Wednesday, November 26, 2008

Developing Skills in Security Management

Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.”
Corporate Security Manager, Manufacturing Company


18 – 29 January, Bahrain
9 – 20 March, Cape Town
23 March – 3 April, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1

***


Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful
programme and highly recommended for security professionals..”
Security Manager, Multinational Oil Company

9 – 20 February, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2

***


Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.”
Security Manager, Logistics Company

9 – 20 February, Kuala Lumpur
11 – 22 May, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3

***


Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”
Company Fire Prevention & Security Manager, Manufacturer

23 – 27 February

http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b

***


Retail and Supply Chain Management
New Course - Conducted by Barry Vincent MSc, MA and Mike Goodman MSc - former heads of security with leading international retailers and specialists in supply chain and distribution

27 – 29 January

http://www.arc-tc.com/pages/other_accredited_sm.asp#s6

For details on any ARC course, or to make a booking, contact Janet.

Many more courses can be found at www.arc-tc.com

Retail Security – Best Practice Hints and Tips

Keep alert for suspicious or abnormal behaviour such as:


- Constantly looking around watching staff
- Appearing nervous
- Taking little notice of products
- Wearing clothing inappropriate for the time of year that may be used to hide goods
- Carrying a large bag
- Carrying a coat over their arm or shoulder
- Repeatedly refuses your offers of help
- Wheeling around a baby buggy when a shop baby trolley is available
- Appearing to have concealed an item
- Spending a long time browsing



Measures to discourage shoplifting…



- Good customer services - Always acknowledge the customer and regularly ask if they need help. Do this if you are suspicious of a customer;



- Secure stock - Make sure the shop is tidy, well lit and laid out so all areas are visible from the CCTV cameras. High valued items can be held behind the counter;



- Warehouse and store rooms - Always escort deliveries and follow the security rules in this area. An authorised touch pad lock should restrict these rooms.



- At the checkout - Take out high value notes regularly and store in a safe. Be observant of baby buggies and the bottoms of trolleys. Check items that appear cheaper than you think they should be. Never turn away from an open till draw. Look out for fake notes. Check card and cheque signatures carefully. Tills should be protected from the customer by screens. Do not count cash in front of customers.



- Banking security controls - Anchor safes to the floor. Use a professional service to collect cash from your shop and where this service is not available bank at different times of the day and never alone or in a work uniform. Don't carry cash in bags that are obviously bank bags.

- Key control - Don't leave keys in doors, on counters or in drawers. Sign a register for any keys. Keep spare keys in a secure cabinet. Safe and security room keys should not be left on the site over night.



- Other - If you are suspicious of a customer make them feel nervous by walking passed them, talking on the phone and letting them see you do it. Also let them see you walking near the shop exit and talking to other staff. Thieves may try to rush you to avoid noticing forged notes etc, so always take your time.



What to do if someone becomes abusive or threatening?



- Try to separate yourself from the offender (e.g. get behind a counter)
- Remain calm
- Use methods to diffuse the situation
- Put personal safety first
- Know how to raise the alarm and operate security equipment
- Do not resist or follow violent offenders
- Remember information such as a description of the offender
- Write what happened in the incident book.



Source: http://www.crimereduction.homeoffice.gov.uk/business/business36.htm

For details on ARC Training’s new Retail and Supply Chain Security Course, 27-29 January, led by two former heads of retail security, contact Janet or go to

The Flu Pandemic – Are You Prepared for this Inevitable Event and Dare You Read these Chilling Predictions?

This is what Lloyds of London is saying:

1. A pandemic is inevitable.

2. A repeat of the 1918 event is expected to cause a global recession with estimated impacts ranging from 1% to 10% of global GDP. Most industries will be affected, some more than others. In particular, industries with significant face to face contact will be impacted significantly.

3. The World Health Organisation reports that we have passed the “interpandemic period” and are now in the first stage of the “pandemic alert period”, due to concerns of Avian Influenza H5N1.

4. Taking the 1918 pandemic as an example, it infected around 30% of the population and had a case mortality rate of up to 2.5%. Unusually, it most affected those aged between 20 and 40 (the young and old were affected, but no more than normal seasonal flu). The pandemic killed between 20 million and 100 million people.

5. If the pandemic starts elsewhere, it will probably reach the UK within 2-4 weeks.

6. Until a virus has emerged there are so many unknowns we cannot prepare a vaccine. It then takes several months to isolate the virus and prepare a vaccine; which will therefore not be available to fight the first wave of pandemic.

7. Unlike the 1918 pandemic, global networks, global travel, larger populations, concentrations in cities, large pools of sick or incubating people in buildings or on public transport will accelerate the spread.

According to Lloyds, many businesses are not prepared for this inevitable event which could lead to prolonged employee absentee levels of 50% and many fatalities. Their finding include:

1. Over three-quarters of companies have inadequate plans for coping with a flu pandemic.

2. Around a third of businesses have no strategy at all, while 14% have only rudimentary contingency plans.

3. Around a third of executives are unaware of how their companies intend to deal with the threat, only 22% are comfortable that they are prepared.

For a full copy of the report, contact David.

Business Continuity Management is addressed as a one-day workshop on the Security Management Stage 2 Course. The next Stage 2 course takes place in the UK, 9-20 February 2009. Contact Janet for details.

To enquire about how an ARC associate can assist you in preparing your Pandemic Business Continuity Plan contact David.

Online Business Studies Resource

Great background reading and company case studies available at:

http://www.thetimes100.co.uk/index.php

Topics include:

- Business Ethics and Corporate Social Responsibility
- Using PEST Analysis to Manage External Influences
- Managing Risk through Effective Team-Based Decision Making
- SWOT Analysis in Action

Changes to the Computer Misuse Act Tighten the Noose on Cyber Criminals

A law criminalising denial of service attacks and the supply of hacking tools has been brought into force in England and Wales after a number of delays. The law was already in force in Scotland.

Denial of service (DoS) attacks involve the simultaneous sending of millions of messages or page requests to an organisation's servers. The sudden, massive deluge of information can render website and email servers inoperable.

Read the full story at:

http://www.out-law.com/page-9592

Maritime Hijackings Are Decreasing in Asia

In the Gulf of Aden Somali pirates use automatic rifles and RPGs. In SE Asia it may be knives and catapults. Read the full story at:

http://www.nytimes.com/2008/11/19/world/asia/19asiaships.html?_r=2

Tuesday, November 25, 2008

Fraud Report Provides Comprehensive Guidance

The word ‘fraud’ is often understood to mean the covert theft of financial assets within business; however, fraud has many facets. Kroll’s Global Fraud Report 2008/2009 examines the world trends in fraud and also provides information on many other aspects of the subject and associated investigations which are an excellent source of guidance and advice.

The report is available in downloadable PDF through the following link, along with other resources concerning issues such as supply chain fraud and investigation procedures.

http://www.kroll.com/library/fraud/FraudReport_English-UK_Sept08.pdf

ARC has a range of Fraud and Investigation courses available throughout 2009 which deal in detail with the issues raised in reports such as Kroll’s and provide an essential tool for those involved in preventing fraud and in managing investigations into suspected fraudulent activity.

The ARC 2009 Brochure http://www.arc-tc.com/pages/documents/ARCTraining2009Brochure.pdf
has more information or contact Janet Ward for more details.

Monday, November 24, 2008

16 Recommendations for Better Laptop Security

The 16 security managers currently attending the postgraduate university-accredited Security Management Stage 1 Course spent Monday 24th November tackling the difficult problem of information security, a subject of topical concern given the recent high profile data loss incidents.

The training day concluded with a look at laptop security, during which delegates formulated procedures which could be realistically implemented in order to reduce exposure to hardware loss and data compromise. The recommendations included:

1. Laptops should be equipped with a basic security software suite to ensure that they are protected when in use off-site. This should include anti-virus software, anti-spyware software and a firewall.
2. Encryption should be available on all laptops.
3. Boot sector password protection as standard.
4. Card and PIN access control to be fitted. Biometrics may provide an alternative, but currently most biometrics systems on laptops have a password override, thereby reducing security.
5. USB ports should be disabled, or access managed using special software.
6. During working hours, laptops should be secured to worktops using cable locks. Security staff should patrol to ensure that this rule is not violated at night.
7. If laptops are left on site overnight, they should be secured in a special cabinet.
8. There should be comprehensive policies and procedures to cover laptop security. These should be realistic, communicated and understood. Compliance should be audited.
9. Staff should be made aware of the risks, and trained in laptop risk management.
10. User should exercise good email discipline so that laptops do not become infected with malware when off-site.
11. Laptops should never be left unattended.
12. Laptop losses should always be investigated and, if necessary, action taken against the employee if negligence can be established.
13. Off-site communications with the corporate network should take place over virtual private network (VPN) tunnels.
14. Users should be denied permissions (by logical controls) to install any software.
15. Data should be backed up regularly. If in frequent off-site use, special provisions should be made for this.
16. There should be regular reviews of data held, and any unnecessary data should be destroyed using a shredding programme.

Improving Terrorism Resilience of Chemical and Petrochemical Facilities by the Use of Inherently Safer Technologies

The US Department of Homeland Security and numerous security experts have repeatedly warned that terrorists could use industrial chemicals as improvised weapons of mass destruction. Current chemical security efforts, however, are inadequate to protect workplaces and communities.

Most of the US’s 101 most dangerous chemical and petrochemical facilities could become less attractive terrorist targets by converting to alternative chemicals or processes. Doing so would improve the safety and security of more than 80 million Americans living within range of a worst-case toxic gas release from one of these facilities, according to data compiled for this report. Millions more living near railroads and highways used for transporting hazardous chemicals would also be safer and more secure.

Read the full report at:

http://www.americanprogress.org/issues/2008/11/chemical_security.html

IT Security’s Emerging Threat – Employees under 30! Seven Things You Need to Be Worried About

Since Nov. 5, three separate studies -- from Accenture, Intel, and ISACA, a major IT users group -- have indicted the youngest generation of employees as one of the enterprise's newest and most serious security risks. Seven of the key risks posed by this group are:

1. Unaware of company IT policy and lack of inclination to adhere.
2. Use of non-approved personal communications and storage devices for work-related activities, thereby significantly raising the risk of data loss or compromise.
3. Use of non-supported (and insecure) applications for work-related activities – examples: Facebook and IM.
4. Younger employees' propensity to download non-sanctioned applications.
5. Lack of interest in the security of their desktop PCs.
6. Online shopping during working hours (one in four respondents either does not check -- or is unsure how to check -- the security of a site before making a purchase).
7. Giving online retailers work emails, which can leave the enterprise network open to a variety of threats.

Read the full report at:
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212100952

Biometric Focus – Finger Vein Authentication Begins to Replace Fingerprint Authentication

Source: Times Online

Forget fingerprinting. Companies in Europe have begun to roll out an advanced biometric system from Japan that identifies people from the unique patterns of veins inside their fingers.

Finger vein authentication, introduced widely by Japanese banks in the last two years, is claimed to be the fastest and most secure biometric method. Developed by Hitachi, it verifies a person's identity based on the lattice work of minute blood vessels under the skin.

Read on by clicking below:

http://technology.timesonline.co.uk/tol/news/tech_and_web/article5129384.ece

Biometric Access Control of one of many subjects covered in the two-week Security Management Stage 1 Course, currently being run in the UK with 16 participants from the UK, Russia, Saudi Arabia, Italy, Democratic Republic of Congo, Nigeria, Sudan and Kazakhstan.

The next Security Management Stage 1 Course will take place in Bahrain, 18-29 January 2009, and thereafter in Cape Town, 9-2- March 2009. For further details click on the link below or contact Janet.

http://www.arc-tc.com/pages/reg_train.asp

Friday, November 21, 2008

Technology Sets Sights on Maritime Crime

The BBC’s technology reporter discusses was to protect ships and other offshore facilities against criminal threats, such as piracy, at:
http://news.bbc.co.uk/1/hi/technology/7735685.stm


Offshore and maritime security is one of a range of subjects covered in the new Managing Security Risks in the Oil & Gas Sector, which will be taking place in the UK, 24-28 August 2009.

For details, go to:

http://www.arc-tc.com/pages/other_accredited_sm.asp#s1

To make a provision booking and reserve a place, contact Janet Ward.

Don’t Bribe Your Way into Jail!

Employers in the UK who negligently fail to prevent bribery by their employees or agents could face up to 10 years in prison under a new law proposed by the Law Commission today, reports Out-Law.com.


The Law Commission recommends that it should be an offence for a company "negligently to fail to prevent bribery where someone (A) performing services on that organisation’s behalf bribes another person, the bribe was in connection with the business of that organisation, and someone (other than A) connected with or employed by the organisation, who has responsibility for preventing bribery, negligently fails to prevent A bribing the other person."


"We recommend that it should be possible to hold directors, managers, secretaries or similar officers of a body corporate individually liable if they consent to or connive at the commission of bribery by the body corporate," said the Law Commission.


Full story at:
http://www.out-law.com/page-9613

Security Management Team Tackles the Tiger

The security professionals currently attending the ARC Training Security Management Stage 1 Course in the UK are attacking their course project 'Sumatran Tiger' with unusual vigour.

16 delegates from various countries are tackling the 2-week long project, with which our previous alumni will be familiar, and are currently deep into research and planning including a detailed risk analysis in readiness for presenting their project solution at 'board' level. The course has been split into four groups and already the teams are showing signs of serious competitiveness.

Sumatran Tiger aims to validate and consolidate the delegates' understanding of the course content and is an invaluable confidence and knowledge builder for security professionals. On current indications - we are expecting great things from this group!

Tuesday, November 18, 2008

Getting the Board to Buy in to Security

During a recent ARC security management course, delegates discussed ways in which to achieve better Board engagement in security strategy. Some recommended methods included:

1. Speak the language of the Board: risk management and finance.
2. Demonstrate that you understand the business, the business drivers, strategic objectives and the business model, and the sector dynamics.
3. Share their aspirations, aims and objectives.
4. Risk-based security measures that can demonstrate ROSI.
5. Add value by demonstrating that you are multi-talented.
6. Present security solutions that are cost effective, least inconvenient, and have stakeholder buy-in.
7. Use “we” and not “you”, or use “the business”.
8. Understand convergence and how security systems can become multifunctional (cross-functional) and add cross functional value to the business.
9. Ensure that your priorities and those of the Board coincide, but be prepared to raise issues that you feel strongly about.
10. Be able to compromise. Don’t anchor yourself to a principle or solution and always show flexibility by having alternatives.

Cybercrime Wave Sweeps Britain

The BBC is reporting that a cybercrime wave is sweeping Britain, and much of it it home-grown. Citing a report by online identify firm Garlik the story claims that more than 3.5 million online crimes were committed in the UK last year.

One interesting revelation in the report is the origin of cybercrime, the popular conception of which believes it originates in Eastern Europe or Africa. Not so, says the FBI’s Internet Crime Complaint Center - Britain came second after the United States as the source of online crime.

For a link to the story click below.
http://news.bbc.co.uk/1/hi/technology/7697704.stm

Free CCTV Guide

CCTV expert John Honovich has released version 2 of his excellent book on IP CCTV. The publication is free to download from http://www.arc-tc.com/pages/resources_publications.asp.

Just navigate down the page to the CCTV heading and click on the last link.

Monday, November 17, 2008

Anti-Illicit Trade Resources

The Anti-Counterfeiting Group (ACG) is a not for profit trade association, recognised as a leading authority on the worldwide trade in fakes. ACG was founded in the UK in 1980 with just 18 members in the automotive industry, who discovered that they all had a common problem with counterfeit parts. We now represent nearly 200 organisations globally, operating in, or providing specialist advice to, most industry sectors where counterfeiting is an issue.

The ACG’s website, with a wealth of useful resources, can be found at the following link:

http://www.a-cg.org/guest/about_acg/guest_about_acg_overview.php

Illicit Trade and Counterfeiting is covered on the forthcoming Security Management Stage 3 Course in Kuala Lumpur, 9-20 February 2009. Other course subjects include: Corporate Risk Management; Corporate Social Responsibility; Adding Strategic Value to Security Management; Setting a Vision for Corporate Security; Kidnap Risk Reduction & Response; Illicit Trade & Counterfeiting; Product Tampering & Extortion; Investigating Information Leaks; Security Project Management; IT Security - Managing Strategic Risks; Terrorism - Future Trends & Responses; External Liaison & Stakeholder Engagement; Business Expansion - Security Considerations; Security Intelligence; Dealing with Protest Activity; Strategic Security Management Exercise; Multi-Site Security Management Project.

Contact Janet for details.

Becoming a More Effective Security Manager

During a recent security management course delegates discussed the range of skills that they felt necessary for a security management to possess in order to be effective. All agreed that interpersonal and communication skills were paramount.

In addition to pure security management skills, delegates divided the remaining skill requirements into two sets: business management skills and soft skills.

Business management skills, according to the group, included: project management, finance management, time management, presentation skills, planning skills, IT skills, and managing change. Much of this training can be sourced internally or by attending evening classes at local colleges.

The softer skills were more difficult to achieve through training, but training would at least deliver some of the underlying principles. Softer skills included: interpersonal skills, communication skills, negotiating, influencing, leadership, problem solving, analysis, relationship building, and listening skills.

Importantly, it was recognised that effective security managers are those who have the ability to communicate well with all levels of the business.

Security Professionals Gather in Lagos


Twenty five security professionals gathered in Lagos, Nigeria last week to attend the ARC Training Security Coordination and Management course. The course, held in cooperation with Cardinal Security Services, is one of a regular series of security education and training events held in Nigeria. Delegates from a wide range of businesses as well as from government agencies covered such subjects as risk management, security design and information protection. A group of them can be seen here practicing their skills in a business security simulation.

Sunday, November 16, 2008

New Interim Chief for SIA

The Security Industry Authority (SIA) has gone outside the private security industry for its interim chief exec after the sudden exit of Mike Wilson as announced last Thursday, November 6, reports Professional Security online:
http://www.professionalsecurity.co.uk/newsdetails.aspx?NewsArticleID=10264&i

Chairman, Baroness Ruth Henig, has announced the appointment of Dr Bernard Herdan CB as interim Chief Executive of the SIA. Dr Herdan is expected to join the SIA on November 17 until the recruitment process for a permanent Chief Executive is completed. Until September 2008 he was Executive Director of Service Delivery at the Identity and Passport Service (IPS). Before this he was Chief Executive of the UK Passport Agency and was responsible in this position for the establishment and initial operations of the Criminal Records Bureau until it became a separate Agency in September 2003.

Examining the Nature of Terrorism

YouTube carries a very interesting Al-Jazeera English Service examination of the nature of terrorism through interviews with two internationally-renowned experts: Dr Jerrold Post (author of The Mind of a Terrorist) and Dr Louise Richardson (author of What Terrorists Want).

The link can be found at:

http://uk.youtube.com/watch?v=dTM_DrGlux0

Some of the difficult points addressed by the two experts were:

Defining Terrorism

Richardson: Terrorism is the deliberate targeting of civilians.
Post: The need to identify both the “target of violence” and the “target of influence”, which may be different.
Post: Terrorism should be a dispassionate term that refers to a particular type of tactic. We should be able to use the word terrorism even when we agree with the cause, if it describes the action, eg targeting civilians.

Terrorism and Human Rights

Post: The need to be careful how terrorism is dealt with so that we do not degrade the very human rights we are trying to protect.

Negotiating with the Adversary

Richardson: Advocates discreet negotiations with Al-Qaeda (Ayman Al-Zawahiri).

Suicide or Martyrdom?

Post: Al Qaeda strongly rejects that the notion that suicide and martyrdom are the same, asserting that suicide is weak, martyrdom is great.

Terrorist Profile

Richardson: Difficult to produce a terrorist profile since terrorists are essentially psychologically normal people who have chosen to pursue a cause in a violent manner.

Support

Post: There are 5,000 websites worldwide that promote the agenda of Al Qaeda.

Thursday, November 13, 2008

Armed Hold Up Best Practice Tips

Delegates attending the ARC Training Special Risks Course in Prague during the period 13-14 November 2008 studied a range of complex security problems, including Managing the Risk of Terrorism, Anti-Illicit Trade Management, Malicious Product Tampering Response, Protecting People at Risk, Kidnap Risk Mitigation, and Armed Hold-Up.

Delegates learned that measures to reduce the risk of armed hold-up include:

General

1. Robbery is theft with the use of violence. The violence may be actual or threatened.
2. Some robberies take place without weapons. This is when injuries often occur to have-a-go-hero staff.
3. In most cases, the victims do not know the robbers prior to attack.
4. In many cases robbers score on stimulant-type drugs or alcohol before an attack. They will be nervous and scared. Under such circumstances they will probably behave with extreme violence, irrationally and the risk of a firearm going off is high.

Workplace Robbery Risk Mitigation

1. Keep the premises tidy and use mirrors for greater vigilance.
2. Don’t always assume that it will be company property that a robber will seek. He may be after cellphones and wallets of lone workers.
3. Ensure that back rooms are out of view.
4. Secure external exits to back rooms at all times (consistent with fire regulations), as this is an obvious surreptitious route of entry.
5. It is useful to keep a radio on in back rooms, to give the impression of others on site.
6. Greet all persons entering a retail facility. This may put off a robber.
7. Look for loiterers outside and inside. If inside, approach and offer assistance. If the situation looks dangerous, alert security.
8. Employees should be trained in armed robbery survival personal safety. Such seminars focus on psychologically surviving a life threatening scenario and provide advice on body language, hand positioning and movement, how to safely communicate with a robber etc. Delaying tactics should never be used as this may anger the robber and endanger life.
9. Armed robberies are usually over in less than 1 minute. Even robberies of banks usually take less than 2 minutes.
10. Instruct staff never to discuss security arrangements with friends or relatives.
11. Vet staff carefully. Robbers often collude with insiders. Sometimes this is through intimidation and threats.
12. Keep a minimum of working cash on site, especially at night when most robberies occur.
13. Use drop safes for larger bills.
14. Use specialist CVIT service to take accumulations of cash off site.
15, Post signs on doors making it clear that staff cannot open safes (time locks), that cash is regularly removed etc.
16. Note that very vulnerable times are at opening and closing. Try to have a second person present at these times.
17. Staff should not “cash up” in full view at the end of the shift. This could tempt a robbery.
18. Cash should be counted in a secure location.
19. Record the serial numbers of a few bills as it may later help police track down robbers.
20. Ensure site is equipped with CCTV that is capable of producing a good quality off-site recording of 120% of any attacker for identification and evidential purposes. But note that robbers are often not deterred by CCTV; their concern is not getting shot or caught at the time of the robbery.
21. Staff should be aware that their own personal safety and that of anybody else on the premises far outweighs any concern for the security of cash. Thus, they should cooperate with armed robbers and offer no resistance.
22. Note should be taken of any persons loitering suspiciously outside the facility. While this may not indicate an immediate threat, it may be useful in a post-robbery investigation.
23. There should be a means of escape from behind the counter without having to pass the robber. If this leads to a back exit door this should be secured from the inside and alarmed at all times.
24. Consider installing a personal attack button (PAB), but ensure the activation of this does not put employees or customers at risk. The alarm should not sound locally but monitored by a competent response authority. PABs should not be under-the-counter hand-operated as the robber will be alert to this. Consult CAS for advice.
25. Ensure that the pubic area of the facility is clearly visible from passers by, in order to deter the robber. Windows cluttered with posters and remote cash tills add to the robbers’ advantage.
26. Use doorbells.
27. At high risk facilities, consider “airlock “ doors, and bullet resistant glass between public and cash handlers.

Workplace Robbery In Progress Risk Mitigation

1. Staff must obey the instructions of the robbers without hesitation. When moving hands, especially if out of sight (below counter, in pocket etc), staff should always seek the permission of the robbers.
2. Customers should be instructed to obey the instructions of the robbers. Staff should be on the lookout for “heroes”.
3. Staff may experience the symptoms of nervous shock, such as pain in the legs and arms, trembling, difficulty of vision, sweating, dryness of mouth, weak and shaking knees etc. They should be made aware of this reaction beforehand and try to control the symptoms by deep breathing.
4. Firearms should always be assumed to be real and loaded.
5. Staff should alert robbers to any possible surprises, such as an employee in the back room.
6. Staff should be trained to take mental notes about the robber. (Age, physique, gait, hair, complexion, accent, clothes (especially footwear), hands, tattoos, weapons, nicknames. It is useful to work from head to foot taking mental “snapshots”.
7. Once the robbery has begun, the objective should not be to thwart the robber’s objectives, but to get him out of the facility as quickly as possible.
8. Staff should be instructed to speak only when spoken to.
9. If the robber’s demands cannot be met, staff should be able to offer an alternative.
10. The only occasion that warrants possible resistance is when robbers attempt to leave the premises with a hostage.

Post Workplace Robbery Actions

1. The premises should be locked as quickly as possible and the police called.
2. Customers should be requested to remain on site until arrival of the police. If they refuse, names and addresses should be taken.
3. Staff should write down immediately all they can remember about the attackers, including details of vehicle, and direction of travel.
4. Staff should keep all details of what has been stolen for the investigating officers, not the first responder police, who may talk to the media.
5. Staff should not disturb any physical evidence.
6. Staff will require special counselling to combat the later onset of post-traumatic stress disorder.

Internationally-Recognised Security Management Certification



The internationally recognised ASIS Physical Security Professional Certification programme has arrived in Nigeria! Over a dozen security managers attended an ARC Training five day review course in Lagos recently to prepare them for the examination to achieve this prestigious award.


The PSP certification is offered by ASIS International, the world’s leading security professional organisation. It requires candidates to have a detailed knowledge of security risk assessment, design and installation as well as other areas supporting the successful planning and implementation of physical security management systems.


ARC Training's preparation programme for this prestigious examiantion is a blend of distance learning, on-site training and self-study. It will terminate in a further review session early in 2009, followed by the final, independently adjudicated exam. Facilitated by ARC International’s Peter Horsburgh CPP, PSP, attendees can be seen here hard at work in preparation for their daily test.


For more information on how to bring this training to you, contact Janet.

Wednesday, November 12, 2008

Laptop Theft Reality Check – How Big is the Problem, What is the Impact, and What Can You Do about It?

Laptop theft has four main impacts, of which replacement cost is usually the most minor. The major impacts are disruption to the business; potential gain by an adversary of sensitive business information; and reputation damage or litigation due to loss of personal private client/employee data.

Key Points

  1. The chance that a laptop will be stolen or lost during any twelve months is one in ten, according to a 2002 Gartner Group study.

  2. Many large companies loose about 100 laptops a year. It only takes one laptop to fall into the wrong hands for a journalistic “coup”.

  3. Because laptops are portable, they are highly susceptible to theft.

  4. Researchers at Credant Technologies have determined that 25% of laptops are stolen from the office or the owner’s car. Another 14% are lost in airports or on airplanes.

  5. In London every year thousands of laptops are left in taxis. Thousands more are stolen from UK hotels.

  6. Worldwide, over one million laptops are stolen every year, according to the FBI.

  7. The chance that a laptop will be stolen or lost during any twelve months is one in ten, according to a 2002 Gartner Group study.

  8. The chance of recovering a stolen laptop is almost negligible. According to the FBI, for example, 97% of stolen laptops are never recovered.

  9. Ponemon Institute’s 2006 U.S. Survey on Confidential Data at Risk concluded “both business and government organizations are not taking appropriate steps to safeguard sensitive or confidential information such as intellectual property, business confidential documents, customer data, and employee records.”

  10. Estimates of the cost of a single laptop loss vary from $5,000 per incident to $5 million per incident.

  11. In a 2005 survey by Credent Technologies, employees who had lost laptops were unproductive for two weeks before they were able to resume regular activities.

  12. In a Ponemon study conducted in 2005, researchers found data breaches seriously affected corporate reputation, corporate brand, and customer retention. When notified of a breach, almost 20% of customers terminated their relationship with the company. Another 40% considered termination.

  13. The loss of a laptop with confidential information is a privacy violation, which in turn can lead to civil liability.

    The ASIS Foundation has produced what is probably the best ever report on laptop theft and theft mitigation. The report can be downloaded from:

    http://www.asisonline.org/foundation/lostlaptop.pdf

    or contact David to obtain a copy by email.

Tuesday, November 11, 2008

Security Professionals Gather in the Czech Republic


Day 2 of the Security Risk Management Course in Prague, conducted by David Cresswell, discussed the concept of embedding into the business a security culture, rather than trying to impose upon business a security regime of “guards, gates and guns”.

One participant shared with the group an interesting initiative undertaken in his own organisation: the CEO had personally sent out an email to all employees designed to measure their company security awareness. Apart from the obvious objective, the email created two by-products. First, it further increased awareness through the way in which the questions were framed. Second, it demonstrated unequivocal top management support for the company’s security programme.

Seven delegates, representing a range of companies including telecommunications, mining, petrochemicals, guarding, technology and the Prague Municipality, are attending the three-day programme, which is delivered through translation into the Czech language in collaboration with ARC’s Czech partner, the Prague-based Orange Group a.s.

Meanwhile, Peter Horsburgh is in Nigeria conducting a one-week Security Coordination and Management Course, Phil Wood is in Dubai conducting Business Continuity and Crisis Management Training, and Janet remains in the UK to look after delegates attending the Investigating IT Misuse Course!