Cost savings and accountability are reasons why forces are now considering using an already tried and tested system, designed to protect a force’s reputation for a much wider role. Police Professional looks into how 3ami’s Monitoring and Audit System (MAS) is reaching out beyond its original professional standards role to help deal with austerity in policing.
The Monitoring and Audit System (MAS) from 3ami has been developed over the last decade with a number of police forces and has proved to be so effective at identifying and proving cases of police corruption and inappropriate behaviour that its use is now rapidly spreading to other organisations wishing to protect their intellectual property and commercially-sensitive information.
Here in the UK, police forces face severe cuts to their funding which is driving them to identify wider uses for the systems they use. MAS collects data about activity performed on every device on which it is installed, which is then sent to a central secure server, providing a vast amount of information about what police officers and staff are doing at any point in the day. This data also shows how much each item of IT and communications hardware and software is being used.
Inappropriate use of IT systems can also have a huge impact on the productivity of an organisation. According to a UK survey in the workplace conducted in 2008, visits to social networking sites consume up to 20 percent of corporate bandwidth. (Source: The Forsite Group), while weakening both corporate and personal security.
Twenty per cent of companies say they have fired employees for misuse of the internet and 65 per cent report taking disciplinary measures for these offences (Source www.snapshot.com/employee-computerabuse-statistics.htm). The monetary costs will include wages and indirect costs, eg, client goodwill, rework, etc. The impact on productivity soon becomes evident. Assuming an average income of £28,000 or £14.55 per hour for an eight-hour day, a company or department with 100 employees where each wastes one hour per day on the internet would cost the organisation £349,000 a year. If the time wasted is doubled to take account of overhead costs this increases to £698,400 per year.
3ami’s Managing Director, Tim Ellsmore, explains how forces are developing a more sophisticated use of the system to deal with these issues. As one force finds a new use for MAS, 3ami MAS updates itself across all forces delivering that benefit to all forces. There are currently over 300 reports available within MAS, from the number of times individuals access the force’s intelligence system to the amount of time staff spend on social networking sites.
The most recent range of reports shows how many times staff use the ‘cc’ and ‘bcc’ function of email systems. As the Home Office has identified, a vast amount of time is wasted reading emails copied to each other or managers, just in case. If a manager spends one minute reading each of 50 emails received every day, they will have spent 25 days a year just reading these emails. Many reading this article will receive many times this number, most requiring much more time to discover they were actually needlessly copied into this communication.
While forces further develop policy on email communications and internet use, these require regular reinforcement, they will typically send out reminders, by email, on a frequent basis. But, says Mr Ellsmore, there is no better way to prevent breaches than users knowing they will be detected.
“MAS can schedule a regular, perhaps daily or weekly, automatic report to identify behaviour that a force wants to alter or control. It may be that a quiet word with an individual or head of department is sufficient to change their own or their team’s use of IT.”
Significant savings through the use of this monitoring and audit system may include benefiting from a reduction in IT requirements, through a more efficient use of resources.
For example, MAS is also able to show where laptops, desktops and mobile devices are rarely being used and lie idle, costing the organisation dearly in wasted hardware and licences for software that have to be renewed each year. However, this requires the actual current activity and processes to be understood. MAS’ reports easily identify which machines or devices, and which software packages are actually being used.
Understanding how systems and machines are being used is also a major factor in the increased collaboration forces are seeking. Everyone now knows the barrier to combining units that is incompatible IT systems and processes.
“Before creating one entity, it is important to know what you have to start with,” said Mr Ellsmore. “As well as the physical hardware, you need to know how information flows through existing departments.”
MAS is able to show which IT systems are being used, how and by whom. Although not its primary function, MAS can show when and how staff are using the systems, potentially of benefit to resource deployment.
Where forces are coming under greater pressure to have officers out on the streets, visible to communities, information automatically collected by MAS can show how long officers and staff are engaged in bureaucratic processes and decisions to decrease desk time may be pursued.
As it was designed to be used by investigators, typically staff in Professional Standards Departments (PSDs), it is easy to use by those without any specific IT skills. For instance, MAS can operate on a chief constable’s computer so he or she can monitor what staff are doing and how they are doing it at any one time. Resource managers or performance analysts can also show how much time staff spend using IT systems and which systems they use, answering those difficult media and politicians’ questions about how much time officers spend filling in forms.
Forces can now use MAS to respond to Freedom of Information (FoI) requests. With the onerous cost of providing FoI responses growing to astronomic levels, the system can allow specialists to search for the subject of the request finding information in seconds that could traditionally take weeks or months to collate.
The use by the wider policing community does not, however, compromise data integrity. The data is maintained on a server kept within a secure environment with staff having access to information based on clearance levels.
The prime function of MAS will continue to be the monitoring and audit of network systems, providing the evidence to courtroom standards in police corruption and misconduct cases, however, it can still make a contribution towards real savings.
The easy-to-view analysis of illegal or inappropriate behaviour is reducing the cost of many forces’ investigations and prosecutions. However, like all crime prevention measures, most forces benefit from reductions in such behaviour as people know there is no chance their activity can evade monitoring, preventing damage to reputation in the first place.
While all forces deploy anti-virus software to prevent malicious activity on incoming communications, not all deploy the same level of security on data leaving police buildings, despite recommendations made five years ago to address the issue.
In 2006, Her Majesty’s Inspectorate of Constabulary (HMIC) published a thematic inspection report on the work of PSDs. In Raising the Standard, HMIC recommended chief officers review their operational security arrangements to guarantee that measures are in place to ensure the integrity and confidentiality of sensitive information and that operational security is thoroughly maintained.
“The proliferation of networked computer databases, accessible by large numbers of staff across force boundaries, has left forces increasingly vulnerable to the risks of unauthorised access and disclosure. So, too, has the growth in mobile computing. Disclosure of information can be used to alert criminals to methods of enforcement, allow them to identify investigating officers and informants, compromise surveillance (both human and technical) and identify criminal rivals. Force information security systems, policies and procedures must be developed to meet these vulnerabilities, and to keep pace with technological change.”
However, a survey in 2010 showed 81 per cent of professional standards managers and practitioners believe a lack of effective audit trail was the biggest barrier to investigating suspected illegal or inappropriate computer activity. But 98 per cent believed that the public viewed police accountability and audit ability as important (June 2010).
MAS monitors every keyboard stroke, search made and even every document saved or printed. The latest add-on also allows forces to control which media devices can be used to prevent data being copied and leaving the organisation.
This enhanced security is getting considerable attention of the commercial sector. For instance, a New Zealand electro-technology firm has deployed 3ami MAS to safeguard its intellectual property against theft. McKay, a rapidly-growing firm whose clients include BAE and New Zealand’s Royal Navy, uses 3ami MAS to prevent employees from downloading confidential company files onto personal USB mass storage devices and removing those files from the premises without authorisation.
McKay’s high-profile client list and specialist knowledge mean its intellectual property – such as strategic plans, customer databases, business development information and design documents - is highly valued.
Lindsay Faithfull, McKay’s CEO, said: “This intellectual property has a very high value for a growing company like McKay, and it needs to be protected by all means possible. 3ami MAS provides fantastic visibility into the use of McKay’s IT system by all users, including what files are transferred and where. The ability to lock out the use of unauthorised memory sticks, in particular, is a very powerful feature."
The new 3ami MAS USB security module restricts certain users so no USB mass storage devices will work for them on any computer in the network. Others can be authorised to use only official company USB storage devices on certain computers; still others can be authorised to use any USB storage device on any computer.
The software can be used to block all USB mass storage devices, including cameras, flash drives, mobile phones and iPods. It can also be used in conjunction with encrypted biometric fingerprint-scanning authentication to create ‘official’ and highly-secure company USB memory sticks that can then be monitored and audited so that leaks, losses, and inappropriate activity can be traced to the original culprit.
MAS has been utilised by the South Wales Police Professional Standards Department since 2008.
Head of the unit, Chief Inspector Gary Osborne says: “An effective audit and monitoring system is a crucial tool in our fight against corruption and misconduct. The intelligence obtained from such a system forms an important part of any prosecution or disciplinary proceedings. The facts presented are indisputable and assist us with ensuring a speedy outcome to an investigation and any subsequent proceedings.”
Forces are known to be struggling to secure its data and breaches are regularly hitting the headlines. Effective prevention tools are long overdue and 3ami’s MAS provides the necessary deterrent when staff know how comprehensively it audits their activity.
With so much focus on reducing costs, a system that can potentially save more than it costs has to be considered, particularly when it so effectively responds to the requirements to protect data and intelligence as well as organisations’ long-term reputations.
Tel: +44(0)1257 473190