Suspicious Incident Awareness – Part 2: Internal Factors

All staff, and in particular staff members responsible for security operations should be aware of their role in the protection of the organization and take appropriate steps to safeguard information at all times.  

Safeguarding of information is one of the first steps in managing risk in organizational security.  Accidental leaks of sensitive information may happen through carelessness or through an otherwise innocent action that an employee does not consider to be detrimental to the security of their organization.  Awareness of the potential detrimental effects of leaked information on overall security of the organization may have a significant impact on the reduction of unintended disclosure.  To that end staff should receive training on organizational policy with respect to protection of information that may expose the organization to unnecessary risk.  Furthermore, employees should receive direction from their supervisors and managers on items of sensitive nature they may encounter during normal business operations.

For example:  Security staff at shopping centres often come into contact with visitors and employees from tenant businesses, and engage in friendly conversation to foster a pleasant work environment and represent the shopping centre in a positive light.  Sensitive information may be released in conversations respecting the number of guards on duty, security procedures, patrol routes and times, location of keys, operation of building systems including systems out of service or down for scheduled maintenance, and other seemingly innocuous information. Security officers may not be aware of the backgrounds of the persons they share information with, or with whom those individuals may further share the information obtained in such conversations.  

This type of accidental disclosure is not only limited to security staff.  A front office employee’s reference to a routinely scheduled bank cash deposit or a building operator’s remark about a malfunctioning security alarm motion sensor may present a significant risk to the protection of people and property, depending on who receives this seemingly trivial, but ultimately sensitive and potentially perilous information.  Furthermore, security and building operations staff using portable radios should be aware that their communication may be monitored by scanners, and limit the transmission of any sensitive information such as alarm codes, alarm monitoring station account numbers and pass codes, and other information that should remain confidential.
 
One more way of unintentional disclosure is through the social media.  Security staff should be cognizant of their presence on social media as representatives of your organization.  Listing their place of employment on their Facebook profile may disclose the number of security officers employed at a facility, and the status updates disclosing the fact that they are at work may provide information about their work schedule.  Social media can be a great way to garner positive exposure of your organization; an awareness of its exploitation for negative purposes may help minimize any potential risk.

Linked directly to security operations is the safeguarding of written and electronic documents.  This is applicable to both the security operations as well as the business operations of other departments within your organization.  Internal and external communication of your organization is vitally important to its operation, and it may also be a source of valuable information and a security exposure risk if not adequately protected.  Security reports, whether hardcopy or electronic, must be safeguarded against unauthorized dissemination.  Security officers must be able to account for all of the duty notebooks at all times.  Security and risk management departments should have strict policies on records keeping and retention, and should require all reports and notebooks to be securely stored and accounted for under the responsibility of a central authority.  These policies should also reflect what must be done when records become lost.

The above items should not be taken as all-inclusive; they are merely a representation of what may affect your organizations confidential information security.  Periodic comprehensive reviews of systems and resources should be conducted in order to strengthen the effectiveness of your organization’s security program, and to ensure that it remains strong by limiting complacency.

The level of awareness among your staff will greatly increase their effectiveness in responding to suspicious incidents.  By having an in-depth understanding of their role in the protection of your organization your staff will develop an appreciation of how their actions may impact upon the occurrence of incidents and how to aid in their prevention.  They will be able to perceive suspicious incidents from unremarkable circumstances or behaviours, and what to do in the event that they observe an incident that warrants scrutiny.

In Part 3 we will address External Factors affecting your organization’s security as it relates to Suspicious Incident Awareness, including surreptitious and overt targeting, copy-cat incidents, SWATTING, and the disgruntled factor.

Paul Koscinski is Public Safety & Security Specialist at National Life Safety Group.