Security Professionals Gather in Lagos

Twenty five security professionals gathered in Lagos, Nigeria last week to attend the ARC Training Security Coordination and Management course. The course, held in cooperation with Cardinal Security Services, is one of a regular series of security education and training events held in Nigeria. Delegates from a wide range of businesses as well as from government agencies covered such subjects as risk management, security design and information protection. A group of them can be seen here practicing their skills in a business security simulation.

New Interim Chief for SIA

The Security Industry Authority (SIA) has gone outside the private security industry for its interim chief exec after the sudden exit of Mike Wilson as announced last Thursday, November 6, reports Professional Security online:
http://www.professionalsecurity.co.uk/newsdetails.aspx?NewsArticleID=10264&i

Chairman, Baroness Ruth Henig, has announced the appointment of Dr Bernard Herdan CB as interim Chief Executive of the SIA. Dr Herdan is expected to join the SIA on November 17 until the recruitment process for a permanent Chief Executive is completed. Until September 2008 he was Executive Director of Service Delivery at the Identity and Passport Service (IPS). Before this he was Chief Executive of the UK Passport Agency and was responsible in this position for the establishment and initial operations of the Criminal Records Bureau until it became a separate Agency in September 2003.

Examining the Nature of Terrorism

YouTube carries a very interesting Al-Jazeera English Service examination of the nature of terrorism through interviews with two internationally-renowned experts: Dr Jerrold Post (author of The Mind of a Terrorist) and Dr Louise Richardson (author of What Terrorists Want).

The link can be found at:

http://uk.youtube.com/watch?v=dTM_DrGlux0

Some of the difficult points addressed by the two experts were:

Defining Terrorism

Richardson: Terrorism is the deliberate targeting of civilians.
Post: The need to identify both the “target of violence” and the “target of influence”, which may be different.
Post: Terrorism should be a dispassionate term that refers to a particular type of tactic. We should be able to use the word terrorism even when we agree with the cause, if it describes the action, eg targeting civilians.

Terrorism and Human Rights

Post: The need to be careful how terrorism is dealt with so that we do not degrade the very human rights we are trying to protect.

Negotiating with the Adversary

Richardson: Advocates discreet negotiations with Al-Qaeda (Ayman Al-Zawahiri).

Suicide or Martyrdom?

Post: Al Qaeda strongly rejects that the notion that suicide and martyrdom are the same, asserting that suicide is weak, martyrdom is great.

Terrorist Profile

Richardson: Difficult to produce a terrorist profile since terrorists are essentially psychologically normal people who have chosen to pursue a cause in a violent manner.

Support

Post: There are 5,000 websites worldwide that promote the agenda of Al Qaeda.

Armed Hold Up Best Practice Tips

Delegates attending the ARC Training Special Risks Course in Prague during the period 13-14 November 2008 studied a range of complex security problems, including Managing the Risk of Terrorism, Anti-Illicit Trade Management, Malicious Product Tampering Response, Protecting People at Risk, Kidnap Risk Mitigation, and Armed Hold-Up.

Delegates learned that measures to reduce the risk of armed hold-up include:

General

1. Robbery is theft with the use of violence. The violence may be actual or threatened.
2. Some robberies take place without weapons. This is when injuries often occur to have-a-go-hero staff.
3. In most cases, the victims do not know the robbers prior to attack.
4. In many cases robbers score on stimulant-type drugs or alcohol before an attack. They will be nervous and scared. Under such circumstances they will probably behave with extreme violence, irrationally and the risk of a firearm going off is high.

Workplace Robbery Risk Mitigation

1. Keep the premises tidy and use mirrors for greater vigilance.
2. Don’t always assume that it will be company property that a robber will seek. He may be after cellphones and wallets of lone workers.
3. Ensure that back rooms are out of view.
4. Secure external exits to back rooms at all times (consistent with fire regulations), as this is an obvious surreptitious route of entry.
5. It is useful to keep a radio on in back rooms, to give the impression of others on site.
6. Greet all persons entering a retail facility. This may put off a robber.
7. Look for loiterers outside and inside. If inside, approach and offer assistance. If the situation looks dangerous, alert security.
8. Employees should be trained in armed robbery survival personal safety. Such seminars focus on psychologically surviving a life threatening scenario and provide advice on body language, hand positioning and movement, how to safely communicate with a robber etc. Delaying tactics should never be used as this may anger the robber and endanger life.
9. Armed robberies are usually over in less than 1 minute. Even robberies of banks usually take less than 2 minutes.
10. Instruct staff never to discuss security arrangements with friends or relatives.
11. Vet staff carefully. Robbers often collude with insiders. Sometimes this is through intimidation and threats.
12. Keep a minimum of working cash on site, especially at night when most robberies occur.
13. Use drop safes for larger bills.
14. Use specialist CVIT service to take accumulations of cash off site.
15, Post signs on doors making it clear that staff cannot open safes (time locks), that cash is regularly removed etc.
16. Note that very vulnerable times are at opening and closing. Try to have a second person present at these times.
17. Staff should not “cash up” in full view at the end of the shift. This could tempt a robbery.
18. Cash should be counted in a secure location.
19. Record the serial numbers of a few bills as it may later help police track down robbers.
20. Ensure site is equipped with CCTV that is capable of producing a good quality off-site recording of 120% of any attacker for identification and evidential purposes. But note that robbers are often not deterred by CCTV; their concern is not getting shot or caught at the time of the robbery.
21. Staff should be aware that their own personal safety and that of anybody else on the premises far outweighs any concern for the security of cash. Thus, they should cooperate with armed robbers and offer no resistance.
22. Note should be taken of any persons loitering suspiciously outside the facility. While this may not indicate an immediate threat, it may be useful in a post-robbery investigation.
23. There should be a means of escape from behind the counter without having to pass the robber. If this leads to a back exit door this should be secured from the inside and alarmed at all times.
24. Consider installing a personal attack button (PAB), but ensure the activation of this does not put employees or customers at risk. The alarm should not sound locally but monitored by a competent response authority. PABs should not be under-the-counter hand-operated as the robber will be alert to this. Consult CAS for advice.
25. Ensure that the pubic area of the facility is clearly visible from passers by, in order to deter the robber. Windows cluttered with posters and remote cash tills add to the robbers’ advantage.
26. Use doorbells.
27. At high risk facilities, consider “airlock “ doors, and bullet resistant glass between public and cash handlers.

Workplace Robbery In Progress Risk Mitigation

1. Staff must obey the instructions of the robbers without hesitation. When moving hands, especially if out of sight (below counter, in pocket etc), staff should always seek the permission of the robbers.
2. Customers should be instructed to obey the instructions of the robbers. Staff should be on the lookout for “heroes”.
3. Staff may experience the symptoms of nervous shock, such as pain in the legs and arms, trembling, difficulty of vision, sweating, dryness of mouth, weak and shaking knees etc. They should be made aware of this reaction beforehand and try to control the symptoms by deep breathing.
4. Firearms should always be assumed to be real and loaded.
5. Staff should alert robbers to any possible surprises, such as an employee in the back room.
6. Staff should be trained to take mental notes about the robber. (Age, physique, gait, hair, complexion, accent, clothes (especially footwear), hands, tattoos, weapons, nicknames. It is useful to work from head to foot taking mental “snapshots”.
7. Once the robbery has begun, the objective should not be to thwart the robber’s objectives, but to get him out of the facility as quickly as possible.
8. Staff should be instructed to speak only when spoken to.
9. If the robber’s demands cannot be met, staff should be able to offer an alternative.
10. The only occasion that warrants possible resistance is when robbers attempt to leave the premises with a hostage.

Post Workplace Robbery Actions

1. The premises should be locked as quickly as possible and the police called.
2. Customers should be requested to remain on site until arrival of the police. If they refuse, names and addresses should be taken.
3. Staff should write down immediately all they can remember about the attackers, including details of vehicle, and direction of travel.
4. Staff should keep all details of what has been stolen for the investigating officers, not the first responder police, who may talk to the media.
5. Staff should not disturb any physical evidence.
6. Staff will require special counselling to combat the later onset of post-traumatic stress disorder.

Internationally-Recognised Security Management Certification

The internationally recognised ASIS Physical Security Professional Certification programme has arrived in Nigeria! Over a dozen security managers attended an ARC Training five day review course in Lagos recently to prepare them for the examination to achieve this prestigious award.

The PSP certification is offered by ASIS International, the world’s leading security professional organisation. It requires candidates to have a detailed knowledge of security risk assessment, design and installation as well as other areas supporting the successful planning and implementation of physical security management systems.

ARC Training's preparation programme for this prestigious examiantion is a blend of distance learning, on-site training and self-study. It will terminate in a further review session early in 2009, followed by the final, independently adjudicated exam. Facilitated by ARC International’s Peter Horsburgh CPP, PSP, attendees can be seen here hard at work in preparation for their daily test.

For more information on how to bring this training to you, contact Janet.

Laptop Theft Reality Check – How Big is the Problem, What is the Impact, and What Can You Do about It?

Laptop theft has four main impacts, of which replacement cost is usually the most minor. The major impacts are disruption to the business; potential gain by an adversary of sensitive business information; and reputation damage or litigation due to loss of personal private client/employee data.

Key Points

1. The chance that a laptop will be stolen or lost during any twelve months is one in ten, according to a 2002 Gartner Group study.


2. Many large companies loose about 100 laptops a year. It only takes one laptop to fall into the wrong hands for a journalistic “coup”.


3. Because laptops are portable, they are highly susceptible to theft.


4. Researchers at Credant Technologies have determined that 25% of laptops are stolen from the office or the owner’s car. Another 14% are lost in airports or on airplanes.


5. In London every year thousands of laptops are left in taxis. Thousands more are stolen from UK hotels.


6. Worldwide, over one million laptops are stolen every year, according to the FBI.


7. The chance that a laptop will be stolen or lost during any twelve months is one in ten, according to a 2002 Gartner Group study.


8. The chance of recovering a stolen laptop is almost negligible. According to the FBI, for example, 97% of stolen laptops are never recovered.


9. Ponemon Institute’s 2006 U.S. Survey on Confidential Data at Risk concluded “both business and government organizations are not taking appropriate steps to safeguard sensitive or confidential information such as intellectual property, business confidential documents, customer data, and employee records.”


10. Estimates of the cost of a single laptop loss vary from $5,000 per incident to $5 million per incident.


11. In a 2005 survey by Credent Technologies, employees who had lost laptops were unproductive for two weeks before they were able to resume regular activities.


12. In a Ponemon study conducted in 2005, researchers found data breaches seriously affected corporate reputation, corporate brand, and customer retention. When notified of a breach, almost 20% of customers terminated their relationship with the company. Another 40% considered termination.


13. The loss of a laptop with confidential information is a privacy violation, which in turn can lead to civil liability.
    
    The ASIS Foundation has produced what is probably the best ever report on laptop theft and theft mitigation. The report can be downloaded from:
    
    http://www.asisonline.org/foundation/lostlaptop.pdf
    
    or contact David to obtain a copy by email.

Security Professionals Gather in the Czech Republic

Day 2 of the Security Risk Management Course in Prague, conducted by David Cresswell, discussed the concept of embedding into the business a security culture, rather than trying to impose upon business a security regime of “guards, gates and guns”.

One participant shared with the group an interesting initiative undertaken in his own organisation: the CEO had personally sent out an email to all employees designed to measure their company security awareness. Apart from the obvious objective, the email created two by-products. First, it further increased awareness through the way in which the questions were framed. Second, it demonstrated unequivocal top management support for the company’s security programme.

Seven delegates, representing a range of companies including telecommunications, mining, petrochemicals, guarding, technology and the Prague Municipality, are attending the three-day programme, which is delivered through translation into the Czech language in collaboration with ARC’s Czech partner, the Prague-based Orange Group a.s.

Meanwhile, Peter Horsburgh is in Nigeria conducting a one-week Security Coordination and Management Course, Phil Wood is in Dubai conducting Business Continuity and Crisis Management Training, and Janet remains in the UK to look after delegates attending the Investigating IT Misuse Course!