Security Threats and the Best Practice to Stay One Step Ahead
TerrorismWith the current threat to the UK from terrorism rated as ‘substantial’, meaning that an attack is likely, terrorism is one of the biggest security concerns for many.
Attacks could potentially occur at any location. Preventing them is challenging, with the target usually an individual choice that cannot always be anticipated. Many are concerned that the lockdowns brought in to help control the pandemic increased the number of radicalised, potential ‘lone wolf’ attackers as people spent more time alone online.
ActivismActivist groups that could pose a threat include Extinction Rebellion and Insulate Britain, with the likelihood of an increase in activity through Spring of 2022. With a focus on prolonged, disruptive, non-violent civil resistance, Extinction Rebellion and other organised campaign groups are highly likely to take action against specific companies they identify as acting too slowly on climate change or having links to other businesses that they perceive are acting too slowly. Insulate Britain repeatedly blocked major roads between September and November 2021, causing massive traffic disruption. Activists also often glued their hands to the road or each other to make it harder to remove them.
Urban explorationThe trend for people to trespass into buildings to explore, climb and post videos of their activity, poses a significant threat. Risks include physical danger to the climber on a business’s property, legal action against the building’s owners if the intruder is injured or killed, disruption to business operations, particularly if an evacuation is required and damage to property. As content is usually posted on social media, there is also the risk of reputational damage and of hostile reconnaissance being available to organised criminal gangs and terrorists.
- Insider threat can take many forms. It could be:
- A ‘deliberate insider’ that obtains employment with the intent of abusing their access
- A ‘volunteer/self-initiated insider’ who obtains employment without intent to abuse their access, but at some point, decides to do so
- An ‘exploited/recruited insider’ who obtains employment without intent to abuse their access, but at some point, are exploited or recruited by a third party to do so
- An ‘accidental insider,’ who by their actions might inadvertently leak information or provide other types of access, either because they haven’t received adequate training or because they have been asked to undertake an action that they don’t recognise as being something they shouldn’t do
Accidents, fire, natural disaster
Accidents can happen at any time, and there is also the chance that organisations could be affected by fire, flood or another natural disaster. Having a clear plan of action and security officers with relevant training, such as first aid and fire warden training, can make a huge difference to the impact of an event.
COVID-19 is a threat to security on many levels, from risks associated with new ways of working to potential staff shortages.
The pandemic has led to significant changes in ways of working and this has made cybersecurity, as well as physical security, a real challenge for many organisations. The Government’s cybersecurity breaches survey of March 2021 found that, with the move to home working, many organisations had implemented significant changes to their digital infrastructure which, in turn, had led to new challenges, impacting on their cybersecurity.
In addition, home working has made physical security more difficult for many organisations. Not only is it more difficult to protect people and equipment operating from multiple home locations, but the knock-on effect of buildings left with few or no occupants also creates vulnerabilities which can be targeted in an opportunistic manner.
Many organisations focus on securing physical items and equipment. However, laptops, dongles and even employee passes used remotely can be vulnerable to theft and the loss of these devices can often lead to an increased risk of data theft.
Conflict and harassment
Most businesses will experience employee conflict or harassment at some time. Altercations can take many forms including conflicts between staff, issues with voyeurism or even harassment from within or outside the business.
In addition, employees can become stressed and experience mental distress. Employers have a duty of care to protect the health, safety and welfare of their employees, visitors and clients. Security officers play a vital role in helping to ensure that this obligation is met.
The fundamentals of good security
In response to these threats, a number of fundamental elements need to be in place, in order to achieve good security and stay ahead of the evolving threat.
Regular risk assessment and planning
With regular risk assessment and planning the foundation of good security, it’s important to consider whether the organisation’s risk assessments and plans are up to date.
Have there been any changes in the assets that need to be protected? People, property, information or reputation? Have the threats to these assets changed or evolved and are there any new or changed vulnerabilities?
Does the security plan still protect the assets with appropriate integrated security solutions or are there any weaknesses or gaps? Due to the dynamic nature of threats, it’s important to utilise intelligence information to supplement the planning process in addition to reviewing the risk assessment and plan on a regular basis.
In the same way that businesses use penetration testing to test cybersecurity, physical security should be tested against various scenarios.
Table-top exercises can be an excellent way to identify possible weaknesses and ensure preparedness in advance of a real incident. They should use relevant scenarios and identified threats to help test mitigation plans and training.
Whether that be simulating an urban explorer incident, a terrorist attack or a protest group trying to access the building, these exercises can help to ensure that the team will react and respond appropriately, implementing measures to minimise adverse consequences.
With threats constantly evolving, it’s more important than ever to focus on training. Organisations benefit hugely from thinking about training in a more holistic way. While security officers must receive training that is relevant to their customer’s assets, procedures and identified threats, clients can also benefit by encouraging their employees to take part in relevant security training and by involving the security team in their own in-house training.
Working in partnership
The best security solutions will be achieved when security providers and clients work together, sharing desired outcomes, plans and information as part of an iterative process. This close collaboration can also lead to cost and time savings.
Whether it’s the planning of an integrated security solution or a small change in an existing plan, collaboration can help to reach the best solutions, more quickly.
Developing a security culture
Developing and sustaining an effective security culture is a vital part of an organisation’s personnel security regime. Getting the culture right will ensure that employees are security-conscious and think about how to protect the information and assets that they have access to at work.
Insights, shared information and best practice
Good security utilises insights and shared information, while also using best practice from first responders.
For example, G4S is a member of The City Security Council, which aims to explore ways to improve collective responses to threats from terrorism, crisis or emergencies. G4S uses the risk assessment and decision making process, the National Decision Model. It also incorporates practices developed as part of JESIP (The Joint Emergency Services Interoperability Programme) which was developed to improve and standardise the way the police, fire and rescue and ambulance services work together when responding to major incidents.
Balancing security and customer service
In addition to providing an excellent security service, officers must be friendly, reassuring and well-trained in communication skills. Where appropriate, this can be taken to the next level through a hybrid receptionist and security role and should be reinforced by independently validated customer service training.
Taking advantage of new ideas and new technologies
With threats constantly changing, organisations can benefit from new approaches. Adopting emerging technologies, may improve security, while also making it more efficient, welcoming and reducing costs.
Lone worker devices put staff working remotely in permanent contact with a security centre. Advances in hand held device technology mean that officers can perform and record tasks whilst mobile and provide access to a suite of additional services.
Developments in access control, including mobile and cloud based options can provide security enhancements and operate on a frictionless basis.
Building integration in security
Finally, security that is integrated or planned holistically is likely to work better because it has been designed to ensure that there are no gaps to be exploited.
Physical security will work best when expertise, security professionals, technology and data analytics are considered together. In the same way, physical security should not be considered in isolation as it is intertwined with personnel security and cybersecurity.
Noah Price is Head of the G4S Academy UK&I which is responsible for sharing specialist threat and security knowledge. It provides regular, free security bulletins on potential threats, which can be a useful part of security planning.
To find out more information, click here