INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Security Management Magazine
What do a sweet transvestite from transsexual Transylvania, a chief HR executive with diarrhea, and cannabis-induced psychosis have in common with having a great workplace security culture?
Connection.
Fortune may favor the brave, but it also favors the compassionate, empathetic, humble, engaging, perceptive, innovative, and trusted business expert and security partner.
Building a sustained security culture starts with the security leader’s ability to emotionally connect, engage, and partner with people at all levels of the organization, from the C-suite to the third-shift frontline associate. Without those abovementioned traits, asking leaders and employees to understand and embrace a security culture can backfire, and your efforts to build a culture will either fail or be insufficient, resulting in a long-term impact on your credibility.
Connection is a full-time occupation, however, and security leaders cannot take it lightly.
Imagine that you’re traveling to a site to do a pending security assessment and other projects. You put in a full day in the office on Monday and plan for an evening flight to the site. You happen to wear a light jacket with your company logo on it to the airport. While sitting at the gate waiting for your plane to board, you notice two people also with your company logos on their backpacks and sweaters, and by coincidence you make eye contact with one of them. What do you do?
The next morning you’re having breakfast at the hotel. You recognize a different colleague from the legal department, but you have never met in person. What do you do?
You pull up to the site’s parking lot and you run into two employees walking in together talking about the Monday night football game. What do you do?
Another employee scans her badge and opens the main door to enter. She turns and looks at you and your ID badge as you swipe the badge reader. What do you do?
As you approach the sign-in desk, you pass an adjacent side-hall entrance, and you look to your left and see a joyous-looking janitor sweeping next to a planted tree. What do you say?
At the desk the receptionist says, "Good morning, may I help you?" What do you say?
Every interaction represents an opportunity to build your personal brand and security culture. You have the precious opportunity to make someone feel good about themselves if you know how to do it, and if it’s part of your DNA.
Now, each company’s culture is a little different, and understanding that your overall company culture will determine the success of your security culture. Having this foundation provides you with a realistic expectation of success and how you will design your strategy and tactics.
So, what about that sweet transvestite, diarrhea, and psychosis? Each of them provides essential lessons on how to build and promote a specific culture.
Would you like to have four hours with 900 members of your legal; HR; internal audit; ethics and compliance; environmental, health and safety (EHS); procurement; and operations departments so they would get to know you, you them, and establish long-lasting relationships?
I developed an innovative way to share one of global security's traditional skill sets—conducting investigative interviewing. All these departments conduct investigations within their roles, so why not share something security is good at to make them better at what they do?
Instead of death by PowerPoint, I start my course with something they have never seen before in an interviewing course. Just a minute and a half video emphasizes that this session will be entertaining, thought provoking, and focused on empathy and compassion. I start my course with an opening visit by a Sweet Transvestite from Transsexual Transylvania—a classic number from the Rocky Horror Picture Show.
Initial reactions range from being shocked to offended to confused to singing along—the video is not what you usually see in a business setting, but it goes to the critical investigative component of personal bias barriers or obstacles. We all have personal biases that, if left unchecked, can impact your ability to objectively seek and obtain the main point of any investigation—the complete truth.
This video is an excellent ice-breaker technique to bring the audience’s biases to surface. Then we discuss how their opinions of what one sees and hears on the screen could hinder the viewer from treating everyone with fairness, respect, and empathy. In the clip, Tim Curry sings, “Don’t get strung out by the way I look! Don’t judge a book by its cover!” People are often overwhelmed by what they are seeing on the screen, and they do not listen to and process these words of wisdom in the moment—until we discuss them in the session.
The rest of the course is full of video samples of well-known people (for example, did Tom Brady know air was taken out of the footballs during a 2014 football championship?) exhibiting various types of deceptive behavior.
In 10 years, I have taught the course more than 40 times at my organization’s corporate headquarters as well as at field operations and at annual meetings around the world. Two days after the first of these courses in Puerto Rico, the vice president of HR sent me a note saying she applied the methods and determined someone was untruthful during an investigation.
Each time I encounter someone who provides positive feedback and asks for additional training is one more affirmation that I am contributing to my colleagues and the business. When it comes from a business leader, “I want that training or service” are some of the sweetest words for a security leader to hear, and this outreach is the best advocacy to building security cultures.
Setting the tone for company culture can also come down to personal compassion. Years back I provided executive protection for some senior leaders, including the chief human resources officer (CHRO), for a three-day operations review of sites in Latin America. We traveled on the corporate aircraft and planned for health contingencies, especially the most common one—food poisoning. Unfortunately, the CHRO fell ill on the second day.
Prior to boarding our vehicles for the 45-minute drive from the hotel to a site, I had checked with each of the travelers and noticed the CHRO did not look well, but she insisted on heading out. I discreetly informed our two drivers of the situation, and they assessed potential emergency stopping points. Twenty minutes into the trip, a stop was urgently required—many of us have been there and know how painful, miserable, and embarrassing it can be. The drivers quickly turned back a couple of miles to a toll road booth with a rest stop. The drivers had even brought toilet paper in case the stall was out. The executive was offered Imodium, and she made it through the trip without additional problems.
After this incident, our relationship was extremely positive, and she was a crucial leader in setting the tone at the top regarding our company security culture and supporting all aspects of our program. Preparedness and compassion help to secure strategic allies, as well as a broader cultural shift.
The last example of innovation, compassion, and empathy concerns mental health.
Several years ago, during their university studies, one of my children experienced a psychotic episode triggered by several years of self-medicating their depression with marijuana. Our child had started vaping THC cartridges, which can have up to 80 percent THC concentration. This landed them in a mental health hospital for two weeks.
My family’s lives changed forever upon a diagnosis of cannabis-induced psychosis, something that mimics or can even cause bipolar disorder. Since this diagnosis, I immersed myself day and night learning about all things mental health. The National Alliance on Mental Illness (NAMI), along with therapy, were lifesavers in helping us understand what our family’s journey forward would be like.
In 2020, I decided to help others by obtaining a NAMI certification as a family support group facilitator. These groups are made up of family members of people with a mental health diagnosis, and we come together in small groups to provide empathic support, education, and guidance. Helping others in this way has been the best thing for my soul…ever. But it could help a broader audience.
I shared my story with a vice president at my company, and she asked me to begin similar programs at work. The goal was to help colleagues break through the stigma barrier, and to better understand their mental health journey, as well as leverage available resources like employee assistance programs (EAPs) and local NAMI groups.
Security professionals understand the connection mental health has to comprehensive workplace violence prevention programs, including ones that address suicide and bullying risks. This has been an incredible opportunity to partner with the human resources and benefits departments and hundreds of colleagues at all levels in the organization.
These cases represent just three examples of ways and opportunities to help develop your personal brand and your company’s security culture for a great workplace. There are many more things you can do to help others at work, build your brand, and have a best-in-class security culture. Most importantly, it takes time to develop and sustain one.
Developing and fomenting a best-in-class security culture takes years, and cultures are built one interaction at a time, over time. The entire security department must be united in this approach. Having just one member on your team not believing in this philosophy and wanting to be the corporate cop can set your culture building effort back to square one or even be such an impediment that they drive top talent away from your security department.
Each and every contact you have with a work colleague is an opportunity to do that and be seen as friend, not a foe.
In closing, it all comes down to your feelings about people, especially people different from you, your self-awareness and make-up, your humility, empathy, and compassion, and lastly, your overall attitude towards life and understanding of what a strong security culture can do for a company’s employee security and business successes.
See Original Post
Reposted from Artnet News
Thieves broke into a German museum on Monday night and stole 450 gold coins thought to be worth several million euros, the Bavarian State Criminal Police Office (LKA) confirmed.
The police have not disclosed whether they have arrested anyone for the crime, but it has been suggested that the criminals were professionals who got away with the heist by disrupting local phone and internet services.
The ancient treasures are around 2,000 years old and were uncovered in 1999 during the excavation of a large Celtic settlement in the modern-day region of Manching in Bavaria, Germany. It was the largest discovery of Celtic gold in the last century and a landmark find at one of the most important archaeological sites in central Europe.
In 2006, the treasure was installed at the nearby Roman-Celtic Museum, which presents local finds from the Iron Age and Roman times. It became the crown jewel of the collection.
“The loss of the Celtic treasure is a catastrophe, the gold coins are irreplaceable as evidence of our history,” said Bavaria’s minister for science and art, Markus Blume, according to a report in Monopol. “Whoever did this, someone has violated our history.”
“The burglary must have taken place in the early hours of the morning,” said a spokesperson for the LKA. “It was classic, as you would imagine in a bad film.”
It is believed the thieves succeeded in part by disrupting local phone and internet services. “Professionals were at work here,” the local mayor, Herbet Nerb, told the Sueddeutsche Zeitung. “They cut off the whole of Manching. The museum is actually a high-security location but all the connections to the police were severed.”
The local criminal investigation department for the city of Ingolstadt was initially called to the scene but the severity of the case meant it was transferred to the state police.
The site of the archaeological dig itself has also been known to attract thieves. In May of this year, individuals illegally dug some 140 holes that they presumably probed for undiscovered treasure. It is not yet known if they were successful and what may have been taken.
Germany has been targeted by several high-profile museum heists in recent years. A major jewelry collection, Dresden’s Green Vault, was hit in 2019, and the losses amounted to as much as $1 billion. A few days later, thieves broke into Berlin’s Stasi Museum, making off with medals, jewelry, and other artifacts. In 2017, a huge gold coin known as the “Big Maple Leaf” was stolen from Berlin’s Bode Museum.
Receiving executive buy-in for crisis planning and program development can be a daunting endeavor. Most private sector industries have few legal or regulatory requirements specific to security or crisis programing. Additionally, security and crisis management programming are sometimes not viewed as priorities or aligned with the corporate mission. Finally, most security and crisis professionals are left to try to influence executives with limited budgets and staff. I learned these challenges the hard way.
For more than 10 years in the U.S. federal government, I was part of several large-scale emergency responses and planning efforts at the executive level. I engaged with top-level government executives and foreign dignitaries. In 2012, I transitioned to a private sector emergency management role. I was hired to create comprehensive crisis response plans and to train all employees—including the C-suite—on their roles during a crisis. I assumed the importance of life safety would be an easy sell. I was wrong.
I quickly learned that I didn’t speak the language of my new environment and I no longer had the power I had in government to issue mandates and penalize non-compliance. For me to be successful in the private sector, I needed to rethink my approach and find a way to influence people without having many rules or regulations that I could lean on.
So, I developed a three-pronged strategy that helped me create successful crisis management programs for Fortune 500 organizations and other businesses and non-profits.
A major difference between private and public sector emergency management is what words are used to get financial buy-in. In the public sector, statements such as “leveraging the whole community” or “will save the most lives” are typical lead sentences when requesting federal grant dollars. In the private sector, though, the emphasis is on words that show how you can save the company money.
For instance, if you are trying to earn buy-in to launch an emergency notification system to communicate with your employees during a crisis, concentrate on the following: Show how the system will decrease the company’s risk, demonstrate how implementing this system positively impacts the corporate brand, and highlight what types of insurance coverage discounts the company can receive if the system is implemented.
A sample pitch to get funding for the system could be:
Investing in a company emergency notifications system:
There is no single better way to get funding and executive support for your crisis management program than a real-life crisis. This is the time the security lead or crisis manager can truly show how they can add value by stepping up to coordinate the company’s response. Use the crisis as the springboard to establish the process and protocol you want to build and document for future responses. Simply pulling together a basic situation briefing call with the core corporate functions provides an important example of how corporate response should be done, and it quickly defines your company’s duty of care to its employees.
Try to side-step the whole “who is in charge” issue. In the private sector, the CEO is always in charge, and no corporate crisis plan should suggest otherwise. It is the job of the security or crisis leader to showcase how they can facilitate the response by ensuring the appropriate corporate leaders are around the table and guiding them through the decision-making process.
I witnessed hours lost in one company’s response because the security director got into a shouting match with his C-suite executives by saying he was the incident commander, and they must follow his directions.
The title incident commander is standard public sector vernacular, but it doesn’t translate to the private sector. In any corporate crisis plan, designate an incident coordinator instead—that simple word change completely shifts dynamics and avoids many clashes over territory. Finally, remember the private sector is rarely required do anything when it comes to crisis planning.
In the United States, traditional public sector emergency planning is driven by a set process and protocol typically outlined by the U.S. Federal Emergency Management Agency’s (FEMA) rules and regulations. There are federal guidelines that specifically detail the requirements for hazard mitigation plans, emergency operations center plans, etc. Although there are industry best practice recommendations for crisis management and planning in the private sector, such as ISO 22361, requirements are few and far between. Often, businesses will recognize they need some sort of crisis response plan, but the focus will be on the management of a specific incident instead of looking at the big picture—how the company will respond as whole and what expectations, roles, and responsibilities employees have.
One of the best approaches to get engagement for corporate crisis planning is to conduct a very simple 30-minute tabletop discussion with your executives. This is the opposite of the public-sector approach of building your plan first then testing it with an exercise. I have found a lot of success by gently throwing executives into the deep end. Talking through a crisis scenario quickly opens executives’ eyes to their personal knowledge gaps and how these gaps pose a risk to the company.
I once did a tabletop discussion with executives that focused on their earthquake response protocol (knowing they had none). My 30-minute timeframe got extended to more than two hours because the executives realized they had no protocols in place. Of top concern was they had no plans on how to communicate with their employees nor knowledge of what do if the server in the building was damaged. A server that had no fail-over and held millions of dollars of intellectual property content. That conversation got me the support I needed to develop a comprehensive all-hazards response plan and crisis communication protocol for the company.
Although there are many differences between public and private sector crisis planning, no corporate plan should be done in a vacuum without engagement with local emergency response agencies. Many corporate plans have been written without communicating with local responders or even an understanding of local emergency response protocols, and this makes the company’s crisis response plan worthless. For example, if you don’t know in what type of situations local responders will shut off access to a company’s facilities, you and your employees can find yourselves not being able to work for days.
Reposted from NBC Connecticut
Dropping temperatures have played a role in the temporary closure of one of Hartford's libraries.
Officials say the city's Main Street library will be closed for at least a week after a four-inch water feed line to a chiller in a fourth floor penthouse broke around 10:30 Saturday morning.
All four floors of the library suffered water damage and a lengthy clean up process is currently underway.
“While this situation is serious, we are thankful the damage is not more extensive,” said Hartford Public Library President and CEO Bridget E. Quinn. “The Hartford Fire Department was incredible in their response, as well as library staff who assisted today.”
Most of the computer equipment and furniture on the first two floors, as well as a portion on the third floor, were damaged as a result of the pipe burst. However, the library collections suffered far less damage.
More information is expected to be released as clean up efforts and damage evaluations continue.
A member of the Oklahoma City Museum of Art is facing a felony charge after stealing a small sculpture from an exhibition of the museum’s glass collection.
Roughly a third of the nearly 180-piece Rose Family Glass Collection is currently on view in a show of highlights of a recent donation from the children of Jerome and Judith Rose.
The thief is Christopher Lambert, who is accused of sticking a small but valuable glass artwork in his pocket and walking out of the museum.
But Lambert wasn’t done. It appears he hid the sculpture under his car tire and then returned to the scene of the crime, presumably to see the rest of the exhibition.
Fortunately, an observant employee quickly realized that it was missing from the display and sounded the alarm.
A quick review of the security footage made clear what had happened.
“We were able to identify a probable suspect. We didn’t immediately know all of the details of the theft upon discovering its absence, so of course we were concerned with the condition of it,” museum president and CEO, Michael Anderson, told local news outlet News 9.
The museum has not identified the stolen work, but it is worth $70,000, according to court records.
Even before the Rose donation, the institution had an extensive and collection of contemporary glass art.
The Roses began their collection in 1977, and, over the next 40 years, acquired work by 83 artists. Many were graduates of Seattle’s Pilchuck Glass School, co-founded by Dale Chihuly, with whom they became friendly through many trips from their home in Atherton, California.
Fortunately, it only took about a week to recover the stolen sculpture.
“Thankfully,” Michael said, “when we got it back it was still in pristine condition.”
Reposted from The New York Times
For Hans-Peter Wipplinger, the director of Vienna’s Leopold Museum, the last few weeks have been challenging. As climate protesters across Europe stepped up their attacks against art, Wipplinger took measures to protect his storied collection, which includes famous paintings by Gustav Klimt and Egon Schiele. Bags were banned; coats, too. The museum hired extra guards to patrol its five floors.
It didn’t work. Last week, members of a group called Last Generation walked into the museum and threw black liquid at one of Klimt’s major works, “Death and Life.” A protester had sneaked the liquid into the museum in a hot water bottle strapped to his chest, Wipplinger said.
The Klimt, protected by glass, was unharmed. But Wipplinger said his security team could only have stopped the attack by subjecting visitors to invasive body searches, “like at the airport.” He didn’t want to even consider that prospect, he added.
“If we start such procedures, the whole idea of what a museum is dies,” Wipplinger said. “A museum is a place that should always be open to the public,” adding: “We can’t stop being that.”
With the attacks showing no sign of abating, museum directors across Europe are settling into a nervous new equilibrium, fearful for the works in their care but unwilling to compromise on making visitors feel welcome. So far, nothing has been permanently damaged. But many fear that an accident, or an escalation in the protesters’ tactics, could result in a masterpiece being destroyed.
The actions, which began in Britain in June, are already increasing in frequency and daring. At first protesters glued themselves to the frames of famous paintings, but since footage of activists splattering Van Gogh’s “Sunflowers” with tomato soup spread rapidly on social media last month, masterpieces have been doused in pea soup, mashed potatoes and flour.
Those works were all protected by glass, and the protesters’ projectiles never touched an artist’s brush stroke. Yet last Friday, protesters in Paris poured orange paint directly onto a silver Charles Ray sculpture outside the Bourse de Commerce contemporary art space. (A Bourse de Commerce spokesman said the sculpture was cleaned within a few hours.)
In a statement earlier this month signed by the leaders of over 90 of the world’s largest art institutions — including Daniel H. Weiss, the chief executive of the Metropolitan Museum of Art, and Glenn D. Lowry of the Museum of Modern Art in New York — museum administrators said they were “deeply shaken” by the protesters’ “risky endangerment” of artworks. The activists “severely underestimate the fragility of these irreplaceable objects,” the statement added.
Yet few museums appear to have taken bold steps to protect their collections. Norway’s National Museum and the Barberini Museum in Potsdam, Germany, have, like the Leopold Museum, banned visitors from taking bags or jackets into their exhibition halls. Others have made no changes. In London, visitors may still carry bags around museums including the National Gallery, Tate Britain, Tate Modern and the British Museum. All four inspect bags at their entrances, but the checks are often cursory. At Tate Britain last Friday, security guards waved through several visitors without looking inside their backpacks.
Wipplinger, of the Leopold Museum, said there was little that a bag check could achieve, anyway, since items like tubes of glue were easy to conceal. “If a person wants to attack an art piece, they will find a way,” he said.
With museums reluctant to act, politicians are beginning to weigh in. On Sunday, Gennaro Sangiuliano, Italy’s culture minister, said in a news release that his department was considering the actions it could take, including a requirement to cover all paintings in Italy’s museums with glass. Such a program would be expensive and museum entrance fees would rise as a result, Sangiuliano added.
Wipplinger said his teams had been protectively glazing works in its collection for decades, but couldn’t do that quickly for every remaining piece. Nonreflective glass was costly, he said: Work on a painting of moderate size — a square yard, say — could come in at around $1,000.
Robert Read, the head of art at the insurance company Hiscox, said that he was advising museum clients to put more works in their collections behind glass, but Hiscox’s policies did not require it. A contemporary art installation, for instance, simply couldn’t be glazed, he said.
And sometimes a barrier between a painting and its audience is contrary to the work’s spirit. Mabel Tapia, the deputy artistic director of the Reina Sofia museum in Madrid, said she would never allow that collection’s highlight, Picasso’s 1937 antiwar masterpiece “Guernica,” to be displayed behind glass. It was “a symbol of freedom, and of the fight against fascism,” she added.
Tapia said she had recently redeployed security guards so they could focus on high-profile works — something she commonly does at times of protest — but she felt there was little more she could do. “The only measure that would actually do something is if we closed the museum,” Tapia said, “and we’re not going to do that.” Museums are meant to be places where people meet to think about important issues, she added. “We need to keep them open.”
There was “no silver bullet” for dealing with the protests, Read, the insurer, said. Museum administrators just had to hope the protesters remained “genteel, middle-class liberals” who took steps to avoid permanent damage, he added.
Florian Wagner, 30, the member of Last Generation who threw the black mixture at the Klimt painting in the Leopold Museum, said by phone that he knew before the protest that the work was protected by glass. He practiced the stunt five times at home, he said, and was convinced it would not disfigure the painting. “We are not trying to destroy beautiful pieces of art,” Wagner said, but to “shock people” into acting on climate change.
He wouldn’t be staging any more protests, he said, adding, “I think I’ve made my point.” But he said he was sure others in Austria and across Europe would continue. The actions would only stop, he added, once governments “act on this crisis.”
Reposted from ArtNews
Since 2020, art museums worldwide have faced mounting pressure to remedy inequity in their institutions, starting with plans to increase diversity and throughout their operations. According to two studies released today (one by the Mellon Foundation and the other by the Black Trustee Alliance for Art Museums), U.S. museum staff has diversified—though likely not to the degree most demonstrators had hoped.
Produced in partnership with the American Alliance of Museums and the Association of Art Museum Directors, the Mellon Foundation’s “Art Museum Staff Demographic Survey” found that compared to the previous two surveys it has published, in 2015 and 2017, museum staffs have seen “moderate” increases in number of people of color across all museum roles. In 2015, 27 percent of museum staff included in the report identified as people of color; in 2022, that number rose to 36 percent. The increase includes museum managerial roles, where the number of Black managers has more than doubled since 2015.
The data was gathered by Ithaka S+R between February and April of this year from the responses of more than 30,000 individual museum staffers across 328 participating museums in North America. “Substantial” increases in diversity were made in museum departments including security, facilities, and education—departments which are historically overrepresented by people of color, and which saw the greatest job losses as a result of the Covid-19 pandemic. However, participating museums reported that they have “dramatically” increased staffing in all of these areas since 2020.
Additionally, the gender ratio on museum staffs have been constant since the first 2015 survey, at 40 percent male and 60 percent female, with increases for women’s representation in museum leadership roles (58 percent in 2015 to 66 percent in 2022).
“Though progress remains slow and uneven, the demographics of museum employees across the country are becoming more reflective of the diverse communities their organizations serve,” Elizabeth Alexander, president of the Mellon Foundation, said in a statement. “We are pleased that the information and insights included in this latest survey will further equip and encourage American museums to build even more representative and robust arts and culture institutions throughout the United States.”
Also released today was the inaugural survey report by the Black Trustee Alliance for Art Museums, a network established in 2021 to “dismantle barriers that block the entry and advancement of Black staff and leadership in the cultural field,” according to the report materials. The alliance includes many of the world’s top collectors, such as Pamela J. Joyner, Denise B. Gardner, and Raymond J. McGuire, its co-chair.
The alliance’s report, titled “The BTA 2022 Art Museum Trustee Survey,” received responses from one of more trustees from 134 art museums, with 83 of those museums sending responses from at least one Black trustee. In total, the report includes data from over 900 trustees who responded, as well as follow-up interviews with 20 Black trustees. The report is intended to present data about the “the characteristics, roles, and experiences of Black trustees in North American art museums,” according to a release.
“BTA’s inaugural Art Museum Trustee Survey Report is the first to capture the unique position of a Black trustee. While one can more easily observe the low numbers of Black museum trustees, the extent of the racial disparity at the board level has not yet been clearly articulated or documented otherwise,” the report continued. One of the few data points on the subject was published in 2017 by the American Alliance of Museums and found that nearly 50 percent of museum boards lacked even one person of color.
With support from the Mellon Foundation, BTA partnered with Ithaka S+R to conduct interviews of 20 Black trustees to understand why they are so underrepresented on museum boards. Researchers concluded that most are simply not approached to join, and museum directors are more likely to invite individuals already in their social and professional circles—which, according to the report, are “racially stratified.” Black trustees, consequently, are less likely than white board members to have family members that already serve or have served on art museum boards.
The report shares several takeaways: Black trustees tend to be younger and are less likely to “show indications of intergenerational wealth” than white board members; Black trustees also hold more Ph.D.s and professional degrees than their counterparts on museum boards; and are more represented on DEI committees, compared to collections and acquisitions committees.
“Looking ahead, we understand the importance of establishing a benchmark from which we can measure changes in the field,” BTA said in a statement, which continued: “Creating an equitable institution takes time. And while our overall objective is clear, the way to get there is not—and rightfully so, since no two institutions operate the same way.”
Organizational stakeholders must invest more time and effort into gaining better insight into the prevention of and survival from active shooter incidents. With a clear understanding of the risks and opportunities involved in an active shooter situation, stakeholders should implement the following strategies to achieve a successful multidimensional response.
Many organizations still don’t have an active shooter response plan in place, and even fewer have trained their employees on what to do.
This is a huge mistake.
It’s crucial for organizational stakeholders to commit to active shooter response training so that all employees know what to do in this type of situation. In most cases, employees become more confident and interested in active shooter response training when leaders are supportive of it. Several studies found that employees gain confidence in the training programs when the organizational leadership is supportive of them. For details, see the studies Employee variables influencing ‘Run Hide Fight’ policy knowledge retention and perceptions of preparedness in the hospital setting; Implementation of a comprehensive intervention to reduce physical assaults and threats in the emergency department; or Managing aggression in organizations: what leaders must know.
Active shooter response training should be an ongoing process, not a one-time event. Employees should receive regular training on how to respond to an active shooter situation. The frequency of training will depend on the size and complexity of the organization. Small organizations may only need to train once per year, while large organizations may need to train multiple times per year.
Organizational stakeholders should commit to active shooter response training by providing the necessary resources and support. Training should be conducted by qualified instructors experienced in law enforcement or military operations. Employees should be given the opportunity to ask questions and receive feedback after the training. Employees should also be familiar with the layout of their workplace and have a plan of action in case of an emergency.
Employees should be physically and mentally prepared to face an active shooter. They should know how to identify potential threats and what to do if they find themselves in an active shooter situation.
The importance of mental training alongside physical preparation can’t be stressed enough. Natural survival responses are fight, flight, and freeze. Approximately 50 percent of those receiving training fully comprehend how to identify a threat and react during an attack, according to research in the report Freeze for action: Neurobiological mechanisms in animal and human freezing. This is one of the reasons victims fail to identify the situation as an emergency and freeze at the hands of the shooter in several active shooter incidents.
While this is a natural reaction to a terrifying and dangerous event, the inability to think or act decisively in such a critical moment can be deadly.
The first step in training your employees to face an active shooter is to understand why they may freeze—most often, it’s because of fear. When faced with a threat, the human brain goes into survival mode. This causes people to focus on the danger and tune out everything else. They become paralyzed by fear and are unable to act.
To overcome this response, employees need to train their brains to focus during a crisis. This can be done by practicing visualization exercises. The key is visualizing how you would respond if you were in an active shooter incident. Placing yourself in the environment through visualization creates familiarity and eliminates the feeling of being caught off guard because you’ve already experienced it. This accelerates the decision-making process and reduces the freeze response.
In these exercises, employees are instructed to picture themselves in a scenario where an active shooter is present. They should be able to visualize themselves confidently taking decisive action, escaping, and stopping the threat. With this powerful visualization, your employees can train their brains to respond differently in a real-life situation. When faced with an active shooter, they will be more capable to think straight and come up with an effective solution.
Another effective technique to help employees overcome the freeze response involves adding elements of stress during training, such as introducing a timing component. For example, monitor the time required by the staff to evacuate the building during an active assailant drill. Drills should be altered each time by changing the location of attack and available escape routes. This will instill the urgency of the situation in employees’ minds and prepare them to think and act consciously in the face of threats, ensuring their safety instead of freezing.
With that said, organizational stakeholders should openly embrace workplace violence training and invest in improving the employees’ defenses against active shooters.
A little effort will go a long way in boosting employees’ morale and instilling the much-needed confidence and courage to make conscious decisions in the face of an active threat.
Organizational stakeholders must realize their responsibility towards ensuring operational readiness to promote the effectiveness of security measures.
This includes installing and maintaining technology and training people to use it well. Security cameras, for example, are a vital piece of security equipment. They can help deter potential shooters from even attempting an attack and can provide critical information to law enforcement if an attack does occur. But if those cameras are not properly maintained, they may not be working and could even fail completely during an attack.
Fences can help keep potential shooters out of the premises while also providing a barrier that can slow down or stop an attacker who does manage to get onto the property. But if a fence is not maintained, it may have gaps or holes that an attacker can exploit.
Similarly, radio systems should be tested for transmissibility at multiple locations to identify possible dead spots.
Apart from this, all employees should receive training on the policies governing security locks, cameras, and entry card systems.
Stakeholders must ensure that all employees know how to use the security equipment during emergencies. They should also know how to protect and maintain it to effectively protect the premises and the people there.
In many active shooter incidents, the failure of a one-dimensional approach exposes employees to dangers that could have otherwise been prevented. Often, organizational stakeholders will have to face the consequences of the snowball effect of these failures. Failure to maintain security equipment leads to unrestricted access by assailants or intruders. Poor environmental design reduces the likelihood of observing an active shooter before an attack. Inadequate training leads to employee confusion during an attack resulting in increased casualties.
A multidimensional strategy should include:
There are a variety of pitfalls in developing an active assailant action plan. There have been instances where security guards fail to identify or report suspicious individuals, enabling active shooters to carry out their objectives. In addition to this, staff members that lack awareness of organizational safety policies may unknowingly violate rules. They often leave doors unlocked, allowing undetected access to intruders.
Just as good environmental design can deter an assailant, bad environmental design (overgrown foliage, unlit doorways) can offer a malicious actor places to hide, ambush people, or enter a facility unseen. Furthermore, if camera systems are inoperable or time-delayed, the intruder can advance his or her mission and attack.
This is why redundant measures are so critical for a successful security plan—they safeguard against a bypassed system, preventing an active shooter from entering the building and causing harm.
The multidimensional approach to active shooter response interweaves physical and mental training of the employees, installation of physical security measures, and integrating of environmental design elements that discourage deviant behavior.
This strategy lends the redundancy needed to strengthen the security structure of an organization.
Thankfully, there are multiple resources available to assist stakeholders with creating a multidimensional approach. These include online resources, well-trained and qualified security professionals, and local law enforcement agencies. Two online resources are the FBI’s Active Shooter Resources webpage and the U.S. Department of Homeland Security’s Active Shooter: How to Respondbooklet. Quality security professionals should have at a minimum military or law enforcement experience, and crime prevention through environmental design (CPTED) certification. Additional security certifications through ASIS are also desirable.
While the individual strategies against security threats used by physical and cyber security professionals are relevant and effective, combining these techniques into a single security management program is the best way to maximize protection against active shooters.
Last week, in what could be a major turning point in its war against Ukraine, Russia announced a retreat from the war-torn city of Kherson. But before the occupying troops left the strategic city, they emptied one of its most important artistic institutions.
According to the Ukrainian military’s National Resistance Center, Russian soldiers looted nearly 15,000 objects from the Oleksiy Shovkunenko Kherson Art Museum and other cultural venues in the region two weeks ago. The move came just days after Vladimir Putin imposed martial law in Kherson and three other Ukrainian territories, effectively legalizing the “evacuation” of cultural heritage.
The Kherson Art Museum confirmed the theft in a Facebook post, explaining that between October 31 and November 3, three or four dozen Russian troops arrived at the institution and “took out works of art and office equipment—everything they saw, everything their raking hands could reach.”
Paintings and other works of art were “wrapped in some kind of rag,” rather than proper packing supplies, according to the museum, and loaded on trucks and buses. The looted goods were then transferred to Simferopol in Crimea.
The museum explained at the time that its administrators did not know what was stolen, but said there was little doubt that the “most valuable” items in the collection were targeted.
“In their opinion, this is called ‘evacuation,’” the museum’s post read. “In our opinion, [it is] looting under the slogans of ‘preserving cultural values.’”
Prior to the incident, the museum’s collection included religious paintings from the 17th and 20th centuries, Ukrainian art from the second half of the 19th and early 20th centuries, and contemporary art from the last 100 years. In a media briefing addressing the theft, the head of the Kherson City Council’s Department for Culture, Svitlana Dumynska, called it “one of the most impressive collections of regional museums in Ukraine.”
Dumynska added that the Kherson local history museum was also targeted by Russian Troops, “but we have much less information about it.”
By November 3, Kherson police opened a criminal investigation into the theft, classifying it and other attacks in the region as a war crime.
Days later, images that allegedly showed the stolen Kherson Art Museum objects being unloaded at the Central Museum of Taurida in Simferopol circulated on Ukrainian social media. In another Facebook post, the museum identified several works of art in the pictures, including paintings by Ukrainian modernists Ivan Pokhytonov and Mykhailo Andrienko-Nechitaylo.
In a November 10 interview with the Moscow Times—an independent news outlet—the Taurida museum’s director, Andrei Malgin, confirmed that the looted artworks had indeed landed in Simferopol.
“Due to the introduction of martial law on the territory of the Kherson region, I have been instructed to take the exhibits of the Kherson Art Museum for temporary storage and ensure their safety until they are returned to their rightful owner,” Malgin said.
The Kherson Art Museum has been closed since the city was seized by Russian soldiers in the early days of the invasion. The institution’s director, Alina Dotsenko, departed for Kyiv in May after Russian occupiers demanded that the museum stage a propagandistic exhibition, according to the Art Newspaper.
This month, Dotsenko told Ukrainian media that, before she left, she convinced the Russians that the museum’s collection had been relocated in preparation for a planned renovation. She also deleted information about the institution’s holdings from its computers.
But Dotensko said that another museum employee, curator Natalya Koltsova, led Russian troops to the stored collection in July. Koltsova, whom Dotsenko had fired the year prior, was brought back in to the work with the Russians, and a former cabaret singer was installed as a puppet director.
Seventeen years ago, two security professional organizations began promoting the philosophy of security convergence. ASIS International and the Information Systems Audit and Control Association (ISACA) banded together in 2005 to create the Alliance for Enterprise Security Risk Management (AESRM) to promote the concept of security convergence.
To them, security convergence consisted not only of physical and cybersecurity combined, but also security responsibility within human resources, crisis management, and operational lines of responsibility, according to a 2007 Deloitte whitepaper on the concept. But just 24 percent of surveyed respondents’ organizations had some form of convergence in place.
“How security is perceived may also be an obstacle to convergence. At present, physical and information security are viewed as separate functions with major differences,” wrote Adel Melek, partner, global leader, Security and Privacy Services, Deloitte, and Ray O’Hara, CPP, then chairman of AESRM, in the whitepaper. “There is little doubt that perceptions will have to change before the convergence of physical and information security functions becomes an accepted way of managing security risk. Convergence is intuitive and logical—but it has not yet arrived.”
But the post-9/11 wars, the rapid advancement of technology, the explosion of Internet of Things devices, extreme stress on the supply chain, a lasting security workforce shortage, and the COVID-19 pandemic may have led to a change in perception that will usher in the moment for security convergence. That seems to be the finding in the most recent research on the topic, Security Convergence and Business Continuity: Reflecting on the Pandemic Experience, published in September 2022.
The ASIS Foundation sponsored research conducted by Justice & Security Strategies, Inc. (JSS), and DTE Consulting, which surveyed and analyzed responses from 1,092 individuals from 89 countries and regions about their convergence status and views. The researchers also conducted 21 interviews to explore the survey responses further, following separate research conducted by the foundation in 2019 on convergence.
More than 60 percent of those respondents indicated that their organizations had now fully or partially converged their security functions (29.3 percent complete, 31.2 partially, and 39.5 percent not converged). Similar to the 2007 report, the foundation convergence research focused on the melding of cyber and physical security with business continuity planning.
“Most companies that reported partial convergence merged their physical security and business continuity practices,” according to the report. “One of the reasons that convergence with cybersecurity appears to be lagging behind physical security and business continuity convergence may be due to differences in the skill sets required for oversight of each function.”
In a follow-up interview to the survey, for instance, one respondent said that the specialization for cybersecurity and physical security makes it difficult to find someone who excels in both arenas—slowing the organization’s ability to converge these functions.
Martin Gill, managing director of Perpetuity Research and Consultancy International and vice chair of the ASIS Foundation, says one reason for this discrepancy might be that the historical backgrounds of the physical security profession and the cybersecurity profession—which evolved from the IT world—could attract different types of individuals.
And these individuals may possess vastly diverse skill sets, with cyber practitioners having a more robust knowledge of cybersecurity threats and tactics, hardware, and software, versus a physical security professional who is more familiar with security guards, technology to support access control measures, and facility management.
“Over time, that’s beginning to wear away with the modern thinking and approach to enterprise security—to treat all your risks as risk,” Gill says. “If there are risks, there’s a process on how they should be managed. In theory, this brings cyber and physical together.”
For converged organizations, most survey respondents said a CSO—or equivalent position—was responsible for the enterprise security risk management function, and all aspects of the organization responsible for critical asset protection reported to that person.
Within that organizational structure, approaches to convergence varied, with some taking functional approaches while others took procedural approaches. A functional approach could consist of structural changes, holding security trainings and awareness courses, developing policies, and making other real-world changes.
“An international security company with converged business continuity planning and physical security implemented a training program that temporarily placed physical security personnel in business continuity planning-related positions, while also putting internal business continuity planning personnel staff out in the field,” the report explained. “The idea of this program was to allow personnel from both sides to gain a better understanding of security procedures with a holistic view. This assisted the organization in obtaining better adherence to policy while individuals gained a broader perspective of security.”
On the flip side, procedural approaches to convergence focused on the organization’s missions and adopting a holistic framework for security functions.
“These methods were less concerned with action items or check boxes, and more concerned with the organization’s problem-solving approach,” the report explained.
Additionally, smaller organizations were more likely to be further along in their convergence journey than large organizations. The report revealed that nearly 74 percent of respondents from small and “micro” companies were fully or partially converged, compared to 52.5 percent of large companies and 64.4 percent of medium-sized companies.
Darrell Darnell, president of DTE Consulting and a lead author of the report, says he was surprised to find that smaller organizations were leading the way on convergence.
“I would have thought that larger agencies would have converged at a higher rate because of their reputations and the potential for more government oversight if a major incident occurred on their watch,” he explains.
Despite their convergence status, 80 percent of respondents said that convergence strengthens various business functions: 83 percent said it was good for business continuity, 81 percent said it strengthened physical security, and 86 percent said it enhanced overall security.
There was an outlier, though—the enthusiasm for cyber convergence was markedly lower. Just 73 percent of respondents said convergence strengthened cybersecurity at their organization, with 23.7 percent saying it would make no change in the overall security posture.
This might be because the cyber function is often siloed within companies and there is a lack of understanding of how the cyber function integrates and impacts physical security and business continuity, until an incident occurs—such as the Colonial Pipeline ransomware attack in 2021.
“Colonial Pipeline was thinking like that—that we’re a pipeline and not really understanding how a separate physical, cyber, and business continuity approach affects them,” Darnell says. “Now they’re fighting to merge that physical security with them.”
While this might be the response for now, many respondents who said their organizations were not converged noted that they would be taking steps to do so in the future. Nearly 44 percent said they anticipated converging two or more security functions in the future, compared to previous ASIS Foundation research in 2019 that found that just 30 percent of respondents were prepared to take similar steps.
One of the reasons behind this move could be that more security practitioners are expected to place an emphasis on business continuity in the wake of the COVID-19 pandemic.
“Clearly organizations understand the importance of having business continuity planning for all types of contingencies,” says Craig Uchida, president and co-owner of JSS and another lead author of the report. “I also think they are starting to reassess exactly what business continuity planning means to their organizations, as it will look different depending on your organization, industry, size, and other factors.”
Respondents also said that demonstrations and social unrest were affecting how their organizations viewed security measures, and they were changing their approach to business continuity planning and convergence in response. One respondent said, “these events forced us to be prepared to identify and respond to events globally 24/7/365 and be able to understand the impact on our assets; escalate issues to appropriate response teams quickly; reach out and account for our employees and their safety; and assure we can have a resilient supply chain in the face of disruptive events,” according to the report.
To assist security practitioners who may work for an organization that is not converged, the report’s authors made six recommendations: clearly define convergence and its benefits to the organization; assess the need and determine if convergence is practical; create and develop a convergence strategy that fits the organization’s goals; recognize the inherent difficulties in merging different personalities and processes; implement evidence-based best practices and strategies aligned with the overall goals of the organization; and conduct and provide convergence training and educational opportunities for staff.
The owner of a security company out of South Africa, for instance, has a firm that provides physical security to clients. But to ensure that the firm was considering cybersecurity risks as part of a converged approach, security officers were required to work with the IT team to understand the work it was doing.
“And he would have the IT folks do a tour with the physical security folks, so they could understand how the equipment was being used,” Darnell says, adding that it was a way to educate the entire organization about various risks and habits that might play into its overall security posture.
The report’s authors also emphasized that leadership—from the CEO to the president and other executives—is extremely important for organizations considering converging their security functions.
“There are people, places, and technology that are intertwined with these functions,” they wrote. “A strategic plan has to be developed. There has to be communication and transparency, and a good explanation for why convergence is taking place and the benefits for employees and the organization. Employees at all levels must be given an opportunity to play a part in the convergence process, including opportunities for re-training if necessary.”
This requires a recognition that while convergence will impact how the organization functions from an operational perspective, it also has ramifications for employees.
“The CEO needs to be involved to say how it’s going to affect the workforce. ‘How is this going to affect me? When we converge, am I going to lose my job or be retrained? Will I have more responsibility but my pay stay the same?’” Darnell says, adding that executives will need to clearly communicate with their employees to successfully converge.
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 2015 - 2018 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
