................................................................................44 Compliance Notice issued to Reserve Bank following cyber attack..............................................................................................46

Industry Associations

* www.security.org.nz

www.asis.org.nz

www.masterlocksmiths.com.au

Three leading brands from

0800 367 565 www.loktronic.co.nz

NZSM

www.skills.org.nz

www.nzipi.org.nz

October/November 2021

i-PRO X SERIES powered by AI

Taking intelligent analytics on the network edge » Maximising network and bandwidth efficiencies » Installs up to three video analytics applications » Designed for third party application development » High endurance, high realiability even in extreme conditions » Five year warranty

AI Privacy Masking Available models: WV-X2571LN 4K outdoor dome camera WV-X2271L 4K indoor dome camera WV-X1571LN 4K box camera

WV-X2551LN 5MP outdoor dome camera WV-X2251L 5MP indoor dome camera WV-X1551LN 5MP box camera

business.panasonic.nz/security-solutions/

FROM THE EDITOR Welcome to the October-November 2021 issue of New Zealand Security Magazine! In this issue we’re proud to feature all the winners at this year’s New Zealand Security Industry Awards. We bring to you details on each of the winners, including the reasons why they were selected as the best of the best in 2021! Congratulations to all nominees, finalists and winners! We also focus in this issue on the topic of fraud. It’s a big topic that appears to have become bigger since the onset of the Covid-19 pandemic. As our changed circumstances see more and more employees working remotely, and as lockeddown populations transact more than ever online, Covid has provided something of a perfect storm for scammers. 2020 was a bad year for fraud, writes senior editor of ASIS International’s Security Management magazine Megan Gates, who notes that fraud incidents remain woefully un-investigated and staggeringly unreported. In her first article in NZSM, Sue Trezise Director of Sue-lutions Ltd provides fraud risk insights from the New Zealand Office of the Auditor General (OAG) and Victorian Independent Broad-based Anti-corruption Commission (IBAC). We also feature recent news from the Financial Markets Authority (FMA), which is warning New Zealanders to be on the lookout for three unique types of scams that have been on the rise since the start of COVID-19. Complaints about investment scams and fraud lodged with the regulator in the first half of this year were up 79 percent on the same period in 2020. Andrea Babbs, UK General Manager, VIPRE SafeSend, reminds us that reliance on email is a big cyber security risk – and not just due to the increasing frequency and sophistication of attacks. With the volume of emails sent and received every day, mistakes are inevitable, and organisations need to look at this non-malicious yet very real insider threat. An article by Bruce Dorris, President and CEO of ACFE highlights a new ACFE survey report that reveals that 51 percent of anti-fraud professionals surveyed said that they have uncovered higher levels of fraud since the pandemic began, with 20 percent saying the increase was significant. Some great updates as well from within the industry, including feature articles from Security Consultants Lincoln Potter PSP and Chris Kumeroa, the latest on Hikvision’s ColorVu technology, and a critical exploration of New Zealand authorities’ approaches to countering violent extremism. There’s plenty more in this October-November issue of NZSM! To ensure you don’t miss out on any of the news and analysis we publish, subscribe to our email newsletters via our website, and follow us on LinkedIn via the address listed on this page. As always, feel free to get in touch to find out about how your business can benefit by being part of New Zealand’s premier security and risk management industry publication in 2022! Nicholas Dynon Auckland

DEFSEC

New Zealand’s National Defence, Fire and Security Publishers of: Line of Defence, FireNZ, New Zealand Security Magazine

Contact Details: Chief Editor, Nick Dynon Phone: + 64 (0) 223 663 691 Email: nick@defsec.net.nz Publisher, Craig Flint Phone: + 64 (0)274 597 621 Email: craig@defsec.net.nz Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

NZSM

Upcoming Issue December 21 / January 22 Retail security; Hospitality; Revenue protection; Women in security.

facebook.com/defsecmedia twitter.com/DefsecNZ linkedin.com/company/ defsec-media-limited

NZSM New Zealand Security Magazine

Nick Dynon Chief Editor Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles. Disclaimer: The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use. Copyright: No article or part thereof may be reproduced without prior consent of the publisher.

October/November 2021

Discover Hikvision’s latest ColorVu technology: sharper imaging with brighter colour, 24 hours a day Monitor outdoor or indoor spaces, identify breaches as soon as they occur, and react in real time to protect people and assets at any time of day or night. ColorVu technology captures clear, full-colour images 24x7. Traditional video cameras provide black and white images, which can be grainy and unclear in lowlight environments. To help boost security 24x7, Hikvision has created its ColorVu technology, which gives organizations high-resolution, full-colour images, even in neartotal darkness. Security breaches are not governed by the seasons, by the weather, and certainly not by the time of day. They can occur at any time, and often under the cover of darkness when traditional, black-and-white security cameras with infrared lighting are unable to capture events clearly

NZSM

enough to collect clear evidence or respond effectively. Hikvision has expanded its fullcolour camera range with ColorVu technology. This offers a much better visual experience than traditional cameras, providing accurately rendered colour images with balanced brightness at all times of the day or night. The camera range with ColorVu technology includes 4k cameras for UHD experience, and varifocal cameras for unparalleled clarity. These innovations allow organisations and local authorities to monitor outdoor or indoor spaces, identify breaches as soon as they occur, and

react in real time to protect staff, employees and members of the public. Boosting security with leadingedge technology Cameras with ColorVu technology are able to capture high-definition, fullcolour images in low light conditions because of two key technology breakthroughs: (i) advanced F1.0 large apertures, and (ii) highperformance imaging sensors. The cameras also use a new 3D dynamic noise reduction (DNR) algorithm to increase clarity at long range, and a soft and warm supplemental light guarantees colourful images even in zero-light environments.

October/November 2021

increase security and enables much faster responses to incidents. 2. Improved perimeter protection for retail and logistics sites Perimeter protection is always a challenge for large retail and logistics parks. With ColorVu technology, security teams can monitor the perimeter 24x7 and react quickly to any breaches before assets or people are put at risk. Cameras with ColorVu can also be combined with other smart video technologies from Hikvision – including AcuSense vehicle and license-plate recognition – to trigger automated alerts for suspected security breaches.

24/7 Colorful Imaging View in Color, Even in Darkness

The expanded camera range with ColorVu satisfies different needs, from high performance products to budget friendly choices, as well as smart solutions. For example, the range now includes a 4K camera that offers ultra-high-definition colour imaging during the day and at night. With better image quality and richer details, 4K cameras with ColorVu can be applied in wider scenarios such as stadiums, airports, harbours, and parking lots, where clear and high-resolution images are necessary. The cameras with ColorVu can also integrate Hikvision AcuSense technology to distinguish between people, vehicles, and other moving targets such as rain, leaves and animals. Alarms are only triggered

October/November 2021

when pre-set intrusion types are detected, allowing security teams to take action. 4 key applications for cameras with ColorVu The ability to capture clear, fullcolour images 24x7 is useful in a wide range of indoor and outdoor scenarios, including: 1. Security for outdoor spaces – especially streets and parks Lighting on streets and in parks is rarely uniform, and dark areas can increase the risk of crime and make people feel unsafe. Cameras with ColorVu technology enable local authorities to record high-resolution, full colour video footage even in low-light conditions, which helps to

3. Asset protection for small businesses Small businesses need to protect their assets, including vehicles left in driveways or on the street. Because cameras with ColorVu technology are able to capture high-resolution, fullcolour images 24x7, security breaches can be recorded, and evidence passed on to the authorities – increasing the chance that assets can be recovered and that perpetrators will be brought to justice. 4. Increased security at building entrances High-resolution, full-colour images can greatly enhance security at building entrances, which are sometimes unlit, or dimly lit. Even though cameras with ColorVu can record footage in extremely low light conditions, teams often choose to turn on the cameras’ supplementary light as an additional deterrent to a break-in or other security incident. Find out more These examples are the tip of the iceberg in terms of how and where cameras with ColorVu technology can be deployed to boost security and protect people and assets. For more information about the ColorVu technology, please visit here.

NZSM

Integrity Matters: Misconduct, fraud, and corruption in the public sector Sue Trezise Director of Sue-lutions Ltd provides risk insights from the New Zealand Office of the Auditor General (OAG) and Victorian Independent Broad-based Anti-corruption Commission (IBAC).

Rather than debating the merits of whether an organisation has/ needs a risk culture and what that may/should look like, this article suggests it is timely to focus instead on ensuring the organisation has a culture of integrity in the first instance. Embedding a culture of integrity is the key to maintaining trust and confidence in an organisation for staff, stakeholders, customers/ clients and the community. Sue Trezise is the Director of business and risk consultancy Suelutions Ltd. She is a risk specialist and practitioner with extensive public sector experience.

NZSM

Integrity matters in the public sector especially, given that public funding and support creates and enables government agencies and works. There is an expectation that infrastructure and assets will be appropriately maintained, and that development, resources and services provide maximum value. Public sector employees are expected to perform their duties fairly and honestly. Misconduct, fraud and corruption waste public money and resources and also damage the reputation of the public sector. Insights for managing integrity risks in relation to fraud and corruption are readily available from government agencies established to ensure accountability. Risk insight from two such agencies is provided for fellow risk practitioners to further inform risk discussions and decision making.

Fraud Maintaining a culture of integrity, supported by strong internal controls, is the fundamental means by which public organisations prevent and detect fraud. Each year the Office of the Auditor General (OAG) shares information on fraud incidents to assist public organisations to consider where their risks might lie. The current data set spans the period 2012/13- 2019/20 and identifies some key trends which could be useful in identifying risk factors and informing mitigation measures. The data is grouped into broad categories: the type of fraud, the methods and reasons for fraud being committed and how the fraud was identified. The most commonly reported type of fraud was theft of cash, with the most common reason for committing fraud being that the fraudster didn’t think they would get caught (!). As mentioned earlier, internal controls were the key method by which the fraud was detected, followed by internal and external tipoffs. For each category, the top three incidents (where identified) are listed in the table opposite: Because the OAG is dependent on information being provided by public organisations the full extent of fraud cannot be reliably known. For further information visit: https://oag. parliament.nz/data/fraud/types

October/November 2021

or other electronic means. Cyber threats also pose a risk in remote workforces. 3. Risks to governance processes and oversight During emergency or crisis situations, employees may come under pressure to take shortcuts to accelerate delivery, such as bypassing proper processes, and reducing or stopping routine consultations with stakeholders and experts. 4. Reduced attention to corruption resistant culture There is a risk that agencies’ integrityrelated education and training programs may be postponed or cancelled due to increased service delivery demands or logistical issues associated with remote working.

Corruption In 2020, the independent broadbased anti-corruption commission (IBAC), based in Victoria, published information on building integrity in times of crisis (such as Covid-19). The resources aim to help the public sector (central and local government) review and strengthen integrity responses and improve capacity to prevent corrupt conduct during times of emergency and crisis. IBAC identified key opportunities for misconduct and corruption arising from changes to the way services are delivered in such circumstances. These are summarised as:

1. Increasing demands and pressure on employees Crisis-related funding can increase existing fraud and corruption risks. Key risks typically stem from the transfer of funds from the public sector to the private sector for service delivery and other support. 2. Working remotely Working from home increases security and privacy risks to public sector employees. Risks include inadvertently discussing or exposing information to unauthorised individuals, either in person within shared work spaces, via social media

5. Increased lobbying Lobbying efforts by groups seeking government support can place undue influence on government decision-making which, if successful, may compromise probity and due diligence measures and decrease transparency. For each of these ‘opportunities’, associated warning signs or ‘red flags’ and suggested prevention/ control measures to help minimise risk are set out in the information sheets. For further information visit the publications and resources section of the IBAC website: https://www. ibac.vic.gov.au/publications-andresources This article was originally published in the September 2021 issue of RiskPost, the member magazine of risk management professional organisation RiskNZ, and is reprinted with permission.

Reporting

Central government

Local government

Types of fraud

1. Theft of cash 2. False invoicing 3. Credit or fuel card fraud

1. Theft of cash 2. Theft of inventory 3. Credit or fuel card fraud

Methods and reasons for fraud

1. Didn’t think they’d get caught 2. Policies and procedures not followed 3. Easy access to cash

1. Didn’t think they’d get caught 2. Easy access to cash 3. Policies and procedures inadequate

October/November 2021

NZSM

One Eye Open: Mental health blind spot in counterterror efforts Chief editor Nicholas Dynon writes that established punitive approaches by government to individuals exhibiting lone actor terrorist behaviours are not necessarily making us safer. Ahamed Aathill Mohamed Samsudeen, the 32-year-old ISIS sympathiser who stabbed six people before being shot dead in an Auckland supermarket on 3rd September is New Zealand’s latest ‘terrorist’. While the terrorist label may fit, history tells us that it’s not particularly helpful.

Nicholas Dynon is chief editor of Line of Defence Magazine, and a widely published commentator on New Zealand’s defence, national security and private security sectors.

NZSM

There are, according to various studies, over 200 definitions of terrorism. They are academically contested, often legally convoluted, frequently politically appropriated, sometimes emotively deployed, and inevitably prone to obsolescence. As a rule of thumb, they tend not to be particularly helpful. And New Zealand is no exception to this rule. The Counter-Terrorism Legislation Bill currently before Parliament is seeking to address inadequacies in the Terrorism Suppression Act 2002 (TSA), including amending the legal definition of ‘terrorist act’. According to the Ministry of Justice, terrorism has evolved since the TSA was drafted in the early 2000s. The TSA, it states, “predominantly responds to the threat posed by organised terrorist entities and groups rather than a fuller range of terrorist activities, such as attacks that involve lone actors and low-sophistication.” The ‘fuller range of terrorist activities’, however, is potentially a very long list. Similarly, the ‘terrorist’ label itself encompasses a range of

actors that has broadened over time, from terrorist organisations, militant groups and rebel fighters, to violent extremists, lone actors, radicalised offenders, disgruntled petitioners and fixated persons. In Samsudeen’s case, it would appear that beyond the general categorisation of ‘terrorist’, there is some consensus among commentators that he was a ‘lone wolf’ or, less pejoratively, a ‘lone actor’. Although we again face the difficulty of multiple contested definitions, lone wolf terrorism may be described as involving a single perpetrator acting without direct support in the planning, preparation and execution of an attack, and whose decision to act is not directed by any group or other individuals. Understanding the LynnMall terrorist as a lone actor is important because research has identified characteristics in relation to this particular category of terrorist that distinguishes it from others, including – importantly – in terms of the role played by mental health. The mental health connection On 15 December 2014, Man Horan Monis held 18 people at gunpoint inside the Lindt café in Sydney, a siege that resulted in the deaths of two captives and Monis himself. It ultimately transpired that Monis was acting independently – a lone actor – and that he had serious mental health problems.

October/November 2021

A 2015 Study by Corner and Gill of 119 lone actors in Europe and the US found that 32 percent had been diagnosed with a mental illness, whereas organised terrorist groups had a relatively low prevalence of mental illness, with only 3.4 percent of those studied having psychiatric diagnoses. They found that the odds of a lone actor having a mental illness is 13.49 times higher than the odds of a group actor having a mental illness. A 2020 study by Morris and Meloy of 23 lone actors referred to authorities as posing a national security risk from a county in Scotland found that 39 percent had previous psychiatric contact. In his 2019 study of security sector practitioner perceptions of the terror threat environment before the Christchurch attacks, Massey University’s Dr John Battersby noted that mental health conditions and ‘fixations’ featured prominently

October/November 2021

as a major source of concern of practitioners in relation to ‘at-risk individuals’. Published in the National Security Journal just days prior to the LynnMall attack, an article by Massey University Alumna Josinta Tillett, provides the most comprehensive picture yet of the characteristics of lone actors in New Zealand. Her paper, “Understanding Lone-Actor Terrorists: The Global Context and How it can be Applied to New Zealand”, also notes the prevalence of mental illness within this cohort. Summarising eight significant international studies that analyse a range of lone-actor terrorist characteristics or indicators from Europe, the US, or both, Tillett notes that actors are overwhelmingly male, usually aged in their 30s, always hold a radical ideology, probably suffer a personal grievance, are dependent on the internet, are socially isolated, usually have intimacy issues, often

have mental health problems, have average to high education levels, often suffer employment problems, and often have a prior criminal history. Tillett’s analysis of the characteristics of seven New Zealand lone actors found that there were both similarities and differences between the international and New Zealand results, including higher mental health rates within the New Zealand cohort. Five out of the seven lone actors were identified as having mental health issues, with one ‘possible’ and one ‘unknown’. Using anonymised Police data of suspected potential lone-actor cases alongside anonymised data relating to general offenders who had been charged with serious violence offences in the five years to December 2018, Tillet found that there were relatively higher mental health/suicide figures in relation to the possible lone actors (29 versus 19 percent). NZSM

Love, truth, and mutual respect the late Dr Rob Roche

The mental health gap Corner and Gill note that their abovementioned findings “suggest a need for revisiting the issue of mental illness as a part of the process for some people becoming involved in terrorism.” Furthermore, they note that mental illness mechanisms “remain systematically unexamined, and there may be grounds to pursue a more concrete understanding of how mental illness and psychological processes influence an individual’s participation in and trajectory through terrorist behaviors.” Evidently, the LynnMall attacker had a significant mental health history. Auckland barrister Aarif Rasheed recently told Stuff.co.nz’s Jehan Casinader, “For years, the authorities had treated this man as a terrorist – labelling him a terrorist, and convincing him that he is a terrorist.” Samsudeen had reached out to the defence lawyer in late 2017 while being held in custody after sharing violent content on Facebook. Having talked with Samsudeen, Rasheed had sought advice from Dr Clarke Jones, a counter-terrorism expert at the Australian National University’s Research School of

NZSM

Psychology specialising in youth interventions, radicalisation, correctional reform, terrorist offenders and prison gangs. “As it was, law enforcement treated him exclusively as a violent extremist, with no apparent efforts to address his mental health issues,” Jones wrote in the wake of the attack in The Guardian. “His experience with New Zealand police and the criminal justice system could have triggered his recurring experience of the original trauma, alleging mistreatment or excessive use of force during his time in the NZ criminal justice system.” “The tragedy of 3 September shows that traditional law enforcement strategies to address extremism are not the only solution,” he continued. “We must urgently consider and try alternative approaches that seek to address causal factors.” In 2015, I had the pleasure of interviewing the late Dr Rob Roche for an article on countering violent extremism in the New Zealand Security Magazine. A member of the New Zealand Peace Foundation, Roche was a retired Auckland-based medical practitioner who had previously led ground-breaking work with patients suffering from alcoholism and serious drug addiction. It was just months after Parliament’s December 2014 passing of the Countering Terrorist Fighters Legislation Bill, which had given the NZSIS greater surveillance powers and the Minister of Internal Affairs greater powers to suspend and cancel passports. Although acknowledging the role of security and law enforcement, it was Roche’s opinion that the then National Government was approaching the issue of violent extremism with one eye open. “To be effective, any program for the rehabilitation of extremists must be based on love, truth, trust and mutual respect”, he insisted. “It will have a better chance of success if it is non-judgmental and where there are no elements of confrontation or fear of physical punishment or condemnation.”

These were brave words. Love, truth, trust and mutual respect were not ideas with which one might have expected the New Zealand Government to have approached people exhibiting extremist tendencies. National’s approach was firmly around deportation, passport cancellation, incarceration and, failing these, surveillance… and this hasn’t changed under Labour. From the many that existed overseas, Roche singled out a program in Germany that had been in operation since 2011 and had at that point dealt with almost 500 cases. The Hayat (Arabic for ‘life’) program was supervised by Daniel Kohler, director of the German Institute of Radicalisation and De-radicalisation and a leading figure in counterextremism. “Kohler stresses the importance of treating a radicalised individual as a patient,” explained Roche, “so that appropriate psychological counselling and other specialised services can be provided when needed.” The identification of the at-risk person as someone ‘in need’ rather than a mere target of state surveillance or law enforcement is a key ingredient for Roche. “The object”, he stressed, “is to generate a sense of wellbeing and self-worth so that the patient is well equipped to find a rewarding place in society.” Roche passed away in his 91st year last January. One of my enduring memories of the doctor was accompanying him during Ramadan to an iftar (breaking of the fast) at the then Auckland University of Technology Mosque. He had wanted to meet with Muslims to learn more about their lives and beliefs. He sat awestruck during the maghrib prayer, and afterwards ate together with the Imam and the hands of several others from the same plate. Six years later, authorities still appear wedded to the type of securitised, punitive approach to at-risk individuals favoured several years ago. That approach didn’t work for lone actor Samsudeen, nor his victims, and ultimately it’s unlikely to work in future.

October/November 2021

e c u r i ty I Z

S ’s

ervicing

N Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

Loktronic for ex-stock availability

mited 30 y Li e

Loktr

y tr s u

The importance of place in understanding physical security risk According to Chris Kumeroa, Managing Director of Global Risk Consulting, the security world is coming to a greater awareness of the importance of data-driven approaches to assessing risk. But there’s some way to go.

Chris Kumeroa is Managing Director of Global Risk Consulting Group. He is a former New Zealand Special Forces soldier specialising in counter terrorism, human tracking, mountaineering and reconnaissance.

NZSM

Data and physical security risk When it comes to data-driven approaches to the assessment and management of physical security and safety related risk, the public and private sectors are a patchwork of ‘haves’ and ‘have nots’, and the distinction between these appears to be drawn along sectoral lines. The relatively recent establishment of the Evidence Based Policing Centre by the NZ Police and the New Zealand Institute for Security and Crime Science by the University of Waikato are indicative of an acknowledgement that data can enhance public security outcomes. Their appearance is part of a global trend, and they mirror the establishment of similar institutions in other countries. In the private sector, the insurance, healthcare and health & safety sectors tend to evidence their assessment of security, health and safety risks with data than, say, private security consultants and security providers. That certain sectors are more advanced in this way than others, however, has probably less to do with any technological edge and more to do with the fact that they’re simply more accustomed to taking quantitative approaches to risk. From our work in the private security consulting space, we know that any respectable consultant

bases their work on an appropriate standard, such as ISO31000 Risk Management, HB167 Security Risk Management, and ASIS International’s Enterprise Security Risk Management (ESRM) Guideline. A consultant may also have regard for the government’s Protective Security Requirements (PSR) guidance, which itself advocates a risk-based approach based on ISO 31000. Either way, ISO31000, HB167 and ESRM are all quite aligned. But even with the right standards and frameworks in place, there is still the challenge of producing security risk assessments built upon a strong evidence base. When some security consultants talk about quantitative versus qualitative approaches to security risk management and quantitative versus qualitative security assessments, what they are often referring to is – specifically – approaches to scoring risk; a quantitative score referring to a risk rating expressed as a numerical value (e.g. 1 to 10), and a qualitative score referring to a risk rating expressed adjectively (e.g. ‘low’, ‘medium’, ‘high’). That’s great, but it’s certainly not a quantitative approach to identifying risk, and it’s definitely not data-driven. What us security consultants tend to talk less about is the use of quantitative approaches to the identification and assessment of risk

October/November 2021

through the scientific analysis of historical risk-related data. More often than not, there is a tendency to rely upon anecdotal evidence, assumption, and past wisdom. This can be due to data accessibility or ‘noise’ issues, but more often than it should be it’s due to the lack of adequate engagement with the data. As a result, the security controls recommended by a consultant as a result of a data-less security risk assessment (or, as can be the case, in the absence of a process-driven security risk assessment altogether) are often selected on the basis of what’s worked in the past or – perversely – on the basis of what types and brands of security solutions the consultant has a personal (conscious or unconscious) bias towards. It’s a tendency noted in a European Safety and Reliability Association (ESRA) research paper A Study on the Influence of Uncertainties in Physical Security Risk Analysis: Security risk assessment is often accompanied by great uncertainties, as there is a lack of evidence of threats, consequences and the abilities of security measures. Thus, qualitative or semi-quantitative models that strongly rely on expert knowledge are often used, although these models can lead to misleading or even wrong results. In the physical security world, ‘wrong results’ can lead to commercially irresponsible, reputationally risky, wasteful, and

October/November 2021

potentially life-threatening decisions around security planning, policy, training, and deployment. On the other hand, ‘evidence-based’ security risk assessments can result in security decisions that are well-informed, defensible, and more likely to achieve intended outcomes. According to a definition we came across in a healthcare sector publication, ‘evidence-based risk assessment’ (EBRA) is the practice of informing risk decisions through the judicious identification, evaluation, and application of the most relevant, quantifiable, and statistically valid risk information. In the Risk Management Standard (ANSI/ASIS/RIMS RA.1-2015) copublished by ASIS International and RIMS, this is referred to as a ‘factbased approach’. According to this approach: Assessment conclusions should be based on verifiable evidence, where available, gathered through a systematic risk assessment process that ensures reliability and reproducibility. It should be recognized that an assessment is a snapshot in time conducted with finite resources; therefore any sampling techniques should be based on a defined methodolog y that produces a representative sample… If the evidence falls short of fact because there is insufficient information available, or of a type that limits its ability to be verified, then its credibility should be supported by other reliable information.

Mapped data and physical security risk As practitioners focused predominantly on the physical security world, much of what we do is in some way related to the idea of ‘place’, whether it’s a shopping mall needing a security assessment, a neighbourhood that’s seen in increase in organised crime, or a senior executive’s travel destination. Understanding the prevalence of hazards (crime, conflict, terrorism, unrest, antisocial behaviour, traffic incidents, natural events, etc) in a particular locality enables us to better manage the risk and to achieve better security outcomes. It’s a simple thesis: an individual’s exposure to a hazard (a potential source of harm) is dependent upon the location of the individual relative to the hazard. If an individual remains geographically distant from a hazard, it is less likely the hazard will result in harm to them. Conversely, if an individual and a hazard are located at the same place and at the same time, then the likelihood of harm (i.e. risk) to the individual is heightened. It’s Risk Management 101, and it’s a logic that holds true no matter the hazard – earthquake, weather event, crime or traffic incident. COVID-19 clustering, and physical distancing measures, for example, have demonstrated the importance of geographical proximity in the context NZSM

‘Place’ is key to physical security risk. Image: supplied

of virus transmission and exposure to potential harm. Place is a key element in both the spread and the containment of the pandemic. In the case of crime, law enforcement concepts such as ‘environmental criminology theory’, ‘routine activities theory’ and ‘place-based policing’ demonstrate the importance of location to risk. Environmental criminology theory, for example, posits that crime is a complex event in which four things intersect at one time: a law, an offender, a target, and a place. Crime has distinct geographical patterns, and the geography of crime can be dynamic over time and space. Many place-based policing theories describe the role of place in shaping how crimes cluster and form ‘hotspots’, emphasising the role of place as the key element in crime. Risk Terrain Modelling, for example, uses geospatial analytics to diagnose environmental conditions that lead to crime and other problems. It brings multiple sources of data together by connecting them to geographic places, and then forecasts risk patterns for certain areas. This can assist law enforcement in deploying resources, preventing crime, and reducing risks. According

NZSM

to Melissa Burgess in a NSW Bureau of Crime Statistics and Research brief (April 2011): The distribution of crime across a region is not random. A number of factors influence where crime occurs, including the physical and social characteristics of the place and the people using the place. Crime mapping can show us where the high crime areas are and help to provide an understanding of the factors that affect the distribution and frequency of crime. This knowledge can help improve crime prevention policies and programs. For example, it can help us to anticipate at-risk places, times and people; direct law enforcement resources; allocate victim services; design the most suitable crime prevention strategies; and so forth. Place is also important in relation to hazard categories more commonly associated with accident, chance, or ‘act of God’. Traffic incidents, for example, can happen anywhere, but the data tells us that certain locations – or hotspots – play host to disproportionately more incidents than others due to conditions at their specific location. In the case of natural disasters, some extreme weather events, such as severe storms, can appear ‘freakish’ in terms of being geographically indiscriminate, yet location can play a part in others, such as tsunami,

flooding, landslides, and geological events. Locality-based data is thus critical to our understanding of individuals’ security. Comprehensive historical risk data (such as detailed crime metrics and security incident records) in particular provides an evidence base that avoids the pitfalls associated with guesswork, anecdote, patchy intelligence and conventional wisdom. This is what’s informed the Global Risk Consulting Group’s development of the SecIntel platform, which is a map-based system that uses varied open source crime, incident and hazard data to identify risk ‘hot spots’ and historical risk patterns at the mesh block, grid-reference and inpremise level. In doing so, it provides an evidence basis upon which to assess security risk. According to Sir Francis Bacon (or Thomas Hobbes, depending on where you’ve read it), “knowledge is power”, but as this article argues, for security risk consultants “data is power”. For security risk consultants not accustomed to data-driven evidencebased approaches to assessing risk, there is much to be done to power-up to this new reality. Understanding the importance of place-based data is a good ‘place’ to start.

October/November 2021

Interest in keyword ‘cybersecurity’ on Google Search hits an all-time high According to an Atlas VPN report, interest in ‘cybersecurity’ by internet users has never been higher, the statistics showing that Singapore is a stand-out when it comes to its citizens’ level of cybersecurity interest. Cybersecurity lately has become a hot topic for many governments and businesses around the world.

According to the data presented by the Atlas VPN team, interest in ‘cybersecurity’ reaches an all-time high on Google Search, according to Google Trends data. The statistics show that Singapore is a leading country in cybersecurity interest, followed by Saint Helena and the United States. The first significant rise of cybersecurity interest happened in February 2016, as it held a score of 49. However, the increase seemed to be temporary as the following month value dipped to 27. Cybersecurity keyword interest came back up to a score of 49 again in October 2017. Since then, it has been steadily going up only with a few set downs. Almost four years after, right now, concern in cybersecurity is at its highest point — 100 value. “Cybersecurity and online privacy have become important topics in the current climate,” says cybersecurity writer and researcher at Atlas VPN William Sword. “As cyberattacks continue to grow, more people understand that they can become victims of a hack with devastating consequences. So educating yourself about cybersecurity and looking into security products and services can help you become more resilient against cyber threats.”

October/November 2021

Countries with the most interest in cybersecurity Cybersecurity interest has been growing more in countries that have invested money to spread general awareness. At other times, interest grew because of first-hand experiences when lacking knowledge on the topic caused significant cyber issues. Singapore stands out among other countries for interest in cybersecurity as they scored 100 points in Google Trends. The second place for interest in the keyword ‘cybersecurity’ goes to Saint Helena, which collected a score of 59. Important to note that value means a higher proportion of queries and not a higher absolute query count. Most likely, that is why St. Helena island, populated by about 5,000 people, got so high on the list. On the other hand, the United States earned a score of 48 over the ten years. Multiple cyberattacks on American businesses and government administrations indeed made people turn their heads to cybersecurity. Next up, Kenya reached 4th place for interest in cybersecurity, and Hong Kong followed 5th, collecting 42 and 35 points in Google Trends, respectively. Cybersecurity and our privacy online have become important topics in the current climate. More and more people understand that anyone could get hacked, and losing

your personal information can be costly. So educating yourself about cybersecurity and looking into security products and services can help you become more resilient against cyber threats. The ‘top ten’: Singapore........................ 100 St Helens.......................... 59 USA.................................. 48 Kenya................................ 42 Hong Kong...................... 35 Ghana............................... 33 Nigeria.............................. 32 United Arab Emirates.... 32 Malaysia............................ 31 Philippines....................... 22 NZSM

The Global Fraud Landscape 2020 was a bad year for fraud, writes senior editor of ASIS International’s Security Management magazine Megan Gates, yet fraud incidents remain woefully un-investigated and staggeringly unreported.

As long as there’s been currency, there’s been fraud. But not until the 21st century was it so easy for fraudsters to engage in illicit activity, reap the rewards, and evade prosecution and incarceration for their crimes.

Megan Gates is Senior Editor at ASIS International’s Security Management magazine. She joined the Security Management team in 2013 after graduating from Missouri State University with a Bachelor of Science in Journalism.

NZSM

In a survey of more than 5,000 respondents across 99 global territories in 2020, PricewaterhouseCoopers (PwC) found that 47 percent had suffered at least one form of fraud in the prior 24 months—averaging six per company. These were commonly customer fraud, cybercrime, asset misappropriation, and bribery and corruption, which cost $42 billion. Yet only 56 percent of respondents say their organisations investigated their worst incident; just over onethird of respondents said they reported the incident to their boards. “Fraud committed by customers tops not only the list of external perpetrators (at 26 percent) for the most disruptive fraud, but also the list of all crimes experienced (at 35 percent, up since 2018),” PwC said in its Global Economic Crime and Fraud Survey 2020. “Not surprisingly, customer fraud is especially prominent in the financial services and consumer market sectors. This could be significant, as more industries shift to direct-to-consumer strategies.” The losses from fraud, however, can be difficult to calculate. Some

of them represent exact financial figures—like costs due to fines, penalties, responses, remediation, and direct financial losses. But others cannot, including brand damage, employee morale, and lost future opportunities. “Some frauds—such as external frauds—generally strike from outside the company, are transactional in nature, lend themselves to active monitoring, and when managed properly may reduce financial impact,” PwC explained. “For other frauds like bribery and corruption, or those internally perpetrated, it’s more about managing and mitigating the downside risk. They tend to be harder to predict, monitor, and result in more costly fines—and have ancillary repercussions such as lost business or brand harm.” In February 2021, for instance, Europol, the Spanish National Police, and the U.S. Secret Service announced the dismantlement of an organised crime group implicated in a vast fraud and money laundering scheme involving 105 people and 50 financial institutions. Dubbed Operation Secreto, the cross-border operation detected the criminals who had set up shell companies in the United States and opened bank accounts for those organisations that they transferred money into from different locations in the European Union.

October/November 2021

“Based on this trust, the American-based banks issued debit and credit cards for these accounts,” according to Europol. “Retailers in on the scam, most of whom were in Spain, used the payment cards to finance the available credited amounts on the cards. To launder the stolen funds, they transferred them to different bank accounts, owned by members of the criminal network located in several EU countries. More than 50 American financial institutions became victims of these fraudulent activities losing over €12 million ($14.4 million).” When it comes to individuals, fraudsters are increasingly using social engineering, phishing, and other tactics to compromise victims—especially during the COVID-19 pandemic when people were more vulnerable, according to an FBI Flash Alert issued in June 2020 and additional findings from Europol.

“Traditional cybercrime activities such as phishing and cyber-enabled scams quickly exploited the societal vulnerability as many citizens and business were looking for information, answers, and sources of help during this time,” according to Europol’s Internet Organized Crime Threat Assessment 2020. Individuals desperate for information on protective personal equipment (PPE), the latest health guidelines, and local ordinances were at high risk of opening phishing emails that could compromise their credentials and lead to identity theft, financial account compromises, and more. While 2020 numbers have not been issued as of Security Management’s press time, the FBI’s Internet Crime Complaint Center (IC3) tracked a steady increase in the number of crime complaints and financial losses reported to it. In 2015, the IC3 received 288,012

complaints for US$1.1 billion in losses. By 2019, the number of complaints had almost doubled to 467,361 for $3.5 billion in losses. Many of the complaints reported to the IC3 in 2019 involved an overlap of personal information and corporate information, such as business email compromise scams (1,307 incidents worth US$384 million), elder fraud (68,013 incidents worth more than $835 million), and tech support fraud (13,633 complaints worth more than $54 million). And looking to the future, Europol’s annual Internet Organized Crime Threat Assessment found that development of non-cash payment fraud reflects an increase in sophistication and targeting of social engineering and phishing. “Fuelled by a wealth of readily available data, as well as a Cybercrimeas-a-Service community, it has become easier for criminals to carry out highly targeted attacks,” Europol found.

October/November 2021

NZSM

FMA sees spike in investment scam complaints since start of COVID-19 The Financial Markets Authority (FMA) - Te Mana Tātai Hokohoko – is warning New Zealanders to be on the lookout for three unique types of scams that have been on the rise since the start of COVID-19. The 15 September warning comes as the FMA responds to a rise in complaints about investment scams and fraud lodged with the regulator in the first half of this year – up 79 percent on the same period in 2020.

From January to June 2021, the FMA received 158 complaints about investment scams and fraud – up 79 percent on the 88 complaints received during the same period in 2020, when the pandemic began, and up 49 percent on the 106 complaints in the first half of 2019. As a result, from January to June 2021, the FMA issued 36 public warnings about suspected scams and other non-compliant entities – up 29 percent on the 28 warnings issued during the same period in 2020, and up 80 percent the 20 issued in the first half of 2019. In particular, since the start of the pandemic, the FMA has noted a rise in three new types of scams: • Social media contact scams: scammers using social media platforms to identify and/ or make contact with possible victims – friending and messaging them, asking questions or making suggestions in post comments, conducting fake surveys. • Romance-investment hybrid scams: targeting prospective victims on popular dating apps, winning people’s trust with

NZSM

sophisticated back-stories and accomplices, before convincing victims to transfer money overseas to buy supposed investments. • Impostor websites: using the names, logos, addresses, certifications and other details of legitimate NZ businesses, to fool investors that the website and/or its managers are part of, or associated with, the legitimate business. Two recent examples included scammers impersonating Kiwifruit company Zespri and derivatives issuer Rockfort Markets. Liam Mason, FMA General Counsel, said scammers are taking advantage of the pandemic crisis either by using COVID-19 as part of their pitch, or using the economic climate to prey on peoples’ fears and desires.

“Scammers are constantly looking to evolve their approach and this treacherous trio of scams can be sophisticated, the red flags are not always obvious. Scammers want to be believed and are willing to play the long game to gain your trust over several months,” he said. “We strongly encourage New Zealanders to only deal with locallyregistered entities and if you see an investment opportunity, step back and ask yourself if this is real. Don’t be rushed, be sceptical and ask lots of questions.” Mr Mason said some of the signs of a scam included little or no information in writing, asking for payments via unusual platforms, continually requesting money and exerting pressure. More information about how to spot investment scams can be found on the FMA website - https://www. fma.govt.nz.

October/November 2021

e c u r i ty I

S ’s

mited 30 y Li e

Loktr

y tr s u

ervicing N

Loktronic for Electric Locking Hardware and Accessories

Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

Board directors least likely to receive fraud training According to the ACFE’s recently published Fraud Awareness Training Benchmarking Report, 14 percent of respondents said board members receive no fraud training – the poorest result for any organisational role.

One of the most important components of any effective anti-fraud program, states the Association of Certified Fraud Examiners (ACFE) report, is fraud awareness training for an organisation’s employees, officers and directors. Effective fraud awareness training can help an organisation better mitigate fraud risks, increase the effectiveness of other anti-fraud controls, and ensure that anti-fraud policies and reporting protocols are followed.

While there is no one-size-fits-all approach to fraud awareness training, understanding how organisations approach this component of their anti-fraud program can help them benchmark such initiatives and identify best practices. To assist with this, the report’s survey of ACFE members, explored the way organisations develop, implement, evaluate, and support their programs. In late January 2021, the ACFE sent a 19-question survey to 81,256 members across multiple industries, with respondents asked to share information about their organisation’s fraud awareness training programs and policies. Survey responses were collected anonymously, and 1,706 were usable for the purposes of this report . The report found that 14 percent of board members receive no fraud training – eight percentage points higher than for any other role type within an organisation. The ACFE’s research director Andi McNeal, CFE, CPA, says this can be a costly oversight.

NZSM

“The board of directors plays an important role in an organisation’s fraud risk governance,” she said. “To effectively discharge this responsibility, the board needs to be educated on the organisation’s specific fraud risk profile and committed to discussing fraud risks as part of their oversight agenda.” While organisations may want to re-evaluate offering more training specifically to their board members, they appear to understand the importance of training overall. The report shows that the majority of organisations provide fraud awareness training for all employees, and 66 percent make the training mandatory. The most common topic covered in training is red flags of fraud, with 91 percent of organisations including it and 6 percent planning on including it in the future. The least common topic covered is past fraud cases or issues. While 69 percent of organisations discuss previous fraud occurrences in their training, 17 percent do not currently include this topic or plan to do so in the future.

“Reasons for not including it in future trainings are likely related to organisations not wanting to give employees any ideas, not wanting to admit shortcomings in controls or not trying to acknowledge failures to prevent fraud,” said ACFE senior research specialist Mason Wilder, CFE. Wilder, the author of the report, said that this avoidance to discuss real fraud cases means that organisations are missing out on important and effective lessons. “Highlighting actual cases illustrates to employees that the risks are very real and can impact the organisation in significant ways. Plus, depending on how those prior incidents were handled, covering them in training can show employees that the organisation takes fraud seriously, is actively looking for it and will punish anyone who commits fraud.” The Fraud Awareness Training Benchmarking Report also has benchmarking data about who conducts the training, what formats are most popular, sizes of training budgets and more.

October/November 2021

Think Pandemic-Related Fraud Is Going Away? Think Again. The COVID-19 pandemic has ushered in big changes to how business is conducted. Some of these changes are not temporary — and they will have a big impact on organisations’ fraud risk, writes Bruce Dorris, President and CEO, ACFE. In a new report from the Association of Certified Fraud Examiners (ACFE) and Grant Thornton, 51 percent of antifraud professionals surveyed said that they have uncovered higher levels of fraud since the pandemic began, with 20 percent saying the increase was significant.

While it would be optimistic to believe fraud levels will decrease to pre-pandemic levels as businesses and offices reopen, 71 percent expect the level of fraud affecting their employers to continue to increase over the next year. One reason we can likely expect more fraud to proliferate is the massive changes in underlying fraud risk factors that have arisen since the onset of the pandemic. The two factors that ACFE members said had the most significant impact on fraud risk are shifts in business operations and changes in consumer behaviour. While some operations and behaviours may revert to prepandemic norms, things like inoffice workforces, brick-and-mortar banking and business travel may not ever return to previous levels. With 27 percent of anti-fraud professionals predicting that pandemic-created changes to business operations and consumer behaviour will continue to have a significant impact on fraud risk in the coming year, business leaders need to treat these changes as more than temporary and incorporate them into their risk assessments and anti-fraud plans. A failure to do so could cost

October/November 2021

your organization significantly. While the changed business landscape has increased fraud risk for organisations, detecting and investigating fraud have also become more difficult. Common red flags, like someone living beyond their means, are harder to spot when you can only see one part of a room in their house on a video call. Many organisations have reported receiving fewer tip-offs from employees, which may seem like good news on the surface, but when employees are working remotely, they’re less likely to spot red flags of fraud and report them. Receiving fewer tip-offs does not mean less fraud is occurring. It is far more likely that significant levels of occupational fraud are simply going undetected or unreported. As we return to a normalised control environment, expect to see these frauds begin bubbling to the surface. Looking toward the future, organisations need to plan on bolstering their anti-fraud resources in response to the likely increase in fraud. Many organisations have cut

travel budgets due to restrictions and safety guidelines during the pandemic — with 39 percent of antifraud professionals saying their travel budgets had decreased in 2021 and 21 percent expecting a decrease for 2022 as well. While it was prudent to limit travel during the pandemic, continuing to reduce travel for audits and investigations will undoubtedly impact your organisation’s ability to prevent and detect fraud. Potentially even more short-sighted is the fact that 22 percent of organisations cut budgets for anti-fraud training for 2021, and 13 percent plan on decreasing those budgets in 2022. Certified Fraud Examiners estimate that organisations lose five percent of their revenue each year to fraud, and after the massive hits that so many industries took in the past year-and-a-half due to the pandemic, business leaders can’t afford to ignore the risks. Now is the time to reexamine your risks and invest in your anti-fraud resources. We’re not out of the woods yet, and won’t be for some time. NZSM

New Zealand Security Awards delivers a week of winners Covid lockdown may have curtailed the New Zealand Security Association’s plans for a Christchurch gala awards dinner, but in its stead a week-long daily video drop recognised the country’s finest security professionals.

Ian Dick Memorial Award for Security Professional of the Year

Kicked off with speeches from Minister Aupito William Sio and NZSA CEO Gary Morrison, the week was amply delivered to our screens mobile devices by MC Doug Kamo, and supported by key sponsors Gallagher, Skills Consulting, and FIRST Security. Covid-19 had previously played havoc with the awards programme, with the 2020 awards event that had been scheduled to be held in Christchurch ultimately delivered as a live streamed event. This year, Alert Level 4 lockdown hit just three days out from the event and the Association was again forced to change plans. In quick time the Awards Dinner was transformed into an Awards Week event utilising a range of media platforms that ensured both a timely delivery and wide accessibility. Category award winners were announced each morning between Monday 20 September and Friday the 24th,with the Ian Dick Memorial Award for Security Professional of the Year announced on the Friday afternoon – perfect timing for an inbubble awards party! In this article, we acknowledge the finalists and winners of each award category, and featuring the winners’ testimonials as read by MC Doug Kamo. Customer Champion of the Year Sponsored by Hikvision, this award recognises an individual in the role of Business Development Manager, Sales Consultant or Sales Manager who has demonstrated outstanding performance in their role. These roles require a high degree of operational skill and knowledge together with demonstrated empathy towards understanding their customers business needs and meeting the required outcomes. The recipient is an individual with a history of developing close and long-standing relationships with their customers and is viewed as providing a substantial and quantifiable benefit to the customers business operations. The finalists were:

October/November 2021

• Brian Switalla, FIRST Security Guard Services Ltd • Dee Wakelin, Red Badge Group • Jill Priest, FIRST Security Guard Services Ltd The winner of the Customer Champion of the Year Category is Brian Switalla.

will have displayed commitment towards training and achieving results through the NZQA national qualification network. The recipient is a person who inspires others and always leads by example. The finalists for Guarding Sector Trainee of the Year were: • Alexandra Kemp, Matrix Security • Bailey Gaines, Red Badge Group The winner of the Guarding Sector Trainee of the Year is Bailey Gaines.

In his role as General Manager Strategic Accounts, Brian is the “chief customer champion” overseeing all of FIRST Security’s National Accounts across the length and breadth of New Zealand. All of his accounts are longer term with many having been with the organisation for 10+ years. He is a customer champion in the classic sense, focused on the long game and building around relationships the trust and understanding and sense of shared purpose needed to sustain them over the horizon and into the long term. As a major customer commented “He is transparent with us and not afraid to ask us questions and we have experienced a real commitment to us as the client. Our relationship is based on trust, fairness and expectation. We communicate our expectations with Brian and he works with his leadership team to meet those expectations”. Guarding Sector Trainee of the Year Sponsored by SkillsVR, this award recognises an individual who has made outstanding progress in professional development and training for their role in the guarding sector of the security industry. They

Bailey started with Red Badge as a casual event guard in 2016. He worked his way up to event Team Leader and then, having been identified as showing great potential as a leader, was bought into the Red Badge Security team as a full-time permanent employee in 2019. As Bailey rose rapidly through the ranks, it was also apparent that he has a real affinity for training and delivering training to his co-workers. Bailey has completed his Level 3, the Train the Trainer course and Unit Standard 4098 and is now able to deliver the full gateway training package as well as training internal staff to gain their Certificate of Approval. Bailey is described as someone who has a real rapport with the trainees and creates a solid team atmosphere which helps to ensure good communication and performance. His progression from Team Leader to a management role has inspired others to upskill and look to follow in his footsteps. NZSM

Electronic Trainee of the Year Sponsored by Etech, this award recognises an individual who has made outstanding progress in professional development and training in their role in the electronic sector of the security industry. The winner is an individual who has displayed commitment towards training and achieving results through the NZQA national qualification framework. The recipient is a person who inspires others and always leads by example. The finalists were: • Alena Severinsen, Advanced Security Group • Soul Lauvi-Johnson, Optic Security Group The winner of the Electronic Trainee of the Year is Alena Severinsen.

Outstanding Skills for Industry Employee of the Year Sponsored by the Ministry of Social Development, this award recognises an individual who has gained fulltime employment through the MSD/ NZSA Skills for Industry initiative and has excelled in their role, be it in protective security or electronic security related. The recipient is a person who will have displayed those attributes valued by employers and identified themselves as deserving of a longterm and successful career in the security industry. The finalists were: • Alexandra Kemp, Matrix Security • Angie Latu, Red Badge Group • Shyla Aramoana, Armourguard Security The winner of the Outstanding Skills for Industry Employee of the Year is Alexandra Kemp.

One recent example occurred around midnight when she was doing a foot patrol of a local school and walked around a corner and came face to face with three men dressed in black with hoodies and balaclavas. Alexandra was obviously scared but used her verbal skills to diffuse the situation, including informing the offenders that she had already called the police and backup, and they quickly decamped the scene. Design and Support Electronic Sector Professional of the Year Sponsored by Gallagher, this award recognises the excellence, commitment and professionalism of those providing design and support services to the electronic sector of the security industry. This award is presented to an individual who has demonstrated not only technical expertise but also exemplary customer service and continually meets or exceeds best practice. The recipient is a person who provides a valuable role within the business and sets high standards. The finalists were: • Lee Ashton, Optic Security Group • Stuart Leith, Platform 4 Group • Umesh Fernando, Advanced Security Group The winner of the Design and Support Electronic Sector Security Professional of the Year category is Lee Ashton.

Alena joined Advanced Security in 2019, coming from a background as a chef. She was signed onto the internal apprenticeship programme in late 2019 which required her to complete training, including the NZQA Level 3, over a two-year period. Alena has excelled in her training, including completing the Level 3 Electrotechnology qualifications well ahead of schedule and achieving 100% passes. This has flowed into her work performance where she has displayed a high degree of competence and is now taking charge of projects. She is a well-rounded technician who builds good customer relations and with an exciting future in the industry.

NZSM

Alexandra commenced her employment with Matrix Security in October 2020. When interviewed she shared her long-term planning to join the NZ Police and was looking for work in a stable industry that has transferrable skills for when she is ready to pursue her desired career path. She is one of the youngest Patrol Officers on the Matrix team but has proved on numerous occasions that she has a high degree of maturity and capability and is very skilled at diffusing situations that could easily have escalated into serious incidents.

October/November 2021

Lee is Optic’s Senior Design Engineer and a crucial member of their team. He is responsible for the design and technical scope of a large number of projects and brings a deep understanding of complicated solution builds and integration requirements. In the last year Lee has been the design force behind nationally significant projects, including delivery of electronic security enhancements for MBIE in relation to New Zealand’s 32 Managed Isolation and Quarantine Facilities (MIQ’s) and major works for Amazon Film Studios’ Lord of the Rings site locations. As his employer notes, Lee’s unassuming nature veils the true extent of his contribution to his customers and his colleagues, however he stands out for his commitment and professionalism and is a rare talent. Communication Centre Operator of the Year Sponsored by Rothbury Insurance Brokers, this award recognises excellence, commitment and professionalism within the “Communications Centre Operator” sector of the industry. The individual(s) will have demonstrated a high degree of technical competence and an outstanding level of service delivery that consistently exceeds customers (be they internal or external) expectations. The recipient is a person(s)who inspires others and sets incredibly high standards. The finalists were: • Antony Wellington, Watchdog Security Group • Daniel Walters, Matrix Security Group • Alexandra Louise Couprie and Kelly Waru, Secom Guardall New Zealand The winner of the Communications Centre Operator of the Year is the team from Secom Guardall New Zealand.

October/November 2021

Whilst the nomination received commented on the exceptional commitment and professionalism of both Alexandra Louise and Kelly, it also referred specifically to an incident involving a break-in at a high value and high-risk customer who had previously been targeted by organised crime syndicates. On identifying the activation and observing on-site cameras, the monitoring team worked cohesively in co-ordinating the attendance of patrol officers and police and also liaised with relevant keyholders and internal management to ensure all parties were fully briefed and appraised of developments as they occurred. As a result of their actions and ability to think outside of the square, the offenders were contained within the site and were apprehended by the police. The customer commented on the outstanding actions by the Secom team. Security Trainer or Workplace Assessor of the Year Sponsored by the Skills Group Foundation, this award celebrates those who have made a difference to improving security practiced via training and recognises the individual who has consistently promoted outstanding performance and produced quantifiable results that have benefitted the organisation and its workers and customers. The finalists were: • Senio Stowers, Platform 4 Group • Vicky Roberts, Red Badge Group • Yvonne Bruce, FIRST Security Guard Services Ltd The winner of the Security Trainer or Workplace Assessor of the Year is Yvonne Bruce.

As has been the case for businesses across New Zealand, responding to Covid-19 presented new challenges and in the training area, Yvonne worked tirelessly to devise and deliver new supporting programmes that are agile and respond to a rapidly changing environment. Yvonne’s nomination states “Not only have FIRST employees benefited from Yvonne’s work to raise their professionalism, many have also benefitted in terms of basic life skills, such as literacy and numeracy, that many of us take for granted. She has played a key role in literally transforming lives”. Yvonne is also an advocate within the broader security industry for best practice training as recognised by her role as Vice Chair for the NZSA Training and Professional Development Special Interest Group. Install and Service Electronic Sector (SME) Technician of the Year Sponsored by Gallagher, this award is specific to SME’s with five or less technicians in their employment and recognises excellence, commitment and professionalism of those operating as Security Technicians and providing installation and/or service duties. The award is presented to an individual who has demonstrated not only technical expertise but also exemplary customer service and continually meets or exceeds best practice. The recipient is a person who provides a valuable role within the business and sets incredibly high standards. The finalists were: • David Morgan, Alarm Watch Limited • Johannes Jooste, Recon Security Limited The winner of the Install and Service Electronic Sector (SME) Technician of the Year is David Morgan. David is described by his nominator as a person whose knowledge and experience is invaluable as he always offers sound technical and practical advice together with fully scoped and explained solutions. NZSM

New Zealand and be recognised as “best in field” and “market leading” and provide clear differentiation over competitor offerings. The finalists were: • Dion Neill, Protective Services, Guard Hire • Gallagher, Adaptive Thresholds Feature • Platform 4 Group, Talent Management System The winner of Outstanding New Product or Service is Gallagher’s for the Adaptive Thresholds Feature David ensures he is up to date with latest developments and provides sound technical information in a way that the lay person can understand. His work ethic and customer centric focus make him the go to person for security. He is always available for help when needed and goes the extra mile to ensure the outcome is as expected. The judges also noted the impressive photographic evidence of David’s workmanship. Patrol Officer of the Year Sponsored by Mobilcard, this award recognises excellence, commitment and professionalism within the patrolling sector of the industry, including service to customers and outstanding acts. The award is presented to the individual that has gone beyond what could have been expected of them in providing a level of service that exceeds the customers and/or managers expectations. The recipient is a person who inspires others within the team and sets incredibly high standards. The finalists were: • Angela Oldham, Armourguard Security • Justin Heintz Platform 4 Group • Marishka Wallace, FIRST Security Guard Services Limited • Pakau Stephens and Simon Mackerth, Allied Security The winner of Patrol Officer of the Year is Marishka Wallace. Marishka is a dedicated member of FIRST Security’s Timberlands forestry security team. Her knowledge

NZSM

of the region and the forest coupled with her communication skills and personable nature makes her the “go to person” when it comes to any issues or events within the forest. Whilst described as the consummate Patrol Officer, the nomination for Marishka also highlighted a number of outstanding acts, one of which saw her presented an award by Timberlands (and supported by the Police Rotorua District Commander) for her outstanding commitment and dedication to protecting others in the forest. The Timberlands manager states that “in an exceptionally vulnerable and dangerous event (which included her vehicle being repeatedly shot at), she remained calm, collected and in control of the situation. Thankfully neither Marishka or the other officer on duty with her were injured during this encounter. Luckily, she was able to keep her wits about her and with proficient driving skills managed to escape the gunman. The outcome could have been significantly worse if the situation hadn’t been handled so well. A very brave, professional and intuitive individual”. Outstanding New Product or Service of the Year Sponsored by Dahua Technology, this award celebrates an organisation that has locally developed and delivered technical innovation and excellence in the security sector. The product or service must have been developed in

In November 2020, Gallagher launched a new Monitored Pulse Fence feature, called Adaptive Thresholds. This highly intelligent feature enables sites to adapt dynamically to environmental changes, minimising false alarms whilst maximising the detection capabilities of Monitored Pulse Fences. Michael Pepper Award for Outstanding Security Training Initiative Sponsored by the Skills Group Foundation, this award recognises the organisation that has made a difference to improving the uptake and outcomes of industry training through the introduction and support of innovative and effective security training initiatives. The recipient organisation will have demonstrated a commitment towards enabling staff to use the NZQA national qualification framework as a means towards personal and professional development and growth and in achieving positive outcomes. The finalists were: • FIRST Security Guard Services Ltd, FIRST Skills Plus • NZSA and MSD, Skills for Industry Work Broker Programme and VR Training Platform • Platform 4 Group, Talent Management System

October/November 2021

The winner of the Michael Pepper Award for Outstanding Security Training Initiative is FIRST Security Guard Services Ltd for the First Skills Plus training initiative.

• Andy Gollings, Red Badge Group • Ashley Quensell, Platform 4 Group • Nicholas Gibbs, FIRST Security Guard Services Ltd • Peter Jones, Recon Security Ltd The winner of Security Consultant of the Year is Nicholas Gibbs.

is a person who inspires others and sets incredibly high standards. The finalists were: • Adam Barclay, Northern Districts Security • Maara Porio Maka, FIRST Security Guard Services Ltd • Monika Timu, Armourguard Security The winner of the Security Officer of the Year is Monika Timu.

The FIRST Skills Plus programme was introduced to Site Supervisors this year as part of the wider Literacy and Numeracy Development Programme. The aim is to develop the skills of front-line supervisors to help them overcome challenges with literacy and numeracy. Each group also works together to develop their own business improvement projects which they present at their graduations. This programme goes beyond normal literacy and numeracy training in that it targets the literacy skills that are vital for the role of supervisor, such as decision making, having challenging conversations and goal setting. Initial outcomes and learner feedback has been exceptional and verifies the value obtained at both an individual and corporate level. Security Consultant of the Year Sponsored by Gallagher, this award recognises the Security Consultant who has demonstrated outstanding performance in their role. Consultants often play a key role in offering expertise and insight that can transform the quality and effectiveness of service, product or system that is offered. It recognises the existence of distinct skill sets and crucially, the way they are harnessed and managed, to make a substantial and quantifiable difference to the security strategy and/or practice of their customers. The recipient will be a strong proponent of industry best practice, will be suitably qualified and experienced and be a person who inspires others and sets incredibly high standards. The finalists were:

October/November 2021

Nick is a commercially focused business leader with extensive experience in managing high performing security contracts. As National Manager, Managed Isolation and Quarantine, Nick has been involved in the end-to-end MIQ security operations, from the security assessments through to putting treatments in place in line to address identified weaknesses. He has advised on and implemented enhanced practices across various service elements, including hotel external security, floor security, exercise security, bus transportation from airport to MIQ’s, and exemption services. Security Officer of the Year Sponsored by Strategic Defence, this award recognises excellence, commitment and professionalism within the guarding and cash-intransit sectors, including service to customers and outstanding acts. This award is presented to the individual who has gone beyond what can reasonably be expected of them in providing a level of service that exceeds the customers and/or managers expectations. The recipient

Monika is a familiar and highly respected face at Queensgate Shopping Centre who, in the past year, helped with 63 separate events ranging from medical events to shoplifting. In one incident Monika and her team rushed to assist a man who had been assaulted in the car park following a dispute over a parking space. Sadly, little could be done to save the man however Police said that his family was heartened by the knowledge that their loved one died with “good people by his side” and also noted that the statements provided by Monika and others meant the family did not have to suffer through the grief of a trial. In another incident Monika and a co-worker assisted an elderly lady following a cardiac event. Monika kept the lady calm whilst waiting for the ambulance and health professionals informed the ladies daughter that the event suffered was made worse by stress and that Monika’s calming presence stopped her condition worsening and potentially saved her life. NZSM

Security Supervisor/Operations Manager of the Year Sponsored by Dahua Technology, the Security Supervisor/Operations Manager of the Year recognises those who through security expertise, operational knowledge, customer service and skilful and innovative leadership, ensure the delivery of services that consistently exceed customer expectations. Security Supervisors and Operations Managers provide a critical function ensuring service delivery and the recipient will be an inspirational leader and innovator, team focused and committed to delivering exceptional service on a 24 x 7 basis. The finalists were: • Gareth Bacon, FIRST Security Guard Services Ltd • Pete Mason, Optic Security Group • Stephanie Irwin, Northern Districts Security • Walter Esau, FIRST Security Guard Services Ltd The winner of the Security Supervisor/Operations Manager of the Year is Stephanie Irwin.

new technologies and operating procedures that have increased efficiencies, improved conditions for staff and lifted client outcomes. Stephanie has created an environment where everybody looks forward to coming to work each day. She makes her team feel valued by providing work/life balance and wellbeing programmes, creating opportunities for improvement, and promoting diversity. As a result, staff turnover is at an all-time low and in a traditionally male dominated industry, in excess of 30% of Northern District Security’s staff are female. Outstanding Staff Retention/Staff Development Programme Sponsored by New Zealand Security Magazine, this award celebrates an organisation that has implemented a staff retention or developmentbased programme that has delivered quantifiable and measurable outcomes and placed that organisation as both a preferred employer and provider for customers. The initiative will have become embedded in the culture and operations of the organisation and provides clear differentiation over other providers. The finalists are: • Advanced Security Group Limited • Datacom Systems Limited • Platform 4 Group

to understand more about their preferred way of working, allows them to better understand how they relate to people around them and to work better as a team. Letters of reference from previous participants and those currently enrolled in the Scholarship Programme verify the relevancy and worth of the learnings gained, both in their work and personal life. Security Integrator of the Year Sponsored by Hikvision, this award recognises an individual or an organisation who has embraced the role of integrators in bringing together security subsystems into a whole and ensuring those subsystems function together effectively. The recipient will have demonstrated technical expertise, sound knowledge of security risk and needs assessments, exemplary customer service and consistently delivers a physical security programme that is supportive of a healthy enterprise. The finalists were: • Ben Wilson, Advanced Security Group • Datacom Systems Limited • Luke Tuffery, Sector 7 Security The Security Integrator of the Year is Ben Wilson.

The winner of the Outstanding Staff Retention/Staff Development Programme is Advanced Security Group.

Stephanie brings a high-level of experience to managing the daily operations at Northern Districts Security. She is responsible for contract management and client liaison, staff recruitment, training and supervision and stakeholder management. She demonstrates exceptional customer service and staff leadership and in the last twelve months has been instrumental in implementing

NZSM

Advanced Security Group appreciates that as a business they have a better rate of success with leaders when they come from within the organisation rather than from outside. As part of their succession planning, they have identified the need for intentional focus on raising the skillsets of their future leaders. The Advanced Security Group Leadership Scholarship is designed to include a Workstyles Profile which allows the scholarship recipient

Over the last three years, Ben has been the technical lead around the integration and project delivery for the DIA account. This is a large and demanding account that incorporates

October/November 2021

not only corporate government offices but also a number of sites with unusual security requirements, such as the National Library, Archives New Zealand, Film Archives, Passport Offices as well as Ministerial residences, the Royal Commission and even a marina. As the client comments “Ben brings a proactive, collaborative approach to the table. He is a trusted technical expert that went the extra mile to understand our business and the long-term strategic needs of our organisation. We value his great work”. Install and Service Electronic Sector (Corporate) Technician of the Year Sponsored by Alarm Watch, this award is specific to larger corporates who have in excess of five technicians in their employment and recognises excellence, commitment and professionalism of those operating as Security Technicians and providing installation and/or service duties. This award is presented to an individual who has demonstrated not only technical expertise but also exemplary customer service and continually meets or exceeds best practice. The recipient is a person who performs a valuable role with the business and sets incredibly high standards. The finalists were: • Ravindra Lal, Optic Security Group • Tom Standen, Advanced Security Group The winner of the Install and Service Electronic Sector (Corporate) Technician of the Year is Ravindra Lal.

October/November 2021

Ravi is a quiet achiever who impresses in his actions and in the outcomes that he achieves for his customers. As a leader of the team of technicians that service Counties Manukau District Health Board he makes sure his team not only produce quality work but also delivers projects on time and consistent with customer expectations. He is noted for his coaching and team management skills and for his communication led approach. As his Managing Director notes, “Ravi continues on a trajectory of professional mastery that is well acknowledged within the organisation and among the customer organisations he serves. He is a senior member of our install and service team”. Security Administrator of the Year Sponsored by simPRO, this award recognises excellence, commitment and professionalism for those who provide the vital administrative functions that support every business. The individual will have demonstrated not only excellent technical skills but also outstanding customer service, high levels of innovation and superb time management. The recipient will be widely respected and valued as a critical cog in the success of the organisation. The finalists were: • Chris Stewart, FIRST Security Guard Services Ltd • Garvin Couch, FIRST Security Guard Services Ltd • Sabrina Crowe, Red Badge Group Garvin Couch is the Security Administrator of the Year.

Garvin describes his role as MIQ Quality Assurance Manager as keeping on top of what’s going on within the government with the processes and to make sure that the operations are heading in the right direction and maintaining compliance with legislation, the framework and all that the customer requires of its provider. The customer describes Garvin as a stand-out administrator, one with the special talent and agility to effectively make complex changes at short-notice and a very pleasant person to deal with, even in highly pressured situations”. Special Recognition Award When judging the Outstanding Staff Retention/Staff Development Programme category, the judges noted a nomination that did not clearly meet the criteria set for the category but was very meritorious of recognition. “Hangaia he hapori kaha ake, tiakina nga mea nui ki nga taangata” which translates as Build a stronger community, protect what matters to the people. This is an integral part of Brett Wilson, the owner of Watchdog Security’s attitude. At the beginning of Covid-19 Watchdog Security lost a lot of work which placed financial strain on the business. CEO Brett Wilson was unable to apply for the government funding as although they lost the required amount of work in Rotorua, the Tauranga branch had increased their workload. Staff became much stressed; they had mortgages to pay and were afraid of losing their jobs. Some weeks when there were not enough shifts for staff Brett employed the workers on his farm, so they still had an income and were able to pay their bills. My husband had a Management position within Watchdog Security and volunteered to take some annual leave when work got cut. Whilst at home we noticed he fell into depression worrying about his workers and the firm. He thought because of his higher pay he would be NZSM

of help he ended up being admitted to Rotorua Hospital ICU being ventilated and on dialysis. Brett was one of the first people we rung and during the next four weeks while he was in hospital, Brett was right beside us attending any medical meeting, being our spokesperson as we were so stressed. He kept our whanau together, being the person who when only one person could stay in with husband during medical procedures Brett was that person relaying back to us everything the medical staff said. All through this time Brett kept assuring my husband there was always a management job at Watchdog for him. He said it was his mana that helped build the company. This was such reassuring words for both my husband and me. I will always remember those words from Brett. Brett also advised us as a family to receive counselling, there was not one thing he did not think of. During my husband’s stay in hospital Brett had the night patrol checking our house twice nightly to make us feel secure. He purchased and installed a panic alarm so we could have assistance on our doorstep if needed at any-time of the day. After many weeks my husband is now back on the front-line working part-time to get his confidence back. Brett rostered him with one of the supervisors he has a rapport with just to be sure he is coping and calls regularly to make sure we are all managing,” [Letter ends] The gentleman that this story relates to is Rangi Hurihanganui, winner of the Ian Dick Memorial Award for Security Professional of the Year in 2016. The judges requested that a Special Recognition Award be awarded to Brett Wilson, CEO of Watchdog Security. This award recognises not only the exceptional response to this situation but also the similar efforts of many employers across the country in these very unusual Ian Dick Memorial Award for Security Professional of the Year times.

the first to go and worried about the firm’s survival. Over several weeks he became very ill and medication did not help. After a phone call to Brett, he was on our doorstep within half an hour putting him on sick-leave and offering us as a family all the support he could. My husband was showing signs of paranoia which is a disturbing sign of severe depression. Over the next few weeks Brett arranged and paid for my husband to go to a Clinical Physiologist of Te Arawa descent taking into account my husband’s cultural needs. He would ring and collect and return my husband from his appointments. We had 24-hour care for my husband but even with Brett’s offers

NZSM

Ian Dick Memorial Award for Security Professional of the Year The award celebrates the contribution of Ian Dick, a stalwart of the security industry and a significant contributor to improved training and standards across all facets of the security industry. It recognises the individual who has scored highest across all categories and is recognised as the Supreme Award Winner and Security Professional of the Year. This year saw the unique situation where four different category winners were tied on the same score. They were: • David Morgan, Alarm Watch • Marishka Wallace, FIRST Security Guard Services • Monika Timu, Armourguard Security • Stephanie Irwin, Northern Districts Security To determine the winner of the Ian Dick Memorial Award the judges conducted a further round of voting, and even then the total scores were almost identical. However, by the narrowest of margins a winner was identified. Ultimately, Marishka Wallace was awarded the Ian Dick Memorial Security Professional of the Year. Congratulations to Marishka!

October/November 2021

fired up protection LOKTRONIC’s expansive product range has just become even wider with these first class EGRESS and FIRE PROTECTION DEVICES and PROTECTIVE COVERS.

NEW

STI-1130 Ref. 720-102

STI-WRP2-RED-11 IP67 Ref. 720-062R

Surface mount with horn and spacer 255mm H x 179mm W x 135mm D

Also available in White.

STI-RP-WS-11/CN Ref. 720-052W Available in White, Green, Blue & Yellow.

STI-13000-NC Ref. 720-090 Flush mount, no horn 206mm H x 137mm W x 69mm D

STI-RP-GF-11/CN Ref. 720-051G Available in White, Green, Blue & Yellow.

NEW

STI-RP-RS-02/CI

STI-13B10-NW Ref. 720-092 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

Ref. 720-058 Cover included. Flush Mount Available. • •

STI-1100 Ref. 720-054

•

Flush mount with horn 255mm H x 179mm W x 86mm D

•

• • • • •

STI-6518 Ref. 720-060 Flush mount, no horn 165mm H x 105mm W x 49mm D

STI-13210-NG Ref. 720-093 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

All STI ‘Stoppers’ are made of tough, UV stabilised polycarbonate. Many can be supplied with or without a 105 dB horn. Other models and sizes available including weather resistant options.

Approved to EN54-11 Current Rating: 3 Amps @ 12-24V DC, 3 Amps @ 125-250V AC Material: Polycarbonate Comes with Clear Cover 2 x SPDT switches Positive activation that mimics the feel of breaking glass. Visible warning flag confirms activation. Simple polycarbonate key to reset operating element - no broken glass. Dimensions: 87mm Length x 87mm Width x 23mm Depth (Flush Mount) & 58mm Depth (Surface Mount)

STI-6255 Ref. 720-042

Mini Theft Stopper discourages inappropriate use of equipment. Sounds a powerful 105 dB warning horn when activated. Tough, ABS construction. Reed switch activation for cabinets and display cases or unique clip activation for freestanding equipment. Does not interfere with use of protected fire fighting equipment. Compact design 85mm H x 85mm W x 25mm D.

STI-6720 Ref. 720-047

Break Glass Stopper. Keys under plexiglas. Protects emergency keys from inappropriate use. Keys remain visible. Fast, easy installation. Simple, inexpensive plexiglas. 3 year guarantee against breakage of the ABS housing within normal use.

NEW

Battery Load Tester Ref. 730-101

Fire Brigade Alarm: (Closed/Open) Ref. 730-231

Anti-Interference Device

ViTECH, strong, lightweight aluminum case, 5, 15 and 30 amp battery load tester for fire and alarm use. Weight: 500gms, Size: 165mm x 90 x 70mm.

ViTECH branded Type X (730-230) and Type Y (illustrated) models with temperature compensated pressure transducers with digital display showing pressures for defect, fire and pump start.

Ref. 730-400 series ViTECH AID for sprinkler valve monitoring; fits all ball valve sizes.

21620/1/18

21620

ViTECH products are designed and produced in New Zealand.

NZSA CEO’s September Report In this update, NZSA CEO Gary Morrison talks staff poaching, PSPLA Covid-19 protocols, withdrawal of copper services, vocational education transition to WDCs, virtual reality training platform, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary originally joined Armourguard Security as a junior accountant and held several roles over two decades prior to appointment as GM for New Zealand and Fiji, after which he established Icon Security Group.

NZSM

Covid-19 We continue to distribute information relative to government announcements and applicable subsidies and support mechanisms, however, we are also mindful of not bombarding our members with superfluous information at this time. If you have any concerns or questions, please contact me on gary@security.org.nz and we will assist as far as possible, including liaison with government contacts and agencies as required. What is very clear is that security workers are again providing critical front-line essential services and performing to very high standards, often in difficult and confronting circumstances. There have been a number of videos posted on social media platforms showing security staff being abused or treated with contempt and without exception, the security staff have handled the situation professionally and with skill. Well done and a big thanks to all security staff working in critical roles. PSPLA Covid-19 protocol The PSPLA have issued the following Amendment dated 23 August 2021. 1. If Covid restrictions are at Level 3 or Level 4 anywhere in New Zealand the PSPLA will continue to process all applications for licences and certificates and deal with complaints in its usual manner, but with the following exceptions: Licences and certificates and official IDs will be sent to the Authorities office after printing to be posted out to the applicants rather than being sent to Post Shop for collection.

People who have had licences or certificates approved and their IDs printed and sent to their local Post Shop, but are unable to collect them because the Post Shop is closed, can apply to the Authority for an exemption to work without displaying their ID. Such applications are to be made by email to PSPLA@justice.govt. nz and should contain the licence or certificate holder’s full name and PSPLA application number. All in-person hearings will be changed to telephone or video hearings. If this is not possible they will be rescheduled for a future date.

2. If Covid restrictions are at Level 2 or lower the above exceptions will no longer apply and the PSPLA will as far as practicable operate in its usual manner. 3. This protocol applies until revoked or modified by the Authority. The NZSA would like to commend the PSPLA for their proactive stance on this however we will lobby the Authority for further concessions around licence and certificate applications should the country, or any specific regions, face extended operations under Level 3 or 4. Withdrawal of copper services by local fibre providers The NZSA has recently been in consultation with Chorus with regards to the withdrawal of copper line services and migration to fibre, and how this will impact onto the large number of customers still utilising copper for their alarm monitoring services.

October/November 2021

All LFP’s (Local Fibre Providers) have signed up to the Copper Withdrawal Code that contains consumer protection requirements including: • The customer must understand the process • Have a reasonable time to prepare (Chorus provide 6 months’ notice) • Have information about switching to an alternative technology like fibre • Have access to a fibre service with similar functions installed before copper is withdrawn. What has been missing to date is information with regards to how ancillary services using the copper network, like alarm monitoring services, will be impacted and the processes and costs associated with a change over to alternate technology. Chorus will look to build this into future communications with those who will be impacted however we strongly recommend to our members that they adopt a proactive approach to this significant issue. We have lobbied Chorus for the ability to access customer numbers and the indicative roll-out timeline specific to those numbers however that is not possible for privacy reasons. They have however suggested that providers refer to the information regularly updated on their website https://www.chorus. co.nz/copper-withdrawal. We will keep members posted on further developments and welcome suggestions on how the industry can be more proactive in managing the migration process. MSD Skills for Industry Work Broker contract renewal We are pleased to advise that the NZSA has been successful in resecuring the Skills for Industry Work Broker contract following the recent tender process. Our contract is now specific to the Auckland, Waikato and Northland regions with alternate providers appointed for other regions. MSD have also signalled a change in the employer support

October/November 2021

payment structure with payment now covered under the Flexi Wage programme. This will increase the total quantum of support payments offered and we will communicate full details on how this will operate to our contracted members in the near future. Review of vocational education transition to WDCs On 4 October 2021 many of the functions provided by the ITO’s (Industry Training Organisations) will transition to the new WDC’s (Work Development Councils). For the security industry this means functions traditionally performed by Skills Organisation such as Consent to Assess applications, Programme Endorsement and External Moderation will move to either the Services WDC (for security personnel services) or the Construction and Infrastructure WDC (for electronic security). There are mixed views from training providers as to the impact this will have however there are valid

concerns that the WDCs will require some time to become operationally effective and this may impact onto the ability for training delivery to meet industry needs. We also foresee some challenges in our ability to influence positive change for the security industry given we will now require representation over two different WDCs and will effectively be small fish in very large ponds. One positive is that we have the Security Training and Professional Development Special Interest Group in place, and this will provide additional resource and capability in ensuring effective representation and influence on the WDCs. Virtual reality security training platform It has been very pleasing to see the uptake of CoA training via the SkillsVR training platform and we are already experiencing a surge in interest given the current lockdown restrictions and the cessation of traditional classroom-based training. NZSM

During September the SkillsVR team will be launching a series of webinars which will provide an overview of the VR training experience and how employers can use the platform to assist in the onboarding process and in determining staff competency levels in addition to completing the CoA mandatory training. We will provide more information and webinar registration details in coming weeks. Staff poaching Over recent months I have received communications from several members concerned about the prevalence of staff poaching, particularly within the Electronic Security sector. We appreciate that members will always seek to employ the best possible staff but the consistent targeting of competitor employees is not acceptable. As a reminder, all NZSA members have signed the Code of Professional and Ethical Conduct which includes: Integrity – NZSA members shall maintain high standards of integrity and professional conduct with fairness and honesty at all times in dealing with clients or employees, past and present, with members of the NZSA, and with the general public. Extension Part 6A of Schedule 1A Employment Relations Act In our last newsletter we covered off the changes to the ERA that effectively provides Security Officers with additional protections when their employment is impacted by restructuring that results in the contract for service shifting to another provider or taken in-house. In these situations there is an obligation on the new party providing the service to offer employment to the incumbent employees on terms and conditions no less favourable than they currently receive. This includes the transfer of leave and service entitlements and also prevents subsequent restructuring such as reduced hours or payments. The NZSA has prepared documentation to assist both outgoing

NZSM

and incoming service providers and members can obtain copies by emailing nzsa@security.org.nz. Keeping your team up to date Like many organisations we are constantly looking for ways to ensure we can communicate effectively with our members and their teams. The best way to stay up to date on NZSA and industry news is via our newsletter. The more people from each company who receive our newsletter, the higher the chance of updates being communicated within the industry. With this in mind, we welcome you to send us any company contacts who would like to receive our newsletter and we will add them to our distribution list. Please email any contacts to nzsa@security.org.nz. NZSA webinar now available to view The issues around compliance for Security Systems are confusing and open to different interpretation

by councils. The Master Class in Building Compliance Security Systems (Fire and Access) webinar will demystify the requirements and provide tips and advice from compliance experts. If you or your staff have any downtime during the current lockdown, this the perfect opportunity to upskill yourselves and improve your understanding of building compliance re security and fire systems. You can view the webinar on the NZSA website. Newsflash – following the exceptional interest in the webinar (over 190 attendees) and the issues raised, the NZSA will look to establish a Special Interest Group (SIG) focused on lobbying MBIE and other government departments for clarity of the legislation and codes. If you are interested in participating in the SIG, please notify Gary Morrison on gary@security.org.nz. As always, we welcome all comments and feedback on NZSA or industry issues and activity. Keep safe and well.

October/November 2021

Insights from consumer survey highlight young consumers are at risk. The 2020 New Zealand Consumer Survey (NZCS) shows young people aren’t as familiar with the laws designed to protect their basic consumer rights when purchasing as other New Zealanders. According to the Ministry of Business, Innovation & Employment (MBIE), people aged 18-26 are less likely than average to be aware of consumer protection laws (91 percent compared to 94 percent), and 64 percent are more likely than average (54 percent) to report knowing “nothing or a little bit” about their consumer rights.

43 percent of respondents to the NZCS aged 18-26 have never heard of the Credit Contracts and Consumer Finance Act 2003 (CCCFA), which protects consumers when borrowing money or buying on credit, compared to an average of 29 percent. The nationally representative survey asked 1,734 New Zealanders 18 years or over what they know about their consumer rights and their experiences dealing with problems. Mark Hollingsworth, National Manager, Consumer Protection at MBIE says the findings show there’s an opportunity to improve young consumers’ knowledge so they can make well-informed purchase decisions and don’t unknowingly lose out if something goes wrong. “It’s important young people know there are laws protecting them when purchasing products and services, including in credit transactions or when accessing finance,” said Mr Hollingsworth. Young people have high rates of online purchasing, with nearly all 18-

October/November 2021

26 year olds (94 percent) purchasing something online in the last 6 months (compared to an average of 87 percent). However, knowledge of their consumer rights when shopping online is low — 73 percent report knowing nothing or a little bit - and they are also less likely than average to be concerned about the security of their payment and personal information online (55 percent compared to 64 percent). “While buying online can be convenient, resolving problems when they do arise is a little trickier,” says Mr Hollingsworth. “We encourage young consumers to stay up to date with their rights online, including setting themselves up for safer shopping by implementing cyber security measures as recommended by our colleagues at CERT NZ.” Younger consumers reported awareness of consumer support organisations and dispute resolution services is also below average.

84 percent of 18-26 year olds are aware of at least one organisation that provides consumer support or advice, while 52 percent are aware of three or more (compared to averages of 95 percent and 71 percent respectively). 68 percent of 18-26 year olds are aware of at least one dispute resolution service and 14 percent are aware of three or more (compared to averages of 84 percent and 39 percent respectively). Mark Hollingsworth notes this may explain why young people’s problems are being left unresolved. “It’s important that young people know their options around seeking advice, and navigating the right pathway when there’s a genuine consumer issue. This will help them to transact more confidently.” The 2020 NZCS is the third survey in the series which enables reporting on emerging trends, including those focused on young people. NZSM

Cybersecurity: The crucial email double check Reliance on email is a big cyber security risk – and not just due to the increasing frequency and sophistication of attacks. With the volume of emails sent and received every day, mistakes are inevitable, writes Andrea Babbs, UK General Manager, VIPRE SafeSend. Cybersecurity has quickly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses continuing to increase. Covid-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times.

Andrea Babbs is UK General Manager, VIPRE SafeSend. She has worked in the IT industry for over 20 years for IT security vendors and resellers dealing with email, endpoint and web security.

Despite innovations and sophistication in hacking methods, one of the main means of data loss is insiders, including employees making mistakes. Humans make errors – stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated? Human Error Business reliance on email is creating a very significant cyber security risk – and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions – often

NZSM

without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry specific regulations, organisations clearly require robust processes to mitigate the risk of inadvertent data loss. According to reports, 34 percent of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields. Additional Layers Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting

October/November 2021

their staff from becoming an insider threat. But more importantly, what they may not be aware of is that there is a solution available that can add a layer of employee security awareness. Businesses can help employees avoid simple mistakes, such as misaddressed emails, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis, for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails. In addition to confirming email addresses and attachment(s), the technology can also check for keywords within the email content using Data Loss Prevention rules, and each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments containing these keywords, will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double check whether the data should be shared with the recipient(s). The Essential ‘Pause’ Moment Deploying an essential tool that prompts for a second check and warns when a mistake is about to be

October/November 2021

made helps organisations mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. Accidentally CCing a customer, rather than the similarly named colleague, will be avoided because the customer’s domain will not be on the allow list and therefore automatically highlighted. This is more crucial than ever before with employees dispersed across a range of locations as part of hybrid working. Such tools can support mixed operating system environments and DLP add-ons can be given to certain departments and groups who handle very sensitive information such as employee or legal data. This type of tool is key for companies and reinforces a security culture, building on education and training, with a valuable solution that helps users avoid the common email mistakes that are inevitable when people are distracted, tired or stressed. It provides an essential ‘pause’ moment, enabling individuals to feel confident that emails have been sent to the right people and with the right attachments. In addition to checking the validity of outbound and inbound email addresses and attachments, it can also support in minimising the risk of staff falling foul of a phishing attack. For example, an email that purports to come from inside the

company, but actually has a cleverly disguised similar domain name, such as receiving an email from V1PRE, as opposed to VIPRE. The technology will automatically flag that email when the user replies showing that it is not from an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. Conclusion Email is arguably the key productivity tool in most working environments today, placing much of the responsibility for secure use of that tool on employees. But supporting staff with an extra prompt for them to double check they aren’t mistakenly sharing confidential data helps to raise awareness, understanding and provides that essential security lockstep – before it’s too late. The premise is not to add time or delay in the day to day management of email; it is about fostering an attitude of awareness and care in an area where a mistake is easily made No organisation is immune to human error, but by having a clear strategy in place to address the issue of misaddressed emails and data loss through emails, as well as mitigating the associated risks helps businesses to remain compliant and secure. It’s all about increasing awareness and improving email culture where mistakes can so easily be made, while reinforcing compliance credentials. NZSM

Commerce Commission gets tough on anti-collusion In the wake of an anti-collusion reminder to essential services providers, the Commerce Commission announces court outcome that sees taxi company fined $150,000 for cartel conduct. In a 27 August media release, the Commerce Commission reminded all businesses supplying essential services in the current nationwide Covid-19 lockdown of their obligations under the Commerce Act. The Commission stated that it recognises that the impact of the Covid-19 outbreak is significant for businesses, consumers and the economy, and that some businesses able to operate under level 4 restrictions “may need to cooperate to ensure New Zealanders continue to be supplied with essential goods

NZSM

and services, for example, to share staff or distribution networks or take other measures to ensure security of supply.” “However, they also need to be aware of what they can and cannot do when talking to their competitors,” it stated. The Commerce Act prohibits anti-competitive agreements between firms such as agreements to fix prices, allocate markets or restrict output. The Commission stated that it will not tolerate unscrupulous businesses using Covid-19 as an opportunity for non-essential collusion between competitors or anti-competitive behaviour.

“This includes competitors agreeing on pricing/pricing intentions, allocating markets or its customers or restricting the output of goods or services where it is not necessary in the current situation. For example, competing tradespeople should not agree the prices they will each charge for the provision of essential repair services during a lockdown.” The Commission highlighted that it is committed to taking enforcement action to prevent consumer harm and that it is able to take action to stop such conduct or seek appropriate penalties when identified. Cartel

October/November 2021

conduct is punishable with a term of imprisonment of up to seven years and penalties for businesses involved. “Businesses or individuals wishing to report cartel conduct should contact the Commission as soon as possible. The Commission can grant leniency to the first member of a cartel to approach it, provided they meet the requirements for leniency. More details on the leniency policy can be found on our website. “The Commission advises all businesses providing essential services to engage with our guidance to ensure they stay on the right side of the law.” With the Commerce (Criminalisation of Cartels) Amendment Act 2019 coming into effect last 8 April, cartel conduct is now punishable by a maximum penalty of a term of imprisonment of up to 7 years. Individuals can be fined up to $500,000 and may now be subject to a term of imprisonment. Companies can be fined up to $10 million, three times commercial gain or 10 percent of turnover per year per breach. A cartel is where two or more businesses agree not to compete with each other. This conduct can take many forms, including price fixing, dividing up markets, rigging bids or restricting output of goods and services.

Penalty imposed for taxi cartel conduct The Commerce Commission announced on 30 September that the High Court had ordered Hutt and City Taxis Limited (Hutt & City) to pay a penalty of $150,000 in relation to fixing the prices of taxi fares. The Commission had filed proceedings against Hutt & City in May 2021 alleging that Hutt & City breached the Commerce Act by agreeing with two competing taxi companies to implement a minimum charge of $25 for pick-up taxi trips from the on-demand taxi rank at Wellington Airport. The companies discussed the design and distribution of stickers that would display the minimum charge in taxis and Hutt & City distributed the stickers to its drivers and implemented the charge when drivers began receiving the stickers. The agreement was reached in September 2020 and it took effect in October 2020. The conduct ceased in November 2020, after the Commission began investigating. The High Court imposed penalties of $150,000 against Hutt & City, payable in instalments over the next four years. The Court found the appropriate starting point was within the range of $500,000-$600,000. After taking into account a discount for mitigating circumstances, the end penalty was further reduced to take account of Hutt & City’s financial circumstances.

October/November 2021

The Court noted that the fact that Hutt & City instigated the agreement, and that its directors were aware of it, and approved it (with the exception of one director), spoke to the seriousness of the conduct. “Cartel conduct harms consumers by preventing businesses competing to provide better quality services at better prices, and it harms businesses that are trying to compete fairly,” said Commission Chair Anna Rawlings. “Even agreements like this that are short lived can give rise to serious consequences for businesses, but also for individuals who are involved. In addition to financial penalties, since April this year, individuals involved in cartel conduct can be liable for a term of imprisonment of up to seven years so it is more important than ever that businesses, their directors and employees make sure they understand how to stay on the right side of the law,” said Ms Rawlings. Businesses or individuals wishing to report cartel conduct should contact the Commission, and those who consider they may be party to cartel conduct should do so as soon as possible. The Commission can grant leniency to the first member of a cartel who approaches it, provided they meet the requirements for leniency. Immunity against criminal sanctions is also available. Businesses and individuals can also use the Commission’s anonymous whistle-blower tool. NZSM

Security Systems with Smoke Detectors: An Explainer According to the standards, Security Systems with Smoke Detectors (SSWS) are not Fire Alarm Systems, and they should therefore not be subject to fire alarm system compliance requirements, writes Independent Security Consultant Lincoln Potter PSP.

This year the NZSA has received numerous enquiries about the Building Code and Security Systems with Smoke Detection (SSWS). Clarification has been sought as to the confusion and possible misunderstanding from building inspectors, Councils, builders and security technicians and integrators.

Lincoln Potter PSP is an Aucklandbased independent security consultant. He is the winner of the 2016 New Zealand Security Consultant of the Year Award and a 2018 ASIS International Meritorious Service Award.

NZSM

It is apparent that there exist differing interpretations surrounding the standards documents and what the Building Code states in relation to SSWS, with some of technicians reporting that interpretations are varying from Council to Council, territory to territory. What the documents say about SSWS Firstly, an SSWS is an Intrusion Detection System (IDS) with a smoke detector(s) attached (edge device). It is not, by definition, a Fire Alarm. Its primary purpose is to detect intruders, with smoke detection just a function of such a system. Because it is an Intrusion Detection system, it is covered by the Standard AS/NZS 22021.1: 2007 Intruder Alarm Systems. By contrast, the Standard NZS 4512:2021 Fire detection and alarm systems in buildings (updated earlier this year) has no place for SSWS. In the list of types of fire safety systems listed in NZS 4512:2021 (at Appendix B), the only type that SSWS appears to fit is Type 1 – Domestic smoke alarm system:

‘A Type 1 system involves combined smoke detector and audible alerting device(s), either hard-wired or battery powered, and which are provided with a ‘hush’ facility that allows an occupant to silence the alarm for a short period. Unless a single station smoke alarm is sufficient to cover the entire household unit or suite, smoke alarms are required to be interconnected such that when smoke is detected at one device the alerting is activated at all devices. Visual or tactile alerting (or both) is permitted to be added to the system provided the audible alerting functions are not compromised’. The Standard goes on to state that it does not in fact cover Type 1 systems, and it refers the reader to NZS 4514:2021 Interconnected smoke alarms for houses. The Standard also states at section ‘1.1.4 Alternative technologies’ [with my underlines]: ‘This standard specifies performance and test requirements for electrical and electronic fire alarms systems. Alternative technologies that do not comply with the specific requirements but give equivalent performance are not necessarily prohibited. In such cases, appraisal testing and certification will need to demonstrate this equivalent performance’. And at section ‘2.3.1 Ancillary services’ [with my underlines]: ‘The fire alarm system shall not rely upon the use of equipment shared with other building services ( for example, intruder alarm systems, fibre optic modems, internet protocol (IP) routers, IP switches, or information technolog y (IT) servers) in the performance of any mandatory function’.

October/November 2021

I find this to be quite a confusing and alarming statement, particularly given the use of the expression ‘shallnot’ in the statement, which means that it is a requirement and not a recommendation. Remember, a SSWS is not a Fire Alarm System but rather an Intrusion Detection System, and as it only meets the description in NZS 4512:2021 of a Type 1 system, it is therefore not covered by that standard but rather by Standard NZS 4514:2021 Interconnected smoke alarms for houses. In many cases, however, the SSWS is the only form of fire detection in a non-house (i.e. building) context, and it is generally thought of as the ‘fire alarm system’ because that is all that’s present on the site. In such instances, fire detection relies solely on an intruder alarm system SSWS. The Building Code: Specified System The Building Code refers to security systems with smoke detectors (SSWS) as a ‘Specified System’. According to the MBIE Building Performance website [with my underlines]: Security and gas detection systems, and compliance schedule requirements A system in a building (except a single household unit) that alerts people to fire or other danger is a specified system, regardless of why it was installed. It must be included on a compliance schedule and regularly inspected, tested and maintained. And: Smoke detectors attached to a security system It is common for owners to want a security system for their building. Often the security system comes with smoke detectors which are monitored and connected to an alarm system, even though a fire alarm system is not required for Building Code compliance. Owners need to be aware, however, that such a security system is a specified system and its installation is building work for which a building consent is necessary. Further, in all instances other than within single household units, security systems with smoke detectors need to be on the building’s compliance schedule.

October/November 2021

This means that the plans and specifications submitted for building consent must include the details of the proposed procedures for inspection and routine maintenance of the specified systems for the purposes of the compliance schedule (see the definition of ‘plans and specifications’ in section 7 of the Building Act). On satisfactory completion of the work, the building consent authority will issue a code compliance certificate along with the building’s compliance schedule. The compliance schedule will include the necessary inspection and maintenance requirements to keep the security system with smoke detectors in good working order. Building consent authorities usually accept fire alarm systems that comply with NZS 4512: Fire Detection and Alarm Systems in Buildings and that have been certified as such by an accredited alarm system certifier. However, security systems with smoke detectors would not normally be expected to comply with the same Standard to achieve Building Code compliance. Further, compliance schedule requirements do not need to be as stringent. Summary of facts so far From the relevant standards and Building Code, it appears that: • An SSWS is an Intruder Alarm System, not a Fire Alarm System • SSWS appears to meet the description of a Type 1 system, which is for domestic use and not covered by NZS 4512 • According to the Building Code, a SSWS is a ‘Specified System’ • A fire alarm system is not required for Building Code compliance • Building Consent is necessary for SSWS installations, and the system must be included in the compliance schedule along with inspection and maintenance requirements • A SSWS would not normally be expected to comply with NZS 4512 to achieve Code compliance • Compliance schedule requirements for SSWS do not need to be as stringent as NZS 4512

It’s no wonder everyone is so confused, as we are dealing with different types of documents / information and guidelines that seem to be contradictory, one starts to question one’s own level of comprehension and interpretation. You almost need a Philadelphia lawyer to figure it out! Compliance In one recent incident, a Council refused to sign off on a SSWS at a school premises because it had not been certified as being compliant by an ‘Accredited Inspection Body’. This is in line with Standard NZS 4512, which at section 1.8.1 states [with my underlines]: Only fire alarm systems, which conform in every respect with this standard, shall be deemed to comply with this standard. The installation shall therefore’: A. ‘Be undertaken by competent and qualified personnel who have access to all relevant technical instructions published by the manufacturer’; B. ‘Be in conformity with the manufacturer’s instructions’; C. ‘Be in conformity with all other requirements of this standard’; D. ‘Use only listed equipment and components’; E. ‘Be certified as being compliant by an accredited inspection body’. If SSWS were covered by NZS 4512 then the Council would have been correct. As discussed above, however, as a Type 1 system SSWS are not covered by NZS 4512 and therefore it follows that there is no need for certification by an Accredited Inspection Body. In closing If you are dealing with a council or building inspector and the like, and they are saying that you need to do this and that for whatever reason, always ask them to provide you with the appropriate evidence from the ‘source documents’ they’re working from. If this information is not forthcoming, then you are more than likely dealing with conjecture. NZSM

Compliance Notice issued to Reserve Bank following cyber attack Several months after the new Privacy Act 2020 came into effect, the Office of the Privacy Commissioner has issued its first ever compliance notice to RBNZ in the wake of a January cyberattack. The Office of the Privacy Commissioner announced on 15 September that it had issued a compliance notice to the Reserve Bank of New Zealand. This compliance notice relates to a weakness in one of the Agency’s third-party systems and some of the Agency’s processes identified as the result of a notifiable privacy breach reported to the Office on 9 January 2021.

This compliance notice requires the Reserve Bank to take specified steps by certain dates in order to comply with information Privacy Principle 5 (storage and security of personal information). In December 2020 the Reserve Bank of New Zealand was the victim of a cyber-attack, which raised the possibility of systemic weaknesses in the RBNZ systems and processes for protecting personal information. As a result, RBNZ instigated an internal and external review to identify any shortcomings in their operations. Following review of the privacy breach, the Privacy Commissioner determined that the Reserve Bank failed to adequately protect a subset of personal information it held despite security safeguards. The compliance notice was issued to the Reserve Bank to improve its policies and procedures and make its systems more secure for handling personal information. The

NZSM

compliance notice targets specific steps to be taken within identified timeframes, with progress against this monitored by the Office of the Privacy Commissioner. Under the Privacy Act 2020, the Commissioner may issue compliance notices to agencies that are not meeting their obligations under the Act. A compliance notice will require an agency to do something, or stop doing something, in order to comply with the Privacy Act. This is the first time the Privacy Commissioner has issued a compliance notice since receiving these new powers. “The cyber-attack was a significant breach of one of the Bank’s security systems and raised the possibility of systemic weakness in the Bank’s systems and processes for protecting personal information,” said Privacy Commissioner John Edwards. As part of the investigation into the breach the Bank engaged KPMG to undertake an independent review of its systems and processes. The review revealed multiple areas of noncompliance with Privacy Principle 5. “We are heartened by the speed and thoroughness of the Bank’s response,” said Mr Edwards. “We were notified as soon as the cyber-attack was identified, and they have been constructive and open throughout the compliance investigation process. We are pleased to see the positive way they’ve dealt with the aftermath of the attack.”

Reserve Bank of New Zealand Photo courtsey of Wikipedia

The compliance notice issued today provides a template for the Bank to report on to the Privacy Commissioner, confirming the improvements to their policies and procedures aimed to make the systems more secure. “OPC’s findings are consistent with the findings and recommendations in the KPMG review,” said Reserve Bank Governor Adrian Orr. “We accept these findings and take full responsibility for the shortfalls identified in our systems and processes.” “We have a detailed programme of work underway to address these. This work started shortly after the data breach incident through our business services improvement programme (BSIP) which continues to be a key priority for us here at Te Pūtea Matua.”

October/November 2021

REACH

NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WHY EARN THE PCI DESIGNATION? • Provides independent confirmation of your specialized skills in security investigations • Gain global recognition by your peers and industry • Get a competitive edge in the marketplace • Enhance your career and earnings potential • Enjoy personal satisfaction and professional achievement Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

Visit www.asis.org.nz

“PCI is an important element in the ASIS Certification programme, dovetailing into both CPP and PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, identification, interview and prosecution. Good physical security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification provides an insight into how these pieces interrelate." - David Horsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS? • B uild a strong, dedicated team committed to high standards and continuing professional development • Promote ongoing education of critical job knowledge and skills • Feel confident that your staff are using best practices • Recruit the most qualified professionals • Reinforce or elevate your organization’s reputation and credibility Increase the competency level of your staff by supporting your security professionals in their certification journey.

NZ made

SECURITY TECHNOLOGY RELIABILITY

fire door holding

electromagnets 12 & 24 VDC selectable

rea

unb

le b a k

FDH40S

unbreakable universal mounting • Low power consumption - low operating temperature • One product suits floor and wall mounting • Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available • 12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button • Electroless nickel plated armature and electromagnet • Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Standard, floor mounted, wall to door distance 114mm

Designed, tested and produced in New Zealand to AS4178 A) Wall mounted,126mm extn. tube (overall 202mm) B) Wall mounted, 156mm extn. tube (overall 232mm) C) Wall mounted, 355mm extn. tube (overall 431mm) B)

TEE

Option A – Surface Mounted

AN GUAR

FDH40S/R

Surface and Recess mounting This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting. Option B – Recess Mounted

10 YEAR GUARANTEE*

Satin Aluminium

Gloss Black

Gloss White

For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565

GUARANTEE

*Standard terms & conditions of sale apply.

21556/1/18

New Zealand Security - October-November 2021

Articles inside

New Zealand Security Awards delivers a week of winners

Cybersecurity: The crucial email double check

Commerce Commission gets tough on anti-collusion

NZSA CEO’s September Report

Insights from consumer survey highlight young consumers are at risk

Security Systems with Smoke Detectors: An Explainer

Think Pandemic-Related Fraud Is Going Away? Think Again

Board directors least likely to receive fraud training

The importance of place in understanding physical security risk

The Global Fraud Landscape

Interest in keyword ‘cybersecurity’ on Google Search hits an all-time high

One Eye Open: Mental health blind spot in counterterror efforts

Integrity Matters: Misconduct, fraud and corruption in the public sector

Discover Hikvision’s latest ColorVu technology: sharper imaging with brighter colour, 24 hours a day

FMA sees spike in investment scam complaints since start of COVID-19

From The Editor