Saturday, January 26, 2002

FORUM: Christopher T. Marquet

Businesses look for ways to improve security

Copyright © 2002 Blethen Maine Newspapers Inc.

 

E-mail this story to a friend

 

 

The tragic and devastating attacks of Sept. 11 in New York City and Washington, D.C., have brought into sharp focus the omnipresent risk U.S. businesses and institutions face at home - including right here in Maine - as well as around the world.

The risk of additional terrorist attacks against U.S. interests in the immediate and foreseeable future is real. In recent years, the number of attacks against U.S. targets has been increasing and so has the severity of the attacks. Our nation and institutions need to be prepared for a prolonged struggle with terrorist groups bent on destroying our way of life and curtailing our freedoms in ways large and small.


ABOUT THE AUTHOR
Christopher T. Marquet is a New England-based expert in business intelligence and security consulting. He can be reached at (339) 225-0060 or by e-mail at marquet@rcn.com.
Want to write a guest column? E-mail your topic idea to business@pressherald.com.

To top of story

A survey of business executives, conducted by Kroll, Inc., at a series of presentations on security and terrorism last October in New York, Boston and Toronto, attempted to quantify the shift in priorities in the security area since the attacks.

Before Sept. 11, according to the survey, employee integrity and information protection were the top priorities. The executives surveyed now cite concern with emergency and business-resumption planning and physical security as their highest priorities. The shift in priorities is not surprising, but the magnitude is dramatic.

Among Kroll's findings:

  • Before Sept. 11, fewer than half of the executives surveyed rated themselves positively on the preparedness of their organization to handle security incidents. Now nearly 90 percent expect that to change within six months.

  • Before Sept. 11, only one-third of the respondents felt that emergency planning was important. Now that fraction is close to seven-eighths.

  • The number of respondents who cited that business-resumption planning is important has more than doubled since the attacks.

  • Finally, while only 40 percent identified physical security as a priority before Sept. 11, now nearly 90 percent have placed it as their highest priority.

    Nevertheless, organizations of all sizes and types are struggling with determining what exactly to do to protect themselves and their employees. Preparing for terrorist attacks, like those on Sept. 11, is a difficult undertaking. Unfortunately, this is complicated by the fact that terrorism is not the only risk facing organizations operating in the U.S. and abroad.

    Political instability, corruption, strikes and labor unrest, economic espionage, cyber-crime, organized crime, kidnapping and extortion, street crime, environmental problems, health risks, natural disasters and other risks remain corporate perils to avoid. It is essential that corporations understand their risks and take steps to mitigate and prepare for these potential pitfalls.

    Beyond the necessary governmental actions, which must continue to be swift, decisive, significant and sustained, what prudent steps can corporations and other organizations take themselves to mitigate international business risks, including terrorism?

    Integrated approach: A successful security program is the function of a tried-and-true regimen designed and implemented by a combination of upper-level executives. Internal communication and coordination must be effective, especially between legal, corporate travel, risk management, security, facilities and human resources departments.

    Update/develop and review crisis contingency plans: Every organization should have a crisis contingency plan. However, in our experience, many firms do not have plans and those that do leave them on the shelf. Dust off these plans, review and update them. They should be flexible and consider a wide range of scenarios.

    Who are the members of the crisis team? Have they been trained? Have the plans been tested? Are the appropriate external liaisons established with law enforcement, crisis experts and other local authorities? What other resources are available? Again, depending upon the assessed threats, crisis plans will vary.

    Conduct regular security audits: Another important action item is that organizations large and small should conduct an audit of their security policies and procedures. Such an audit should be conducted at least annually and focus on the adequacy of physical, electronic and information security.

    One common vulnerability is the effectiveness of entry/egress controls. How easy is it to enter your facilities as an outsider? Is the receptionist adequately trained? Are there adequate lighting, video monitoring, emergency call boxes and panic buttons?

    How well are your networks secured? Is there an established protocol to allow employees to report incidents or problems? How secure is the parking lot/garage? Based upon the location and level of perceived risks, each of these areas may require adjustments, improvements and upgrades.

    Overseas facilities, especially in higher risk countries, are still targets for anti-American attacks and may be at greater risk then domestic operations.

    Review/update travel policies and procedures: Many businesspeople are used to jumping on a plane at a moment's notice. Obviously, with increased airport security, travel within and to or from the U.S. has become a more arduous process. This is a necessary inconvenience as business travel resumes to fuller capacity.

    Consider restricting travel to higher risk countries. When appropriate, provide additional executive protection for employees traveling to these areas. Provide up-to-date travel intelligence bulletins to all business travelers to keep them informed about current events and potential security risks in the cities and countries of destination.

    Be sure to have adequate travel health/evacuation insurance as well as a travel assistance program in place. Consider providing expatriates and their families with additional personal security training and review the security of their homes.

    Monitor global geopolitical risks: As the war on terrorism enters its next phases, certain countries and regions are or may become high-risk places to operate for U.S. and Western companies. Reassess your overseas operations. Monitor the various country risks in which you operate with updated intelligence. Act on the shifting levels of threats in each jurisdiction by adjusting security and planning in real time. Once again, advise your clients to do the same.

    Screen your employees: Employee screening is one of the "best practices" for human resource departments in today's business world. Organizations that do not screen their employees run the risk of hiring individuals who may create problems, from embarrassment to violence to fraud.

    Organizations must have in place a consistent policy on pre-employment screening that complies with federal, state and local laws and regulatory requirements. Be sure you are comfortable with who your employees are, from the mailroom to the senior executives, and that you have checked and verified their backgrounds.

    Remain vigilant: The coming months will continue to be trying ones for Americans as we mourn our losses and deal with the emotional and physical aspects of moving ahead and returning our institutions to some sense of normalcy.

    The new "normalcy" will necessarily be different from the past. However, with persistence, vigilance and open eyes, the U.S. legal industry and organizations of all types will continue to succeed as models for the rest of the world.

    I do not advocate paranoia, but rather a healthy dose of attention paid to our surroundings. While it is impossible to absolutely prevent terrorist incidents from occurring, with some prudent steps, we can manage the risk and be prepared to respond.


    To top of page