Author Archive

Security is Always Too Much When Nothing Happens and Never Enough When an Incident Occurs

September 26th, 2014 Comments off

I borrowed this subject line from a client. It is such a true statement. How many times have you sat through meetings and had to explain or justify the cost and why certain security measures are being put in place, only to have your plan rejected or watered down. What typically happens at some point is a security breach and immediately following there is a debriefing of the incident and the finger pointing begins. How come we didn’t have a plan? What steps need to be taken to ensure this does not happen again in the future? We spend thousands of dollars on security and we are not protected. Dammed if you do and dammed if you don’t.

There have been some recent high profile security breaches. The breach of the White House perimeter made headlines around the world. A recent article by an airline union claiming security is lax and items could be placed in food also hit the news. I’m sure there are numerous other breaches around the world that do not get picked up by media sources.

How can these breaches occur? What can be done to stop them? The simple answer is ‘if there is a will, there is a way’. No facility can guarantee that they cannot be breached. The firm I work for regularly completes penetration and breach testing for a number of different industries annually. Security quite often takes the blame when a breach occurs. The issue is not just a security issue. Everyone at an organization is responsible for security. We recently had an example where our team breached a shipping entrance that was left open. We gained access and made our way to the elevator of the office tower. We simply looked lost and confused and a kind employee used their card to assist us in activating the elevator. They asked which floor we were going to and even pushed the elevator buttons. Next thing you know, we were on the executive floor. Once again we encounter another set of glass doors that required an access card. After a few minutes, we were greeted by another employee who kindly opened the door and took us to the visitor waiting area. After enjoying a cup of coffee we decide to go for a walk. The next 30 minutes were spent roaming. Photographs of sensitive information left on desktops were taken. We placed a backpack in the lunchroom and exited the building. The backpack was not reported until almost 48 hours later.

The company had recently implemented some cost cutting measures that affected a number of security programs. They had all the necessary policies and procedures in place to prevent such a breach. Unfortunately they did not have the security resources required. In addition, the level of security awareness amongst the employees was extremely low. This most likely was a result of complacency. I think it is extremely important for organizations to complete regular penetration testing. This can be done through a third party or you can use internal resources if they are not recognizable.

The end result should allow you to identify gaps in your security program as well as provide an avenue to create heightened awareness with the entire organization.


How Many Hamburgers Do You Need to Make to Recover $27 Million Dollars?

August 27th, 2014 Comments off

Recently McDonald’s was sued successfully and held liable for an incident that took place at their College Station Texas location. The lawsuit claimed McDonald’s did not have adequate plans and security measures in place. The courts are now examining what contingency plans and security measures are in place to prevent or mitigate risk. Public restaurants and stores may be held responsible for violence occurring in their locations. This includes both inside and outside the establishment. In Canada, a lawsuit is ongoing against York University for $20.6 million dollars. The claim alleges that security measures were not adequate. This case has yet to be proven.

Turning a blind eye can prove very costly. Duty of Care requires employers to take adequate steps to protect their employees. The emergency management and contingency planning field is growing rapidly as corporations realize they will need to understand all threats to their business as well as the probability and consequences should an event unfold. This not only applies to violent incidents. Natural disasters, bad weather and illness as well as disease are just a few other scenarios that require consideration.

Too many times organizations look to find the lowest cost solution. Conducting a threat risk assessment will allow you to understand the threat and you can begin to craft a solution to ensure you get the best value vs. low cost. You must also teach your employees to recognize dangerous security situations and how to notify senior management and authorities. Be prepared and protected when a threat emerges.


Let’s Get Ready to Rumble

May 23rd, 2014 Comments off

The 2014 FIFA World Cup is weeks away and promises to be an exciting tournament. Travellers need to take the time to understand the security challenges they may encounter. Brazil is facing protests, strikes and demonstrations daily. In recent weeks some of the strikes have even involved law enforcement. This has created less than ideal security conditions. In addition, the government has tried to tame the favelas in different regions and this has resulted in clashes between police and military personnel with various groups that occupy these areas. Many of these protests are organized by social activists that feel that the money being spent hosting the World Cup could have gone to support the citizens of Brazil. Other groups have simply used the world stage to create chaos and bring attention to their cause. These groups tend to be more violent and aggressive.

Travellers need to understand they are not in their home country. Brazil in many cases is very different from home. Numerous experts have outlined the high level of crime and stated that it is ten times higher then the norm. The police in Brazil have circulated pamphlets outlining how to react if you get robbed. This should paint a clear picture that the threats are real.

So what are the top 10 things you can do to protect yourself?

1. Travel in groups where possible. Attackers often prefer those travelling alone as they make for easier targets.

2. Stay on main streets and in public areas. That short cut you are considering is where the bad guys will be waiting and police are not likely to be patrolling.

3. Luxury items. It is nice to have loads of bling. But this can make you an instant target.

4. Let others know of your whereabouts. Set up a system where others know when and where you will check in. This way if you don’t they will know something is wrong.

5. Evening hours. That late night visit to a bar or disco sounds exciting but can also put you at considerable risk while travelling to and from.

6. Check the daily news. Protests, strikes and crime will be reported by the media and will give you a good idea on the areas to avoid.

7. Alcohol – go have a great time but ensure you have your wits about you. Criminals will prey on those that are vulnerable and intoxicated.

8. Event tickets. Most locals cannot afford tickets. Do not flash your tickets around. You are inviting trouble.

9. Have your local consulate number on hand. In the event of an emergency they can be a great resource.

10. Medical insurance. Not all hospitals are created equal. The cost for a medical evacuation is substantial. Groups such as On Call International can provide excellent coverage at affordable rates. They have a team of doctors and nurses that can manage your medical requirements and ensure the appropriate care is delivered.

Enjoy the World Cup and the country of Brazil.


The Lowest Price is the Law

May 23rd, 2014 Comments off

‘The lowest price is the law’ was a jingle Wal-Mart created and it has served them well. Unfortunately you cannot apply this to all things. In many cases the lowest price is a disaster. As buyers attempt to turn everything into a commodity, many important questions do not get answered in the RFP process. Bids can be lost with firms that have no real capabilities or past track records to indicate they can deliver. This spells disaster. It is not uncommon for firms to engage professionals to complete RFP submissions. The objective is to write the best and most believable story. The buyer often cannot separate truth from fiction.

I recently worked on an RFP and lost 10 points for not having the necessary bricks and mortar office locations. In the debriefing, the client shared who had scored the most points and why. It was later found that the chosen group operated out of a small home with no satellite locations. Facts were not checked. Buyer was horrified but the decision was already made. Security professionals need to ensure they prepare the content and requirements for RFPs. If they don’t have specific expertise, ASIS and OSAC can be great references. Your industry peers can also be a great help. As an example, I had completed a threat risk assessment for a client that had 3000 employees and faced a potential job action by workers. Based on a low threat model, approximately 15 personnel would be required. When the RFP was generated, it asked for only 2 uniformed guards on days and 2 on nights. These guards were expected to manage picket lines at 4 main entrances and 1 parking entrance. I tried to contact the security manager to point out that more guards were required and he responded that he could not speak to me during the RFP process. Later when the strike commenced, chaos ensued and the numbers of security personnel ballooned as the situation had gone out of control. Fingers were pointed and questions asked of the security manager as to why they were over budget.

‘The lowest price is the law’ just might expose you to a great deal of risk and potential liability. Do your due diligence, check references, meet with company representatives and visit their operations. It is the only way to guarantee the person you are dealing with is not sitting on an orange crate in a basement with a spectacular website as a front.


When Bad Things Happen to Good People

May 23rd, 2014 Comments off

Workplace violence has become an all too often occurrence these days. I’m still surprised at the lack of planning for terminations. In many cases, senior management is telling security and HR they are over reacting. Duty of Care requires that you protect people from harm where you know there is a potential risk. If you don’t take adequate steps, you can be found liable. Why is it we plan for meetings, presentations as well as budgets, yet when it comes to terminations it is an after thought? I constantly read quotes such as “he was a really nice guy” or “she was a great worker”. Good people sometimes do bad things when a trigger goes off setting in motion a chain of events. Also, these ‘really great people’ are on social media discussing hurting people, need for revenge, or corporate greed. Past violence is a predictor of future violence. I recently saw a picture online of a man holding a gun with all sorts of ramblings about getting even with a coworker. Scary stuff!

What should you consider prior to terminating an individual?

1.  Complete a threat risk assessment. What are the risks – high, medium and

2.  Based on the risks what measures should be considered?

3.  Does the individual have a social media footprint?

4.  Ongoing monitoring of social media. What has been posted online for the last 30 days and what is happening post termination? Social media can be data mined and can paint a clear picture.

We have seen posts on social media such as “I use to have a job and life. Not anymore.” This individual threatened the HR manager and their family a few short hours after this post.

5. Will security be required? How much? When and where? If you have security are they equipped and trained to deal with workplace violence situations? All guards are not created equal.

6. Will surveillance be required to track movements following the termination in high-risk scenarios?

These are just a few of the many things to think about. Without taking time to understand the threat, you may find yourself in a risky situation. The costs of not having a plan can be huge. Courts are awarding damages where security measures were not adequate based on the potential threat.


Better the Devil You Know, Then the One You Don’t?

February 27th, 2014 Comments off

News reports indicate UAW membership dues are down immensely. This has caused the big 3 automakers to become very nervous. What happens if a rival more militant union moves in? This could spell trouble for Ford, General Motors and Chrysler. Since the crash in 2008, management and the union have worked closely to save the industry. The loss by the UAW at VW in Tennessee was a painful defeat. They desperately need to gain a foothold into the assembly plants in the southern US.

In order to attract members there needs to be a shift in how people perceive unions. Most if not all the assembly plants that have closed were unionized.

I was at a conference last year and the presenter flashed a photo of a person carrying a sign on a picket line. He then presented a photo of an occupy movement rally along with an image of a masked anonymous social activist. What was interesting was the question the presenter asked next. How many of your children would join a social justice rally and how many would join a picket line? By a wide margin most in the group felt their children would be more likely to be involved in a social justice protest.

This is a very scary prospect if you’re in management. What would happen if activists in the social justice movement became aligned with unions? I was involved in a project where the workers were on strike and the occupy movement supported them. Within minutes of their arrival they had cameras set up streaming live video of the picket line on the web. Blogs were set up on social media within a couple of days. Two weeks later, a rally was organized where 1000 people attended.

I’m sure the union was in awe of how they mobilized. With any group there are hard-core elements. At one point this group attempted to topple the fence and gain access to the factory. Fortunately the union members stopped them. This caused a split in the ranks between the union and outside activists and they decided to no longer take part. The union realized that although it was sexy, they still needed a place to work once the strike was resolved. What might have occurred if cooler heads did not prevail? Will we see the creation of a new super union in the not too distant future?

I was in Argentina last year completing a threat risk assessment at a mining operation as they prepared contingency plans for upcoming contract talks. I found out that one union dominates almost every mine in the entire country. If they feel an employer is not being fair they can shut down an entire sector of the economy.

In Canada, it has been reported there will be one million youth unable to find work in the coming years because they do not have the skills to match job openings. There will also be close to one million jobs that will require foreign workers, increasing immigration to fill these jobs. Imagine one million angry young men and women who can’t find work protesting. Venezuela and Ukraine protests have occurred and a large number of the folks leading the charge are unemployed youth. The damage to the economy of both countries is enormous.

As unions decline what new threat might lie ahead for companies and will these new threats be even more dangerous? That’s why it may be better the devil you know, then the one you don’t.!/content/1.2548968


BC Copper Wire Theft- Replaced With Aluminum Wire at a Cost of 9 Million Dollars

February 27th, 2014 Comments off

I turned the news on today to learn that a city in BC has had enough. Copper theft is rampant and has resulted in critical infrastructure being damaged. The city has elected to remove all copper wires and replace it with aluminum. The cost is 9 million dollars. Return on investment is expected to take 8 years. There is a new crime-fighting tool called SmartWater CSI. This was developed in the UK to combat copper theft. AFIMAC Canada has brought this product to the Canadian market place. SmartWater CSI is essential forensically coded water. What this means is the water has a signature similar to DNA. It is easily applied, cannot be burnt off and can last up to 5 years under harsh weather conditions. Utilities can have their own signature which links stolen copper to their city. Police using lighting can easily detect if the wire has been coated with SmartWater CSI. Once recovered a sample can be sent to SmartWater CSI’s lab to confirm whom the wire belongs to. In the UK, some organizations use spray canisters filled with SmartWater CSI that is deployed onto unsuspecting thieves. The non-hazardous water leaves a mark connecting them to the crime. The goal is to create a strong deterrent through awareness, education and signage. The next time a thief decides to steal copper wire, they will think twice. Scrap dealers can also be equipped with lights to detect SmartWater CSI on scrap metal being brought in. If they detect SmartWater CSI they can refuse to purchase and notify the police. Making the wire difficult to sell. It also places pressure on scrap dealers to report it, as they don’t want to be found with stolen metal. Technology created to curb metal theft continues to evolve and stay one step ahead of the criminals.


Right to Work vs. No Work

February 27th, 2014 Comments off

Ontario has seen its manufacturing base crushed in recent years. The Canadian dollar rose significantly and stayed above or at par with the US dollar. Some called this Dutch disease – referring to how super charged oil prices drove up the value of our dollar and is making us no longer competitive. Employees were paid in Canadian dollars and products were sold in US dollars. With the dollar equalling $.70 to $.80 cents, profits were good. Today with our dollar hovering around $.90 we are in a better situation but most of our plants have packed up and moved. Provincial Conservatives proposed ‘right to work’ legislation in hopes of attracting more investment and jobs. This was abandoned as the concept was not widely accepted and was polarizing unions. I often read articles about protecting our current level of wages and benefits. The market has reset itself and wages of the past are simply no longer attainable. Our productivity also continues to lag behind other countries. We can’t have the best wages and be the least productive. When firms take an aggressive stand during collective bargaining why are they labelled as bad employers? In many cases these firms are successful companies operating all over the world. Is making a profit a bad thing? Often these chastised companies are fighting hard to keep and land more work for their Canadian operations

Maybe ‘right to work’ isn’t the answer. But the alternative of little or no work is much worse. This doesn’t just affect private sector manufacturing jobs. It also affects the public sector. The taxpayers that fund the public sector can no longer afford to keep incurring tax increases to support wages and pensions. Why are foreign companies prepared to purchase Canada plants and make hard decisions? It is easy to close a plant. Pay the severance and pack up and move. Those loosing their jobs, find the market conditions tough. The days of finishing grade 12 and going to the local factory with little or no skills are in the past. We need to invest in education and training of our young workers so the can earn a decent wage. Why not fix what is broken instead of tossing jobs out the window? If a new plant was built is Windsor, Ontario paying $18 per hour, there would be hundreds of employees eager to land a job. Yet if an existing company proposed concessions or productivity improvements at a plant paying $24 per hour, we quite often find that the preferred solution is to negotiate a plant closure agreement. I get it – no one wants to take cuts or get paid less. The middle class is rapidly shrinking. Investment in manufacturing is not at a level we need. We are competing in a global market place. We can’t complain about poor wages. Detroit has seen the promise of thousands of jobs in the automotive sector since ‘right to work’ has been passed. Each day we read more about investments in Mexico. Auto plants in the southern US also continue to grow. The question is what are we going to do to become an attractive place to manufacture? Mike Harris repealed the ban on replacement workers and many firms that left Ontario returned. This upset the union bosses considerably. We need to consider something bold. Each day I drive to work and pass hundreds of empty plants. Doing nothing or clinging onto what worked in the past is broken.


Duty of Care for Business Travelers to the World Cup

February 25th, 2014 Comments off

An employer’s obligation to provide a reasonably safe working environment for all employees, including when they are travelling on company business, is known as Duty of Care. Companies have a business imperative as well as duty of care obligations to protect their most valuable asset – their people. The bottom line is if you paid for the trip you are most likely responsible for the traveler. The courts will determine if you acted reasonably. In order to better understand if you acted reasonably you must assess the risk. A risk assessment will provide the information you need and should encompass the following:

  • Crime
  • Terrorism
  • Country/Region
  • Weather/Natural Disasters
  • Political Climate

The average cost for a risk assessment is $1500 to $2500 if you engage a third party provider. Once an assessment has been completed, you will be able to then develop a response plan that will meet your duty of care obligations. If we take a moment to focus on Brazil, we know the following:

  • Mass protests took place during the Confederations Cup
  • Protests continue and are often violent with police clashing with activists
  • Government of Brazil has acknowledged concerns and has stated they will provide additional law enforcement and the army in a state of readiness to respond
  • Crime rate remains high, police continue favela pacification program, which has resulted in a spike in clashes
  • FIFA has expressed concern about the games
  • Brazilian fan was killed outside a stadium this week by rival fans; attacks outside of stadiums have increased recently
  • Traffic and transportation routes are extremely congested and accidents are quite common

Based on this information and potential risks it will be extremely important for companies who are sending business travelers to ensure they have adequate security measures and response plans in place.  In addition medical response and evacuation plans will also be an important consideration.

Ensure you understand your risks and develop the necessary plans and mitigation strategies to make sure your people are protected and meet your Duty of Care requirements.


Should I Stay or Should I Go Now

February 25th, 2014 Comments off

Brazil continues to produce a flood of information regarding the upcoming FIFA World Cup such as protests, stadium construction delays, FIFA threatening to pull events from host cities, traffic congestion as well as a high crime rate. Every major event comes with its share of issues and critics. This is to be expected. Brazil’s president has come out to reassure the world that it will be ready and the country will be safe. I always worry when politicians make predictions. The additional police and army support will certainly help. What is important to realize is that a certain segment of Brazil’s people do not want the country’s money being spent on hosting the games and would see rather funds directed at health care and education. These people along with social activists are hell bent on being disruptive as possible. Clashes during the Confederations Cup left a scene of carnage on international news. Buses set ablaze, clouds of tear gas and protesters clashing with police were on display everyday.

The key question is what will happen during the World Cup? What security measures should be considered and how much is enough. What do we need to do if we have to evacuate personnel and/or guests? Having a security plan is going to be critical. Your plan will need to be able to adapt to scenarios, which will change quickly. Waiting to book security drivers and vehicles until the last minute will most likely prove costly and could leave you with less than a desirable level of coverage. I recently spoke to a group planning to attend the World Cup. They had booked hotels and airfare and completed planning their event, (all of which required a deposit or full payment up front). When it came to security they wanted to take a wait and see approach and book as late as possible. I was somewhat surprised that security was not higher on their priority list. Some wonder should I stay or should I go.

  • LinkedIn
  • Twitter
  • YouTube