Five Hidden Security Risks Resulting from Pandemic Response
Here's how to ensure that reactionary strategies to the pandemic don't have any adverse effect on building security.
In 1966, at his University of Cape Town address, Robert Kennedy said, “Like it or not, we live in interesting times. They are times of danger and uncertainty, but they are also the most creative.”
In 2020, shifts in environmental factors rapidly created new broad security challenges. The year began with the coronavirus response, which created significant challenges in how buildings are managed, operated, accessed, and egressed. The COVID response was reactive, and many protocols were done in haste, without consideration of their effects on security.
Security and resiliency factors are the combination of internal and external factors that directly or indirectly affect the likelihood of threats increasing— and by extension, the number of attempts seeking vulnerabilities, which allow access or compromise assets. A threat and vulnerability assessment process includes the identification and quantification of an unwanted event that may cause harm to individuals, assets, a system, organization or community. It begins with an evaluation of vulnerabilities or weakness in the protection scheme. These vulnerabilities can make an asset susceptible to a threat occurrence.
Realistic vulnerabilities should be the assessment focus with the goal of controlling a wide range of threats. Vulnerabilities are traditionally thought of as a lack of controls (architectural, technological, operational or cyber security). However, this article focuses on environmental variables and vulnerabilities that enhance existing vulnerabilities and birth new ones. In order to address threats, facility managers should keep the following five environmental security issues stemming from initial pandemic response in mind. They need to proactively review and maintain awareness of the following conditions, and include them in risk determinations.
1. Workplace violence
Regardless of the setting, we live in a culture that promotes instant gratification. Delays and social distancing initiatives to combat the pandemic can create strains on this social dynamic. Mask wearing, while commonplace, creates anonymity for both aggressive and criminal behavior — as exemplified by the spikes in carjackings. Some studies suggest limited social contact caused by mask wearing creates a dehumanization effect, which furthers the possibility of an escalation of violence.
In addition, social distancing policies have created new unstructured and remote termination procedures, which conflict with maintaining an individual’s dignity. Many unstructured terminations have not considered how to recuperate equipment and sever access to information technology networks.
Training or re-emphasizing training for receptionists, security staff, and managers in simple de-escalation tactics limits the opportunity for escalation, and assists with violence escalation management. This training may need to be specialized based on a variety of events as such hold-up and mental health crises. Training should also include ensuring staff knows where duress buttons are located and how to use them, and the response to an activation.
2. Work alone conditions
It is incumbent on building owners to consider safety and security for building staff, especially where low occupancies are expected. Work alone conditions include employees and staff contractors who may not have direct contact with a co-worker for extended periods of time. Social distancing enhances the possibility for work alone conditions. While work alone conditions are typically associated with workplace violence, there is the possibility of a medical emergency as well. Multi-tenant facilities should augment patrols into areas, which may now hold work alone characteristics because of limited pedestrian circulation and could be viable locations for an ambush or a medical emergency. These areas include, but are not limited to, parking facilities/lots, amenity, fitness areas, inter-circulation, emergency stairwells, freight, passenger elevators, exterior walking paths, and more.
With limited people in a building, there should be a renewed interest to know where they are, and who they are. This can be done through technology (visitor management or access control systems) or simple sign-in/sign-out forms. Many multi-tenant buildings use access control readers to identify access/egress to their facilities.
Security patrols limit the opportunity for illegitimate, aggressive tendencies through witness potential. A polished, uniformed presence, and dynamic and sporadic patrols, can be a significant deterrent factor to opportunistic and determined aggressors. This is especially important for organizations that own parking facilities because of the spikes in auto burglary and carjackings. Cameras and analytics can identify people ‘casing’ cars and looking for unlocked doors.
3. Emergency preparedness
Fire, medical, and armed assailant emergencies are still possible. Building emergency management typically uses a distributed approach to communicate and direct employees in an emergency. Many organizations may no longer be conducting emergency drills. Under these new conditions, those previously trained/volunteers for emergency/medical response may not be present in the building. In other instances, training for select staff members on simple first-aid and automatic external defibrillator (AED) use may be absent. Without these key staff members, employees may not know how to react and what to do in an emergency, such as where to muster.
Facility managers need to consider the reduced staffing, and account for modifications to the emergency response through training. Key to this will be the inventory of key response tools (AED, first aid equipment, fire extinguishers, etc.), identifying people who know how to use this equipment, and then educating others as required.
Once individuals begin to return to the office after a long period of working from home, facility managers need to inventory, audit, and re-educate individuals on fire, armed assailant, natural events, and other location specific events that may occur.
As we move further into 2021, we also need to consider renewing training regarding bomb threats, teaching assessment and response to these events. A cornerstone of this process is for those receiving bomb threat calls to know how to ask the who, what, where, why, and how questions of the caller and, ultimately, validate the threat.
The pandemic has given rise to another point of liability – the personal protected information of tenants, visitors, contractors, and employees. Information collected crosses the gambit, and can include medical, address, phone, date of birth, and contain multiple pieces of data towards assuming someone’s identity or releasing health information. This information was initially collected in writing and then subsequently digitally. While gathering information for contact tracing, we need to be mindful of other vulnerabilities that come from inadequate protections of private information in writing, or from a cyber perspective (data that is at rest or in transit) and data under the control by third parties.
One aspect of particular concern is biometrics. Facial recognition has taken front stage, while other biometrics (fingerprint) have created concerns. Facial recognition may have a place in security, however, the present, and likely elongated use of masks will make adoption of this technology more challenging.
Organizations should consider laws may regulate this technology now or in the future. Organizations should also be wary and mindful of claims on the technology’s absolute effectiveness with the use of masks. The reactive adoption of technology/biometrics may create more challenges than it solves.
We live in interesting times, and the need for resilience to rapid environmental factors must be taken into consideration. We should seek all resources to understand the potential for vulnerabilities, environmental challenges, and tools to make us more resilient.
Staying ahead of these challenges will begin with local relationships with law enforcement, Department of Homeland Security, protective security advisor (PSA), and first responders. However, we should also gain intelligence about environmental changes and vulnerability exploitation through Homeland Security Information Network (HSIN), InfraGard, tripwire, University of Maryland Start, Violence Project, and information resources as they emerge.
Sean A. Ahrens (firstname.lastname@example.org), CPP, FSyl, CSC, is a premises liability expert and a board of directors’ member with the International Association of Professional Security Consultants (IAPSC), Ahrens provides security consulting, assessment and security design solutions to its projects that reduce security exposures within domestic and international markets.