SUSPICIOUS INCIDENT AWARENESS: A focus on front line staff awareness
SUSPICIOUS INCIDENT AWARENESS
With recent security incidents occurring in Canada, proactive public & private sector security program managers are taking steps to educate their front-line security staff, and business units across their organizations. Front-line security operators are being briefed on situational awareness tactics to assist them in recognizing suspicious incidents, and to immediately report those incidents during periods of heightened readiness, initiated in response to potential threats to the community, and the industry.
Senior Managers in charge of business units with exposure to external environments are being similarly briefed. Business units comprised of Customer Service staff and Operations Personnel have a significant role; they are the front-line of many organizations, and are often in a position to be the eyes and ears of the organization. The importance of front-line staff working in any capacity cannot be overlooked in a comprehensive security and risk management program. An alert and aware member of your organization can be a valuable asset and significantly extend the network of security coverage beyond the complement of personnel charged solely with the protection of your business.
Security leaders responsible for protecting critical infrastructure, public spaces, and mass assembly facilities have to look beyond the limitations of technology and human resources, and find innovative ways to engage all members of their organizations. Security staff must be objective in their view of suspicious incidents, and remain vigilant at all times. Furthermore, they should educate and encourage others to be aware of their surroundings, and to remain alert to potential risks in their environments.
Suspicious incidents are unusual circumstances that present a real or perceived safety, or security risk, and exhibit indicators of departure from the norm. The indicators of suspicious incidents range from obscure to obvious, and the severity of their consequences from innocuous to potentially deadly; they all can have an impact on business operations of your organization. Every organization with a comprehensive security and risk management program should have a policy respecting suspicious incidents, and every member of the organization should be familiar with this policy, and how to report incidents. Front-line staff should be cognizant of suspicious incidents that may provide indicators of a potential security risk. All reports of suspicious incidents should be thoroughly investigated to mitigate any potential risk, and to ensure that the organization meets the appropriate standard of care.
In order to prepare for the eventuality of addressing suspicious incidents, and to develop an awareness of suspicious incident indicators security staff should be trained on what to look for and how to react when encountering suspicious behaviour, in particular, and how to protect themselves and their organizations from internal and external risks, in general.
Internal factors Affecting the Safeguarding of Information
All staff, and in particular staff members responsible for security operations should be aware of their role in the protection of the organization, and take appropriate steps to safeguard information at all time. The release of sensitive information may happen through carelessness or through an otherwise innocent action that the employee does not consider to be detrimental to the security of their organization.
For example: Security staff at shopping centres often come into contact with visitors and employees from tenant businesses, and engage in friendly conversation to foster a pleasant work environment and represent the shopping centre in a positive light. Sensitive information may be released in conversations respecting the number of guards on duty, security procedures, patrol routes and times, location of keys, operation of building systems including systems out of service or down for scheduled maintenance, and other seemingly innocuous information. Security officers may not be aware of the backgrounds of the persons they share information with, or with whom those individuals may further share the information obtained in such conversations.
Security staff should also be cognizant of their presence on social media. Listing their place of employment on their Facebook profile may disclose the number of security officers employed at a facility, and the status updates disclosing the fact that they are at work may provide information about their work schedule.
Security and operations staff using portable radios should be aware that their communication may be monitored by scanners, and limit the transmission of any sensitive information such as alarm codes, alarm monitoring station account numbers and pass codes, and other information that should remain confidential.
Staff must maintain security of written and electronic documents. Security officers must be able to account for all of the duty notebooks at all times. Security reports, whether hardcopy or electronic, must be safeguarded against unauthorized dissemination. Security and risk management departments should have strict policies on records keeping and retention, and should require all reports and notebooks to be securely stored and accounted for under the responsibility of a central authority. These policies should also reflect what must be done when records become lost.
The above items should not be taken as all-inclusive, they are merely a representation of what may affect your organizations confidential information security. Periodic comprehensive reviews of systems and resources should be conducted in order to strengthen the effectiveness of your security program, and to ensure that it remains strong by limiting complacency.
Elicitation of Information by External Sources
Front line security may encounter persons seeking information about your facility security, specific company details, or personal information about employees. This includes questioning employees in person on or off site, over the phone, or via the Internet, including social media, with questions about building structures, systems, and procedures. For example your Shopping Centre Security Dispatch Office receives a telephone call, from someone who pretends to be a student doing a school project on Shopping Centre Security, and requests detailed information about security operations. The conversation may appear innocent, but it may be designed to obtain sensitive information for an illicit purpose. Trained and aware security staff should recognize this as suspicious and take actions to prevent the release of information, and report it.
Examples of Potential Threats/Risks to the Security of Your Facility
The following are examples of the types of suspicious incidents that may be encountered by front-line staff in your organization. One of the most important lessons for staff experiencing these situations is to remain aware of the potential of security risks, and not to discount any observation of unusual behavior without reporting it for further investigation.
Observation / Surveillance / Photography
Observation or photography is not necessarily out of ordinary at certain tourist attractions, but the attendance of persons showing unusual interest in facility infrastructure and personnel may give rise to suspicion that warrants further investigation. A person making observations through binoculars, taking notes, drawing maps or diagrams of a facility, and taking photographs of entrances, building supports and infrastructure should raise suspicion.
For example, while on routine patrol between 8:45 PM to 9:15 PM for the last three nights, the on-site Security Guard has noticed that the same individual has been window shopping in front of a jewelry store. Upon closer investigation the individual is monitoring the closing procedures and security features of the jewelry store, and noting gaps in security presence.
Breaches/Intrusions
Unauthorized individuals attempting to enter a restricted area or system or protected site; includes through impersonation of authorized personnel (ex: police/ security, janitor)
10:23 PM While on routine rear corridor patrol, Security notes an individual who is well dressed, appears lost and states that he is looking for a public washroom. Although seemingly innocent, the rear corridor system provides access to natural gas valves, electrical and mechanical rooms, and presents a target that would threaten the safety and security of the facility.
Attempted Intrusion
Unauthorized individual attempting to enter a restricted area or system or protected site; includes through impersonation of authorized personnel (ex: police/ security, janitor)
A Security Officer observes a male dressed in construction clothes walking on the retail centre roof. Although the man “looks” the part, the proactive Security Officer questions his presence and determines inaccuracies with the story of why he is on the roof.
Theft / Loss / Diversions / Questionable Possession
Stealing or diverting something associated with a your facility, or possessing actual or fraudulent facility-specific articles (ex: uniforms, keys, access badges, identification, vehicles, technology, documents which are proprietary to the facility.
Operations Manager advises that one of his / her employees is missing three of his uniforms from his locker. Manager further advises that he believes that his locker was left open during the evening.
Misrepresentation
Presenting false or misusing insignia, documents, and/or identification, to misrepresent one’s affiliation to cover possible illicit activity.
An individual enters the building control centre and presents a business card stating they are from Ontario Hydro (Hydro Inspector) requesting access to the Main Electrical Room. The male is wearing an Orange Visibility vest and hard hat.
Testing of Security
Interactions with, or challenges to installations, personnel, or systems that reveal physical, personnel or cyber security capabilities.
Retail Patron reports to Security Supervisor that their bag was stolen from an area within the retail centre. The patron requests to have someone review the Security Camera System for coverage of the area. Patron is distraught regarding the missing items but seems more interested in the camera coverage than the missing items.
Testing of Emergency Services / Response
Apparent testing or observation of emergency services / response.
Security finds a suspicious package that is overly suspicious (almost purposely made to appear suspicious) so it will be investigated. The response and evacuation process is then monitored to identify response capabilities, Emergency Equipment locations and possibly Emergency Services response locations and occupant evacuation assembly areas.
Express or Implied Threat
Making or communication a spoken or written threat to damage or compromise a facility / infrastructure (including employees/public)
A recently terminated employee – in apparent gest – makes a threat that they should “blow-up” the building.
Sabotage / Tampering / Vandalism
Damaging, manipulating, or defacing part of a facility/ infrastructure or protected site with malicious intent.
Minor damage reports may be a significant sign of a larger picture. Example – Damage to perimeter lighting may occur to reduce visibility of CCTV coverage due to reduced light. Damage of unknown origin may also be reviewed as suspicious.
Suspicious Substance
Discovery of an actual or possible unknown substance (such as a powder, liquid, solid, or gas) at or near a facility
While on routine patrol, Security Officer notices a box with obvious oil stains with numerous words on the box that are not common to the environment and contains an unknown liquid in a plastic bag.
Suspicious Item / Package
Discovery of a suspicious unattended item/package at or near a facility
The discovery of a suspicious item / package is often disregarded as simply that – suspicious with no threat. A dirty gym bag is noticed along the exterior perimeter of the shopping centre. The bag is old and dirty contains a length of dirty rope and two used gloves.
Conclusion
The above examples are snapshots of the myriad of possibilities that may be encountered by your facility staff. The responses to these security concerns may be just as varied, depending on the circumstances and the risk potential. A clearly established policy and an increased level of training and awareness will strengthen the effectiveness of your organization's security program. The engagement of all staff on the front-line of your organization will further enhance your organization's resilience to withstand potential safety and security threats. Continual planning and execution of well defined policies based on real-world experience and industry's best practices greatly improve the efficient management of risk in your organization.
Paul Koscinski
Public Safety & Security Specialist
www.National Life Safety Group.ca