Security expert Dr. Steve Albrecht says cease and desist letters are useless unless companies are willing to back them up with action.
Photo credit: (Image courtesy bigstockphoto.com)
Our work in threat assessment demands creativity, patience, intuition, and the ability to not only think outside-the-box, but to help (or urge) others to do so as well. One area where we run into difficulties is during the discussion, often with company attorneys, about the need to send a threatener, who has contacted the organization by email, letter, or phone, a "cease and desist" letter. This person is often a former employee who quit in anger or was terminated under negative circumstances. It could also be an unpaid vendor, embattled customer or taxpayer. They often choose to target the firm with a barrage of emails or calls, designed to disrupt operations and make the recipients fear for their lives. In these cases, senior management wants answers and turns to the company HR, security or counsel to take actions.
From experience, we know that email threats are much less of a security concern than unannounced visits by former employees. Threatening from a distance is a different mindset than screaming in the company lobby at a frightened receptionist. This is at the heart of the matter; some people use threatening emails, texts, written letters (less likely these days), or menacing voice messages left on their targets’ business or personal accounts or phone numbers. Their use of electronic distance is intentional. Their thinking goes: "I can reach out to threaten you anytime and from anywhere, just by pressing a few buttons and there is nothing you can do to stop me."
Would you rather work on a threat case where the perpetrator sent an ominous email as "IHateYourGuts@yahoo.com" or the same email with "MyFirstName.MyLastName@yahoo.com?" For the first threatener, he or she is using an anonymous email address to do just that, remain anonymous. This person fears the consequences, wants to continue to play cat and mouse, and may think that shuffling through a series of fake email addresses makes it harder for us to track or identify him or her. For the second threatener, who uses his or her name and self-identifies, there is no intent to hide. This person is saying: "Yeah, it’s me, so now what are you going to do about it?" The behavior of self-identified threateners is more of a concern because they are not being covert, but overt, in their threats of harm.
Many electronic threateners perceive what they’re doing as not necessarily illegal (which it is in most states), and they enjoy being provocative, all-powerful, and disruptive. We are certainly more concerned when ex-employees, domestic violence partners of current employees, angry vendors or customers, or mentally ill strangers enter our work facilities with no warning. The electronic threatener gives us advance notice and a great evidentiary paper trail of dates, times and words. The phone threatener gives us evidence of tone, malice, and threatening statements, which we can take to the police for a possible arrest or a judge should we decide to get a civil protection order.
This is where the paradoxical part of our work comes into play. As the U.S. Secret Service has told us, some people make threats and some people pose threats. We often have more concerns from people who pose threats than those who make them. Overt threats mean something different than covert threats. As such, we need to handle these cases in completely different ways, which takes some hard convincing to get the company stakeholders to agree. Sometimes simply observing the stream of messages is an effective course of action. We can watch for signs of depression, bipolar disorder, loss of hope, statements about weapons possession, or suicidal or homicidal ideations. But senior management and their attorneys, who may not understand the threat assessment process, demand actions, not observations.
After the usual plethora of threatening calls or emails has scared enough people in the organization, corporate counsel will often craft a strongly-worded cease and desist email or written letter to send to the perpetrator. The language often includes statements such as: "If you do not immediately cease all contact with our company, via any electronic means, we will be forced to take direct legal action against you." In theory, this could include getting a temporary restraining order (TRO), calling the police to make a criminal threats or harassment case report, working with the telephone provider to trap or block calls, filing a civil suit for damages, or having the person arrested. In operation, these good ideas rarely happen. When the threatener makes another call, sends another letter or yet another e-mail, the company’s response is to send yet another cease and desist letter, with even more “strong language” in it. The threatener continues, the lawyers continue, and the cycle continues.
We may hear counsel say their reason for the cease and desist letter process is to “have something in the file” to show a judge or to demonstrate due diligence to frightened employees or top management. In reality, these letters only encourage the threatener to keep playing, by hitting the ball back across the net every time we do. The solution is clear: If it’s deemed necessary, send the first (and only) cease and desist letter to the subject and if he or she violates the conditions, then follow up with the enforcing actions promised in the letter. Break the cycle by not creating it.
If our goal in threat assessment is to gather as much information as possible to make good decisions about our response, then why not analyze every message the threatener sends, by whatever means it comes in? We can ask the IT experts in the company to redirect the sender’s emails to our attention, change the target employee’s phone number and continue to collect and assess the subject’s voice mails, or collect any mail correspondence before it reaches the target employee. We can and should minimize the electronic threatener’s impact, but continue to collect the messages. Cease and desist letters without consequences are useless and give the power of disruption back to the threatener.
About the Author: Dr. Steve Albrecht, PHR, CPP, BCC, is internationally recognized for his training, writing, and speaking on workplace violence response and school violence prevention. In 1994, Steve co-wrote Ticking Bombs, one of the first business books on workplace violence. He is board certified in HR, security, and employee coaching. He can be reached in San Diego, CA at firstname.lastname@example.org or on Twitter @DrSteveAlbrecht.