Sport utility vehicles, or SUVs for short, have enjoyed unbridled popularity for years: in the past ten years, the proportion of SUVs insured with Axa has more than doubled. In the meantime, one fifth of all cars in the portfolio of the motor vehicle insurer in Switzerland already belong to this category.

The bigger the SUV, the greater the risk of accident

However, owners of SUVs are not only convinced of the benefits of their vehicles, but also of their own abilities: 90 percent of the SUV drivers surveyed rate themselves as safe road users. Regardless of this, however, other road users have an uneasy feeling about SUV safety: "Almost 50% of non-SUV owners believe that SUVs are dangerous for other road users. A third of non-SUV owners also say they feel more unsafe when an SUV is driving behind them," says Bettina Zahnd, head of Axa Switzerland's accident research and prevention department, about the study.

This perception is confirmed by the claims statistics of the insurer Switzerland: "In fact, SUVs caused just under 10 percent more liability claims than other passenger cars in 2019," explains Zahnd. For large SUVs - those weighing between 2155 and 3500 kilograms - the difference is even greater: in 2019, these caused 27 percent more liability claims than other cars. "The larger and heavier an SUV, the more frequently it causes a collision," the accident researcher specifies with a view to the claims statistics of Axa Switzerland.

A similar picture emerges in the case of personal injuries: the larger an SUV, the more frequently it causes personal injury, although these figures require a closer look: "While in the age category of 40 to 80-year-olds - the most frequent target group for SUVs - more accidents with personal injury are caused by large SUVs, this statement is no longer true as soon as the group of 18 to 39-year-olds is included in the statistics. This is due to the fact that younger drivers cause significantly more accidents, but statistically drive an SUV less often," explains the accident researcher.

Small inattention leads to big damage

SUVs thus cause accidents more frequently than other vehicles - often with serious consequences for other road users. "This is particularly related to the size and weight of the vehicles, as well as the height of the center of gravity and the bumper," Zahnd says. "In conventional passenger cars, the bumper is almost always at the same height, so in the event of an accident they can have their full effect accordingly. In a collision between a normal car and an off-road vehicle, this is only the case for two-thirds," the accident researcher said. An average passenger car is therefore less well protected than an SUV, even though it differs only slightly from an SUV in terms of size and weight. This is shown by the first crash of the accident researchers, in which an SUV overlooks a passenger car coming from the right. As a result, the SUV crashes into the side of the passenger car at around 60 km/h. The station wagon is significantly damaged. The station wagon is significantly damaged, in particular its rear door is severely dented by the impact. The child in the back seat is hit with full force. Although he is protected by the child seat, his head and the left side of his body hit the seat shell hard. The driver of the station wagon collides with the driver's door, although the side airbag may prevent worse head injuries. The driver of the SUV is only slightly injured at most.

E-scooter versus SUV - or: David versus Goliath

On Swiss roads, there are not only more and more SUVs and cars in general, but also an increasing number of novel means of transport, such as e-scooters. The mostly young, urban riders of these light motorcycles - this category includes most e-scooters - appreciate the spontaneity and fast locomotion. However, unlike heavy off-road vehicles, they are easy to overlook and have significantly poorer protection. For example, the Axa study shows that only 9 percent of e-scooter users always wear protective gear such as a helmet.

Most do not know traffic rules

Not only the lack of protective equipment, but also the lack of knowledge of traffic rules can become a problem for drivers of e-scooters. The same traffic rules apply to e-scooters as to bicycles, but many e-scooter drivers are unaware of this. According to the study, just half of the drivers inform themselves about the applicable traffic rules before their first ride. "In addition, the roads and especially the bicycle infrastructure that e-scooter drivers have to use are not optimized for the novel means of transportation," Zahnd said. At the same time, many users probably overestimate their own ability: Only just 16 percent of all e-scooter riders surveyed feel unsafe because of their own riding style. More than half of all e-scooter users, on the other hand, see the danger in external influences. Specifically, almost three quarters of respondents say they feel endangered by cars. In reality, however, it turns out that the majority of these accidents are self-inflicted.

Collision causes serious injuries to e-scooter driver

Even though e-scooter drivers often cause self-inflicted accidents, the risk of a collision should not be underestimated. "Due to the often uneven ground and small wheels, e-scooter drivers are often unable to give a hand signal when they want to turn," Zahnd said. The consequences of a collision can be severe, as evidenced by the second crash in which an e-scooter collided with an SUV: The driver of the e-scooter wants to turn, but the SUV driver recognizes this too late and hits the small road user from behind. Already in this impact, the e-scooter driver is expected to suffer injuries in the area of the legs and hips, and he must also expect significant injuries as a result of the second impact with the ground. "A helmet could have prevented worse head injuries, but like our dummy, almost four-fifths of the e-scooter users surveyed never wear protective gear, as our survey shows," Zahnd points out. For the driver of the SUV, the collision goes off without a hitch.

Danger also for children on the bike

Whereas e-scooters have only recently become part of the street scene, bicycles are well-known means of transport that are also popular with children. Parents see large road users in particular as a danger for their children, as the survey shows: After trucks, larger cars such as SUVs are ranked second among the most dangerous road users for children. Specifically, 69 percent of respondents rated SUVs as dangerous or very dangerous for children.

New traffic rule likely to exacerbate the problem

The danger for children is likely to become even greater in the future: From January 1, 2021, the new traffic rule will apply, according to which children up to 12 years of age may ride their bicycles on the sidewalk. "If children on bicycles use the pedestrian paths, it can be assumed that in the future they will more often ride abruptly from the sidewalk onto the pedestrian crossing and be recognized too late by drivers," assumes Zahnd. This scenario was simulated in the third crash test: A child suddenly rides his bicycle from the sidewalk across the pedestrian crossing. The driver of the SUV misjudges the situation and is unable to brake in time, resulting in a collision. The child is hit by the high front of the vehicle in the area of the upper body and immediately thrown away with great force. Significant injuries must be expected in both this first and the second impact with the ground. A properly fitting helmet of the correct size and with a good fit will prevent more serious head injuries. No injuries are to be expected in the case of the SUV driver.

Dangerous mix of disparate road users

The three crashes show: In collisions, the drivers of the off-road vehicles in their large, tall and heavy vehicles are hardly injured, while the smaller, poorly protected road users in particular can expect injuries, some of them massive. The dangerous mix of different road users requires adapted behavior from all road users: "Precisely because such a large car conveys a feeling of safety thanks to its size and weight, it is important that drivers correctly assess the risk they pose themselves and remain alert on the road," says Zahnd. "Smaller and weaker road users should always wear protective equipment and be aware of the applicable traffic rules. The latter is especially true with new types of transportation."

Source: Axa Accident Research

Tips from the accident researchers

• SUV drivers should pay attention to driving assistance systems when buying. They can prevent an accident or reduce the consequences of an accident thanks to braking before a collision.

• E-scooter riders should urgently wear protective equipment, at least a helmet.

• Before the first ride, e-scooter drivers should inform themselves about the applicable traffic rules and regulations.

• E-scooter riders should familiarize themselves thoroughly with the vehicle before taking their first ride and be especially careful on uneven road surfaces.

More crash tests from previous years can be found here:

Electric car

Drones, e-bikes and sharing concepts

Autonomous vehicles

Whether it's a public WLAN in a bar or a private wireless network within your own four walls: Routers are the gatekeepers to the network. Often, these important devices only rely on a password to access the administration interface to protect against unauthorized access. This can have fatal consequences: Anyone who knows or easily guesses the password gains access to the entire network. Probably too few users know that the assigned access code plays a key role for the configuration as well as the WLAN network. Eset's security experts have analyzed the latest telemetry data from the company's network scanner and obtained worrying results: several thousand of the over 100,000 devices scanned use default passwords. Often, these devices are in use for many years without being changed.

"Users who do not secure administrator access on their routers are also, in most cases, not protecting their WLAN network with secure passwords. Routers should never be operated with factory-set or weak passwords. The user name should also be individualized, if possible," explains Michael Schröder from Eset. "Common passwords are the first ones cybercriminals try and offer no protection. WLAN keys and administrator passwords in particular should therefore be assigned individually during setup."

Top 10 most popular weak router passwords

1. admin
2. root
3. 1234
4. guest
5. password
6. 12345
7. support
8. super
9. Admin
10. pass

What does the secure router password look like?

The administration interface and the WLAN network of a router are each protected by a password. Under no circumstances should you use the password that the manufacturer supplied with the device. A good router password should be at least 8 to 12 characters long. Users should think of a phrase that contains at least one number and is easy to remember. For example, "My favorite thing to eat is pizza with four ingredients and extra cheese!". If you take the first letter of each word, the result is: "AleiPm4Z+eK!". Users already have a secure password.

Tips for a secure router

Keep firmware up to date: Updates often bring new features and close security gaps. If possible, automatic updates should be activated in the router's menu or updates should be checked for regularly.

Disable remote access: With remote access, users open ports on their device. Although this function brings numerous advantages, it also gives hackers another point of attack. Remote access should therefore remain deactivated.

Enable two-factor authentication (2FA): Modern routers offer the option of activating 2FA. If settings are changed, they must be verified by another source. This confirmation can be done by pressing a specific button on the device or using the phone.

Change WLAN password: The best encryption method is useless if the associated password is easy to guess. Especially with the standard passwords that are set at the factory, there is a risk that hackers will use special programs to automatically test through known passwords.

Disable WPS PIN: "Wi-Fi Protected Setup" (WPS) is a standard for quickly setting up an encrypted WLAN network. Users only need a PIN for this, which can be read on the device. This function should be deactivated because it is easy to crack.

Change network name: Users should give their WLAN a new name (SSID). The default name often contains the manufacturer name and device type. Attackers can then look directly to see if there are any known vulnerabilities in the router.

Source: Eset

Virtual reality (VR) and augmented reality (AR) devices generate an enormous amount of information about their users. Therefore, it is critical to ensure that the information does not fall into the wrong hands. As the technology delivers its benefits in more and more sectors, Amazon Web Services (AWS) believes it is essential that enterprises understand how to secure and manage related solutions.

A virtual paradise for hackers

For protection, it helps to look at safeguards for the Internet of Things (IoT) and the experience gained there. Ultimately, before implementing such technology, companies must ensure that they are working within a closed infrastructure and with appropriate authentications.

Today's best-in-class IoT technology continuously checks configurations to ensure they do not deviate from recommended security standards. In this context, a configuration represents a set of technical and organizational controls. They are used to secure data when devices communicate with each other and in the cloud. When executed properly, maintaining and enforcing IoT configurations is not a problem. These include ensuring device identity, authenticating and authorizing devices, and encrypting device data and device communications.

As VR and AR technologies continue to create new opportunities in remote work, effective device authentication is very important. In the not-too-distant future, flying executives around the world will also no longer be necessary for board meetings and other important, confidential meetings.

In such a scenario, however, it is of utmost importance that the other person is actually who they appear to be. Otherwise, numerous new opportunities open up for attackers around corporate espionage and extortion, such as through ransomware. The solution is effective authentication. But while this can secure devices and users, it requires additional steps to protect data.

The data you do not have

In the past, IT teams have been primarily concerned about the security of personal data, salaries, and documents. With the proliferation of VR and AR in areas such as logistics, medicine and manufacturing, they too need to be scrutinized more closely with security in mind. After all, the technology can be used to tap into medical information, for example. Or information that reveals how users interact with the environment can fall into the wrong hands.

As AR and VR become more and more important, there will probably be new laws and regulations in this area in the future. It is therefore important to follow developments in this context closely and to bring them into line with your own processes.

The new reality

The possibilities created by VR and AR are very promising. Immersive experiences and remote control capabilities were once science fiction and are now reality. However, this also applies to disruptions and attacks by cyber criminals.

The use of VR and AR requires a large leap of faith from users. By using the latest authentication and IoT security techniques and working with an expert partner, companies can ensure that this trust is not lost.

Text: Bertram Dorn, Principal Solutions Architect Security and Compliance, Amazon Web Services

Electronic payment transactions, i.e. online banking, have become indispensable in every company. It is too convenient and comfortable to have direct access to the company's finances at any time.

Due to its direct enrichment potential, however, online banking also represents a coveted target for attackers. From phishing attacks to social engineering attacks to specifically programmed online banking malware, the attack vectors are diverse.

Financial institutions themselves comprehensively protect customers' data and finances with modern and new security systems.

Secure data storage

Swiss financial institutions have very high security standards by international standards. Protected data centers and security systems ensure that customers' data and finances are kept safe. External control bodies and ISO standards guarantee standardization in this regard.

Protected data access

Financial institutions ensure the highest possible level of security as soon as customers log in to e-banking. As a rule, a multi-stage system is used. Attackers must be able to successfully overcome each individual security hurdle in order to access the customer's data and finances. In detail, the login procedures differ from each other, which is an advantage in terms of security: Attack attempts cannot be transferred one-to-one from one e-banking system to the other.

Financial institutions typically offer customers a choice of enrollment methods, often based on history or different customer requirements.

Secure data transmission

The data between the e-banking server and the customer's device is encrypted in both directions with at least a 128-bit key. This modern and widely used technology guarantees a high security standard, which protects the recorded and transmitted data from manipulation.

Transaction monitoring

If a financial institution has a transaction monitoring system, payments sent by the customer are subject to a special set of checking routines before they are executed. Unusual transfers, such as foreign payments, are subjected to special scrutiny before execution.

Furthermore, it is of great importance that bank customers also adequately protect both their computers and their infrastructure and observe basic rules of conduct.

In order to operate online banking securely, the following important points must be observed in addition to a secure infrastructure when logging in, during online banking and also when logging out:

When logging in:

• Secure navigation to the financial institution: The address to the online banking of the financial institution should always be entered manually in the address line of the browser. Never should a link be used, certainly not if it has been delivered by e-mail, for example! Furthermore, online banking should only be used from a known and secure computer (i.e. not in Internet cafes, on public hotel computers, etc.).
• Checking the secure connection: Care must be taken to ensure that online banking is accessed exclusively via a "secure" TLS connection and that the certificate is genuine and valid. (see section "Certificate check").
• Attention in case of system interruption or unusual error messages: If there is a system interruption when logging on to e-banking (e.g. sudden white screen) or if unusual error messages appear (e.g. "The system is currently overloaded. Please be patient and try again later"), the connection should be terminated immediately and the financial institution notified.

During online banking:

Stay focused: During the active e-banking session, watch out for unusual occurrences such as automatic entries, inexplicably changed transactions, unsolicited confirmation messages or the like. In addition, open e-banking sessions should never be left unattended so as not to provide unauthorized third parties with an opportunity for misuse.

When logging out: 

• Correctly terminating the online banking session: The online banking session should always be terminated correctly using the function provided for this purpose (usually marked "Logout", "Log-out" or "Exit").
• Clearing the browser cache: After each logout of the online banking session, the browser cache should be cleared. At https://www.ebas.ch you will find further practical and up-to-date information on the necessary measures and rules of conduct for the secure use of online banking applications.

Certificate Exam

Every browser verifies the certificate properties "Trustworthiness of the certificate issuer", "Validity of the certificate" and "Address of the web server" when establishing an encrypted connection (TLS). If these three verifications could be performed successfully, the browser does not display any error messages when establishing the TLS connection.

A correctly established TLS connection to the correct website, based on a genuine and valid certificate, can be identified by the following three unique browser characteristics:

1. Lock icon in the address bar: The connection was encrypted with valid SSL certificate.
2. Correct name of the financial institution (displayed either next to the lock or after clicking on the lock under "Issued to:"): The identity of the certificate owner (bank) has been confirmed.
3. Correct domain name in the address: You are really on the side of the financial institution.

The authenticity of the certificate on which the connection is based can also be verified manually. For this purpose, the fingerprint of the certificate is verified. The fingerprint is a character string consisting of the letters A to F (no distinction is made between upper and lower case letters) and the digits 0 to 9. The fingerprint is verified by comparing this character string with a reference string that the user has received from the financial institution. If the string read from the certificate matches the string received from the financial institution, the certificate is genuine.

Login procedure / authentication means

Various logon procedures and technologies are used to log on to online banking. The standard is two-factor authentication, in which a one-time access key is usually provided on a second device (token) or smart card (second factor "have") in addition to the contract number and password (first factor "know").

Transaction confirmation / transaction signature 

To protect against unintentional payments, the so-called transaction confirmation (also called payment confirmation or transaction signing) is often used. In this process, certain outgoing payments must be additionally checked and explicitly approved for execution by the user before they are transferred. The check can include elements such as currency, amount as well as parts of the payee's account number.

Offline payment software

With offline payment software, payments can be recorded without an Internet connection and then transmitted collectively to the financial institution in the standardized ISO 20022 format. Furthermore, these programs often also offer interfaces to various accounting programs and financial institutions, which makes work in this regard much easier and less prone to errors.

Implementation and control

The infrastructure used for online banking must be adequately protected. (cf. chapter 5.5 "Use of workplace clients", Information Security Manual, ISBN: 978-3-033-07646-4).

The circle of users for online banking must be restricted as far as possible and responsibilities must be clearly regulated and documented. In addition, online banking users must be trained in secure handling. Particular attention should be paid to the login process and the handling of the associated authentication means. If possible, a separate online banking access should be set up for each user - group accounts or shared accesses should be avoided.

The introduction and use of offline payment software should be investigated.

The control looks like this:

• Is appropriately protected infrastructure used for online banking?
• Is the online banking user group restricted as far as possible and are responsibilities clearly regulated and documented?
• Is the most secure logon procedure (authentication means) used according to the requirements?
• Are online banking users trained, and are the rules of conduct for logging in and out of online banking consistently applied?
• Are any required authentication means (token, smartcard, etc.) securely applied and stored?
• If offered by the financial institution: Is transaction confirmation enabled?
• Has the implementation/use of offline payment software been explored?

Info at www

• Lucerne University of Applied Sciences and Arts, "eBanking - but secure!" platform: https://www.ebas.ch
• Swiss Financial Market Supervisory Authority: https://www.finma.ch
• Payment-Standards.ch: https://www.paymentstandards.ch
• ISO 20022: https://www.iso20022.org

Companies are well advised to protect themselves appropriately. Guidance on this is provided by the Information Security Handbook for Practice (online order: www.sihb.ch). The completely revised and updated edition has recently been published. The above article is from the chapter "Secure payment transactions (online banking)".

Author

Oliver Hirschi, lecturer and head of "eBanking - but secure!", Lucerne University of Applied Sciences and Arts. He helped establish this HSLU service and has been managing the platform for over ten years. In addition, he is the part-time owner and managing director of SecAware GmbH. He is also co-author of the 9th edition of the "Information Security Handbook for Practice".

A dry bang, then it starts: A battery module of an electric car is on fire in the Hagerbach test tunnel. A video of the test impressively shows the energy contained in such batteries: Meter-long jet flames hiss through the room and produce enormous amounts of thick, black soot. Visibility in the previously brightly lit tunnel section quickly drops to zero. After a few minutes, the battery module has burned out. Ash and soot have spread throughout the room.

Target group: operators of parking garages and underground garages

The trial, which was funded by the Swiss Federal Roads Office (Astra) and involved several Empa researchers, already took place in December 2019. Now the evaluation is available. "In our experiment, we also had private and public operators of small and large underground garages or parking garages in mind," says project manager Lars Derek Mellert of the company Amstein + Walthert Progress AG. "All of these existing underground structures are increasingly being used by electric cars as well. And operators are asking the question: what to do if such a car catches fire? What are the health hazards for my employees? What effects will such a fire have on the operation of my facility?" But until now, there was hardly any meaningful technical literature, let alone practical experience for such a case.

Mellert developed three test scenarios with the support of battery researcher Marcel Held and corrosion specialist Martin Tuchschmid from Empa. Experts from the Hagerbach AG test tunnel and the French "Centre d'études des tunnels" (CETU) in Bron were also involved. "We mounted test surfaces in the fire room on which the soot settled," explains Martin Tuchschmid, corrosion and fire damage specialist at Empa. "The surfaces were chemically analyzed after the test and also stored in special rooms for several months to track down possible corrosion damage."

Scenario 1: Fire in a closed room

The first scenario involves a fire in a locked parking garage without mechanical ventilation. A parking area of 28 x 28 meters in area and 2.5 meters in floor height was assumed. Such a parking floor would have 2000 cubic meters of air volume. The fire of a small car with a fully charged battery of 32 kWh power is assumed. For reasons of experimental economy, everything was scaled down to 1/8: A fully charged battery module with 4 kWh capacity was thus set on fire in a room with 250 cubic meters of air volume. It was investigated how the soot settles on tunnel walls, surfaces and on protective suits of firefighters present, how toxic the residues are and in what way the fire site can be cleaned after the event.

Scenario 2: Fire in a room with sprinkler system

Scenario 2 deals with chemical residues in the extinguishing water used. The test setup was identical to that in scenario 1, but this time the smoke from the battery was directed under a water shower resembling a sprinkler system with the aid of a metal sheet. The soot water that rained down was collected in a catch basin. The battery was not extinguished in the process, but also burned out completely.

Scenario 3: Fire in a tunnel with ventilation

This scenario was about the effect of such a fire on a ventilation system. How far does the soot spread in the exhaust air ducts? Do substances settle there that lead to corrosion damage? In the experiment, a 4 kWh battery module was again set on fire, but this time a fan blew the smoke at a constant speed (approx. 1.5 m/s) into a 160-meter ventilation tunnel. At distances of 50, 100 and 150 meters from the fire site, the researchers had mounted metal sheets in the tunnel, on which the soot settled. The chemical composition of the soot and possible corrosion effects were analyzed in Empa's laboratories.

The results of the trial were published in early August 2020 in a Final Report published. On the one hand, project manager Mellert can give the all-clear: A burning electric car is no more dangerous thermally than a burning car with a conventional drive. "The pollutant emissions of a vehicle fire have always been dangerous and, under certain circumstances, fatal," the final report states. Completely irrespective of the form of drive or the energy storage system, the primary goal must be for everyone to get out of the danger zone as quickly as possible, it says. In particular, the highly corrosive, toxic hydrofluoric acid is often discussed as a special hazard in burning batteries. In the three tests in the Hagerbach tunnel, however, the concentrations remained below the critical range.

Conclusion: A state-of-the-art tunnel ventilation system can cope not only with burning gasoline cars but also with electric cars. Increased corrosion damage to the ventilation system or tunnel equipment is also not to be expected based on the results now available.

Fire departments also don't have to relearn anything because of the tests. Firefighters know that the battery of an electric car cannot be extinguished and can only be cooled with large amounts of water. Thus, the fire can possibly be limited to a few battery cells, and part of the battery will not burn out. Admittedly, such a partially burned-out wreck must be kept in a pool of water or a special container to prevent it from reigniting. But this is already known to the specialists and is already being practiced.

The extinguishing water is toxic

On the other hand, the extinguishing and cooling water produced when fighting such a fire and storing a burnt-out battery in a water bath poses a problem. The analyses showed that the chemical contamination of the extinguishing water exceeds the Swiss limit values for industrial wastewater by a factor of 70, and the cooling water is even up to 100 times above the limit value. It is important that this highly contaminated water does not run into the sewage system without proper pretreatment.

Professional decontamination necessary

After the tests, the room was decontaminated by professional fire cleaners. Subsequently taken samples have confirmed that the methods and the time required are also sufficient for the cleanup after the fire of an electric car. But Mellert warns private owners of underground garages in particular, "Don't try to clean up the soot and dirt yourself. The soot contains large amounts of cobalt oxide, nickel oxide and manganese oxide. These heavy metals cause severe allergic reactions on unprotected skin." So fire cleanup after an electric car fire is definitely a job for professionals in hazmat suits.

And here's the video.

"The use of facial recognition technology should be generally banned in schools. It has no positive impact on safety, but brings with it a whole series of serious problems," says study leader Shobita Parthasarathy, summarizing her findings. These include, above all, an exacerbation of racial discrimination and a breakdown of privacy, but also an institutionalization of state surveillance and a strengthening of the tendency to exclude students who think and look differently.

Not yet widely used

"We've been looking very closely at facial recognition technology right now because it's not very widespread at the moment and can do great harm, especially to vulnerable populations," the researcher explains. Those agencies and teachers who would seriously consider deploying such tools in light of the Corona pandemic should think twice. "If this technology is installed hastily without properly understanding its implications, it is unethical and very dangerous," Parthasarathy says.

Large-scale research project

Her study "Cameras in the Classroom" is part of a larger interdisciplinary research project that aims to take a closer look at the usefulness and benefits of various modern technologies. In addition to facial recognition using surveillance cameras, the project is also looking at metal detectors and biometric identification methods, for example.

"Some people believe that you shouldn't regulate a technology until you see with your own eyes what it can do. But if you look at technologies that have already been implemented, it's very easy to predict their potential social, economic and political impact and identify unintended consequences," says Molly Kleinman, director of the Poblic Policy Program (https://fordschool.umich.edu) at the Gerald R. Ford School, University of Michigan, where the study was done. Ann Arbor, presstext.com

The study, "Cameras in the Classroom" (PDF), is available online at: https://bit.ly/2FhSJtO

Video Security Special

In a few days, a special edition of the "SafetyForum". The publication is dedicated to the topic of video surveillance. The following topics are addressed in it:

• Surveillance cameras under test
• Video cameras: What about IT security?
• What is crucial in video surveillance
• Video based people counting
• Video planning: IEC 62676 series of standards - a practical example.
• Part 5 of the IEC 62676 series of standards contains helpful standards
• Technology change: from analog
  to the IP world
• Parking management with Big Data video analytics
• etc.

A trial subscription can be requested here.

In recent years, the number of serious e-bike accidents has increased almost fivefold. In order to break this trend and prevent accidents, the Federal Council wants to increase safety with quickly realizable measures at the ordinance level: All e-bike riders are to be required to wear a helmet and to switch on their lights during the day as well. In addition, fast e-bikes should be equipped with a speedometer in the future, so that they can precisely adhere to the speed limits, according to the Federal Council's statement.

On August 12, 2020, the Federal Council approved the package of revisions to the Road Traffic Act. Consultation It includes an amendment to the Road Traffic Act and the Administrative Fines Act as well as the revision of eight ordinances. Because in addition to improved road safety for e-bikers, there are other points up for discussion.

Promotion of environmentally friendly technologies

New technologies make it possible to reduce fuel consumption and greenhouse gas emissions in road freight transport. These include construction methods to improve the aerodynamics of vehicles and the use of electric drives with batteries or based on hydrogen, the Federal Council writes. However, the current law hinders such possibilities because the use of environmentally friendly technologies has a negative impact on the payload or the loading volume of the vehicles. The Federal Council therefore wants the maximum lengths and the maximum permissible weights of vehicles and vehicle combinations to be increased by the required additional weight or the required additional length. The loading capacity of the vehicles must not be increased in the process.

Automated driving

The Assistance systems of the vehicles are being continuously improved. In the future, it will be possible to drive a car without the driver having to constantly monitor what is happening. In order to be able to react quickly to such developments, the Federal Council should now be given the authority in the Road Traffic Act (SVG) to issue the specific regulations at ordinance level. In addition, the framework conditions that the Federal Council must observe in exercising its authority would be defined. The revision would also create a legal basis for the Federal Roads Office (Astra) to approve tests with fully automated vehicles on public roads. Such tests could provide important findings.

Adaptation of "Via sicura

The Federal Council also proposes, in fulfillment of a mandate from parliament, to use the amendment to the SVG to make the speeding measures introduced as part of "Via sicura" more proportionate and thus avoid undesirable cases of hardship. The courts should now be able to examine the concrete circumstances in each individual case and freely decide which penalty is appropriate for the case in question, as it concludes.

Sourcee: Covenant

For more information on the topic: "The Federal Council wants to better protect e-bike riders - and is tackling the problem at the mouth instead of the source"writes the online portal infosperber.ch. An interesting discussion on the subject of mandatory helmet use.

According to the Bern Building Insurance Fund (GVB), the three storms "Lolita", "Petra" and "Sabine" - which swept over the canton of Bern at the beginning of the year - caused damage amounting to 17.3 million Swiss francs (2019: 6.2 million).

According to the information, fires caused building damage in the amount of 10.1 million francs (2019: 19 million). The subsidiary GVB Privatversicherungen AG also reported a slightly higher loss amount of 16.2 million Swiss francs than in 2019 (14.6 million), GVB said.

Fire damage deep

The turbulence on the capital markets as a result of Covid-19 has also left its mark on the portfolio of GVB and its subsidiary. As of June 30, however, both were already able to almost compensate for their losses, the insurer writes. GVB reported an investment result of -0.8 percent (2019: 4.9 percent), while GVB Privatversicherungen AG reported 0 percent (2019: 4.9 percent).

Stefan Dürig, GVB's new Chief Executive Officer since the beginning of the year, is very pleased with the first half of the year: "The winter storms caused an above-average amount of damage. Our customer service and our valuation experts were challenged. I am therefore all the more pleased that fire losses are low this year. By means of awareness-raising measures, we want to continue to draw attention to fire risks in everyday life."

The most common causes of fires in the home include grills, candles, smoking products and electrical appliances. About the website feuerstopp.ch many practical tips are conveyed, for example in the form of explanatory videos.

Source: GVB

The challenges regarding IT security are continuously increasing for energy providers, hospitals and transport companies. Mobile devices, for example, have long been a natural companion in everyday working life: they are used to transmit sensitive data and confidential content without being integrated into the same strict security measures as local workstation computers.

According to Virtual Solution in Munich, the following security risks present IT managers with major challenges - especially when it comes to tolerating private devices for business purposes or the private use of business cell phones:

1. Use of unauthorized apps: Users are used to trying out a new app. Whether it is actually safe from malware or complies with the guidelines of the General Data Protection Regulation is not questioned. The EU data protection regulation DSGVO stipulates that personal data must not end up in any app without the consent of the person concerned. However, popular services like WhatsApp in particular cause unintentional data leaks: The messenger reads out the address books of employees, including email contacts and phone numbers of colleagues, customers or partners, and passes this data on to the parent company Facebook.
2. Unsecured WLANs: In hotels, on the train, in cafés - mobile devices now use WLAN connections more frequently than the mobile network. The problem is that most hotspots are not encrypted. Although this gives users convenient access, it also leaves the door wide open for hackers to tap into access data and read the entire data traffic. In addition, the hotspots can be freely named, which increases the risk of network spoofing: Fraudsters can use a supposedly familiar name to lure users into their WLAN.
3. Mixing private with official: If employees use their private devices for business purposes - in line with the BYOD (Bring Your Own Device) or COPE (Corporate Owned, Personally Enabled) model - or vice versa, data is often moved back and forth between the business and private spheres. This is the case, for example, when business files are temporarily stored in a company's own Dropbox account. For companies, however, it becomes difficult to comply with the guidelines of the GDPR, copyright regulations or retention obligations - and at the same time, the level of protection decreases.
4. No password protection and no encryption: Mobile devices can be lost, stolen and thus fall into the hands of unauthorized persons. If the smartphone is insufficiently secured, i.e., a weak password or no password at all is present and certificate-based authentication is missing, it is relatively easy for criminals to gain access to the data on the device. Once it is cracked, they usually also have access to cloud, file sharing or networks, and thus access to sensitive corporate internals. Encryption is also not usually standard for mobile communications. However, if data is stored and transmitted unencrypted, the risk of unauthorized access from the outside increases dramatically.
5. Unpatched devices: Updates for the smartphone operating system as well as the downloaded apps are often annoying for the user, but unavoidable. This is the only way to close security gaps caused by errors or vulnerabilities in the applications before an attacker can exploit them. With BYOD models in particular, however, it becomes an almost impossible task for IT managers to check whether the smartphone of each individual employee is up to date.

"In the digital age, the protection of critical infrastructures also requires new ways and means for mobile communication," explains Sascha Wellershoff, from Virtual Solution in Munich. "The answer to this is a container solution such as SecurePIM, which strictly separates the official from the private area on the mobile end device. Should an attacker actually gain access to the smartphone or tablet, he is then virtually standing in front of a burglar-proof door. Data and documents are stored in encrypted form according to the highest standards and are also transmitted end-to-end in encrypted form. At the same time, compliance with the DSGVO is guaranteed. A high level of user-friendliness is also very important: corporate apps must be just as easy to use as people are used to from their private apps - only truly used solutions increase protection against cyber attacks on mobile end devices."

Source: Virtual Solution

"From a purely statistical point of view, each person in Germany steals a merchandise value of just under 30 euros per year," comments Frank Horst, security expert from the EHI Retail Institute is a research and consulting institute for the retail industry and its partners the results of a recent study.

Damage due to theft

Behind the high figures is one thing in particular: theft. Of the 4.4 billion euros in inventory losses (industry-weighted extrapolation for the entire German retail sector), 3.75 billion are caused by theft, as the EHI writes. Goods worth 2.44 billion euros were stolen by customers, 950 million were stolen by the company's own employees, and 360 million were lost through theft by suppliers and service staff. 660 million euros in losses would result from organizational deficiencies, for example incorrect price labeling. The state suffers an economic loss of 510 million euros a year as a result of VAT losses.

Prevention costs

For retailers, inventory discrepancies significantly weaken the return on investment. If the lost sales prices are set in relation to gross sales, this would correspond to a value of around 1 percent of sales. Together with the expenses for theft prevention and security measures, the retail sector would lose around 1.32 percent of its turnover, emphasizes the EHI.

Less ads

Even though the topic of theft is a perennial issue: in 2019, reported shoplifting decreased by 3.9 percent to a total of 325,786 cases (previous year 339,021), according to EHI police crime statistics. While the number of simple shoplifting cases has fallen almost continuously since 1997, serious shoplifting cases have almost tripled in the last thirteen years, according to the media release. Due to the high number of unreported cases of over 98 percent, the statistics are only of limited value. Based on the average loss of all reported thefts and the actual loss in the retail sector, it is calculated that more than 22.2 million shopliftings with a value of 110 euros each go undetected every year. "Klaurenner" vary - depending on the retail sector and company - from rechargeable batteries and alcoholic beverages to toothbrush attachments and cigarettes.

Data basis: The current survey involved 81 companies or sales channels with a total of 22,849 outlets generating total sales of around 102.1 billion euros. The average sales area of the participating stores is 1,220 m2.

Source: EHI

When a weapon is manufactured, all essential components must now be marked, according to the federal government's statement. The markings make it easier for the police to clarify the origin of a weapon during investigations, according to the federal government.

Amendment for alarm and signal weapons

In the future, alarm and signal weapons must be technically constructed in such a way that they can no longer be converted into a functional firearm. For those alarm and signal weapons that do not comply with these technical specifications, a weapons acquisition license will be required in the future, the federal government emphasizes in its statement.

Still pending are new provisions for an improved exchange of information with other Schengen states, for example on the refusal to acquire weapons for security reasons. The details are currently being clarified with the Schengen states, according to the federal government.

Here you can go to the current regulation on weapons, weapon accessories and ammunition.

Here go to the explanatory report on the amendment of the Weapons Ordinance of June 24, 2020.

Source: Confederation

However, a pragmatic, data-centric approach can make the path to the cloud clearly actionable. Below is a 7-step framework for an effective cloud security program:

1. Securing endpoints that have access to cloud applications: Cloud applications reside outside of an organization's IT environment and therefore outside of the protection offered by many network or perimeter-based security technologies. Before organizations use cloud services, it is important to secure the devices used to access the cloud. These endpoints should be protected by security technologies such as data loss prevention (DLP) with controls for data exfiltration, end-to-end encryption and secure access. This prevents the unauthorized upload of sensitive data to the cloud and ensures that data is encrypted prior to upload.Data should remain encrypted in the cloud and only be decrypted once it reaches an authorized user's device. Once data enters the cloud, it is no longer under the direct control of the organization. Therefore, encrypting sensitive data and preventing certain types of data from being uploaded is fundamental to protecting mission-critical information from cybercriminals.

   2. monitoring access to cloud data and services: Transparency of data access and usage is also critical to effective data security in the cloud. In addition to securing the endpoints used to access cloud data, organizations must ensure they have visibility into who is accessing the cloud and what data is being uploaded or downloaded there. This visibility increases the effectiveness of endpoint security controls and enables the security team to quickly identify and respond to risky or suspicious behavior related to cloud data.

   3. use of cloudAPIs to expand data security: If an organization allows the use of cloud-based email services or storage services such as Box or Dropbox, it should leverage the providers' APIs to extend existing data security measures to these platforms. This can optimize visibility into cloud data access and enable greater control through encryption or access management over data in the cloud. Many network security devices offer cloud integrations via APIs. Enterprises should therefore ask their provider which cloud platforms they are integrated with and take advantage of these features where available.

   4. securing the cloud applications: In addition to endpoints and networks, cloud security also depends on the security of the applications running in the cloud. Far too often, security takes a back seat during cloud application development, especially for cloud apps created by individual developers or small teams.

   Enterprises should therefore test their cloud applications for commonly exploited security vulnerabilities and ask third-party cloud application vendors to share the results of application security testing (such as static or dynamic analysis or penetration testing) with them. Any vulnerabilities discovered during application testing should be patched securely before the apps are used.

   5. implementation of guidelines and controls for BYODs: If organizations want to allow access to cloud data via employee-owned mobile devices (laptops, smartphones or tablets), it is imperative that they first create a BYOD (bring your own device) policy and implement controls to enforce proper data access by BYOD users. Organizations should consider using two-factor authentication, end-to-end encryption and mobile device management (MDM) software to secure BYOD use in the cloud. Two-factor authentication helps prevent unauthorized access, while encryption ensures that sensitive cloud data accessed by BYOD users is visible only to authorized individuals. Mobile device management software is a good last line of defense if a device is lost or stolen, as MDM allows IT departments to restrict access to BYODs or remotely wipe the data on the device if needed.

   6. regular backups of the cloud data: As cloud providers and applications are increasingly targeted by cyber-attacks, organizations must prepare for the worst-case scenario: the permanent loss of cloud-based data. Although this does not protect against consequences such as financial loss or legal penalties, performing regular backups at least ensures that any critical data lost in a cloud data breach, ransomware attack or destructive malware infection can be recovered.

   7. safety training of employees: Regardless of how secure endpoints, applications and network connections are, their security also depends on the employees who use them. Social engineering tactics such as spear phishing remain among the most common, easiest and successful methods used by cybercriminals. Regular training is critical to ensure employees can effectively recognize social engineering attacks and build safe web habits. Organizations should therefore regularly conduct simulated social engineering attacks to test their employees' ability to identify and remediate vulnerabilities.

   Thanks to the numerous benefits, cloud migration will continue to increase in the future - but so will security threats. However, by taking the above security steps, consisting of data-centric technologies and security best practices, enterprises can effectively protect their data in the cloud from attackers.

Author: Christoph M. Kumpa, Director DACH & EE at Digital Guardian