|
|
|
 Risk and
Football: Avoiding the Red Zone
By Stephen J. Brown
The 2015 NFL
season is upon us. Fans and spectators alike are looking forward to
enjoying the games. We can all benefit from knowing some safety tips that
apply even in box seats.
Check the
playbook: there are actual risks associated with everything from getting
into the football stadium, through the game, and then making your way home!
Depending on what game you are attending, you may be contending with
thousands of angry drunk fans; the stadium may be in a high crime area to
start with -it can be a powder keg. And, it may be a recipe for
disaster if you aren't adequately prepared. When it comes to football,
being in the red zone is not always a good thing!
The intensity of
football rivalries in America parallel soccer rivalries in the rest of the
world. Fans love their teams and 'who roots for what team' can
even be a point of contention among family members. It's not an
exaggeration to say that at an NFL football game, fans of opposing teams
literally hate each other just because of the team they support. It's a
level of intense emotion that we rarely see in ordinary interactions.
There's a culture of connection and bonding, down to the clothing people
wear and the names they'll have plastered on the backs of their shirts. You
don't see that even in intense political campaigns. Check the newspapers on
a Monday after a hotly contested game. It may have photos or more than the
quarterback's best passes.
But it isn't just
unruly or truly angry fans or gangs that create the risks. Today there is
also a greater risk often discussed by politicians and intelligence
offices: the threat of a terrorist attack.
Remember the
American thriller films Black Sunday (1977) and The Sum of All Fears
(2002)? They gave a fairly good rendition of threats terrorists pose during
these mass gatherings of American civilians. Typically, we all put aside
our situational awareness for those several hours of game time.
In the two movies
mentioned, nuclear and explosive attacks focus on an American football
game; casualties could number in the thousands. Security professionals who
protect football stadiums and attendees have these potential threats in
mind on a regular basis. Pat-downs, explosive-sniffing dogs, bag
checks... it's not only to find people carrying drugs, alcohol and
weapons. Football is a 'let your hair down'event for a vast
cross-section of America -from the tailgate party on. We're counting
on someone else to watch out for us.
In the east, we've
been seeing the Jets at training on the nightly news during the sports
section. A couple of weeks from now, perhaps by the time you read this, you
possibly will have attended a game or two. Wherever you are, football teams
have been a focus of the local sports networks for a while. So, let's use
football odds to assess the risks.
The Golden Super
Bowl 50 is in 2016. Las Vegas odds makers project that the Green Bay
Packers, given last year's stellar performance, are 6:1 favorites to win it
all on February 7, 2016 in Santa Clara, CA. Given their poor performance on
the field last year, the Tennessee Titans are the surefire underdogs
at 175:1. Knowledgeable Vegas odds makers 'get' foreseeability.
The odds favor the Patriots over the Titans by almost thirty-fold.
Consider the
foreseeable risk of serious crime at your favorite NFL football stadium.
Fans of the Philadelphia Eagles, who once infamously pelted Santa Claus
with Snowballs, attend home games at Lincoln Financial Field, in
Philadelphia, PA. The "Linc," (its nickname to fans,) is the
country's most dangerous NFL stadium. Spectators risk victimization rates
of approximately twenty-one-fold or more than 2,100% higher than the fans
of the New England Patriots at the safest field of play, Gillette Stadium
in Foxborough, MA!!!
These great
variances in actual foreseeable risk mean that from a management
perspective, the reasonable level of security required to protect lawful business,
customers and fans attending the games is huge.
If you were
running the stadium, owned the grounds, owned a team or had anything to do
with the business end of football, you would have a legal duty and owe your
customers and employees a reasonable standard of care for their personal
safety in the face of the foreseeable risks.
We borrow crime
and risk information from federal, state, and local sources and already
know that the data is used by companies such as: Cabela's, Bank of America,
Lowe's, and major security firms going after work at sports stadiums.
The compiled data
verifies that there is some statistical risk associated with attending an
NFL game, even though as fans, it rarely keeps us from a game. What the
data does do is help risk managers establish the basis for providing
reasonable security measures and security resources to protect the public.
Just to use
another football analogy, the safest stadiums have a green rating, while
the most dangerous ones are rated red. Want more information on how to
avoid the red zone? Contact us at Sutor & Associates, LLC. and we'll
provide the information to you gratis.
Stephen J. Brown
is an Investigative Research Analyst at Sutor & Associates, LLC,
Sutor provides security consulting and expert witness services for
attorneys in premises liability and negligent security cases. Reach Stephen
at: jerseysteve@comcast.net or: 609.289.2406.www.SutorSecurityExperts.com
|
|
|
|
ID-NO IDEA
By Mark V. Murphy
Many times
security and/or life safety personnel are required to verify people's
identities through the use of identification documents presented by the
person in question. While individual security officers may be familiar with
the identification used at the facility where employed, and possibly the
state's driver's license, how familiar are they with technical,
professional licenses, or other government-issued identification? Often the
security officer handles or sees the document in question for only a few
seconds. How much time and effort is actually invested in training
personnel in the myriad of identifications out there?
Case in point, we
recently had an incident involving a fraudulent identification, a
Certificate of Fitness. A Certificate of Fitness (C of F) is a
plastic identification card issued by the Fire Department, City of New York
to verify that an individual is qualified to perform a certain task or
tasks. An individual presented a Certificate of Fitness to operate a
welding torch in an area of our building that was undergoing construction.
The individual
signed in at the building fire command and presented the credential to the
Deputy Fire Safety Director (DFSD) on duty. Our policy is to retain
contractors' certificates or license while they work on property, returning
the documents when the work is completed.
The DFSD was
occupied with other duties and put the card aside. Shortly
thereafter, the DFSD was making log entries concerning the individual and
looked more closely at the credential. He noticed that something did
not look correct with ID. He notified his supervisor, who investigated
further and elevated the incident to me after comparing it to his own valid
C of F.
We noticed that
the printing was askew in relation to the card, spacing was not uniform and
there were two misspelled words on the card. We contacted the Fire
Department. They verified that the C of F number was real but had
expired. We then compared the C of F with a valid, current document and
noticed that the font, abbreviations and punctuation were wrong.
We'd also been
informed by FDNY, that the Fire Department was willing to press charges. I
contacted the local precinct of the Police Department, City of New York.
When the police
responded, we visited the construction area and the individual was
identified, interviewed, and arrested. He admitted to creating the
fraudulent ID card because the Fire Department had changed the
qualifications and he was unable to meet those new requirements. However,
without the C of F he was unable to work in his trade.
Interestingly, the
forged C of F was several years old; the man had been working for at least
2 years, performing welding services while not qualified to do so at
current standards. The danger this individual presented in an occupied high
rise building using a super-hot flame to accomplish work adjacent to
flammable materials was immeasurable. He was lucky that he only was charged
with the forged instrument and no one was hurt or worse because of his
deception.
In the end our
personnel need to be able to spot phony ID'S, or at the very least have a
method to verify the authenticity or documents presented to
them. Luckily, our employee did not ignore his gut
feeling, even if he could not articulate the issues.
While it is
impossible to be aware of the specific details for the plethora of
identifications that might be presented to us, we have to know how to
verify their legitimacy or illegitimacy. In this case, we were familiar
with the document and knew how to contact the issuing agency. We've also
begun a program where someone on our team researches the characteristics of
all typical licenses and certificates that get presented at your facility.
We have samples of the "real McCoys" and the contact information
for the agencies that can assure authentication.
Mark V. Murphy is
the Director of Security & Life Safety at Worldwide Plaza, George
Comfort & Sons, Inc., 825 Eighth Avenue, New York, NY 10019. He
holds FDNY Certificates of Fitness Fire Safety and Emergency Action Plan
Director, as well as a CPM from NYU and a MSOL from Mercy College.
Mark can be
contacted at: mmurphy@gcomfort.comand by phone at: 212.258.3765
|
|
Better Shelter
 By Robert J. Donnelly
|
|
We've talked about
constructing future schools with safe rooms to protect against tornadoes
and active shooters. We have also assumed that in problematic situations,
students and teachers can all get to these places without putting
themselves further in harm's way... unlikely. Even when we speak
about safe rooms in office buildings, generally they would not accommodate
everyone on premises -especially if everyone decided to avail themselves of
the space at once.
In considering
public schools or colleges, we can be fairly certain that there will never
be funding to retrofit all of them or replace them with new,
better-designed construction that might offer disaster protection, natural
and man-made. We've discussed in previous articles, the limitations of
lockdowns and sheltering in place outside of a true 'safe room'.
We've even added
ideas about sheltering in the school's bathrooms and updating these areas
with electronic locks that can be set from the inside and then later
overridden as required for rescue, etc. Further, given the push towards
keeping within HIPPA regulations, there is little chance that information
on potentially problematic people right on campus or in the vicinity is
going to be circulated.
So is that all
there is? Recently light weight bullet-resistant materials that can take
the form of wall artwork are coming into focus. Imagine the advantage of
these 'artwork sheets' for protecting anyone in classrooms where the
accessible corridors are currently pressboard, sheet rock or something
equally vulnerable.
I took some
samples of this new fabric with me to the shooting range to test. It meets
Life Safety Code 101 so it doesn't require a permit to use and reminds me
of the flexible fire-proof suits that race drivers wear. Impressive ability
to block bullets from penetrating it -and it looked good!
Certainly this may
not be the only development that will help better protect people in
confined spaces in the near future, but it offers a new approach and
actually looks more attractive than barricades. (Note: the photo
above in this article is one of the prints currently available.)
Robert J. Donnelly is retired from FDNY and consults on fire
safety matters. Bob can be reached at: bobby.donnelly4@gmail.com.
|
|
|
|
CULTURE SHOCK
By Mario J. Doyle, CPP
At first it may
not seem like a security issue...
but the bravest
people didn't give the same attention to safety as they did the dangerous
work for which they'd signed up -the same work for which they'd developed
intense skills. But preventable accidents laid more of them low than
exposure to all the risks inherent in firefighting.
Safety isn't
glamorous. It isn't dramatic. But getting a change in organizational
culture to focus on safety can be forceful in terms of having the people
you count on staying well and ready -in addition to cutting costs and improving
insurance ratings.
Just sending out a
memo or dictum on safety has little effect on changing behavior. The
organization's internal culture may not support it. Fire Engineering
University's Ronald J. Siranicki and Richard Gist suggested that we might
review the famous behavioral psychologist B.F. Skinners' work on teaching
pigeons to bowl if we wanted a better handle on the subject.
Everyone laughed
about teaching pigeons to bowl -and it wasn't easy because each step in the
process had to be broken down into single tasks. It wasn't the
"norm" by any means. It took patience, consistency and channeling
normal behavior in totally new directions.
The couple of
paragraphs below bring out related points about organizational culture with
a chuckle:
"If culture
is an amalgamation of values, beliefs, and behaviors that become ingrained
in people, communities, and organizations, how do these things arise, how
are they transmitted from one generation to the next, and-most
importantly-how can we change the parts that work against us? To get to
that point, we must first understand how it is that people come to do the
things they do.
The most tenacious
aspects of culture are those driven by conformity. They are seen in
behaviors and beliefs that are often described as norms. Norms are so fundamental
that we don't think about them; we don't know how or when we learned them
because they seem to have always been a part of our world and our movement
within it.
Since social norms
are so deeply engrained, they're typically quite difficult to change. For
example, the odds are that nobody ever told you exactly how to behave in an
elevator. There aren't written rules
about it. Still,
you know exactly what to do-walk in; turn to face the door; look up, down,
or forward. If you know someone, you will probably say hello, but any
conversation that follows is usually kept to short, quiet, low-key
exchanges. Let's now try an experiment: Step into the elevator and wait for
the doors to close. This time, though, don't turn around. Instead, stand
facing the crowd and ask how everyone is doing. Tell them a little bit
about yourself; maybe share a few things about your views on current events
and politics. You could even follow up with a brief display of talent such
as singing, dancing, or telling a few jokes. Security will be waiting for
you somewhere before you get to the top floor."
When Doyle Security Services Inc. (DSS) started the internal initiative
-having SAFETY PLUS and overall safety training become part of our
officers' ongoing programs, some people rolled their eyes. However, in much
the same way that Siranicki and Gist focused on changing the culture of
safety in the fire service, we've enhanced our programs to take a general
concept and bring it into specific tasks. We work with our teams on processes
and accountability that make a difference.
Here is a quick
overview of our SAFETY PLUS program: first, each employee receives
awareness training in Safety Plus prior to assignment. It includes:
Classroom
instruction, digital video, written guidelines and On-site safety
orientation.
We study the
location and atmosphere for each client's facility because these factors
are diverse and pose a variety of potential safety issues. the findings
inform our basic Safety Plus design for particular facilities and we
incorporate input from clients so the programs meet necessary standards.
Each job site is
assigned a safety coach who meets regularly with his/her employees to:
* Promote safety
and hygiene awareness
* Provide
coordination and direction of all loss prevention activities
* Maintain both
our and our clients' safety and health policies
* Conduct ongoing
evaluation of the program; and
* Ensure legal
compliance with regulations and add any updates in client guidelines
If you have
questions about implementing this initiative, let us know. How you approach
it can take the shock out of improving safety in most environments.
Mario J. Doyle,
CPP is COO of Doyle Security Services, Inc. a regional contract security
and consulting firm in NY. Mario is a former Chapter Chairman for ASIS
International's Long Island Chapter, a former ASIS Regional VP, and past
president of ALDONYS (Associated Licensed Detectives of New York State).
Reach Mario at: mdoyle@dss-securitysolutions.com.
|
|
Who Else is in the
Living Room?
By:
Fara Afshar PhD, CCNA-Security, CCDA
|
Each night, most of us feel safe and
secure sitting in our living rooms, watching a movie and discussing the
day's affairs with family. We would not surmise that there could be
uninvited guests eavesdropping on our conversations. However, today's
technology has invited 'new guests' into our homes and we may want to be
aware of their presence.
Look around that cozy living room: you can spot one or two
of our new guests; an internet-enabled TV, a notebook or tablet, a security
camera, a cell phone and even something as harmless as a thermostat on the
wall. These devices are all connected to the internet and, potentially,
connecting you to intruders.
The new term for this connectivity is The Internet of Things
(IoT). It includes embedded computing devices such as digital home
thermostats, smart TVs, car systems (navigation, entertainment, and engine
management computers), networking devices, smart watches, and activity
trackers including some internet-enabled bathroom scales!
The diversity of threats mirrors the diversity of devices.
In the past year, there have been growing numbers of probing and
experimental attacks on a range of these devices, including few serious
attacks (Symantec, 2015).
Due to the
increasing number of computing gadgets and our connectivity to the
Internet, we are more vulnerable to cyber-attacks than even a few years
ago. Can we secure ourselves?
In this article series, we'll discuss our vulnerabilities
and threats, the ways that we can protect ourselves through our own
efforts, and the ways in which other private and governmental entities are
trying to stop cyber-attacks.
Vulnerabilities
and Threats
Most cyber security professionals advise you that the
question is not if you will be hacked, the question is when you will be
hacked. Have you heard the insurance industry professionals using almost
the same statement? The question is not if you will be hit by disaster, the
question is when you will be hit by disaster. More people are aware of
cyber threats and attacks as they have become widespread. You or someone
you know has probably been hacked! Fortunately, the perception of "it
will not happen to me" is changing. It helps make the situation more
understandable and encourages all of us to mitigate against common
threats.
To understand what the threats are, we need to learn more
about vulnerabilities. According to software security professionals,
vulnerabilities are flaws in computer software/hardware that create
weaknesses in the overall security of a computer or network. They can also
be created by improper computer or security configurations. Threats exploit
these weaknesses. Results: potential damage to the computers and/or stored
personal data (Norton, 2015).
For an overview on
the currently acknowledged vulnerabilities and threats, check the
information from some of the reputable security software vendors and
experts in the field. Here are few links to browse:
According to Cisco
Corporation (2015), the primary threats for end devices such as our laptops
and computers are viruses, worms, and Trojan horses. Here are Cisco's brief
definitions of these threats:
* A virus is
malicious software that executes a specific unwanted, often harmful,
function on a computer.
* A worm executes
arbitrary code and installs copies of itself in the memory of the infected
computer. The main purpose of a worm is to automatically replicate itself
and spread across the network from system to system.
* A Trojan horse is a non-self-replicating type of malware,
often containing malicious code, designed to look like something else, such
as a legitimate application or file. When an infected application or file
is downloaded and opened, the Trojan horse can attack the end device from
within.
The above and more can enter your network through
downloading infected programs or even simply using the Internet at unsafe
sites. Other vulnerabilities come from using infected flash drives, weak
passwords, unpatched operating systems, malware, and a lack of a firewall
or security software on your devices. Moreover, unsecured network devices,
unsecured end devices, disgruntled employees, poor or no security policies,
and the most important one, unaware and uneducated users!
The threats are real and more widespread than we wish. In
Part 2, we will discuss ways to protect you and mitigate those threats. For
now, your assignment is to find out more about vulnerabilities and threats
in your network and in your living room.
Fara Afshar PhD, CCNA-Security, CCDA is a
Professor of Engineering at Suffolk Community College and an Industry
Security Professional. If you get a chance to take one of her courses, or a
presentation, you will find her down-to-earth and attention-getting. Look
for Part 2 in the next Security Directions.
|
 BAD Stories with WORSE Endings...
|
|
After some twenty years of thinking about it, I am getting
serious about producing: "The Security Director's OTHER Manual."
Some "bad" stories come back to mind while considering all the
areas to cover.
Here are two stories that I hope will prove useful reminders
that digging deeper may not always produce pleasant results. At least you
as the reader 'KNOW' what the potentials are going into these situations.
That might be enough to let you stop short of orchestrating an unwelcome job
exit.
Perhaps you have some of your own Bad Stories that you'd like
to share. We can always camouflage the details so you won't be identified
-or we can include them and attribute them to you, the source. It's your
choice but there's nothing if you don't write 'em and send 'em in....
Dan's Story
Some years ago and we are in a graduate class in Security
Management and Dan and I are in the same row in the auditorium, along with
my husband who, as a favor to me, comes into Manhattan on Monday evenings
from Suffolk County.
Dan is a youthful NYPD detective who is retiring after
military and police service. He has secured a job as security director at a
lighting distributor in New Jersey and plenty of his colleagues are
jealous.
The lighting company is run by members of an extended family
and they have been suffering significant losses. They've chosen Dan, based
on his investigative expertise, as the right man to figure out what's going
wrong.
Sure enough, within a few weeks Dan identifies the employees
who are stealing. He knows how they are getting the goods through security
procedures and even determines some of the outfits where they are selling
the stolen materials.
Dan is fairly happy with his progress and during the next
several weeks he shares with us how he is putting the case together.
Next, he asks for a meeting with the top executives to present
his findings. He delivers his report and asks whether they want to
prosecute the thieves; get restitution or simply fire the wrong-doers.
Instead, the executives tell him they want a sit-down meeting with the
thieves. They plan to use them and their "customers" to expand
their business via other channels.
Dan is dumbfounded. He is also terminated, given a nice
severance package and is out of work, all in less than 4 months. When we
see him in class the next Monday, he's angry and frustrated.
The take-away: find out why they are hiring you. Do this by
putting forward questions during the interviews about what management
envisions doing at the conclusion of this investigation (if that's their
motivation for hiring you) -or perhaps what they've done in the past at the
conclusion any investigations.
The executives might not have any good answers. They may look
off to the sky to avoid confronting you on the subject. They may get
annoyed at your impertinence. Whatever the response is, it tells you what
you need to know. It tells you what not to assume and how to avoid tripping
yourself up going forward.
You can then decide if this is the job or assignment for you.
It may not be smooth going over time; no one may be congratulating you for
the great job you do. And, no one may care about your feelings.
It sounds so simple, but sometimes the anticipation of having
a title, a good salary and benefits and a certain prestige, gets in the way
of the fundamentals. Plus if you decide that you are willing to take on
this risk, you aren't going to present information in a way that interferes
with your continuing beyond that particular couple of months work.
George's Story:
Late in the afternoon I get a call from George. He's a robust
security professional with years of law enforcement experience and manages
a decent-sized security force at the east-coast plant where he works...
worked.
On the phone he doesn't have his regular powerful presentation
and everything about the conversation sounds tentative.
George wants to know what security director jobs are available
in his general area...
Mostly, I listen, interjecting a short comment when
appropriate. Here's what George told me:
Perhaps six months ago he was called into a conference with
the 'C-Level' management. They wanted his help to stem shrinkage, losses
that were on the rise in only one of the company's other divisions. The
losses were now well above the 2% that their accounting firm determined was
the break-even point below which investing resources in solving the issue
would cost more than the shortage itself.
George, who had worked for the company for almost seven years,
was up for the challenge. It meant learning more about other parts of the
conglomerate and he hoped that a successful resolution might put him in
line for a divisional promotion and a significant raise.
It was a complicated scenario. One worker was in cahoots with
suppliers so they were shorting the company on products. The employee was
signing off that he'd gotten a full shipment, and then the supplier would
give "gifts" to that employee to thank him for the business... It
wasn't easy to spot: for instance management didn't usually measure the lengths
of hydraulic tubing they received or analyze what was actually in supply
shipments going to maintenance/repair since the items didn't go into the
manufacturing process.
Even their accounting firm, when doing audits, didn't open
pallets of finished goods to see if they were missing items in the middle.
Their major focus was counting the numbers of shrink-wrapped pallets ready
to ship and the pallets of raw materials remaining in stock. The company
was issuing more credits for short shipments but not enough to become a
focus.
George put the case together. He identified three major
problems that were responsible for many of the shortages and lost revenue.
The CHB and CEO were thrilled with his work though the other officers were
more neutral. Had George left it there, life would not have gotten so
complex.
But George was good. He didn't stop investigating at that
point. Eventually his sleuthing had him asking for another meeting with the
CEO. The trail of some of the misdeeds led back to the CFO, something he
hadn't prepared the leadership to address and certainly something they
didn't want to deal with, at least not at that time. They were in
confidential negotiations, on the verge of a merger... So George was
sworn to secrecy; handed a big check for his silence and shown the
door.
Now, not only was George looking for a new position, he was
going to have to come up with a plausible explanation for why he was
looking for a new job without telling the truth....
Of course, you may have better stories. Send them in.
Below are several issues to consider:
- Major financial crimes
if they are well-thought-out, seem to slide by. Ask anyone on Wall
Street.
- In most cases there
isn't even restitution when thieves are identified.
- As the drug laws loosen
up, no one is going to be interested in prosecuting employees unless
their marijuana or other distribution is mind-boggling.
- If the company's EAP
group tends to "rehabilitate" everyone over and over, then
focus on performance issues that put the company in jeopardy. Document
it. You may also want to connect with risk management rather than
reminding others that their bad choices are keeping 'problems'
employed.
More for the future...
Erica
|
Travel Tips to Put
in Use Right Now
By
Juval Aviv
|
|
As a frequent
traveler and a terrorism and security consultant, I am often asked by
clients for tips on travel safety. This short piece includes suggestions
that may help you have safer business travels as well.
Some of my
recommendations:
- Pack lightly and try to
sort out any issues with your flight prior to arriving. Airport
security is primarily focused on preventing terrorists from attacking
planes. There is very little to prevent an attack in the front of the
terminal itself where potentially hundreds of people are lined up
during the busy holiday travel season. The less time you spend in this
part of the airport, checking bags or dealing with ticketing agents,
the better.
- Make copies of your
passport and other forms of identification and leave it with a trusted
friend or relative. If you lose your passport, having copies faxed or
emailed to you can make replacement much easier.
- When traveling to a foreign
country, find out where your country's nearest embassy or consulate is
located. You may need their services in the event of a lost passport
or other travel related emergency.
- Check with the State
Department prior to departure for the most recent travel warnings.
- Consider purchasing travel
medical insurance, particularly if you are traveling to a country where
the medical facilities might not be up to Western standards. Policies
that include medical evacuation are relatively inexpensive.
- If you take prescription
medications divide them up and keep them in two places, perhaps keep
half in your carry on and half in your luggage. If one of your bags is
lost or stolen you have another supply. It may not be easy or even
possible to fill a prescription in a local pharmacy.
- If you take prescription
pain relievers or sedatives, check with the State Department before
traveling to a foreign country about that country's laws regarding
drug possession. In some countries, possessing pain relievers and other
types of medications without proper documentation, can be considered a
criminal offense and can land travelers in a lot of trouble.
- Wearing expensive clothes
and jewelry can make a traveler a more visible target for muggers or
kidnappers. Avoid wearing labels or logos that easily identify you as
an American.
We recommend that
our clients choose chain hotels in areas that have a decent amount of
nightlife. Hotels in business districts may be more convenient for meetings
or work, but these areas can be deserted at night, making walking around
more dangerous. We've found that chain hotels are generally more dependable
in terms of cleanliness and security.
Travelers also
face cyber security issues and as more and more of our clients are doing
business in countries like China and Russia where hacking is a prevalent
threat, we are strongly recommending that they take precautions with smart
phones and laptops. Smart phone and laptop hacking has become commonplace
in recent years. With new technologies business travelers can more easily
access sensitive information remotely. They've been known to store
information on unsecured devices.
We recommend that
our clients leave their smart phones and laptops at home and take loaner
laptops and phones or pay-as-you-go phones when traveling. If there
is no information stored on the device, then there is nothing for the
hacker to steal.
Additionally, we
tell our clients to disable the WIFI and Bluetooth options on their phones.
Generally, hackers can access smart phones especially through the newer
devices. In Europe, American smart phone users can rent a device that
literally lets you create a WIFI point where you are -but you probably
won't be the only one using it...
As we all seem to
know but don't always do: remove the battery from the phone when in
meetings. That way the phones cannot be turned on remotely and used as
listening devices.
You may also
consider not accessing company networks while traveling. Laptops can be
infected with keystroke-recording software. If you have to access a
password-protected or encrypted site or network, copy and paste the
password from a USB thumb drive to at least avoid the keystroke issues.
I hope these tips
help keep you safe on your travels and avoid disruptions. Please feel free
to contact us for additional tips or suggestions.
Juval Aviv,
President and CEO of Interfor, Inc., a corporate investigations and
physical security consulting firm. He is a frequent public speaker on
financial fraud, terrorism and cyber security. Reach him at:
juval.aviv@interforinc.com.
His
published works include: Staying Safe: The Complete Guide to
Protecting Yourself, Your Family, and Your Business, published by
HarperResource, a division of HarperCollins Publishing. His other book: "The
Complete Terrorism Survival Guide" was published by Juris Publishing.
|
|
THE FIRST 5-7 MINUTES ...
Active Shooter Response That's Critical in Healthcare Settings
By William Losefsky, CHPA, and Jeff Putnam,
CPP
|
|
It isn't the first
time we are looking at this issue, but the following may be particularly
useful to refresh and expand on the theme. (Editor).
Hospital security
directors and managers probably have the 'READYHOUSTON' active shooter plan
in place that focuses on: "RUN/HIDE/FIGHT". What most of us know
from a quick examination of statistics is that it will take 5-7 minutes for
L/E response. As security leaders, what is our best approach to managing
from the moment first shots are fired until local law enforcement can get
there and take out the threat?
In a 2012 Annals of Emergency Medicine study of 154 hospital shootings in
40 states, researchers found that emergency departments were listed as the
most common site of attacks with 29%, followed by parking lots with 23% and
patient rooms with 19%.
During an Active
Shooter situation, our goal is to prevent or reduce the likelihood of
injury or death. What training and both passive and active countermeasures
may reduce the number of injuries and casualties associated with such a
traumatic event?
Communication is
Key
We've looked at a
number of web-based software applications that work well for emergency mass
communications to employees and your security team. Look into: One Call Now
System, AtHoc Alerting System, and NOTIFIER Emergency Communication
Systems. Whether you utilize one of these applications or quickly e-mail,
text, call, use intercoms, digital sign boards, bull horns or runners the
essential thing is to communicate the warning, TEST your system rigorously
and regularly so not only do you quickly communicate the nature of the ASE,
location of the threat and an evacuation route, but everyone on premises
knows what the communication looks like and sounds like!
We've found that
today most hospitals have a code designated for an active shooter: Code
Silver notification is synonymous with an event involving a weapon or
firearm.
Active and Passive
Countermeasures
To paraphrase
Webster's dictionary, countermeasures are: "actions or devices
designed to negate or offset others." The focus is to prevent
undesirable outcomes via these processes.
Passive
countermeasures would include teaching employees to instinctively think
about barricading methods using materials they have available. This is
generally referred to as Protect-in-Place. If there is no time to escape,
identify specific locations that can be pre-identified as recommended
Protect-in-Place rooms or sanctuary spaces. They can be locked from the
interior, have few or no interior glass windows and offer walls that
provide more protection against potential gunfire than just sheetrock.
There may be no spaces in your facilities that meet all the criteria.
Choose the ones that have the most attributes and people can get to.
Can employees roll
heavy copy machines, desks, hospital beds, etc. for additional
fortification or help delay an intruder's ability to enter the room?
Perhaps a silver sticker on the door of any pre-identified Code
Silver Compliant rooms will aid employees protecting in place even
if they are currently assigned in an unfamiliar area of the facility.
If the room cannot
be locked from the inside, as part of the training plan suggest employees
use belts, purse straps or electrical cords to tie the door shut. It is
worth considering purchasing 500 feet of parachute cord and cutting and
distributing it in 25-foot lengths to rooms/offices that cannot be locked.
Help employees make it SOP to silence the cellphones; turn off the lights,
remain quiet and move away from doors or windows.
In the hospital
environment, we are required to place fire extinguishers throughout the
facility. These devices can become formidable weapons when considering
taking active measures against a shooter. A class B 10-20 pound fire
extinguisher planted upside a shooter's head may incapacitate the shooter
and provide the opportunity to overpower him. Additionally, discharging the
extinguisher at the shooter may provide sufficient diversion or
incapacitate the individual enough so the employees can overpower the
shooter.
In our ALICE
training, we learned that
throwing an object at a shooter's face is very distracting and may
temporarily interrupt the shooter from firing. In those few seconds, if
several employees are in the room they can use a swarm technique - each
grabbing for an arm or leg and essentially 'taking down' the shooter. We've
practiced swarm techniques in our ALICE training and each and every time,
we've been able to overpower and overcome the shooter. Although real events
are much more stressful than a training, it is important to recognize that
doing nothing is not a plan.
Improvised Weapons
in the Office
Your employees may
not have considered that there are Improvised Weapons (IW's) in their
offices. Suggest they consider: staplers; coffee mugs; calculators (yes,
even numbers can hurt); Rolodexes; phones; printers; books; picture frames;
etc. Just think of the power a snow globe would have if when thrown at a
Little Leaguer's speed at a shooter's forehead! I have heard of
administrative assistants maintaining a can of wasp spray in their desk as
a last line of defense against an aggressor. These cans are generally large
(high capacity) and the spray stream generally extends out 12 - 15 feet!
Taking the typical
"run and hide" concept to the next level, get employees to consider and discuss actions they can
take to survive if a shooter enters their room. It should become
instinctive for them to follow the following steps:
1. Shut off
the lights
2. Lock the
doors (if possible)
3. Place
barricades at the doors, and material on the floor that will cause the
shooter to trip in the dark space
4. Work
through the fight plan if no other option is available.
Get employees to
practice where they would crouch, stand and maneuver. It helps them all
prepare to take immediate swarm action if a shooter enters the room. The
employees stop being easy targets.
We've watched
dozens of Active Shooter Events in training and have observed that the eyes
of the shooter are focused on looking for potential victims. I have yet to
see an active shooter concentrate on looking at the floor for potential
tripping hazards. Tying belts across a door threshold or tying ropes and
belts between two chairs may be the tripping hazard that tips the scales
and gives employees an opportunity to implement swarm techniques.
We encourage you
to take the entire Active Shooter Response training to the next level. Help
your employees think through and practice passive and active measures that
may mean the difference between life and death. If as security
professionals we can achieve this, we have accomplished one of our most
important missions: protecting our charges!
* (Hospital-Based
Shootings in the United States: 2000 to 2011, Kelen, Gabor D. et al.,
Annals of Emergency Medicine, Volume 60, Issue 6, 790 - 798.e1)
William Losefsky,
CHPA, is Chief of Security Services for LRGHealthcare system in New
Hampshire. His MBA is from Columbia Southern University. He is a retired
law enforcement officer with certification in anti-terrorism
specialist. Bill is Vice chairperson and treasurer of the NH IAHSS chapter
and received the IAHSS Lindberg Bell Award in 2010. Recently, Bill was
certified as an A.L.I.C.E. Active Shooter Trainer.
Jeff Putnam, CPP,
is an independent security consultant and is Board Certified in Security
Management through ASIS International. He has over 35 years' experience in
both private security industry and in the military.Jeff retired from the
USAF Security Forces after 20 years of service in several countries.His BA
is from Louisiana Tech University .He is an ASIS member and served as
chairman of the ArkLaTex Chapter.
|
|
THE FYI....
|
|
This issue of
SECURITY DIRECTIONS
is brought to you
by AIMS TESTING
Expanding your
officer base as you take on new contracts?
Benefit by using
AIMS TESTS in your screening process. These simple written exams help
you
Identify High-Risk
Candidates Before You Hire.
DEVELOP RATINGS IN:
DISHONESTY, DECEPTION, SUBSTANCE ABUSE and VIOLENT BEHAVIOR with a built-in literacy index and math
index!
AIMS TESTS are:
- Self-Administering
- a room-full of candidates can take them at once!
- Easy
to Score on your own PC - done in under 3 Minutes
With AIMS TESTS you can:
- Print
Individual and Summary Reports and View Results On-Screen
- Get custom
WINDOWS-compatible scoring programs for your specific
organization
|
|
|
|
Honoring the
Protectors
By Matthew W.
Horace
Being immersed in
the security industry each day, it sometimes takes another colleague to
remind us that it is easy to forget to honor those who protect us all: the
"Protectors of the Protectors". We don't always consider the
individuals, the men and women who actually provide the day-in-day-out
security services that make a difference in how we feel about our safety in
workplaces and the commercial buildings where many of us spend our waking
hours.
I've seen the term
Security narrowly defined as: "the state of being protected or safe
from harm; things done to make people or places safe; the area in a place
(such as an airport) where people are checked to make sure they are not
carrying weapons or other illegal materials."
Security is a
necessary element in our democracy. Beginning with the revolutionary era,
we formed armies and militias to "Protect Freedoms" from tyranny
and injustice. After all, royalty and land barons have always had private
security forces. As any student of the subject knows, it was later in
history that public policing and public law enforcement became the norm.
When global
terrorists suggest that Jihadists attack US gathering places such as our
malls and shopping centers, we begin to look toward the private security
industry to ensure our safety and protection from destructive elements.
Private security
is one of the fastest growing occupations in the United States. There are
approximately 1.1 million private security officers working across the
nation - far outnumbering American police officers. Some 600,000 private
security officers are outsourced by organizations -working for specialized
security companies hired by clients to secure and protect their premises,
employees, and visitors.
If we factor in
the number of corporate and private security professionals like CSO's,
analysts, directors, program managers, and others who support small, medium
and large corporations, the overall number of people who are responsible
for our safety and security is staggering.
Our private
security protectors are at the front lobby desk when we come to work; they
are at the x-ray screening device before we gain entry to the elevator
banks; they are patrolling the fire stairs and perimeters of our buildings
-like a background orchestra to our daily activities.
We tend to honor
those working for government agencies or the military more frequently than
we do those who we see every day and interact with on a regular basis. But
the security officers covering huge manufacturing and storage facilities
and local amusement parks perhaps play just as important a role in how we
connect with our 'freedom' as do the military and law enforcement officers
we interact with on any visit to the US Capitol.
As someone who has
worked with thousands of private security officers in the last several
years, I've come to appreciate the contribution each one makes to a sense
of security that allows us to go about our regular business without always
checking our 6 and feeling ill-at-ease.
In actuality,
security personnel throughout the United States safeguard military bases
and government facilities housing our nation's federal law enforcement
officers and civilian workforce. It is almost as if we've come full circle,
acknowledging that it is critical to employ private security personnel to
ensure security for citizens in their daily activities as we'd have
expected for landed gentry centuries ago.
For those of you
who work in the private security field, shoulders square, uniforms tight,
eyes bring, professional and proud, and above all committed to being our
protectors of safety and security -thank you. We honor you and ask that you
continue to offer us the best of your service.
Matthew W. Horace
is Senior Vice President and Chief Security Officer at
|
|
THIS
SPACE is RESERVED FOR YOUR ARTICLE:
|
|
The next issue of
Security Directions e-Magazine is just around the corner.
We have space for
your article. We are interested in your input.
What are you waiting
for?
Consider this your
engraved invitation to contribute material
and participate in
the publication!
Get digital
INK.... Enhance your recognition among colleagues....
SHARE WHAT YOUR
KNOW!
Nothing fancy
or formal is required.
We'll take it
from there. Thank you!
|
|
 Does Your
Investigative Strategy Also Incorporate a Violence Risk Assessment?
By Chuck Tobin
Security
professionals, both contract and proprietary, embrace many core principles
concerning investigative methods for workplace situations. However, to be
effective and valuable there are some deeper concerns that need to be
addressed and accompany our reporting.
There is always risk,
or loss, or risks of loss that bring about a call for investigative
resources. Our skills at identifying theft rings, suspicious activities, or
individuals who are problematic in the workplace is significant. We are
often able to isolate the important information about who and what is
involved. After all, loss comes in many forms and has varied impact. We may
find that someone within an organization has embezzled or has committed
acts of sexual harassment or worse, and may be subject to termination, if
not prosecution.
Traditionally,
investigators provide their detailed findings. The quality and quantity of
their evidence substantiates whatever action employers deem necessary.
What is often
overlooked is: "how will this subject respond to what he/she perceives
as consequential 'negative' actions by the employer?" or "does
this individual have the propensity for violence and might termination or
other discipline trigger unwanted behavior, either immediately or after
being confronted about the problematic behavior?"
While threat
assessment and management strategies are applied in many potentially
hostile or violent termination situations, are we missing other life
changing events?Perhaps it is also
significant for investigators to collect and assess additional information
that goes beyond the current workplace situation. The material has to be
on-hand and evaluated before termination because it may alter how the
matter is handled. And, there are many examples where an employee was
terminated for causes other than violence, yet the person committed
violence as a result of the employer's action. [Consider last year's
Connecticut shootings at a workplace where an employee who was terminated
for theft, then returned a short time later and killed the bosses and other
management personnel while they all sat at a meeting.]
Perception of Loss
One principle that
is core to assessing violence risk is: understanding that individuals
perceive events according to their own reality. Whether the reality is
factual or not is besides the question. Acknowledge that this reality is
their truth and they will formulate their decisions based on it. It may be
a reality influenced by drugs, past life experiences, environmental factors
or other stressors. An investigator's judgment about individuals' perceived
reality has no place here. We cannot discount the subject's version of
'reality'.
Assessment and
Management
While we are not
suggesting that every investigator become a threat assessment expert, it is
reasonable that all investigators consider how they can contribute to the
reduction of future violence. If, as investigators, our findings will have
a negative consequence on the problematic person, how can we help reduce
the risk that there will be future loss of life or injury because that
person becomes out of control?
With the loss of
inhibitors (being terminated and no longer operating under the job's
constraints -or without a perceived connection to the company) but still
with the external stressors, the situation may be sufficient for the
individual to commit violence directed back at the workplace, its
management or at co-workers.
Threat assessment
professionals will utilize investigative findings in a multi-disciplinary
approach to make an initial assessment and begin formulating strategies
that may be able to take the individual off a pathway to violence. There
may be psychologists and threat assessment investigators and others
involved in what goes far beyond the original investigation. The goal: to
effectively move the individual to a position where risk to the [former]
employer and those associated with the organization is mitigated.
Combine in a
careful collaboration: threat assessment investigators (public and
private), behavioral science professionals, protection professionals, human
resource professionals, attorneys (prosecutors and council). They can all
share insights from their disciplines to provide a safer resolution. For a
deeper look into this collaborative approach, examine the best practices paper:
Workplace Violence Standard released by ASIS and SHRM from 2011. It offers
a good starting place.
Various models
exist in the threat assessment and management community regarding the
evaluation of an individual's risk for violence. One of the most critical
elements, regardless of which model you choose, is that it utilizes the
multi-disciplinary environment as mentioned above. We rely on investigative
skills to identify problematic employees and then call upon
these additional resources so that we can do an effective risk
assessment and develop a true mitigation strategy.
Chuck Tobin is
president of AT-RISK International and can be reached at:1.703.378.2444.
|
|
|
|
We Know They Are Out There
By Patrick J. Brosnan
French authorities
had the Kouachi brothers under surveillance for years - and
stopped just a year before the deadly assault on the Charlie Hebdo offices.
This grim fact suggests a potentially deadly chink in our own
anti-terrorism programs here in the United States.
The brothers were
known jihadists, with confirmed links to Al Quaeda in Yemen. Said Kouachi's
travels to Yemen between 2009 and 2012 were well-known to French
law-enforcement and intelligence services. And Cherif Kouachi had been
convicted of jihadist-related activities in 2008.
The sad reality is
that law enforcement and intelligence services have finite budgets. That's
why the "watch" on the Kouachis was reduced from
sustained surveillance to monitoring and then, ultimately, discontinued
completely.
That's the irony
of sustained surveillance: It is virtually impossible to sustain.
As a former NYPD
robbery detective and now the owner of an intelligence and investigative
firm in the city, I've been directly involved in administering and
conducting surveillances for more than 30 years. They are extremely
difficult to conduct without alerting the target and very costly to
fund - especially when the target may avoid suspicious or
criminal behavior for very long periods of time.
It's relatively
simple to identify potential jihadists through their travels to Yemen or
other hotspots, or through other intelligence-gathering methods. The
problems start when you try to put multiple, perhaps hundreds, of potential
or confirmed jihadists under sustained surveillance.
The first problem
is cost. To surveil one person 24/7, you need three agents assigned to each
target at any given moment. With 168 hours in a week, as per the
United States Department of Labor Laws, intelligence agents generally
work 40 hours a week- an effective surveillance, therefore, requires
fifteen full-time agents per week just to follow one -potential or
confirmed- jihadist at all times.
Too few, and the
target is likely to "make" the surveillance - or
you may simply lose him in traffic or in a dizzying array of everyday
scenarios.
Multiply that by
several hundred targets, and you've got a logistical and budget nightmare.
To boot, you need
to constantly rotate agents and vehicles, because these
targets are naturally on the lookout. And it's impossible to
predict when potential jihadists will actually shift to operational mode
and mount an attack. Armies of agents could surveil one target for years
before the individual ever goes operational - and he/she may
never.
All the while, the
meter is running -- draining law-enforcement resources to the point where
the surveillance is either cut back due to the lack of activity, or
discontinued altogether, because you're more worried about a different
target, as happened with the Kouachi brothers.
So what do we do?
First, add cheaper
oversight: Law-enforcement and intelligence authorities, in addition to
monitoring digital and other jihadi communication devices closely
24/7, we also have to interweave any actionable intelligence with an
operational strategy and instantaneous intervention. After all, we had
intelligence prior to 9/11. At that time, we were not operating with our
"antennas up" or an immediate commitment to act. Hopefully,
things have changed.
With the tremendous
number of camera feeds being aggregated in almost every US urban center, we
may not have to have physical surveillance 24/7 on every one of thousands
of people with jihadi leanings in the US. However, we can 'tag' the images
generated from where we know potential terrorists are residing, working,
congregating, etc. And that can become our 24/7 database. With modern
analytics we can have local and federal law enforcement alerted and attuned
when frequencies of activity, changes in behavior, etc. come into view. And
it is far less expensive than the physical surveillance for everyone on a
full watch-list.
Next, we have to
recognize the importance of funding for sustained physical surveillance
with confirmed and high-potential jihadists. From my experience, this is an
absolute. There is no greater or more pressing reason for the federal
government to have an open checkbook.
However, we also
want to examine what would really be expended if we wanted to have 24/7
sustained physical surveillance: Right now, there are most likely not that
many US-based potential jihadis known to authorities. For example, it's
been reported that in 2013 nine Americans were known to have joined or
tried to join foreign terrorist organizations.
Let's guesstimate
the total in-country to be 100. To put three surveillance experts on them
all, 24/7, would run $644 million a year. For 300 jihadis: $2 billion a
year. That's a drop in the bucket of our tax dollars.
Once individuals
make it onto our radar as more than tiny blips, let's not reduce physical
surveillance for confirmed or highly-likely jihadists. From what we've
experienced so far, they are not likely to do anything immediately. It may
be years in the planning and preparation. Once individuals are identified
as real threats to our homeland, they don't become less of a threat because
they do not act quickly.
Pickpockets and
rapists are driven by greed or lust. By contrast, terrorists like the
Kouachis can be incredibly patient; surveillance of them can be
excruciatingly drawn-out.
Third, plant
undercover investigators. We have to be more clever; more purposefully
deceitful than the jihadis. We must be relentless in our efforts to put our
spooks in their spaces.
Jihadis are
methodical, thorough and, above all, extremely patient. We must display the
same level of patience if we are to identify, prevent and disrupt future
terrorist acts in the United States.
Patrick J.
Brosnan, a former NYPD Robbery/Gun Squad detective is CEO of Brosnan Risk
Consultants and a Fox News crime analyst. Reach him at: 845-624-6571.
|
|
