Driving risk appetite
As featured in Risk UK April 2016
When it comes to combatting the seemingly burgeoning threat posed by terrorists looking to cause devastation and disruption on home shores, Rob Hanratty outlines why reviewing and adapting existing security measures is going to be the essential starting point for risk professionals. Rob Hanratty is Operations Director at Charter Security, a Grosvenor Services company.
Now more than ever, organisations must remain highly vigilant and prepared for a potential terrorist attack, with the threat of terrorism UK-wide currently assessed as ‘severe’ by MI5 (the Security Service) and the Joint Terrorism Analysis Centre.
The Paris atrocities that occurred just before Christmas included attacks on the Stade de France, restaurants and bars. They showed just how vulnerable crowded places can be, but businesses can reduce the risk by remaining alert, being security-minded and having good protection measures in place.
In the first instance, security users should refer to specialist sources of counter-terrorism information. Since 2006, detail around the aforementioned national threat level has been available on the MI5 and UK Home Office websites, while guidance and advice for businesses is provided by counter-terrorism security advisers (CTSAs) to help them address their ongoing security concerns.
Although actual attacks have so far been infrequent, it is possible that you may find yourself or your organisation caught up in a terrorist incident. This might include having to deal with a bomb threat or with suspect items sent through the post or left on the premises. Terrorist incidents might also take the form of attacks on vital information or communication systems, causing disruption and economic damage. Terrorism could include threats or hoaxes designed to intimidate.
Some institutions may be more at risk than others, particularly so if they have a higher public profile, but other factors – such as the location of your business or if the building is iconic in some way – can also play their part.
Review and adapt
Before considering any changes to your security, you should review what measures you already have in place to make sure they’re firmly in line with Best Practice counter-terrorism advice.
Remember that many of the security precautions typically used to deter criminals are also effective against potential terrorist attacks. You may have existing measures such as vehicle access control and security guarding on which you can build and adapt to make sure they remain accurate, based on current threat levels and assessed risks.
Review and test these existing measures regularly and particularly so when there’s a change announced to the UK’s threat level. Conduct fresh risk assessments to identify your vulnerabilities, the threats you might be facing and their likelihood of occurrence.
Priorities for protection include staff, visitors and contractors; assets (among them business and building life support systems) and processes (including business operations and supply chains). Decide which security measures need updating in light of new reported threats and developments.
Make security awareness part of your organisation’s culture and ensure security is represented at a senior level. It’s a good idea to ensure there’s a Cross-Sector Safety & Security Communications initiative-registered representative within the organisation directly responsible for receiving and disseminating relevant security detail.
Ensure that representative has regular contact with your nominated CTSA, and encourage your security guarding provider to supply your contract with Project Griffin trained officers. This is a police initiative which has been recognised as national best practice when it comes to protecting cities and communities. In essence, Project Griffin co-ordinates the resources and efforts of the police, the emergency services, local authorities, businesses and the private security sector.
You should also encourage business staff and decision makers to attend Project Argus events. Developed by the National Counter Terrorism Security Office (NaCTSO) and delivered by CTSAs throughout the UK, detailed educational sessions provide practical advice on how to prevent, handle and recover from an attack.
While protection is primarily the role of security personnel, all members of staff should be on the alert for threats with security viewed as everyone’s responsibility. Investment in security could be undermined by someone who wasn’t aware of the procedures and does something as inadvertent as using a fire exit as a short cut. Remain observant to surroundings, question irregularities and never assume.
All members of staff must be fully aware of security procedures in the event of an emergency and receive proper training. Make internal processes easy for staff to be able to report any suspicious behaviours.
Reducing the risks
Practical steps that businesses should take to reduce the risk and be prepared for every eventuality include ensuring good basic housekeeping throughout your premises. Keep public areas tidy and well-lit, remove unnecessary furniture and make sure outside areas are clear. This will make it easier to monitor for suspect items or suspicious behaviour near external exits, reception areas or zones where staff or visitors congregate.
Make certain that entrance points are kept to a minimum and as secure as possible. Access control is important as this means that only those individuals with agreed security clearance will be granted access to specific areas of your premises. Issue staff and visitors with passes and carefully check their credentials. The backgrounds of any contractors working on your site should be carefully checked.
Where possible, don’t allow unauthorised vehicles close to your building(s). Visitors should be briefed in advance on site access and parking procedures.
An Improvised Explosive Device (IED) is one of the possible serious threats an organisation can face and could take the form of a letter or parcel bomb. Review your mail-handling procedures and consider establishing a mailroom away from your main premises.
Before approaching any suspicious package turn off any equipment with a wireless signal. Some IEDs are detonated on a wireless basis so there’s a possibility that transmitting via a radio or receiving a call whilst near a suspect item could interfere with its signal and set the device off. If the item is suspicious call the police. Never touch or tamper with the item, don’t place anything on top of it or put it in water.
Responding to emergencies usually involves a number of agencies, including local authorities, the police and the emergency services. The successful evacuation of staff depends on the efforts of building management and security alike. It’s vital, then, that everyone’s conversant with the given building’s evacuation procedures and routes.
Time for reconnaissance
Routine security patrols of premises are an excellent way to deter those with criminal intentions and for identifying any areas of concern. Having security officers working in conjunction with technical solutions such as a CCTV camera monitoring service is generally most effective way forward.
Terrorists have to conduct hostile reconnaissance in order to research potential targets and plan an attack. This is the deliberate observation of people, vehicles and locations with the intention of collecting information to underpin the planning of a hostile attack. If this can be deterred and disrupted at an early stage, it’s likely the would-be terrorists will abandon their venture.
Trained and licensed security officers that have attended Project Griffin instruction courses will be aware of hostile reconnaissance techniques employed by those with potential unlawful motives.
Technology is playing an increasingly important role in the security sector and can help to deter an attack and facilitate fast and effective communication between the Security and Intelligence Services, private sector security personnel, staff and members of the general public during emergency situations.CCTV, remote access systems and thermal cameras, video analytics, biometrics and digital HD IP systems can all help to prevent attacks.
However, such security systems must be both sustainable and flexible. The security landscape is always changing in terms of threat levels and risks, so the technology also needs to be adaptable such that it can be reconfigured to address new priorities, ensuring that future proofing is addressed at all stages.
Terrorist attacks can be devastating from both an emotional and financial standpoint, but the risk may be minimised if effective precautions are taken. At all times, seek and heed the advice of specialist sources of counter-terrorism information.