This FM Alert has been contributed by Chris Phillips, founder and managing director of the International Protect and Prepare Security Office (www.ippso.co.uk), a security and management consultancy based in the UK.
This current terrorism threat we face is evolving, and it will continue to do so. The desire to kill many people and create as much fear in the population though is enduring. Therefore anyone with responsibility for businesses that operate in crowded places must take action to reduce their vulnerability.
The good news is that counter terrorism security is just good security really. All businesses should have tried and tested evacuation plans. When considering the impacts of terrorism, there are many other issues to consider. For example, what if evacuation is not the best course of action? Perhaps a terrorist is on the loose in the city. Putting people out onto the street is about the worst thing you can do if bombs are going off nearby. So facility and security professionals should have other plans in place; these should include search, invacuation, and active shooter plans.
It is also important to be sure you have good communications within a building that inform people of what they should do. Most importantly, all plans must be practiced.
Security in any building, whether a crowded place or not, will only work if it is holistic and is applied across all areas of the business. In this regard, holistic means security plans must cover the three disciplines of: Physical; Personnel; and Information/Cyber. Frequently businesses concentrate on one or two of these areas, but fail to cover all three. There really is no point in building a physical or digital fortress if you fail to check that the person allowed to work the system was in fact a threat. If your staff don’t understand the value of the information they hold or the value of working in a secure environment, then the business will not be secure.
It may be useful to look at the top 10 security guidelines your business should have in place. It is important that someone with responsibility for a business ensures that these areas are covered So whether you are creating, reviewing or updating security plans, keep these 10 points in mind:
1. Whether they are direct or indirect risks you should at least know what issues you may face. It is vital therefore that you conduct a risk assessment. You should then be able to decide on the threats your organization might face—and of course the likelihood that they may happen. This should also allow you to identify your existing and potential vulnerabilities and the impact of any breaches of security.
2. Consider security from the earliest stage possible. If security is given an early seat at the table of any change of building or process, it will be invariably be much cheaper and more effective than adding measures later.
3. Security should be at the core of everything a business does. It is essential that all staff are aware of the value of security. Build a culture where everyone buys into keeping the business safe. This must come from all levels in the business, from the CEO to the lowest paid member of staff. It is important that security standards are maintained, and staff should be kept regularly informed of security issues.
4. It is essential to have good basic housekeeping throughout the premises. Keep public areas tidy and well-lit, remove unnecessary furniture and keep garden areas clear.
5. The more entry and exits to a building there are, the more difficult it is to secure it. So keep access points to a minimum and issue staff and visitors with passes. Vehicles are a particular problem and wherever possible, do not allow unauthorized vehicles close to the building.
6. Most companies these days have some security measures. But are they appropriate to the risks you face. It is vital to know your own crown jewels so that you can protect them to the correct level. There is no point spending thousands on a new door if you leave the window unlocked. So install appropriate physical measures—locks, alarms, CCTV surveillance, lighting and glazing protection, for example.
7. Businesses often forget the amount of disruption a suspicious package can cause. Ensure that mail is handled properly. Make sure the mailroom/area is not adjacent to a critical part of the business. In fact, consider establishing this function away from the main premises if possible.
8. Pre-employment checks are vital to help ensure that you do not hire someone who is a threat to you. So when recruiting staff or contractors, ensure that you check identities and follow up on references.
9. Your information is often your most vital asset. Give proper consideration into the best ways to protect information and ensure that property IT security precautions are taken.
10. No matter what actions are taken to secure a business, it is always possible that you will suffer from a major incident. Therefore it is vital to plan and rehearse incident response and business continuity plans. No plan will work if it hasn’t been tested. It business functions are more important than others. Make sure the important ones can continue during and after disruptions.
Phillips founded International Protect and Prepare Security Office after working for 30 years as a police officer. This included event commander for major sporting events and concerts at Twickenham Stadium. As a public order commander he led teams at many hundreds of public order and security events across London. Phillips specializes in the field of strategic counter terrorism security advice and best practice. From 2005-11, he was Head of the National Counter Terrorism Security Office for the United Kingdom. He is a fellow of the Security Institute (FSyI) and the Chartered International Institute of Security and Crisis Management (FCIISCM).
Phillips has spoken at events that include ASIS, ISSA, MEI, CSO Summit, and Counter Terror Expo. Scheduled for April 21-22, 2015 in London, the Counter Terror Expo is an international exhibition and conference focused on mitigating the threat of terrorism.