"We must recognize that the United States of America is vulnerable to attack, sabotage and espionage along with every state, municipality or community,æ said Ira A. Lipman, chairman and president of Guardsmark, LLC. "It is erroneous to make the assumption that we are safe just because we are in the United States of America. September 11, 2001, has clearly changed that, and with the war on Iraq, we need to understand that we must do more than ever before."
He said surveys have found businesses throughout the United States ignore color-coded warnings from the federal government, lack solid emergency plans, and are generally unprepared for another terrorist attack. The surveys, taken from interviews with corporate security professionals and the general public and released by Guardsmark, found that although security professionals and the general public realize there is a threat of more terrorism, their companies are generally complacent about the importance of workplace security and protection. In fact, 70 percent of security professionals and 54 percent of the general public say that their companies are "very complacent" about the importance of good security. Other key findings:
- 58 percent of security professionals and 66 percent of the public perceive that security in the workplace is too loose and relaxed principally because there has not been any terrorism in the United States lately.
- More than half of the American people 54 percent report their companies are not doing anything to prepare for what could happen over the next several weeks.
- At the same time, 96 percent say the threat from terrorism today is serious, and 62 percent say that a war with Iraq increases the possibility of terrorism.
- Just 41 percent of those surveyed feel their workplaces are very safe and just 33 percent feel that where their family members work is very safe.
"Complacency is the key word," according to Lipman. "Security professionals and the public are acknowledging that new threats are out there, but they widely agree that their companies are too complacent with their own security."
Lipman recommends the following steps for senior executives:
- Ask the executive committee what conditions currently exist that would allow a successful, aggressive attack against the facility.
- Create an environment of cooperation and understanding about war, terrorism and the security mission. It is important to get all levels of the organization involved with this critical task.
- Have an immediate conference with the security director and give him or her what is needed to bring the security program to the appropriate level. The company must prepare a defense against the most credible threat that can impact business continuity. Dust off those security projects and recommendations that were rejected in previous years.
- Identify any departments that may have interfered with the security mission. The chief security officer must have full, open communication with the CEO, COO or other top executives. He or she needs access to the CEO in the case of a serious problem concerning policies or lack of funding.
Lipman points out businesses need front-line preparedness in the war on terrorism because they are on the front line. The 9/11 destruction of the World Trade Center showed that no target holds more appeal for terrorists than major corporate facilities, he notes. Many workplaces remain top terrorist targets because of their high visibility, institutional symbolism and large concentrations of people.
Following are steps that businesses should take to ensure a good front-line defense against potential terrorist attack or natural disaster:
1) Assess the Type of Risk the Company Faces:
- Thoroughly review and analyze the types of risks that employees might face due to industry factors, geographic location, nature of occupation and all other key variables.
- Engage a risk-assessment team to assist with a security audit so the company can be sure of getting a full, accurate assessment of its risks, as determined by professionals who have a thorough understanding of real-world threats.
- Implement and install the recommendations from the risk analysis. Failure to act on identified vulnerabilities can expose a company to legal liability.
2) Control Risk with Consistent Solutions
- Regulate access to business facilities. Gates, concrete barriers, bollards or even trees and planters can strengthen perimeter control around a building. Staff sensitive access points with trained security personnel. Install intrusion detection systems, or review existing systems and repair if necessary. Install durable locking hardware on all entrances and maintain strict control of all keys and pass cards. Install CCTV cameras at critical points throughout the facility. Log in all visitors by name, date, time and name of person visiting. Escort all visitors at all times. Reserve the right to inspect items carried in or out of the company premises. Prohibit any photography of the facility without company authorization.
- Protect and restrict access to elements of the organization that are sensitive to biological or chemical attacks, including water supplies, food preparation areas, and heating, ventilation and air conditioning systems. Identify shut-off controls for HVAC system, and include in the emergency response plan a specific person responsible for shutting down HVAC system in the event of a suspected chemical or biological attack.
- Ensure that all incoming mail and packages are handled at a centralized, secure location where they can be scrutinized.
- Inspect all incoming mail. Never accept unexpected packages. Positively identify all delivery personnel. Develop strict times for receipt of deliveries, and document all deliveries by time, date and name of delivery service. Remove all deliveries from the dock or delivery area immediately. Distribute and display U.S. postal information regarding suspicious packages.
- Mailroom employees should be trained to look for warning signs such as: foreign substances, excessive postage, oorly written or incorrect addresses, no return address, and packages originating from an unfamiliar source
- Back up electronic and paper files in a secure, off-site location to help ensure business continuity. Include employee phone numbers and addresses.
- Establish an employee awareness program, ensuring that employees know to whom to report if they detect a suspicious person or incident.
3) Implement Emergency Preparedness Plans
- Develop and practice an emergency response plan. Address acts of terror, including biological, chemical, radiological and conventional explosives attacks, as well as acts of violence in the workplace and natural disasters. Have a communication plan in place for contacting all employees in the event of disrupted phone service.
- Have an evacuation plan in place, taking into full account all relevant factors of building and site design. Designate a specific meeting location where personnel gather after evacuating the premises.
- Develop a building lockdown method to effectively complete the lockdown of the facility within 30 seconds.
- Develop specific plans to respond to any increase in homeland security threat levels.
- Develop a plan of communication and coordination with emergency response groups. Establish a liaison with emergency response groups and know the capabilities and limitations of local emergency response groups.
- Assign responsibilities and identify successor personnel for essential tasks including evacuation, communication, fire safety and critical business operations.
- Communicate the preparedness plan to employees so each of them knows exactly what to do in case of evacuation. This briefing can take place during regularly scheduled safety and security meetings, coordinated by the security department, if applicable.
- Orchestrate frequent drills to ensure that employees not only know what to do but can also put that knowledge into action.
- Maintain adequate stores of basic supplies in the event that evacuation is not possible: e.g., drinking water, canned food, flashlights and batteries, and a transistor radio. These items can also support a skeleton staff remaining at the site.
- For larger organizations: Provide alternate communication methods, such as satellite telephones, to enable senior management to maintain contact if public communication is interrupted.
4) Screen Employees
- Terrorist threats can come from inside an organization as easily asfrom outside. Today, companies must be especially alert to the danger of "sleepers" enemy agents who establish themselves in society until called into action.
- A thorough employee screening process should include verification of: legal work status as permitted by law; work history; educational institutions and degrees earned; professional accreditation, driving and criminal records; credit history as permitted by law; personal references; mlitary discharge status (where applicable).
- Businesses should remember to screen non-staff workers as well. This calls for special care in selecting vendors such as external auditors, food service providers, temporary employees, building maintenance services, etc.
5) Maintain Open Communications
- Communicate risk. A company's first priority should be to increase employees' awareness that the risk of terrorism is real and convince employees that security plans and precautions should be taken seriously.
- Manage fear. A company should hold employee seminars and publish bulletins to raise employee awareness of potential threats and of the efforts management is taking to counter those threats, because nothing combats fear of the unknown like knowledge. Organizations should encourage personnel to create a family plan to reduce employees' concerns for loved ones in the event of an emergency.
- Establish a toll-free hotline or a message board on the company Web site or intranet to allow employees to voice concerns, express fears and provide information to management. This communication helps security people do a better job and helps stifle rumors that could damage organizational morale and effectiveness.
Being on the front line in the war on terrorism as businesses are is not easy. But if businesses follow these basic five steps, says Lipman, they can substantially reduce their security risks and create a more secure environment for employees in the event of either a terrorist attack or a natural disaster.