Author Archive

Ostrich Investigative Technique

May 24th, 2016 Comments off

Bill 132 will force Ontario employers to take sexual harassment and issues related to workplace violence more serious. You can no longer ignore and hope it goes away.

Legislation has been in place for some time relating to workplace bullying and violence as well as sexual harassment. This is not new. Bill 132 will add more teeth.

However failing to conduct a thorough investigation will no longer be acceptable.

We recently assisted in a case involving a female employee who complained she was being sexually harassed. Human Resources completed an investigation and found no proof. The female employee, in turn, wrote a letter to the CEO and Board Members expressing her frustration.

We conducted an investigation, and the two male suspects had no idea what this complaint was about and proclaimed their innocents. The human resources manager did not possess the skills and experience to get to the bottom of things.

Upon receiving the details, we elected to conduct an open source investigation on the two male suspects and uncovered numerous online posts mentioning and targeting the female employee. We also identified others who had knowledge of the situation.

We interviewed others, and they were very informative and confirmed the situation as well as other inappropriate acts carried out by the individuals in question.

Armed with this new information, we then interviewed the male suspects for the second time. Both men initially continued to be dishonest with their responses. After a period, the two males had indicated they did indeed target this female because she had broken off a relationship with one of the males.

The main suspect had a checkered employment history. He elected to resign his position. The second man faced discipline and was restricted from the area where the female worked. The outcome provided closure and was resolved in a manner acceptable to the female employee.

You need to review how you currently conduct investigations, as well as what tools and third party resources can assist you when things go bad.

If you would like a complimentary copy of our workplace violence guide, please contact me at


Your Magic Crystal Ball

April 13th, 2016 Comments off

A new tool in the fight against disability and workers’ compensation fraud is open source investigations. The use of this technology is becoming more widely recognized and accepted.

Individuals continue to post more and more about their lives on a host of social media platforms. Instagram is overtaking Facebook as one of the most popular places to post photos and videos. Twitter also continues to be a favourite tool.

Posting all aspects of our daily lives makes us feel part of a global community. What does this mean for disability claim managers and those in the human resources profession? They have an unprecedented look into an individual’s public life.

How many times have you seen a doctor’s note that states that the individual is totally disabled, or unfit for modified duties, sitting or standing for longer periods, etc.? In the past, you would have to conduct a costly surveillance to determine the individual’s level of activity. Today, you may be a few clicks away from validating your concerns.

A picture is worth a thousand words. Do you realize how much data a photo reveals? Often we can obtain the exact location, date of the photo and when it was uploaded. All this information can become a part of your investigation. We had a case where an individual requested time away from work, and it was denied. The employee subsequently submitted a WSIB’s claim and got the requested time. The employee then posted photos on social media. Our investigators extracted data that placed the subject in Romania.

If the Internet is an iceberg, social media is only the tip. What lies below the surface is massive. A skilled investigator can easily harvest open source data. We recently had a case where a female employee was a part-time yoga instructor, outside of work. At the time of her claim, she turned on her privacy settings to avoid detection. Her only mistake was being showcased in a Yoga studio newsletter that was harvested using search techniques. Despite increased privacy settings, many apps disregard it and provide data the subject thought was hidden.

Can you do these types of investigations yourself? The short answer is yes. However without the necessary skills, you often won’t find what you need. It is also recommended that an independent third party gathers the information and later testify and present the evidence. The data is harvested in an ethical way to ensure privacy has not been violated and formulated into a structured admissible report.

An open source investigation is non-intrusive without any risk of being exposed. Using proxy servers allows investigators to collect data undetected without leaving any digital footprints.

If you have a claim that is under suspicion, maybe it’s time to have a peek.



Winds of Change

April 5th, 2016 Comments off

Brazil is currently facing unprecedented challenges. The country’s economy is in free fall, and the Petrobras scandal continues to provide a black cloud over the country’s leaders. The people of Brazil have become increasingly restless. To date, this has led to large-scale protests and calls for President Dilma Rousseff to step down. The refusal to step down will ultimately lead to a showdown between protesters, opposite parties and the government.

What does this mean for the upcoming Olympic Games in Rio? At this time, mass protests are expected with threats to disrupt the torch run and planned events at venues. During the FIFA World Cup crime spiked and buses used for public transit were set ablaze.

Risk Plan


In working with clients, the following areas represent the greatest threats they wish to prepare contingencies for:

  • Medical and Health Concerns – the Zika virus along with reports of unsafe water and sanitation conditions
  • Political Threats – mass protests and potential removal of the current government
  • Crime – Rio is situated near the Favelas (these areas are beyond police control)
  • Traffic – existing infrastructure will not support the influx of people in Rio


What is your Duty of Care obligation?

If you have paid for the ticket, you are responsible and need to provide some level of protection. If you are found to be negligent, you can expose yourself to liabilities.

  • Pre-Trip Briefings – all personnel and clients attending Rio should be provided with a detailed briefing on the current security and medical risks and what they need to do to mitigate these risks
  • Communication – how will you communicate and provide updates during the games, are employees required to check in?
    • Is there a global security operation or command centre people can call?
  • Travel Tracking – your ability to quickly assess where people are at all times is required in the event of an emergency or crisis
  • Medical Support – you will need to have plans in place in the event medical attention is required
  • Security Support – what measures and precautions will be necessary to protect your people
  • Ongoing Support – flight delays, lost passports, damaged luggage – these are all things that need to be covered in your plan

Risk SecurityWe firmly recommended you review your current travel insurance. Most travel insurance provides protection for day-to-day events and is not geared to crisis or emergency occurrences.

Pay particular attention to the following:

  • Hard Loss Triggers – what event will trigger payment and support for a claim? Often the bar is set very high, and you will find you do not meet the criteria for an allowable claim.
  • Political Protests – most policies view protests as an act of civil disobedience and in extreme cases, These types of events are not covered, and any response will be out of pocket.
  • Natural Disasters – will your policy provide coverage in the case of a natural disaster?
  • Crime – if you are a victim of a crime what will be covered?

Should your insurance not cover these events, you will incur costs for any response options that might be required. If you need help in reviewing insurance or emergency response agreements, please feel free to contact me at We will have one of our risk mitigation specialists conduct a review and provide more information on what you can do to protect yourself and your workforce.

Where in the World is it Safe?

January 21st, 2016 Comments off

We all remember 9/11 and since that time terror attacks have increased from a couple times a year to almost a daily occurrence.  Some are small and others are on a much larger scale such as San Bernardino and Paris.  These events no longer happen in locations we have never heard of.  Places we used to deem as low risk are suddenly becoming targets.  What does this all mean to the security industry and travel risk management responsibilities?  Most likely there will be no more easy days.  When any emergency or crisis occurs, your ability to deal with the event is becoming increasingly important.

There are many considerations but it is important you have plans and processes in place.  These are a few key considerations:

  • Policies and Procedures – do you have guidelines in place for all employees? (travellers, expats and domestic personnel)
    • Most firms do but employees have not read them
  • Training – policies are wonderful but without training and awareness most employees do not fully understand why certain measures are in place and the importance
    • Use real life examples where possible
    • Running an exercise can be a great learning opportunity
  • Security Awareness – teaching people how to recognize and avoid risk is extremely important
    • If there is a protest do not go out to see what is happening
    • In Egypt a lot of folks went to the main square to witness history and some got caught up in police operations
  • Reporting – do your employees know how to report incidents and to whom?
    • Too often events could have been prevented with proper reporting
  • Travel Tracking – do you know where you people are and can you reach them?
    • Itinerary based tracking gives you a time and place but where are they right now
    • During the Paris attacks most firms only knew where employees should have been but had difficulty pin pointing their exact whereabouts
  • Communication – do you have the ability to provide mass messaging and receive responses from your people?
    • You will need to be able to ensure all personnel are accounted for and are ok
    • If you had 200 employees in country how would you communicate?
    • Some of our clients spent days reaching all their employees
  • Medical and Security Response – you may need to support those injured and evacuate others to a safe area
  • During a crisis is not the time to be securing resources or finding out your current vendor cannot assist
  • Do your homework

Understanding your gaps well in advance of any crisis is key.  Murphy’s Law will most definitely rear its ugly head at some point.  Your duty of care and moral obligations to staff will be under scrutiny.  How you respond will be watched and a poor reaction will rattle your employees’ confidence.  A well thought out response will show employees you not only care but also are prepared.

Needle in a Hay Stack

December 31st, 2015 Comments off

We are regularly called upon to conduct investigations for various situations. Workplace violence, compliance and ethics as well as benefit claims are typically the most common areas of concern.

Social media digital surveillance is only one component of any investigation. Open source investigative research is a potential gold mine. The World Wide Web has grown incredibly in the past 10 years. We now have greater access to large quantities of information but the amount of information is staggering. The ability to run queries to extract required data is the key to success and this requires some training and experience.

I recently helped a law firm with an investigation. The individual in question was a nurse. She was claiming she was totally disabled and unable to work and she managed to do a good job of keeping her social media footprint sanitized. In many cases, legal representatives advise their clients that social media can be monitored, but most people still continue to post information despite warnings. In this case social media provided no information that she was active. However open source investigative research provided other crucial information. A yoga studio was promoting the nurse’s ongoing yoga classes and workshops, leaving the breadcrumbs we needed. Armed with this tidbit of information our investigative research team went to work. In the end, the client was able to paint an entire picture, complete with interviews and additional facts.

Often the smallest piece of information is all that is needed to connect the dots.

Practice Makes Perfect

October 19th, 2015 Comments off

I recently took part in an active shooter exercise and it was a great learning experience.

The people that attended the exercise were made up of security, human resources, legal and HS&E professionals. The scenario involves 15 employees attending an event at a US hotel where a gunman enters, an employee gets killed and two are seriously injured.  The remaining employees are accounted for with the exception of two that are missing.

Everyone participating in the exercise had a representative from each discipline. We had to work together as a team to manage the crisis and emergency response. As you can imagine, we encountered many challenges. The team went to work and developed an initial action plan with a critical goal of protecting and caring for our people.

Those in human resources and HS&E engaged a third party travel risk management vendor. They were tasked with getting 12 uninjured staff to a safe place and evacuated once the situation stabilized. The travel risk team also engaged medical professionals who were able to coordinate first aid response for the injured. Employees at the hotel received instructions from medical professionals on how to stabilize the injured until EMS could enter the site.

The security team immediately notified the company’s security operations centre. The regional security manager was directed to travel to the area and set up a temporary command centre in a nearby hotel. Law enforcement was contacted and informed. The travel risk management vendor was also asked to dispatch crisis coordinators to work with the regional security manager.

Legal and compliance personnel briefed senior management and engaged the crisis communication vendor. Communication with the employees’ families was initiated. It was decided that the senior managers would attend the homes of families of the deceased and injured to lend support. Insurance firms were notified and thresholds for coverage reviewed. Risk managers began to access exposure to liability and determine the best course of action to mitigate risk. Communication experts also prepared external communication messaging.

We quickly learned despite all our combined expertise, that we were ill prepared to manage the crisis. The need to have a detailed plan became quite clear.  We were making numerous decisions on the fly with no real clear guidelines or objectives.

In the end, the police cleared the site within 8 hours. EMS moved in and assisted the injured. The travel risk firm’s doctor was critical in instructing the uninjured to care for the injured until EMS could move into place. The regional security manager and crisis responders were able to communicate with the uninjured staff and get them to a secure place once the police had cleared the hotel. Transportation and airfare were coordinated to return folks home. It became clear, that practice makes perfect. If you have not practiced responding to an emergency – do so. It will be a tremendous learning experience.


Find Out Before its Too Late

September 30th, 2015 Comments off

We recently supported a client with an evacuation of their personnel from a project site in Africa. The clients had received threats and it was decided that personnel would need to leave.

As with many situations like this, it was chaotic. In the process of evacuating, the client learned that their current Travel Risk Management program had a number of gaps. We typically do not always see these gaps until we are in the midst of a crisis.

The client first learned that the insurance they had in place to protect travellers and expats required that a travel restriction be issued in order to meet the threshold for coverage. Meaning they could evacuate, however they would assume all costs associated. Although the area had become unstable, there was no travel restriction issued by any country. There had only been warnings and advisories issued.

In addition to this, there were other groups making the similar decision to evacuate personnel. Their current vendor was no longer able to support their needs as they were stretched to capacity. After making enquires, the client decided to contact with our team. We commenced working with them and the immediate decision was to have personnel hold in place until logistics could be coordinated for their extraction. Staff members were provided with guidance and access to our crisis hotline at our global security operations centre in Johannesburg.  A small team was mobilized to the area and began support. An assessment of the situation was completed and the best option was to extract personnel. Ground transportation and aircrafts were coordinated and personnel were safely moved to a neighbouring country.

In analyzing the client’s travel risk management program, the following was discovered:

  • The client had a medically focused program in place that was not well suited for security related evacuations
  • The travel insurance they had required a travel restriction to be issued in order to activate coverage
  • When the decision was made to incur the cost to evacuate, the vendor they had was engaged by others and no longer had resources
  • The client discovered that they needed to expand procedures internally to ensure events like this were managed more smoothly in the future

We have since worked with the client to develop a more robust response to security related crisis situations. In addition to this, we introduced our CAP product. The client acquired memberships for all personnel posted internationally. This ensured that they do not need to have a travel restriction issued in order to meet thresholds for cost recovery.

The client was able to enhance their existing program and reduce costs in the event of a crisis. In addition, their employees now feel safe and secure when working abroad knowing these improvements had been made.

The lesson here is to make sure you ask the right key questions when developing your crisis plan prior to an incident. If you would like a review of your current crisis response plan, please feel free to reach out. We can provide an analysis the will allow you to close the gaps.

How Well Do You Know Your Employees?

August 25th, 2015 Comments off

In the past few months, I’ve been assisting a client with a drug related investigation. If the initial homework had been done, the client would have made a very different decision at the time of hiring the subject of the investigation.

The client had completed a traditional background check that consisted of a criminal, financial and reference check. Then about a year after hiring this employee, some disturbing circumstances appeared relating to drugs and racist comments. Based on the current situation we advised the client that they should consider the following:

  • Investigative Research
  • Social Media Surveillance
  • Undercover and/or Surveillance

The client elected to conduct social media surveillance for a 30-day period. We identified approximately 150 keywords related to the client’s concerns and commenced harvesting data across the top most common platforms. We wanted to capture the last 100 posts per platform plus be alerted to any current activities. The employee was lax with privacy settings, so we were able to harvest a gold mine of information such as racist comments and posts showing drug use and risky life style choices. The client then elected to commence with a parking lot surveillance for phase two, as the data gathered indicated there was a strong likelihood that drug related activities were taking place on company property. The surveillance uncovered the use and sale of drugs by the employee and other coworkers. In addition, the employee was observed leaving the site in a company vehicle where other transactions took place in public locations with unidentified individuals.

Based on the information and evidence collected, the client had us contact and work with local law enforcement. The client’s goal was to terminate those involved in illegal activities. The decision was made to have police intervene on company property during a time when most activity took place. This proved to be very successful, as a large amount of marihuana was found and several arrests were made. The client had a clear policy on drug use, which allowed for termination of the individuals involved. The police also learned that the subject of the investigation had a grow op in his home.

The potential damage to the client’s reputation and brand could have been considerable. Concerns for workplace safety and violence could have developed had the problem continued.

During the follow up and de-briefing, the client indicated that they wanted to develop a program to mitigate future risks. After consulting with the client’s human resources and legal department, we developed a social media footprint search as part of their pre-employment screening process. Each new employee’s social media footprint is reviewed along with the last ten posts per platform are collected. This provides a recent snapshot of the potential employees’ lifestyle choices.

Since implementing the program a number of potential employees who would have met traditional requirements have been disqualified based on social media footprint results.

The cost of a bad hire can have extremely damaging results. Make sure you really know who you are hiring.


Preparing for the Risk

July 29th, 2015 Comments off

I recently worked on an interesting file regarding a potential threat of workplace violence. We were contacted regarding the termination of a male employee. This individual was in the middle of a nasty divorce and his work performance had declined considerably. There were concerns regarding his behaviour. The individual was becoming emotionally unstable and aggressive towards others. Management took these concerns seriously and attempted to provide support and assistance. Unfortunately this fell on deaf ears. A decision was made to exit the employee. I was contacted to develop a strategy to mitigate the risk should the termination not proceed in a positive manner. After gathering the background details the following recommendations were made:

  • Post termination security which would monitor the exterior access points

The concern was that the employee might attempt to access the facility or seek revenge against managers and coworkers outside of the workplace.

The client reviewed the options and arranged for a call to discuss them and make a final decision on a plan. The client elected to monitor social media for a period of 30 days and engage the recommended security components. They chose not to engage in surveillance unless there was an increase in risk. There was a concern that if the surveillance was detected it would lead to an increased likelihood of legal action. The client’s management team debated the risk posed versus the potential legal implications. These types of debates are common. The challenge is what happens if the employee elects to target coworkers and management and an incident occurred, would manage be found negligent based on the fact they had concerns but elected not to proceed. This is always a difficult question to answer.

We commenced with the plan. Our social monitoring uncovered some open source posts that raised some red flags.  Most of the posts touched on the employee’s troubles and how he felt wronged. The tone was of someone who could possibly lash out if a negative event should occur.

The termination proceeded as planned and the protection agent escorted the employee to his vehicle at which point he exited without issue, other then a heated verbal outburst directed at the human resources manager. The employee was told to not return to the facility or have any contact with the staff. Unfortunately two days after his termination, he returned. Security intervened and successfully de-escalated the situation. The employee claimed he had items he needed to return. This was despite the fact the client had provided instruction and prepaid courier pickup for the items belonging to the company. After the termination, outplacement and support services were present to ensure the employee had resources and a safety net.

No one knows what the employee’s intentions were the day when he was intercepted by security. Was this a man down on his luck only seeking to return the company’s belongings or did he have something very different on his mind.

Too many times in the recent past we have read about situations where things have gone horribly wrong.

Social media monitoring has been ongoing for this individual and although his posts were of concern, it appears the individual has come to grips with his situation for the time being. None of the posts warranted police involvement.

We advised the client to pay special attention to key dates, which may trigger future events. These dates include:

  • Date of hire
  • Date of termination
  • Birthdays

Workplace violence and managing terminations continues to be a challenge for security and human resources staff. Balancing the risk versus the probability of an incident is never easy. No employer wants to feel heavy handed and disrespectful but you also never want to be without a plan incase you need to respond to a risk.

When Pricing is Equal, What Separates Vendors?

June 10th, 2015 Comments off

Often pricing is relatively comparable when looking at vendors. How a vendor is able to respond and provide service is the only real difference.

Make certain you engage the vendor’s operations personnel at the onset. Also give them a few small test cases. Do they respond to your email or telephone calls in a timely manner? Do they make simple tasks more difficult? Can they use common sense? Some individuals come from environments that are extremely process driven and are unable to think outside the box. Failure is almost certain if you require services in a crisis and/or when your needs change on a case-to-case bases.

Having a military or police background does not always mean these individuals have the necessary skills to meet your expectations. Individuals who do not come from industries where customer service is important, often struggle. They often fail to communicate, provide updates and lack the ability to manage project budgets and seek the proper approvals should the scope of work expand. Anything can be solved by spending money foolishly. Can your vendor’s operations personnel manage your cost expectations? Receiving a bill that is 100% over budget is not the kind of surprise you need.

Also ensure operations personnel are clear on whether those supporting them are direct employees or subcontractors. All too often you find out your folks on the ground are dealing with a subcontractor, who in turn has subcontracted out the assignment.

Not only is it wise to meet the operations personnel but also at a minimum you should speak to the people providing support on the ground. By doing this, it will provide the only true sense of their skills, expertise and ability.

By taking time on the front end, you will save heartache and mistakes on the back end.

  • LinkedIn
  • Twitter
  • YouTube