What you don’t track could hurt you

“Security is everybody’s business” is a common refrain used by the
Toronto Transit Commission and the City of Toronto in their attempt to
encourage the public to embrace security awareness and report
suspicious behaviour in public spaces. But within your company, have
you done a good job convincing employees that they too play a part in
the overall security posture?

As much as a seasoned telco customer service rep might shrug off a
threat from an irate customer or just delete a questionable email from
an anonymous account, there’s a need to document and retain any
evidence of threats, especially as new requirements under the Workplace
Violence legislation take hold in provinces such as Ontario.

At the recent ASIS Best Practices seminar in Toronto, Aivars Lagzdins,
manager, security and emergency management with the Workplace Safety
Insurance Board (WSIB), talked candidly about the pressures the 3,000
employees of the WSIB in Toronto face on a daily basis.

Guards, gates and even guns may be part of the security measures in
many organizations, but, says Lagzdins, “security awareness is huge.”
If you were to poll the employees in your company, would they a) know
who you are and b) what your guidance is on dealing with threats?

The WSIB is one of North America’s largest disability insurers, and
they encounter disgruntled clients who will sometimes resort to
aggressive behaviour. To protect staff, the WSIB established a Threats
Protocol, which outlines how employees and managers are to deal with
abusive, threatening and harassing behaviour or physical violence from
clients.

The best two words of advice Lagzdins delivered were “document
everything.”  The WSIB gets about 30 death threats a year: written,
verbal and in person.

Lagzdins’s primary advice is, when employees are talking to customers
or outside clients on the phone and are threatened, they should
interrupt the caller immediately and put the individual on the spot.
“Is that a threat? What did you mean by that?” And call police right
away.

“Don’t argue and discuss further with the person making the threat;
hang up,” says Lagzdins. But it’s what comes next that is perhaps even
more important — document it and record it in a main database and make
all employees aware there is a central repository for such threats.

Unless they know how to react, many employees will just receive a
threat or be subjected to violent behaviour and do nothing about it. If
your organization doesn’t nip a threat in the bud and can’t demonstrate
that action was taken, you may be liable.

Employees must also be educated that just speaking to police doesn’t mean they will become part of a court case.

And while the employee being threatened must be the one to make the
call to police, there is a role for the security department to play —
provide support and encourage them that they are doing the right thing.
Working with the HR department, you can create a plan that encourages
employees to retain all threatening letters, notes, emails and voice
messages. Instruct employees to write down the details of every
incident, including the time, date, who was involved and what was said
and/or done.

Waiting until an incident has been brought to your attention is too
late. Get in front of employee groups and educate them, and you could
save everyone a lot of grief down the line.