INTERNATIONAL FOUNDATION FOR
CULTURAL PROPERTY PROTECTION

Log in

News


  • July 16, 2019 1:08 PM | Office IFCPP (Administrator)

    Reposted from In Homeland Security

    One-third of the attackers who terrorized schools, houses of worship or businesses nationwide last year had a history of serious domestic violence, two-thirds had mental health issues, and nearly all had made threatening or concerning communications that worried others before they struck, according to a U.S. Secret Service report on mass attacks.

    The Secret Service studied 27 incidents where a total of 91 people were killed and 107 more injured in public spaces in 2018. Among them: the shooting at Marjory Stoneman Douglas High School in Parkland, Florida, were 17 people were killed and 17 others injured, and the fatal attack at the Tree of Life Synagogue in Pittsburgh.

    The report analyzed the timing, weapons, locations and stressors of the attacker, plus events that led up to the incident, in an effort to better understand how such attacks unfold and how to prevent them. Members of the Secret Service National Threat Assessment Center, which did the study, briefed police, public safety and school officials at a seminar Tuesday.

    “We want the community to know prevention is everyone’s responsibility,” said Lina Alathari, the center’s chief. “Not just law enforcement.”

    Other incidents examined included a man who drove a truck into a Planned Parenthood clinic in New Jersey, injuring three, and a man who killed two at a law firm, and then one at a psychologist’s office in June. Criteria for the study included an incident where three or more people were injured in a public place.

    Most attackers were male, ranging in age from 15 to 64. The domestic violence history often included serious violence. While 67% had mental health issues, only 44% had a diagnosis or known treatment for the issue.

    Most of the attacks occurred midweek. Only one was on a Saturday. As for motive, more than half of the attackers had a grievance against a spouse or family member, or a personal or workplace dispute. Also, 22% had no known motive. In nearly half the cases, the attacker apparently selected the target in advance.

    Alathari and her colleagues want communities to be aware of concerning behavior and these trends so officials have something to look out for.

    The Secret Service center is tasked with researching, training and sharing information on the prevention of targeted violence, using the agency’s knowledge gleaned from years of watching possible targets that may or may not be out to assassinate the president.

    Alathari said her team is working on a new report on school shootings and how to prevent them, and investigating averted attacks to try to figure out why someone didn’t follow through.

    “There is not a single solution,” Alathari said. “The more that we’re out there, training, the more we’re out there with the community … the more we share information … I think it will help really alleviate and hopefully prevent even one incident from happening. One is too many.”

    See Original Post

  • July 16, 2019 1:01 PM | Office IFCPP (Administrator)

    Reposted from Securitas Security Services, USA, Inc.

    Avoiding complacency can be a challenge for any organization. This is why Securitas Security Services USA, Inc. has made Vigilance one of its primary values. Complacency usually begins with small events that can, over time, snowball and lead to major problems that can inhibit an organization’s mission and goals. For security professionals, it can open the door and increase the likelihood of becoming a softer target for terrorist activity.

    Causes of Complacency

    New hires are usually eager and proactive in their positions, but complacency can set in over time as individuals become more comfortable in their duties. There is no single cause or reason for complacency. However, there are several specific signs, outlined below, that signal complacency creeping in employees. Individuals who observe such complacency, regardless of their position within the organization, are obligated to address it with the appropriate manager.

    One cause for complacency is when an employee does not understand an organization’s goals or mission. It is important to ensure that everyone is informed of the specifics of the site plan, especially newly hired employees and supervisors. This knowledge and awareness constitutes the foundation for contentment and helps to avoid a careless attitude. Most sites do not necessarily experience major crises or events on a regular basis. This lack of activity can lead to an employee “going through the motions” and failing to develop or maintain proficiency in the skills needed to excel in the position. The lack of need to perform effectively in emergent situations can lead to a deterioration of abilities. This, combined with an employee not participating in refresher training to maintain skill levels, can create a dragging effect upon a company’s mission with undesired consequences.

    The last major cause of complacency occurs when employees do not receive feedback and retraining when needed. If employees do not know that they are not performing their job responsibilities correctly or in the prescribed manner, then they will not understand what to improve or modify. Those who are advised of a deficit in performance but neglect to address it or pursue a training intervention for it are at risk for complacency.

    Combating Complacency

    The number one method to stop complacency creep rests in skills proficiency. Securitas Security Services USA, Inc. is committed to ensuring that all employees are properly trained in both the company and client mission goals. This is accomplished through all levels of operations, and is specifically addressed at the branch level. Branch and Account Managers are constantly checking to ensure that Securitas is being proactive in addressing officers’ training and client concerns.

    Conclusion

    There are multiple ways for employees to address their training and skills on an ongoing basis. Every employee should take it upon themselves to understand the site plan, goals, and mission of the organization. Encourage them to speak up and ask questions when they are uncertain about something. Lack of knowledge should not be an excuse for poor job performance. Employees need to be adaptable to ensure that any challenges can be surmounted and the mission accomplished. This might include scheduling, cross training when possible, flexibility in temporary assignments, and completing required or necessary training as requested by the company. This allows an individual to maintain and increase their knowledge and skills in specific areas. All employees need to be vigilant against complacency, especially given the potential for criminal, active shooter and terrorist activity. This can be addressed at all levels of the company through ongoing training, skills evaluation and an environment that encourages open communication.

    Stay Informed, Stay Vigilant

    Certain kinds of activities on the site can indicate terrorist plans are in the works, especially when they occur at or near high-profile sites or places where large numbers of people gather. The FBI urges citizens to keep an eye out for precursor conduct, such as those listed below, and to report it immediately.

    • Surveillance: Anyone who may be recording or engaged in monitoring activities, taking notes, using cameras, maps, binoculars or other observation equipment at the facility
    • Deploying Assets: Abandoned vehicles, stockpiling of suspicious materials, or persons being deployed near the facility
    • Suspicious Persons: Anyone who does not appear to belong in the workplace, neighborhood, business establishment, or near the facility
    • Suspicious Questioning: Anyone attempting to gain information in person, by phone, mail, email or other communication method regarding the facility or its personnel
    • Acquiring Supplies: Anyone attempting to improperly acquire explosives, weapons, ammunitions, dangerous chemicals, uniforms, badges, flight manuals, access cards or identification for the facility, or to legally obtain items that could be used in a terrorist act under suspicious circumstances
    • Dry Runs: Behavior that appears to be preparation for terrorist activity, such as mapping out routes, playing out scenarios with other people, monitoring key facilities or other suspicious activities
    • Tests of Security: Any attempt to penetrate or test physical security or procedures at a facility or event. Recognizing and reporting precursor activities can interrupt potential terrorist events and other threats before they occur. The FBI encourages citizens to contact local police, the FBI or the nearest Joint Terrorism Task Force (JTTF) to report suspicious activity or behavior. If there is an emergency or immediate threat, call 911.

    For more information on this and other security related topics, visit the

    Securitas Safety Awareness Knowledge Center at:
    http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tips


  • July 16, 2019 12:56 PM | Office IFCPP (Administrator)

    Reposted from Marketplace

    Every year in America, more than 300 people go to work and never make it home because of a workplace shooting. In 2017, the number of people intentionally shot dead at work was 351, the Bureau of Labor Statistics reported. The year before, that number was 394.

    As gun control bills continue to die in Congress and mass shootings dominate headlines, employers have started to take notice and entire industries have been created around workplace shootings, from active shooter insurance policies to workplace violence experts.

    And according to those experts, most employers are not doing enough to prepare for potential workplace violence incidents.

    They say there is more to workplace violence prevention than just preparing for the worst-case scenario; that many employers tack on active shooter training to their fire drills instead of devoting it the time and attention it requires.

    Adequate training

    If your workplace violence training material is just one page long, it’s not going to cut it, warns Dick Sem, president of security and workplace violence consultancy, Sem Security Management.

    Earlier this year, he and a number of other experts spent two days in San Antonio at the Workplace Violence Prevention Symposium 2019, where about 200 human resource and security professionals were in attendance.

    “One of the most essential things you can do for your people is train them,” Sem told attendees.

    Industry-wide, the belief is that workplace violence prevention must start long before an incident has a chance to occur. Employers at the symposium were encouraged to reach out to risk assessment experts who can come up with customized training, work with local enforcement agencies to get a risk assessment and work on response time and plan escape routes.

    External risks

    As Sem walked up on the stage in Austin, the title of his presentation was displayed in large red letters on the screen in the corner. “Culture and Complacency: Overcoming the ‘It Won’t Happen Here’ Mentality on Workplace Violence.” He says he hears that a lot, the “we never thought it would happen here” bit, especially after shootings.

    Sem says that one of the reasons why companies don’t have a thorough workplace violence prevention training is because they don’t believe that workplace violence is a problem in their offices. However, as numbers collected by the Department of Labor show, workplace violence goes beyond the staff. Statistics show that disgruntled customers can pose a risk, too.

    In 2018, a woman killed three people at YouTube headquarters after she became frustrated with company’s policies. Other workplace violence incidents can involve staff’s family members and be related to personal problems or domestic violence. 

    From 2011 to 2015, about 2,173 people were killed at work. About a third of them, 721, were killed by a robber. Relatives or domestic partners were responsible for 160 deaths, while customers or clients were responsible for 247. Coworkers killed 312 people. 

    While not all of these deaths could have been prevented, Sem says there are some things companies can do to keep these incidents to a minimum.

    “When I talk about the 30-plus shootings and stabbings that I was brought into, plus other incidents of violence, I find that about half of those were random acts of violence,” he said. “In other words, it was an event that no one could anticipate. But the other half of those events, there were early indicators. There were some warnings signs that were not managed, that were not reported.”

    Workplace harassment  

    About 75% of workplace harassment goes unreported, according to the US Equal Employment Opportunity Commission.

    That number worries Catherine Mattice Zundel, an expert on workplace bullying and president of Civility Partners. She is often called in to work directly with workplace bullies to change their behaviors. But most of the time she is called in after an incident has occurred.

    The number of unreported incidents of harassment shows that there is still a large lack of trust between employees and employers, Zundel says.

    “Many organizations do employee engagement surveys, that’s a hot topic right now in HR,” she said. “But those surveys will never tell you whether or not whether is bullying or harassment. The questions just aren’t geared in that direction.”

    Sometimes people don’t report being bullied because it’s not viewed the same as harassment and most companies do not have a workplace bullying policy. Zundel defines bullying as an abusive behavior at work that created a power imbalance between bully and the target.

    Sometimes bullying can escalate into violence, from either the bully or the victim trying to get revenge. To prevent the situation from getting that far, employees must feel comfortable reporting any inappropriate behavior.

    “You have to create a culture of respect and dignity and understand that if you do not respond to a complaint of workplace bullying, employees probably won’t tell you about illegal behavior either because they can see that behavior doesn’t matter,” Zundel said. “Your reaction to complaints like that really dictates whether they trust you.”

    Wayne Maxey, an executive trainer and consultant at workplace violence prevention agency Workplace Guardians, agrees.

    “The culture is important because we want people to report and we want them to report early,” he said. “The culture an organization develops or fosters can help or hinder that. If there’s a culture that employees know if I go to H.R., or I report on the anonymous line, that they’re going to take me seriously, and that they’re going to investigate properly and respond appropriately — they’re more likely to report.”

    The golden rule

    Another way to help keep abusive behaviors to a minimum in workplace is to cultivate a culture of civility, says Sem.

    “I find that civil and respectful workplace is a safe workplace,” he said. According to Sem, managers should lead by the golden rule: treat others the way you want to be treated. “Your employees are like children, they learn by example. If the example you present to them is confrontational and aggressive, they are going to be confrontational and aggressive. I see that all the time.”

    This is especially true when it comes to terminations. When firing people, do it kindly and try to skip the perp walk if possible – no guard standing over the terminated employee as they pack up their stuff, said Sem. Also, to make sure there is no lingering resentment, a work friend should check in with the person in questions within a few days, he added.  

    See Original Post

  • July 16, 2019 12:40 PM | Office IFCPP (Administrator)

    Reposted from NBC News

    Las Vegas police learned from the deadliest mass shooting in modern U.S. history to secure high-rise buildings overseeing open-air crowds and train more officers with rifles to stop a shooter in an elevated position, Clark County Sheriff Joe Lombardo said Wednesday.

    Among 93 recommendations in a newly released department "after-action review" are requirements to plan ahead with neighboring police, fire, hospital and coroner officials; to let responding officers remove reflective vests so they're less of a target to a shooter; and to ensure more paramedics and trauma kits are available at large-scale events.

    "We hope we never have to use these procedures that we are putting in place," said Lombardo, who characterized the report as "our textbook on our response" to the October 2017 massacre that killed 58 people at an open-air music festival on the Las Vegas Strip. He said it's now required reading for every Las Vegas police officer above the rank of sergeant.

    Lombardo noted that report authors Capt. Kelly McMahill and Detective Stephanie Ward studied other mass casualty incidents around the country, and said he hoped the Las Vegas report would help others prepare.

    The 158-page document acknowledged communications snags similar to those described in a separate August 2018 "after-action report" by the Federal Emergency Management Agency, Clark County Fire Department and Las Vegas police.

    That 61-page document said communications were overwhelmed by 911 calls, the number of victims, and by false reports of active shooters at other Las Vegas Strip hotel-casinos and nearby McCarran International Airport.

    Lombardo, the elected head of some 5,000 officers, said the new report focuses on internal department "preparedness, response and recovery."

    It comes almost a year after Las Vegas police closed the criminal investigation with a 187-page criminal investigation report and nearly six months after the FBI issued a three-page summary of its behavioral analysis of gunman Stephen Paddock.

    Paddock, 64, a former accountant and high-stakes video poker player with homes in Reno and the southern Nevada resort community of Mesquite, killed himself before officers reached his hotel room.

    The FBI said Paddock sought notoriety but that investigators found no "single or clear motivating factor" for the shooting.

    Investigators said Paddock planned meticulously and acted alone amassing an arsenal of assault-style weapons before opening fire from a 32nd-floor suite at the Mandalay Bay resort into a crowd of 22,000 country music fans below. Authorities said more than 850 people were wounded or injured fleeing the gunfire.

    Lombardo noted the NFL's Oakland Raiders plan to move to Las Vegas and begin play in 2020 at a 65,000-seat Las Vegas Stadium being built just off the Las Vegas Strip.

    He said policing changes will apply to scheduled events drawing at least 15,000 people, and the report listed more than 17 such events: New Year's Eve fireworks on the Strip; conventions including the Consumer Electronics gadget show at the Las Vegas Convention Center; NASCAR races at Las Vegas Speedway; the Las Vegas Rock 'n' Roll Marathon; uncounted hotel "day club" pool parties; and 41 NHL Vegas Golden Knights hockey home games per year at T-Mobile Arena.

    Lombardo noted that Las Vegas police already make presentations about what the department experienced in October 2017 to law enforcement officials in the U.S. and abroad. He said the department has already implemented 40% of the new report's recommendations.

    The release comes a week after Las Vegas police confirmed the firing in March of a veteran officer who froze in a hotel hallway one floor below while Paddock rained rapid gunfire into the concert crowd below.

    Lombardo said an unspecified number of other officers received lesser discipline for turning off or failing to activate body-worn video cameras, and one for accidentally firing a three-round burst of gunfire inside Paddock's suite.

    Police union executive director Steve Grammas said the dismissed officer, Cordell Hendrex, was one of two officers disciplined following departmental reviews of their actions during the shooting. The union is fighting to get Hendrex reinstated.

    Grammas said the only other officer he knew of who had been disciplined for actions during the shooting got his job back after an arbitrator reviewed his firing.

    Grammas declined to identify that officer, but said he had at least seven years on the job.

    The Las Vegas Police Protective Association official said the officer had been accused of making comments the department deemed unbecoming and of telling a woman to keep moving away from the scene of the shooting instead of investigating her complaint that she had been a victim of a crime.

    See Original Post

  • July 16, 2019 12:28 PM | Office IFCPP (Administrator)

    Reposted from Security Infowatch

    Given the myriad cyber threats facing organizations today from criminals, nation-states and hacktivists, it should come as little surprise that senior-level executives are placing a larger emphasis on bolstering cybersecurity over physical security. However, the results of a recent survey conducted by the Center for Cyber and Homeland Security (CCHS) at Auburn University in conjunction with the International Security Management Association (ISMA) provides new insights into the resources that C-suite leaders are considering putting behind the mitigation of cybersecurity risks as well as how CSOs and CISOs view their roles and the evolving technology landscape.   

    As the study is quick to point out, the fact that cybersecurity is prioritized by management teams is not a reflection of organizations seeing diminished physical threats or a poor job of security practitioners in articulating the value of their departments to the company but rather it is indicative of the maturity level of physical security within most enterprises and their effectiveness at countering risk. According to ISMA Research Committee Member and former Boston Scientific CSO Lynn Mattice, the maturity level of corporate security programs – traditionally comprised of physical security, personnel security, information asset protection, security risk identification and mitigation, as well as business continuity/emergency response programs – is such that most CEOs have been in a position to see that these programs are professionally run and provide effective risk mitigation and resilience. 

    “The CSO population has had decades of visibility with the C-suite and boards to educate leaders and mature security processes to a level where most CEO’s have confidence that their ‘physical security’ posture in general is mature and capable, with experienced CSO leaders who understand the internal and external threats being directed against their enterprises on a daily basis,” Mattice explains. “In light of the dramatic increases in nation-state-sponsored, -instigated or -supported economic espionage focused at stealing vast amounts of intellectual property and other vital intellectual capital from a vast array of enterprises, CSO’s are again being called upon to help executives and boards better understand the risks they face in today’s complex global economy.”

    This was especially true in the years following the 9/11 attacks where security executives were regularly called upon to brief senior leaders and boards of directors on the terror threat landscape. 

    “The difficult lessons learned from that event were widely shared and resulted in CSOs and corporations placing significant emphasis on enhanced personnel screening, improved physical security, comprehensive travel security measures, strengthening of business continuity programs to ensure resiliency, improved crisis management training and employee mass notification procedures,” Mattice adds.  

    On the other hand, cybersecurity is still a relatively new and evolving function within a majority of organizations today and, given the impact that data breaches and cyber-attacks have had on companies across industries in recent years, there’s a clear desire on the part of CEOs and the C-suite, as a whole, to avoid becoming the next victim. 

    In fact, the survey, which recorded responses from 136 participants that included a mix of CEOs, CSOs and CISOs, found that CEOs across the board are overwhelming prioritizing cybersecurity as it relates to broad importance/emphasis (86%), budget (83%), personnel allocation (83%), and overall strategy (86%). When asked what was the most important driver for placing their strategic emphasis on cybersecurity, the majority of CEOs (75%) reported findings of internal risk assessments as the primary driver, followed by prioritization by the board (50%), nature of industry and business operations (50%), history of prior security incidents (25%), and relevant background of members of senior leadership teams (12.5%).

    “While the role of CISO is not brand new, the challenges being faced by this group of professionals evolve at a rapid pace,” Mattice says. “The relentless nation-state, organized crime, gangs, insider and cyber-hacktivists attacks directed against corporations come at a dizzying rate. At the same time as companies are trying to embrace the digital age, they must also mitigate the risks associated with a complex cyber-environment that is ever-changing and extremely difficult to protect and secure.”

    Budget Priorities

    With security being historically seen as a cost center within most organizations, the ability to receive increased budget allocation for technology upgrades and various other initiatives has always been an uphill battle for security executives. This could become an even bigger challenge in the future as organizations finds themselves attempting to balance both physical and cybersecurity priorities.

    While all CEOs who responded to the survey said they envisioned increasing budgets for cybersecurity initiatives, only 29% predicted that there would be similar budget increases for physical security. However, of those who said they didn’t foresee steadily increasing physical security budgets for their organizations over the next five years, over half selected “protecting physical assets and operations” as the most important priority for their CSO over the next one to two years.

    At first glance, it would appear that the predicted budget allocations of these CEOs are not aligned with their security priorities, however; the study noted that because all of them believe they maintain a coordinated or unified incident response plan, increasing cybersecurity budgets may not be seen as actually taking away from physical security.

    The CSO Perspective

    Unsurprisingly, a majority of the CSOs surveyed (85%) felt that their senior leaders prioritize cybersecurity over physical security, due primarily to their companies experiencing more cyber incidents than physical security incidents in the recent past.

    In contrast with CEOs, however; nearly 60% of CSOs said they envisioned growing security budgets over the next five years. In addition, about 70% of CSOs reported having a unified incident response plan that is a coordinated effort between both physical and cybersecurity.

    Of the technologies and innovations that CSOs expect to have a “very significant impact” on their jobs over the next five years, the majority of respondents (63%) believe advancements in insider threat detection will affect their duties the most, followed by employee use of mobile devices (46%), counterfeiting/product diversion/interception/prevention (24%), and robots replacing security officers (20%).

    What CISOs Think

    Like their CSO counterparts, the majority of CISOs believe that senior leaders in their organizations prioritize cybersecurity over physical security, which 44% attribute to recent cyber incidents.

    And while many previous studies have found a lack of knowledge among C-suite executives and board members as a reason why companies haven’t adequately invested in cybersecurity, CISOs who took part in this survey were extremely involved in helping educate senior leaders about these issues. In fact, 72 % of CISO respondents said they did two or more of the following:

    • Made presentations on cyber threats at senior leadership meetings and/or board of directors’ meetings;
    • Brought in outside cybersecurity experts to speak to senior leadership or board of directors;
    • Held tabletop exercises with senior leadership of company on cyber threats;
    • Implemented penetration tests of company and provided results to senior leadership;
    • And, developed new employee training on cyber threats and risks.

    As a result of these activities, CISOs have created more awareness and understanding among C-suite leaders about the cybersecurity threats they face, and many expect to see increased budgets moving forward. Indeed, 77% of CISOs said they expect to see increased cybersecurity budgets over the next few years while only 33% predict an increase in the physical security budget.   

    Of the technologies and innovations that CISOs expect to have a “very significant impact” on their jobs over the next five years, the majority of respondents felt that the shift to cloud-based services (71%) would affect them the most, followed by big data and artificial intelligence (47%), the Internet of Things (44%), and employee use of mobile devices (41%).

    Click here to read the full study results. 

    See Original Post


  • July 16, 2019 12:14 PM | Office IFCPP (Administrator)

    Reposted from CDN 

    Workplace security is of paramount importance to businesses. When you talk about workplace security, it is an encompassing task that covers the security of employees, clients, visitors, and everyone within the premises of the business; as well as, supplies, assets, equipment, and classified documents.

    It is a legal responsibility of every business to keep their premises secured. But more than just an obligation, ensuring a solid security policy provides reassurance to employees and clients making them feel more comfortable and confident. Workplace security can also help prevent unwanted incidents and crimes. This is particularly important considering that businesses are often targeted by burglars, unauthorized intruders, and sabotage.

    Considering the importance of workplace security, it’s essential to regularly review how you keep your business premises safe and secure. Below are some security measures and tips you can implement.

    Ensure reliable security coverage

    Security personnel provide a primary form of workplace protection. Security guards prevent the likelihood of threats from unscrupulous intruders. They can also help ensure general peace and security within the workplace. Plus, their visible presence gives everyone in the facility a feeling of added protection and safety.  

    Identify critical points

    Although your entire facility requires security, some areas call for heightened protection. Assess your entire workplace to determine which areas have valuable assets and safes. These spots require more vigilance and better security measures. Upgrading surveillance, such as by installing best security lights, within these spots can also help improve protection.

    Secure all entrances and exits

    Prevent unauthorized access in your facility by investing in an effective door or access system. One popular security technology is the key-card access system which ensures that only authorized personnel can enter the building or access specific areas. Employees are given a badge. Anyone who is not an employee and wishes to enter the building is required to sign in at the reception to get a visitor’s badge. In addition, installing interior and exterior cameras can help heighten surveillance and monitor all activities within the workplace.

    Invest in a reliable security system

    Ideally, workplace security system should alert you and the local authorities or police in case of a break-in. This is crucial especially for businesses that handle critical information or assets that are prone to burglary and intrusions.

    Ensure sufficient lighting

    Lighting is an effective deterrent to break-ins and can discourage burglars, especially in the night. Exterior lighting should also help keep your employees and clients safe while they are outside the building premises. The best motion sensor light is more cost-efficient as it can help save up on electricity. These lighting only turns on when there are any movements detected.

    See Original Post

  • July 16, 2019 12:07 PM | Office IFCPP (Administrator)

    Reposted from CPO Magazine

    Cyber threats, cyberattacks, and hacks are getting more and more common so companies are forced to invest in cybersecurity systems. Even though your business may have an excellent cybersecurity plan, you’re still at risk of being attacked; it’s simply the reality of today’s world. That’s why you need to be prepared with a well-developed cybersecurity policy.

    Understanding your company’s needs

    Before you start developing your security policy, you need to understand where your company’s at in terms of cybersecurity. Many times, companies use third party, off-the-shelf products, even though that may not be the way to go. The policy needs to be developed in tandem by your IT team and management. They need to understand every detail of the policy and be on the same page. If you discuss your policy as a team, it will increase your common understanding of the types of information you’re handling, what needs to be secured and at which level of security, as well as how you’re collecting and storing information. If you use a security policy developed by all, it increases the chances that it will be accepted not only by your whole company but also by external auditors.

    Infrastructure

    A good cybersecurity policy has to include the systems already in place that your business is using to protect your critical information. For this part of the policy, you need to work with your IT department to know your capabilities. Outline which programs are used for security and how they will be updated to prevent vulnerabilities. Explain to the users how you’ll be backing up data. Your policy also needs to outline which online services you use and how they fit in. This helps everyone see that you’re planning for every potential scenario.

    Accountability

    Your policy needs to have accountability measures in a contingency plan for cyberattacks. You need to outline the right people on the team who will fix the problem, and who will communicate with your clients. This has to include backups for each position in case the lead person responsible is away. Furthermore, your clients need to know whom to contact for help after an attack. Finally, the management team should plan for regular reviews of the risk and mitigation measures and the policy as a whole.

    Policy provisions

    Once you’ve determined what the infrastructure in place is and who’s accountable for what aspects of the policy, it’s time to include the actual policy provisions. Make sure this section is written in a clear and concise way to leave no room for misinterpretation, and don’t forget to edit and proofread the policy before publishing and disseminating. Consult online tools to help you with this very important step of the process.

    • Confidential data

    Employees are obliged to protect confidential data. Outline the definition of confidential and secret data, so they know what type of data the policy refers to.

    • Devices

    Employees are asked to keep personal and company devices secure so they don’t introduce any security risks to the data. Also, tell them to add password protection to all devices, install anti-virus software, keep their devices on their person at all times, install updates as soon as they’re available, and avoiding lending their devices to others.

    • Emails

    Send instructions to your employees to avoid opening attachments or links when the content isn’t clearly explained, especially if they don’t know the sender. They should immediately be suspicious of clickbait titles, any spelling mistakes, and prize offers. Explain what they should do if they receive an email they’re unsure about.

    • Passwords

    Make sure your employees know how to pick secure passwords, and how to store them in a safe way. Evidently, passwords should never be shared, and should also be changed regularly.

    • Transferring data

    Have a section of your policy elaborate rules for data transfer as this is a risk security risk. Employees should not transfer sensitive information unless necessary, and then it should be done over a secure network. Confidential data must never be shared over public networks. Finally, make sure the recipient has the right clearance and authorization to view that information.

    • Remote work

    Your policy should have clear guidance for remote employees and how they can access their business accounts remotely. They must also follow procedures to encrypt data and only work from a private network.

    Educate

    It’s a mistake to think that when your policy is done the work ends there. Educate your employees on the policy, conduct training on what to do in the event of a breach, and have a scheduled annual review of the contents.

    See Original Post

  • July 16, 2019 12:03 PM | Office IFCPP (Administrator)

    Reposted from Allied Universal

    There is a continuous and ongoing push to develop technologies that make our lives safer and more efficient. Stewart Brand once cautioned, “Once a new technology rolls over you, if you’re not part of the steamroller you’re part of the road.” In consideration of the Chemical, Petrochemical and Utility (CPCU) industry, technology adoption has less to do with a lack of understanding but rather invention is outpacing the ability to regulate it and correctly identify potentially problematic factors that could negatively impact the safety and security of people and places.

    Unmanned Aircraft Systems (UAS), or drones as they are more commonly referred to, are compact in size, have the ability to hover closer than a helicopter, can discreetly maneuver tight areas and provide a bird’s eye perspective of operations. More importantly, with safety at the crux of the CPCU industry, drones have the ability to go safely where people sometimes cannot.

    Adoption of drones is tricky for the CPCU industry. Most sectors of the industry are bound to comply with federal and agency mandates. So while drone technology may offer advantageous solutions that serve to improve safety and security, reduce instances of human error and enhance operations, a lack of regulatory control presents a major hurdle and is an impediment to adoption.

    Recent changes in legislation, particularly Part 107 of Small Unmanned Aircraft Regulations, are marking a turning point for the industry and opening the door to the unique safety and cost-saving advantages of drones. Michael Lichko, Vice President of Sales, with Allied Universal’s partner DroneCore, shared, “Artificial Intelligence and automation have been a tremendous catalyst for moving commercial drone regulations forward over the past year.  It’s important to remember that the rules created by Part 107 were really written around increasing safety for manned drone operations.  However, the software and hardware advances of systems like our DroneCore platform have allowed for rapid approval of nighttime operations and the coveted BVLOS waiver, as evidenced by the recent approval granted to the Chula Vista PD for public safety operations early this year.”   

    With more structure and regulation in place as well as evidence of successful operations outside the United States across all industries, several oil and gas industry leaders have moved beyond the experimental phase of drones to leading the industry in adoption by developing their own drone programs. It’s a move that is providing big ROI from what is proving, by comparison, a small investment in technology enhancements.

    Shell shares how the use of drones in their operations has helped facilitate safer and more frequent inspections of equipment by using drones instead of personnel when inspecting hard-to-reach or dangerous areas such as flaring stacks. It’s a smarter way to achieve better results--allowing personnel to stay safely rooted to the ground while the drone does the dangerous and heavy lifting reduces risks for injury while enhancing compliance. In other instances, drones have helped the industry recover more quickly from natural disasters. Following the widespread destruction of Hurricane Harvey several oil and gas industry leaders leaned on the technology of drones for reconnaissance missions to identify damage to infrastructure and assist in prioritizing emergency response to their region.

    It is exciting to see the CPCU industry making strides in embracing technology that will serve to strengthen the industry’s ability to create and deliver products and resources that facilitate economic growth and sustainability more safely and efficiently. At this year’s annual Energy Security Council Conference in Austin, TX, I had the opportunity to participate in a knowledge sharing session with CPCU industry leaders regarding the use of drones to augment onsite security—whether for patrolling remote locations or assisting in incident management and response.

    A few weeks following the conference, while visiting one of our refinery clients, I was pleasantly surprised to see this in action—the blend of physical security with smart technology working to create safer, more secure environments. My meeting with Angela Best, Allied Universal Account Manager was delayed. Angela is a licensed drone operator and the client needed her to pilot a flight to inspect part of the processing area following an incident. She shared that she regularly flies the UAS for all types of facility, security and safety missions. “We utilize our drones weekly, whether it’s to inspect equipment, monitor areas of the perimeter, or to observe illegal hunters on the property. Using the drones allows us to do all of this in a manner that doesn’t put people in harms way. It’s all about how we can achieve the same goal, safer.”

    While drones provide advantageous cost savings, I think the greatest value drones and new technologies have to offer the CPCU industry is how much safer it will make the work place for people. 

    See Original Post

  • July 01, 2019 2:06 PM | Office IFCPP (Administrator)

    By William J. Powers III -Director of Facilities at The Sterling and Francine Clark Art Institute in Williamstown, MA.

    It is imperative that organizations have a well-written All-Hazard Emergency Response Plan (ERP) in conjunction with an Incident Action Plan (IAP). This document includes a business continuity plan which helps the organization to maintain operations if possible. More than 40% of organizations are forced to close after a major incident. The plan is a living document that should be regularly reviewed and updated, as the process is dynamic and ever-evolving.

    A comprehensive security analysis should be performed to help identify any potential risks. A strategy to mitigate such risks should then be developed. Scenario-based thinking will help to prepare and understand the challenges in managing the risks, and allows open-minded thinking to ask questions, such as “If this happens, what can be done?” Training must regularly occur and be consistent and in the right setting. Responders are often placed in difficult situations because the proper training has not been conducted. On-duty responders need training for everyone’s safety.

    The four phases of emergency management are preparedness, response, recovery and mitigation—they are the basis for the ERP.* The goal is to end the incident as quickly as possible. The IAP summarizes incident response tasks and instructs personnel on mitigating potential damage. The Incident Response section prepares individual responders by assigning role-specific tasks. The Incident Closure and Debrief sections direct responders on aiding business recovery. Each response follows a step-by-step process—governed by the Incident Command System (ICS)—that will guide responders from incident preparation through incident closure.

    A business continuity plan should clearly state in writing the essential functions and goals of the organization. The document should identify and prioritize the systems and protocols to be sustained and provide the necessary information for their maintenance. The ERP and IAP form the framework of incident response. Life safety will always be the highest priority. As the incident concludes, the next important step is to normalize business operations as soon as practical. More than 40% of organizations do not survive a disaster for various reasons.

    Businesses having a plan to move forward after a critical event will have a better chance of staying open versus a business with no plan. During an emergency is not the time to determine what can be done and whom to contact. In the planning stages, it is easier to think more clearly and establish contracts and billing rates with vendors, contractors and others if the incident involves more than a single facility.

    Community and Regional Resilience Institute (CARRI) is a concept of emergency management that FEMA initiated, and which differs slightly from Incident Command. The entire community is involved in the plan, and the decisions are made by consensus regarding the plan elements. In 2011, this concept was tested in the U.S. through several pilot programs across the country. This process requires resources and support from all local community agencies. The concept of this plan is relativity simple; however, it does become complex as to who has the decision-making authority in the community and how resources are allocated. There are many political governing bodies in this process—all with an interest in seeing it succeed—from the President through the cabinet. The government has made grants available to municipalities. The concept is who is better-equipped to make decisions for the people most impacted. Everyone is familiar with both the process and the local agencies.

    The more communities are involved and acquaint themselves with the local agencies, the better and stronger the community becomes. It is similar to community policing—knowledgeable community residents are more willing to share information with law enforcement.

    Through Presidential Policy Directive 21 (PPD-21), enacted in February 2013, the National Infrastructure Protection Plan (NIPP) aligns with PPD-8, which addresses national preparedness. These directives help align communications with federal, state, local, tribal, and private sector groups to engage in emergency preparedness. With better communications, everyone working towards common goals, and understanding the fragile nature of critical infrastructure, people are more open to sharing when an incident occurs. The success of this integrated approach depends on leveraging the full spectrum of capabilities, knowledge and experience across the critical infrastructure, community and associated stakeholders. This requires efficient sharing of actionable and relevant information among partners to build situational awareness and enable effective, risk-informed decision-making.

    *          FEMA: https://training.fema.gov/emiweb/ downloads/is10_unit3.doc

    WILLIAM J. POWERS III

    William J. Powers is the Director of Facilities at The Sterling and Francine Clark Art Institute in Williamstown, MA. Powers oversees the Facilities, Maintenance and Security Departments of the Clark Art. Powers has over 30 years of experience in cultural property protection, starting at the Berkshire Museum in 1981 and coming to the Clark Art Institute in 1995. In addition to being a member of the Board of Directors for International Foundation for Cultural Property Protection (IFCPP), Powers is the Sergeant at Arms for the IFCPP, as well as a Self-Defense and Use of Force expert. He is a certified instructor through the IFCPP and frequently lectures on cultural property protection at cultural facilities and colleges. He was one of the first IFCPP members to host a Regional CIPS Certification Workshop, and continues to contribute valuable assistance to the Foundation. Along with working with the IFCPP, he serves on the awards committee and is an active member on the Cultural Properties Council for ASIS.

    Powers has a Master’s Degree in Administration of Justice and Security. Powers also serves as a Captain with the Berkshire County Sheriff’s Department, Uniform Branch, since 1995. He holds a 6th Degree Black Belt in martial arts and a Master Level Teaching Certificate. He is an active member of several national associations, including ASIS International, the American Association of Museums, the National Fire Protection Association, the New England Museum Association, the Association for Facilities Engineering, and the Museum Association Security Committee.


  • July 01, 2019 2:03 PM | Office IFCPP (Administrator)

    Reposted from Securitas Security Services, USA, Inc.

    According to OSHA statistics, slips, trips and falls (STF) are responsible for the majority of nonfatal occupational injuries nationwide. More than half of these injuries result from falls on level surfaces. Keeping an eye out for potential hazards can help create a safe work environment.

    Watch Your Step
    Falls are among the most preventable types of accidents. Preventing slips, trips and falls begins by paying attention to where you step. Avoid multitasking while walking. Watch for obstacles indoors such as clutter, debris, cords, wires crossing the floor, and open file cabinet drawers. Other potential hazards include unexpected changes in the floor level, such as a step up, loose tiles, protrusions from the floor, buckled or torn carpeting and wet flooring or oily surfaces. Obstacles to watch out for while outdoors include curbs, potholes, cracks in the pavement, dips in terrain, stones or debris, as well as weather-related hazards such as muddy areas, snow-covered obstacles, standing water or ice. If a slippery or uneven surface is unavoidable, walk slowly using short shuffling steps. When coming indoors from inclement weather, remember that your boots or shoes are likely to be slippery and floors might have wet spots, a wet carpet or wet door mats. Always wear shoes with slip resistant soles. Maintain a clear field of vision. Avoid carrying a load that blocks your view and walk in well-lit areas. Turn on the lights before entering a room or dark section of a building. Only run if there is an emergency and use available handrails when going up or down stairs, ramps or inclined surfaces. Do not attempt to take more than one step at a time. Walk around hazards, not over them, or take a different route.

    Building a Culture of Safety
    Safety in the workplace extends beyond preventing falls. Maintaining a safe work environment is the responsibility of every employer and employee. The most successful workplace safety programs require a commitment from the entire company.

    Everyone is affected when a person has an accident or is injured on the job. The pain and suffering, work disruptions, lost time injuries, and costs from such incidents can also impact families, co-workers and the company, as well as the injured party. This is why it is important to maintain a culture of safety. Always adhering to safe work habits, and never avoiding or ignoring established safety procedures, is part of everyone’s job. The key to staying safe at work is remembering that safety is no accident. “Think Safety First” before starting any task, no matter how familiar it is. If you see someone acting in an unsafe manner, stop and help them consider the potential consequences of their actions. Assist them by explaining a safer way of performing the task.

    Keys to Workplace Safety
    Maintaining an attitude of safety is a critical part of staying safe on the job. There are six keys to a good safety attitude that can help develop safer work habits.

    • AWARENESS
      Pay attention. Stay alert to the potential hazards in the work environment so that steps can be taken to correct or guard against them.
    • FOCUS
      Concentrate on the task(s) at hand. Distractions, boredom or fatigue can lead to inattention and accidents or other safety hazards.
    • STRENGTH
      Persevere and do the right thing, even when it’s easier not to. Follow safety procedures, every time.
    • PATIENCE
      Take the time to do things correctly every time—like always buckling your seatbelt, even on quick trips. There are no shortcuts to safety.
    • RESPONSIBILITY
      Accept responsibility for maintaining a safe work environment that benefits everyone. Immediately notify maintenance or management of any observed unsafe conditions or safety concerns, so that they can be addressed, and other employees can be alerted and advised of precautions that should be taken to avoid injury.
    • THINK
      Stop and think twice before acting. Accidents are not always the result of bad luck. They occur when someone decides—consciously or not—to take a chance. Be smart and avoid taking unnecessary risks and always “Think Safety First.”

    For more information on this and other security related topics, visit the Securitas Safety Awareness Knowledge Center at: http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tips

QUICK LINKS

TRAINING & EVENTS

  
 

1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection.  All Rights Reserved