INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Campus Safety Magazine
Thermal imaging cameras equipped with onboard video analytics are capable of classifying human or vehicular perimeter intrusions, resulting in fewer false alarms.
The objective of security is to protect people, locations and assets, and for the threats organizations face daily, early detection of potential problems is crucial. Security staff and third-party monitoring providers rely on alerts generated by intrusion detection technologies as the lifeblood of security.
As helpful as these alerts can be, the unfortunate reality is they are often pain points. The number of false alerts from intrusion detection solutions can quickly become overwhelming for central station operators and law enforcement, especially for outdoor monitoring situations. Weather, animals, foliage and other factors can easily generate false positives.
The best approach to mitigate false alarms is to ensure accurate identification, which not only helps identify valid threats but also increases the effectiveness and efficiency of response. The sooner a response can be put into action, the more likely it is that an organization can mitigate or avert a potential risk.
Unfortunately, verification is another major pain point that creates significant challenges for organizations using many of the available intrusion detection technologies, delaying and hindering critical response.
With these issues in mind, it is important security professionals and end users properly evaluate and select technologies that will augment security by reducing the number of false alarms and increasing both detection and identification. This will help ensure responders are only dispatched for true alarms, maximizing resources and streamlining first response efforts.
A burgeoning means to reduce nuisance alarms through accurate intrusion classification and visual alarm assessment is the application of remote monitoring with thermal analytics. Read on to learn why thermal cameras, especially when combined with other security technologies, are fast becoming attractive options for installing security contractors and central stations.
There are a number of technologies typically deployed for intrusion detection, including visible light cameras and motion detection technologies like fence-mounted sensors, microwave and more. While each has its strengths, there are also a number of drawbacks to using any one of these solutions in a standalone capacity.
The main advantage of cameras that create images using visible light, such as conventional surveillance or IR-illuminated cameras, is the images they create are recognizable and easy to interpret. This familiarity makes them a more comfortable choice for end users. However, when it comes to detection, customers face a number of challenges.
The primary drawback to these cameras is their reliance on the amount of available light. In sunshine or a brightly lit scene, visible light cameras perform fairly well. But in shadows, at night or in another situation where lighting is less than ideal, objects can appear faint — if they appear at all.
Another limitation of these cameras is visual contrast. Because they capture only visible light, they can easily be fooled by visual camouflage or situations where similar patterns or colors blend together to obscure people and objects. Similarly, these cameras are also susceptible to being fooled by naturally occurring phenomena such as trees, shadows, animals and other factors.
Traditional motion detection technologies like microwave, radar, fence-mounted sensors and radio-frequency identification (RFID) often fare quite well for detecting potential intrusion. However, as standalone solutions, they are essentially blind compared to surveillance cameras.
For example, when a motion sensor is tripped, security personnel would still require additional information to assess the nature of the alarm, determine whether it is valid, and plan an appropriate response. Without a visual of the scene, there simply is no way to know whether motion on a fence is an intruder, an animal or a tree branch.
Another notable perimeter application technology increasingly deployed across all sectors is thermal imaging. By utilizing thermal cameras, facilities can detect intruders from greater distances regardless of light and environmental factors, giving security forces more time to react and respond.
The reason for this is that thermal imaging cameras don’t suffer the same problems as visible light, IR-illuminated cameras and motion-detection solutions. Thermal cameras clearly “see” the invisible heat that radiates from everything we encounter in our daily lives, creating images from these heat signatures.
This allows thermal imaging to provide clear visuals in complete darkness. And because thermal radiation can penetrate visible barriers like smoke, dust, fog and other phenomena, thermal imaging is largely immune to their presence. For these reasons, thermal imaging is one of the most effective 24/7 surveillance technologies available today.
For example, an intruder located in a densely wooded area would be difficult to detect using a visible light or IR-illuminated camera. With a thermal imaging camera, on the other hand, the person would be clearly visible because of their heat signature.
Thermal security cameras let people see what their eyes can’t: invisible heat radiation either emitted or reflected by all objects, regardless of lighting conditions. Because they see heat, not light, thermal cameras are effective tools in any security setting. They can easily detect intruders and other potential hazards in any weather, as well as day and night.
See Original Post
Reposted from The Guardian
The Vatican Museums are considering putting a cap on visitor numbers amid fears among tour guides that overcrowding could provoke a stampede unless security policy is changed.
The museums, a sprawling structure of 54 galleries containing a vast collection of treasures gathered by pontiffs over the centuries, draw in more than 6 million people a year. But unlike other major Rome landmarks, such as the Colosseum, they currently have no daily limit on visitors.
Speaking to the Guardian on condition of anonymity, tour guides claimed that at least 10 visitors fainted each day as slow-moving crowds filed through the long and narrow corridor that leads to the most popular attraction, the Sistine Chapel, while others have suffered injuries and panic attacks. One visitor was saved by a guard after having a heart attack in February.
The tour guides, who each pay €250 a year for a licence to work there, say conditions are most perilous during peak summer season, when visitor numbers can swell to more than 30,000 a day and temperatures reach as high as 40C. Only the Sistine Chapel has air conditioning.
The building contains a number of emergency exits, but there are only two along the mile-long Sistine Chapel passageway – one at either end.
“The situation is slowly getting back to normal as the high season is over, but from March to October, it is hellish,” said one of the guides.
“Safety is the main problem, because when inside you feel completely trapped, you can barely see your feet. Crowds are one of the most dangerous things; look at what happened in Mecca. It might never happen at the Vatican, but then again it might. That’s what scares me.”
About 3,000 guides work at the museums. Another said she fainted last year and broke her foot. “It’s dangerous for the tourists, for the patrimony and for us,” she added. The same guide looked into suing the Vatican, but lawyers told her it was impossible due to the state having its own set of rules surrounding building security.
In response to the claims, Barbara Jatta, who Pope Francis appointed as director of the museums in late 2016, told the Guardian: “Together with the Vatican governorate, we are strongly working towards fixing the right number from 2019.”
Jatta added that a Spanish firm had been hired to improve the ticketing system and security measures, while work on extending air conditioning to the Raphael Rooms and Borgia Apartments would begin in November. There are also plans to open a second entrance to ease congestion and to extend opening hours on the busiest days of the year. An extra 20 custodians have been hired, enabling previously closed-off galleries to open, while tour guides receive training, with the emphasis on them steering their customers towards lesser-known parts of the complex, such as the Gregorian Etruscan Museum, which will be reachable by elevator from Christmas.
“There are seven miles of corridors – I would advise the guides to take people somewhere instead of the Sistine Chapel,” said Jatta.
But this is the first hint of the Vatican governorate showing serious signs of limiting the number of visitors to its biggest earner. The museums bring in an estimated €100m (£88m) a year, of which half goes to the Vatican state.
The museums also represent the Catholic faith, and the church has in the past been reluctant to close the door to pilgrims who may have traveled to Rome from poorer countries on a once-in-a-lifetime trip, but without booking tickets in advance online. A regular ticket costs €17-€20, while a guided tour that lasts three to four hours is around €70. Private tours can be taken an hour before the museum opens for around €400 per person.
Museum custodians have also complained about safety conditions, writing a letter expressing their concerns to the Vatican’s governorate in 2016.
“They were reprimanded,” said a source at a tourism association in Rome. “At the Vatican Museums the problem is scandalous, but it’s not like situations in Italy where one can protest. We have asked several times for things to change, but they say they have their rules, and so they decide.”
Visitor numbers rose rapidly from 2011 alongside the growth in mass tourism. Antonio Paolucci, the previous director, determined 6 million a year as the upper limit and suggested a cap if the situation became intolerable.
Jatta recognises the huge challenge of ensuring a safe and enjoyable experience for all and protecting the art works from the dust, humidity and perspiration that comes with millions of visitors a year, but also the difficulty of improving conditions in a centuries-old building.
“I understand how difficult it is for tour guides but all our efforts are focused on giving them the best [conditions] in the museums, as it’s also in my interest that they work well and securely,” she said. “We are strongly working towards this.”
Reposted from MIT News
On March 22, the city of Atlanta was hit by cyberattackers who locked city-wide systems and demanded a bitcoin ransom. Many city systems still have not recovered, and the cost to taxpayers may have reached as high as $17 million.
Also in March, the U.S. Department of Justice indicted nine Iranian hackers over an alleged spree of attacks on more than 300 universities in the United States and abroad. The hackers stole 31 terabytes of data, estimated to be worth $3 billion in intellectual property.
And recently engineers at Facebook detected the biggest security breach in Facebook's history. It took the company 11 days to stop it.
The FBI reports that more than 4,000 ransomware attacks occur daily. Large private sector companies routinely grapple with cybersecurity and fending off cybercrime, and corporate security isn't getting better fast enough. Cyber risk has emerged as a significant threat to the financial system: A recent IMF study suggests that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, potentially threatening financial stability. Hacker attacks on critical infrastructure are already alarming, and the security of our cyber-physical infrastructure — the computer-controlled facilities that produce and deliver our energy, water, and communications, for example — are dangerously exposed.
This imminent danger is the subject of study by Stuart Madnick, founding director of the Cybersecurity at MIT Sloan Initiative. In a recent article for The Wall Street Journal, Madnick warned of weakest link in the defense against cyberattacks: people.
“Too many companies are making it easy for the attackers to succeed,” Madnick writes. “An analogy that I often use is this: You can get a stronger lock for your door, but if you are still leaving the key under your mat, are you really any more secure?”
In today’s landscape of escalating cybercrime, resiliency calls for a new kind of leadership and cybersafe culture, requiring the active engagement of both technical and non-technical management. This holistic approach is all the more urgent given the shortage of cybersecurity personnel; in the U.S. alone, 1 to 2 million cyber security analyst roles will go unfilled this year. This holistic approach is the focus of a new MIT Sloan Executive Education program taught by Stuart Madnick and his colleagues Keri Pearlson and Michael Seigel: Cybersecurity Leadership for Non-Technical Executives.
Cybersecurity issues are not purely a technology problem — they are multi-headed hydras that need to be addressed with a multi-disciplinary approach. This timely new program provides general managers with frameworks and best practices for managing cybersecurity-related risk. It also addresses the element common among many of the attacks that strike organizations every day — in particular, attacks that start as phishing or “spearphishing” emails. They rely on people falling for them.
“Such gullibility … is the result of a cyberculture where people are willing to share all kinds of information and try new things all the time,” writes Madnick in his recent WSJ article. “There are lots of good things about that, but also much that is dangerous. So now is the time for companies and institutions to change that culture. It won’t be easy, and it will take some time. But it’s crucial if we want our companies and information to be safe from cybertheft. We have to start now, and we have to do it right.”
The first session of Cybersecurity Leadership for Non-Technical Executives will occur Nov. 6-7.. The program will be offered again in April and July of 2019.
Reposted from Associations Now
No organization wants to imagine a scenario where its staff are threatened by violence, but it’s important to be prepared. Here are a few security measures associations can take to reduce risk at the workplace.
Along with fire and tornado drills, students now participate in lock-down drills at their schools, where they practice huddling together quietly, away from doors and windows, in the event of an active shooter emergency.
To be honest, it’s always a little unnerving to hear my children talk about those drills, but I remind myself practice helps keep them safe.
Like schools, workplaces should also be helping their employees prepare for emergency situations. For example, CNN’s New York City offices were evacuated yesterday after the cable network received a suspicious package.
“There’s no way to eliminate risk; there’s no way to eliminate any type of security breach,” said Jon Olmstead, co-head of the nonprofit and association practice group at commercial real estate services company Cushman & Wakefield. However, according to Olmstead, associations can mitigate risk by ensuring their buildings are equipped with certain security measures.
An association might have different security needs depending on where its office is located. For instance, Olmstead said that organizations are choosing to move from high-priced rent areas in Chicago, New York, and Washington, DC, to older buildings outside big cities, where there might be less of a police presence and fewer security amenities in the buildings themselves.
At a minimum, associations should ensure that access to the office is controlled with key cards, Olmstead said. Another measure is an office panic button, which can be installed at the reception desk or in other areas to alert the police of a dangerous situation. Some panic buttons can also trigger certain office doors to close, ensuring that the employees within those closed-off areas are safe. Ensuring that building lobbies and other common areas are monitored with security cameras is another smart move.
There are other things to consider as well, said Olmstead. If your association is moving into a building with other tenants, it’s wise to learn as much as you can about them. For instance, if another tenant represents a controversial issue, it could be worth considering a different space in a different building to mitigate any bystander risk that comes from working beside that organization. It’s also crucial to ensure your association is on the same wavelength with its landlord when it comes to security. “But, on the flip-side, those tenants could move out or a tenant could move in that has an issue that you can’t control,” Olmstead said. “Or a building is sold, and you have a new landlord with a different perspective and attitude toward security, so it’s about being prepared and safeguarding as much as you can.”
What security measures has your association taken to ensure staff safety?
Reposted from the Associated Press
Their anger is all over social media for the whole world to see, with rants about minorities, relationships gone bad or paranoid delusions about perceived slights.
The perpetrators of mass shootings often provide a treasure trove of insight into their violent tendencies, but the information is not always seen by law enforcement until after the violence is carried out. In addition, rants and hate speech rarely factor into whether someone passes a background check to buy guns.
The massacre at a Pittsburgh synagogue, the pipe bombing attempts from last week and the Florida high school shooting this year have underscored the dilemma of law enforcement around the country in assessing the risk of people making online rants at a time when social media has become so ubiquitous.
“We can go out on Twitter and there are loads of people saying insane stuff, but how do you know which is the one person? It’s always easy after the fact, to go: ‘That was clear.’ But clearly everyone spouting their mouth doesn’t go and shoot up a synagogue,” said David Chipman, a retired agent of the federal Bureau of Alcohol, Tobacco, Firearms and Explosives and now senior policy adviser for the Giffords Center.
Robert Bowers, the man accused of opening fire at a synagogue in Pittsburgh, expressed virulently anti-Semitic views on a social media site called Gab, according to an Associated Press review of an archived version of the posts made under his name. The cover photo for his account featured a neo-Nazi symbol, and his recent posts included a photo of a fiery oven like those used in Nazi concentration camps during World War II. Other posts referenced false conspiracy theories suggesting the Holocaust was a hoax.
It was only just before the shooting that the poster believed to be Bowers seemed to cross the line, posting: “I can’t sit by and watch my people get slaughtered. Screw your optics, I’m going in.” Authorities say Bower killed 11 people and injured six others, including four officers who responded.
Keeping tabs on social media posts has been used for years by law enforcement to try to identify potential threats. The task is enormous and it’s an inexact science. The volume of posts is significant and the question arises: Is something a true threat or free speech?
They are mindful of the fact that the First Amendment protects Americans’ right to express even speech that many in society find abhorrent — and have to make often-subjective decisions about what crosses the line.
Among more than 550 police departments across the country surveyed several years ago by the International Association of Chiefs of Police, about three-quarters said they regularly searched social media for potential threats.
Lt. Chris Cook, spokesman for the Arlington, Texas, Police Department, said the searches are often done manually, using keywords to try to identify troubling posts.
“It’s very time consuming, it’s very staff and resource intensive and you have humans involved in the process so there is the potential that law enforcement can miss something,” Cook said, adding that departments can’t rely on social media alone. The community needs to be involved to report any suspicious behavior.
“Everyone has to be our extra eyes and ears out there,” he said.
In one case where vigilance paid off, authorities say a black woman received troubling racist, harassing messages on Facebook from a man she didn’t know, prompting her to call police. The tip from the New Jersey woman led Kentucky police to a home where they found Dylan Jarrell with a firearm, more than 200 rounds of ammunition, a bulletproof vest, a 100-round high-capacity magazine and a “detailed plan of attack.” He was arrested just as he was leaving his driveway.
Bowers is not alone among alleged mass shooters in making racist or bigoted comments online.
Dylann Roof, convicted of the 2015 slaying of nine black churchgoers in South Carolina, had posted a 2,000-word racist rant and posed in photos with firearms and the Confederate flag. Nikolas Cruz, the teenager charged in the slaying of 17 students and adults at a high school in Parkland, Florida, hurled online slurs against blacks and Muslims, and went so far as to state he wanted to be a “professional school shooter.”
The rants did not affect their ability to buy guns. When purchasing a firearm, criminal background checks only look for any records showing a criminal past or mental health problems that led to an involuntary commitment.
“I always felt as an ATF agent, the way our laws were structured, ATF stood for ‘After the Fact’,” Chipman said.
There have been some changes, however, to make it easier to alert authorities to warning signs. “Red flag” laws have been enacted in 13 states in the past couple of years, allowing relatives or law enforcement with concerns about a person’s mental health to go to court and seek to have firearms removed at least temporarily.
But Erich Pratt, executive director of Gun Owners of America, cautioned against using social media content to deny someone the constitutional right to own a firearm.
“I abhor hateful comments by the left or the right but I don’t think you lose your rights for simply uttering,” Pratt said.
He likened it to the Tom Cruise movie “Minority Report,” about law enforcement in the future using psychic technology to nab murderers before they commit a crime.
“It’s dangerous to go down this road of Minority Report with pre-crime,” he said. “Nobody should lose their rights without due process.”
Reposted from Computer Business Review
“Organizations are increasingly adopting the zero-trust approach, whereby only trusted users and devices can access sensitive and restricted files and applications”
For the last two decades, most enterprises have relied on an outward-looking approach to security with a strong corporate firewall to prevent external intruders from entering the network. However, with staff increasingly working outside the standard enterprise perimeter, security has become much more complicated: firewall-centric strategies are at risk of being overrun by attackers who can evade defenses without raising the alarm and cause serious damage once they are inside.
The post-perimeter era requires a new approach in which ‘zero-trust’ is the foundation of security. It’s a model which gives workers more flexibility regarding when and where they log on, but also means that security departments can retain control by verifying everything – and everyone – that tries to connect to systems, before granting access.
The boom in remote and more flexible working practices has been powered by increasingly accessible and affordable cloud applications and mobile devices. Even a modest IT budget can incorporate multiple cloud services that will enable workers to access vital files and applications from anywhere in the world and, indeed, it is not unusual for new businesses to be entirely cloud-based.
With staff now potentially just as productive in a coffee-shop between meetings halfway around the world as they are at their desk, the new remote working paradigm is delivering powerful business benefits. However, it has also made perimeter-based security even more untenable; an attacker using stolen login credentials, or a compromised machine, could easily slip through the net and organisations who are unable to differentiate friend from foe will be left wide open to a serious breach.
The degree to which working practices are changing was evident in the 2018 Duo Trusted Access Report, which analysed data from nearly 11m devices and a half a billion logins per month. The report found that 43 percent of requests to access protected apps and data now come from outside the office and network. Between 2017 and 2018 there was a 10 percent increase in the average number of unique networks that customers and enterprise organisations are authenticating from, representing the fact that more work is being conducted from potentially unsecured Wi-Fi networks.
The threat of a security breach is exacerbated by poor security practices for mobile devices connecting to the corporate network. In particular, our research found that a massive 90 percent of Android devices analysed were running outdated operating systems, followed closely by 85 percent of Chrome OS devices.
A device that has fallen behind on security patches and OS updates represents an easy target for a hacker, who can go on to use a compromised device to spread their attack to the enterprise network. The intruder can also raid the device itself for login credentials, a serious threat as weak and compromised credentials are one of the leading causes of serious security incidents. Any confidential data on the machine, connected corporate network and cloud-based applications can also be stolen or manipulated with impunity.
With the old perimeter security wall crumbling, it is no longer safe to trust a user simply because they are inside the network. Instead, organisations are increasingly adopting the zero-trust approach, whereby only trusted users and devices can access sensitive and restricted files and applications. Users who cannot prove their identity or the health of their device to a sufficient degree will not be granted access, regardless of whether their request is coming from a presumably trusted location.
Verifying user identity can be achieved through measures such as two-factor authentication, which will prevent an attacker impersonating a legitimate user with stolen credentials. Alongside this, the device must be running current OS updates and security patches and must be free of any malware.
Zero-trust security is best managed with a risk-based approach which revises access requirements based on the potential risk to the business, and external factors that point to suspicious behavior. If a user is logging in from a well-patched, corporate managed device to a work application, they are provided full access without any additional steps. However, if the same user is logging in from an out-of-date personal device, they are required to further prove their identity or are provided limited access.
This process need not be onerous for the user. The flexibility provided by a risk-based approach means an organisation can implement a zero-trust strategy without creating unnecessary barriers for legitimate users that will prevent them from getting on with their jobs as quickly and easily as if they were in the office.
While the age of the traditional perimeter may be at an end, organisations can still protect themselves from attackers by using a zero-trust approach to ensure that only genuine, trusted users are guaranteed access to the network.
Reposted from the Hill
Two separate studies found a notable increase in anti-Semitic images and other posts on Twitter and Instagram over the past year, despite content policies on both platforms supposedly banning hateful content against minority groups.
A study released Friday by the Anti-Defamation League (ADL), an organization that tracks anti-Jewish sentiment, reported the existence of “online propaganda offensives” containing anti-Semitic content designed to intimidate Jewish people and Jewish journalists ahead of the 2018 midterms.
The study also names social media platforms such as Twitter as "key facilitators" of "anti-Semitic harassment."
“The themes of this online harassment against the Jewish American community, especially against journalists and prominent members of this group, have been carried from the 2016 presidential election to the 2018 midterm content,” ADL fellow and Harvard scholar Samuel Woodley wrote in the study.
Nearly 30 percent of the more than 7.5 million tweets analyzed were revealed to be from "bots," or automated accounts, designed to push anti-Semitic content which researchers agreed was “worse on Twitter than on Facebook," according to the ADL.
“Online hate is not some idle threat that just lives online and can be ignored. Technology companies need to work harder and faster to curb the vicious violence-inducing harassment on their platforms,” the ADL's CEO Jonathan Greenblatt said in a news release.
A separate study from Columbia University professor Jonathan Albright found Instagram searches for "George Soros," a Jewish American billionaire Democratic mega-donor turned up impostor accounts often containing anti-Semitic smears of the businessman, according to NBC News. Similar images and posts could be found by searching "#Soros" on the platform.
“What was shocking to me for this Soros tag were the nature of the images and the prevalence of hate speech in the captions,” Albright told NBC News. “Especially this close to the 2018 election, and in spite of what happened last time around.”
On Twitter, Albright suggested solutions the tech platform could follow to cut down on anti-Semitic content.
"My recommendation to @Instagram: shut these hashtags down. Seriously," he wrote. "[A]nd please, for once, stop autofilling and suggesting queries for controversial topics."
In a statement to NBC, Instagram said it was reviewing Albright's findings but said the company had not noticed a noticeable increase in prohibited posts related to Soros.
"We are working closely with Facebook to understand the false content they are seeing, and applying those insights to Instagram to detect any policy-violating behavior. Any content which violates our Community Guidelines, for example hate speech, will be removed," an Instagram spokesperson told NBC.
Reposted from Metro UK
Works of art by Salvador Dali and Francisco Goya were said to have been damaged as the temporary structure fell. One visitor to the exhibition in the city of Yekaterinburg in Russia’s Sverdlovsk Oblast region can be seen having to jump out of the way.
Read more: https://metro.co.uk/2018/11/02/selfie-taking-museum-visitors-damage-valuable-works-of-art-after-wall-collapses-8098990/?ito=cbshare
Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/
Museum bosses say a group of four girls taking selfies behind the wall were to blame for the accident. Both paintings have reportedly been sent off to be examined by experts in or to determine how badly they were damaged. Museum workers said the frame and glass on the work by Goya were smashed while Dali’s actual picture suffered damage.
The works were on display in the ‘Caprichos’ exhibition featuring works from surrealist painter Dali and Spanish romantic painter Francisco Goya. A police investigation has been launched into the incident but no arrests have been reported. The names of the pieces and their value has also not yet been released
The startling scene was caught on a security camera, where one female visitor walks up to the wall moments before it falls. A shocked woman can be seen behind the wall. A museum employee told local media that a group of female visitors had not been behaving appropriately and this had caused the damage. They said: ‘A group of girls – there were four of them – behaved inadequately.
‘As a result, they damaged two works of art, which were on display in a tandem: pictures by Francisco Goya and Salvador Dali. ‘Goya’s work had its frame and glass broken. ‘As far as Dali’s artwork is concerned, apart from shattered frame and protective glass, it also suffered damage to the picture itself.’ The exhibition is still open.
Reposted from Security Management Magazine
While the events of September 11, 2001, are ingrained in the hearts and minds of people around the world, many may not realize they were the impetus for one of the most wide-ranging security awareness programs ever to be implemented.
Coined by a Manhattan advertising executive, the phrase "See Something, Say Something" would become the tagline of a U.S. Department of Homeland Security awareness campaign. Through various program materials from the U.S. government, the campaign sought to empower everyday citizens to protect their neighbors and communities by recognizing and reporting suspicious behavior.
Today, See Something, Say Something is established throughout much of the United States and even other countries, revealing itself in virtually every public corner, from mass transit systems to sports stadiums.
Much like this campaign, corporate security officers should establish a security awareness program within their organizations as part of a holistic physical security model. These programs are designed to promote a secure work setting and protect the company's assets.
But whereas See Something, Say Something was born out of a national sense of purpose following a grave tragedy—ultimately garnering significant financial support and public enthusiasm—security executives who want to build a security awareness program must do so organically.
BUILDING BLOCKS
The successful implementation of a security awareness program is, by nature, a complex process that encompasses many aspects of program development, collaboration, communications, and branding, all with the goal of instilling and sustaining a security consciousness within the organization.
So how do security leaders use company culture and existing security policies and procedures to organically develop a security awareness program? Examples of program models at General Motors Financial Company (GM Financial), ESPN, and Capital One, established with the help of the author, demonstrate the success of a corporate security awareness model through effective marketing and messaging, employee recognition, leveraging of partnerships, and buy-in from company executives.
Program scope. Clearly defining the scope and purpose of the security awareness program is the first step towards effectively shaping it. At GM Financial, this process began by promoting the concept that security is a shared responsibility, and that each team member, regardless of title or position, had an important role to play in keeping GM Financial facilities safe and secure.
The scope of the program—branded as "Ready.Set.Safe!"—sought to create a culture of awareness and preparedness that transcended the more common security concerns, and included several aspects of emergency preparedness—fire and life safety, active shooter awareness, severe weather response, and more—to drive both a heightened readiness for emergent events and a strong safety culture.
Communications and marketing. A successful messaging strategy for a security awareness program is essential, as is providing frequent campaign reminders for employees. This requires leveraging the expertise of the corporate communications and marketing group within the organization. These departments can lend invaluable support towards messaging development and branding components, and they can employ a variety of creative messaging tools to promote security awareness programming in a strategic and effective way.
At GM Financial, a variety of messaging platforms were developed that could be embedded into the natural flow of the employees' workday. This included use of the company intranet (articles, banners, and rotating message carousels); digital message display boards throughout employee work areas; static signage at facility entrances, cafeterias and high-traffic areas; and pop-up banners. Portable signs can also be deployed at company events, town halls, and other outside events.
Branded giveaway items with useful business applications, such as mouse pads or pens, ensure that the Ready.Set.Safe! messaging is within view throughout the day. These giveaways have proven popular at HR fairs and other company events where corporate security representatives want to promote security awareness.
EMPLOYEE INVOLVEMENT
Raising security awareness among team members often requires a cultural shift in organizational thinking and employee behavior. An effective security awareness program must be supported by an equally effective company security model that team members are confident in.
This confidence must exist within all tiers of the organization—from the executive boardroom to the individual contributor level—for a true security culture to take root. At GM Financial, it is this alignment that enabled an effective and comprehensive security awareness program to become embedded within the organizational mindset.
New hires are exposed to the company's security and safety culture on their first day during orientation, as corporate security team members present an overview of the department's responsibilities and introduce new employees to the Ready.Set.Safe! program. The issuance of the employee photo ID/access badge during the onboarding process gives the corporate security team an additional opportunity to promote a safe facility culture by interfacing directly with the new hire.
A joint launch. At ESPN, a global multimedia sports entertainment programming company where the author served as director of facility security, a similar approach was used to develop and successfully launch its security awareness program, "Community Watch." This program, part of a larger enterprise-wide security awareness effort by parent-organization The Walt Disney Company, is a successful example of a contemporary security awareness platform with clear value proposition throughout the organization. The company's security organization successfully partnered with its creative designers, corporate communications team, human resources, and other business units to develop a multifaceted security awareness program.
ESPN sponsored a "Security and Safety Awareness Day" at its headquarters campus, which featured public safety partners from law enforcement, fire, and paramedic agencies on hand to promote security and safety best practices. The annual event was attended by hundreds of company employees and received positive feedback.
The information promoted at this event—including fire safety, cybersecurity, severe weather safety, driving safety, and several other safety-related topics—could also be used by team members in their homes and personal environments.
Ease of reporting. When security incidents occur, or suspicious activity arises, it must be reported in a timely manner. Providing an easy means by which team members can communicate and report these threats and potential threats is essential. At GM Financial, the global security operations center (GSOC) serves as the central communications hub and primary reporting point for team member security concerns on a 24/7 basis.
Working with the telecommunications group, corporate security acquired a unique, easy-to-remember telephone number for employees to use to contact the GSOC. All employees can dial 4-GSOC from their desk phones for direct connection to a GSOC specialist from any U.S.-based GM Financial location. Employees are also encouraged to program the seven-digit GSOC telephone number into their personal phones to contact the GSOC directly, should the need arise, when they are in company parking areas or on company property.
Recognition programs. Acknowledging team members who help promote the security awareness program helps reinforce the importance of a security culture. At Capital One Financial Corporation (where the author served as director of regional security operations for the company's northeast U.S. and Canadian markets), the organization's "Be Safe" program formally recognized team members for their actions and reporting to help protect company assets. These team members were presented with a plaque by the regional director of security and their local business leadership team. The award presentations were published in an article on the company's intranet site, further demonstrating the value placed on workplace safety and security by the company.
One unique program component at ESPN featured an interactive sports-themed contest where employees demonstrated how well they knew their coworkers. Participation in the contest, which was possible via the company's intranet, required the employee to first review a security awareness message. Winners were selected monthly, presented with Community Watch branded giveaway items by the director of security, and featured in the following month's contest, posted as an article link on the company's intranet site.
Company initiatives. The growth and sustainability of any program relies upon leveraging existing security initiatives within the organization. At GM Financial, the corporate security organization also oversees the company's emergency response team. Approximately 900 team members from across the enterprise are trained to serve as volunteer first responders to medical and other workplace emergencies.
These dedicated team members are natural stakeholders of the security awareness program and demonstrate the company's commitment to employee safety. Their work aligns with the "Secure Facility" initiative, the most recently launched component of the Ready.Set.Safe! program.
GM Financial has certain security policies it has chosen to highlight with colorful posters. An anti-piggybacking initiative was established to ensure that unauthorized individuals do not follow employees into the workplace after they introduce their credentials at the door. A billboard-like poster that reminds team members of this campaign marks another example where effective communications strategies have been developed and employed.
Another component of GM Financial's security awareness program is the company's active shooter awareness training. Each year, all team members complete a structured learning module via the company's learning management platform. The module includes a video that presents options for consideration during an active shooter event, as well as a knowledge assessment. The learning module is supplemented by awareness messaging material, displayed in common areas such as employee break rooms, and a virtual quick reference guide. Tabletop exercises and train-the-trainer sessions for emergency preparedness coordinators have also been developed. These sessions include awareness tips on how to recognize and report potential workplace violence situations.
Cultural differences. While there are best practices that should be considered when implementing a security awareness program, each company has a unique organizational culture and operating environments that play a central role in determining how the program can be effectively established. Corporations that operate internationally can be presented with additional cultural factors that should be thoughtfully considered before implementing a security awareness program in these environments.
For example, some countries may experience low crime rates within their societies and may view security awareness programming as unnecessary, while others may view the reporting of suspicious behavior to be socially improper for their culture, akin to snitching. It is important that senior security executives understand and appreciate cultural differences, and that proposed security awareness programming is discussed with business leadership in these operating environments.
When developing messaging materials and translating them, language differences should be considered. Use of phrases that are common or well understood in one language may translate awkwardly into another language, causing confusion or alarm. The company's communications group can help to ensure that messaging is culturally appropriate in its translated form.
Holistic model. Creating and implementing an effective security awareness program in a large corporation requires a holistic approach that must complement the company's security model and align with the company's culture. Colorful posters and creative messaging materials will do little to engender security awareness if they are not supported by the security organization's ability to respond to and address security concerns in a professional, timely, effective manner. The security organization must enjoy the confidence of employees at all levels to ensure that the awareness program achieves credibility and its intended purpose.
Examples of how such programs at GM Financial, ESPN, and Capital One were successfully implemented show that the model works across various types of enterprises. Obtaining executive support and partnership with key business stakeholders will help achieve buy-in for the programming. Creativity should be added into awareness efforts, and the security culture must be engaging for team members, because most will want to participate in an environment that is both enjoyable and purposeful. Fostering an environment where the concept of security is viewed as a shared responsibility is central to achieving the cultural shift, one in which employees view themselves as owners and stakeholders in the security program.
Reposted from Ruidoso News
The Antique Tribal Art Dealers Association, ATADA, the nation’s largest tribal art dealer organization, announced its support of House Resolution 7075, the Native American and Native Hawaiian Cultural Heritage Protection Act of 2018, introduced last week by Congressman Steve Pearce of New Mexico’s 2nd congressional district.
The release stated that association officials appreciate the spirit of cooperation and compromise shown by all parties throughout this process. Pearce demonstrated exceptional leadership and judgement in listening to the concerns of all and crafting legislation that is balanced and properly addresses the tribes’ valid claims while recognizing the importance of a vibrant art market to New Mexico’s economy, they said.
The bill reaffirms the law and places the focus on stopping illegal trade. It will require accurate documentation of exports and provide assurance to tribes that objects obtained in violation of United States law will not cross the nation's borders, or if they do, they will be recoverable under U.S. and foreign law. The bill also puts in place a system to facilitate legal exports.
"We are proud that the principles of ATADA’s Voluntary Returns program, which brings important items of religious and ceremonial use back to the tribes, have inspired a similar federal program, and that this bill enables tax deductible donations to broaden its appeal," the release stated.
The bill recognizes that Native American art has been collected for over a century, and that it holds pride of place in American museums and private collections. The bill also recognizes that tens of thousands of small U.S. businesses and tribal enterprises are dependent on the legal trade in Native American art and antiques. A lawful trade will continue to encourage international and domestic cultural tourism to the New Mexico and the Southwest, which supports hundreds of thousands of jobs and makes up at least 10 percent of New Mexico’s economy, the release stated
Association officials said they look forward to participating in the working groups established by the bill to ensure that its provisions are fairly and reasonably applied.
ATADA is an association of tribal arts dealers and collectors dedicated to establishing and maintaining the highest standards of ethics, integrity and responsible collecting practices.
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 1999 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us