Fortunately, these types of attacks are still rare, but as MI5 British Intelligence chief Andrew Parker admitted in a recent, rare public speech, the UK terror threat is higher than at any time in the past 30 years. Most security experts agree that it’s not a case of if, but when the next attack occurs.
These tragic events, alongside the high-profile warnings, have led many businesses that once considered themselves low-level targets to reconsider their approach to security. But the challenge for those responsible for business resilience and security is: where to begin?
The wide-ranging nature of attacks makes the threat level really difficult to assess and the potential method of attack even harder to identify. Businesses could face everything from verbal or written threats, through to dangerous items sent through the post to direct cyber, property or personnel attacks.
So, in a business world where security awareness must be heightened, what questions should every organisation ask itself when considering business resilience and how to mitigate against acts of terrorism?
In times of heightened threat it is easy to get carried away by the rising tide of negative publicity. The first thing to rationally consider is just how at risk your business is to terrorist attack?
Your location alone can sometimes put the business at risk – for example if you’re in a high-profile location or public building.
The nature of your business – if there are political, religious or environmental connotations – can sometimes make you more prone to attack. All these aspects must be considered from an objective viewpoint to establish just how at risk the business is and where these attacks might come from.
Once you have understood the level of threat, it is important to identify the most likely types of terrorist attacks that could harm staff and/or customers and interrupt business. Remember, the most likely attacks are not necessarily the highest profile, tragic attacks.
Sometimes the most common attacks come in the form of infrastructure threats, such as Denial of Service attacks on your communications and internet connected systems. The National Cyber Security Centre recorded more than 500 ‘significant’ cyber attacks launched against computer systems in the UK within 12 months.
In total there have registered 1,131 IT threats since October 2016. Of those, 590 were classed as ‘significant’ with 30 serious enough to trigger a cross-government response. Victims include national institutions like the NHS, along with large and small businesses.
You must now establish the critical areas of the business that most require protection.
First consider your people and then property and infrastructure. Are there frontline staff or key personnel more likely to be under threat? Are their office, store or building locations that are natural targets for selection? What are the key functions, such as mailroom or communication systems, that are most vulnerable to attack?
Once a thorough assessment has been made, a strategy for detection and protection can be established for each vulnerable area. These areas are generally situated around how people and packages enter your building/venue.
The various security requirements can be wide-ranging. They can include:
And remember to build-in flexibility into your security solutions. The threats to your business are unlikely to remain fixed and it’s prudent to ensure that security arrangements are as versatile as possible.
For example, one fast growing area in security screening is the implementation of ferromagnetic search pole technology.
Unlike the fixed security walk-through arches seen at airports, these ferromagnetic search poles are highly versatile and can be easily moved, so you can have a fully operational security checkpoint in a matter of minutes.
The detectors can also be used externally and in all weathers, so you can establish a checkpoint outside your building/venue. This offers the flexibility to quickly set up fast screening for weapons such as guns and knives in any remote location, thus enabling the security team to effectively screen people before they even enter your establishment.
The use of fully rechargeable batteries makes these products an obvious answer to a fast-growing problem.
Todd Research’s mid-size TR15 cabinet scanner has a 1.44mᶟ chamber and meets the demands of most busy mail room situations
However, detailed your security plans, you cannot fully remove the threat of a costly, disruptive and tragic terrorist attack. As a result, businesses must have equally robust disaster recovery plans in place to ensure that the business is impacted for the minimum time possible.
These plans could involve back-up/co-locations being established quickly if a building becomes unusable or for IT and communication infrastructures to be mirrored, so that a connection can be quickly re-established in the event of an unforeseen outage.
Despite the rapid advances in detection technology, your staff are often the first line of defence and the best eyes and ears for the security of your business. To do their job well they must be trained properly.
Consider the appropriate level of training for your staff. Some may just require basic threat awareness training, whilst others will need detailed training on how to effectively use security technology at their disposal.
Only arrange training that is appropriately accredited and delivered by experts in their field from a recognised security training provider. Also ensure that training is regularly updated, as required, to keep up to date with new techniques and evolving threats.
Finally, ensure that your staff are regularly drilled and tested in their techniques to ensure that best practice is being implemented at every level.
To keep up to date with the latest actions on recommendations we highly recommend the use of the Citizen Aid app. This can be downloaded onto everyone’s personal mobile via Android and IoS.
The Citizen Aid app is designed to reduce the anxiety in making difficult decisions in unfamiliar and fast-moving situations. Simply follow the systematic, logical steps to do the right things in the right order.
Yes. Remember that security action taken against potential terror threats and for business resilience should, wherever possible, enhance and not stand in the way of business. Staff and customers are reassured when they see security steps being taken and implemented considerately.
Everyone in the business should be encouraged to participate. Public campaigns such as ‘See it, Say it, Sort it’ can have a positive impact.
And finally, remember that this type of security assessment and implementation is not something your business has to do alone. There are professional organisations that can assist with threat assessment, security implementation plans and training.
Your local police force and their CTSAs (counter terrorist security advisors) can offer up to the minute advice and plug your business into wider support and counter terrorism activities within your community.
The CPNI website offers excellent advice on counter terrorism for most business activities and business resilience. It also gives guidance on how to construct and implement business continuity plans in line with government and BSI guidelines.
All of these resources can help integrate your business-focused prevention activities into wider community prevention action.
