An inside-out approach to security and safety

Oct. 4, 2018
While security measures like access control and video cameras have become standard, many schools and workplaces continue to lack comprehensive, risk-based security plans

We live in a world where violent intruders are the new norm. Ensuring school and workplace safety has never been of greater concern for administrators. No matter where you stand on the myriad of divisive policies and issues that face America, we all wake up, heartbroken, when we turn on our morning news and hear another report of lives being lost. Still - while security measures like access control and video cameras have become standard, many schools and workplaces continue to lack comprehensive, risk-based security plans.

What does a “comprehensive security plan” really entail? It’s easy to assume that a comprehensive plan involves the implementation of physical security equipment. While that is helpful – necessary, in fact – it does not fully address the safeguarding of our schools and workplaces. This led our team to coin the “inside-out” approach to campus and workplace safety, which centers wholly on the belief that without a comprehensive security plan in place, schools and workplaces remain vulnerable to crimes committed by an unexpected class of potentially dangerous people: trusted insiders.

An insider threat, by definition, is a student, employee, former employee or student, contractor, business associate, or another person within an organization who has access to facilities, critical data, and IT systems, and could, therefore, cause harm to the business or its people. Many of today’s incidents, including cyber-attacks and violent intruders, are masterminded by those with trusted access to school and workplace networks and facilities.

By focusing on security program elements closest to the things you’re trying to protect (people, information, reputation), campuses and workplaces can build an effective security strategy. Implementing countermeasures – including prevention training, background investigations for employees and third-party contractors, anonymous reporting, and behavioral intervention/threat assessment teams – is the key to intervention, detection, and prevention.

According to an FBI report on workplace violence, 80 percent of the active-shooter situations that happened in the United States between 2000 and 2013 took place at work. Of those active-shooter incidents cited in the report, more than 46 percent were perpetrated by employees or former employees, and 11 percent involved employees who had been terminated on the day of the incident.

While it’s difficult to identify a wholly soundproof solution, the “inside-out” approach focuses on setting strong prevention and intervention methods that are proactive rather than reactive. The following countermeasures are key to enhancing prevention, intervention, and detection, and thus create a comprehensive security plan. When schools and workplaces take this “inside-out” approach, they give themselves the tools to intervene earlier in the incident lifecycle before a threat escalates into a full-scale emergency.

Community Education and Prevention

Consider a community-based approach, helping people take responsibility for themselves, the people around them, and the communities in which they live and work. For example, the Department of Homeland Security approach, “If you see something, say something” has proved to be an effective campaign in encouraging public intervention and awareness.

It is important to think of ways in which the entire community may be aware of insider threats and how they can be proactive in the prevention or in getting the right response from an intervention perspective. The university or workplace should consider ways to infuse this information into ongoing training and communication or provide mandatory workshops for employees throughout the year through micro learning opportunities over acute training. This solution allows students and employees to engage with the material much more effectively.

Anonymous Reporting

The “inside-out” approach suggests that implementing perimeter protections, which include cameras and card readers, is crucial to an overall security plan. Equally important is the use of anonymous reporting, which must be readily available to employees and students, as well as micro-based learning opportunities that instruct users through user-friendly apps or websites.

It is important that employees and students understand that this strategy involves more than calling the police or 911. These anonymous reports are sent to trained professionals who then evaluate and respond accordingly to the potential threat that is being reported. It is just as important for campuses and workplaces to utilize the ever-evolving technology innovations that exist in our world today. As mobile and web-based apps favored by Millennials and Gen-Z continue to emerge and gain popularity, facilities must incorporate and adapt their policies to keep pace with ever-changing user preferences that can enhance response to security threats and concerns.

Behavioral Intervention and Threat Assessment Teams

A crucial aspect of a comprehensive plan, administrators must designate a team that is fully informed of critical moving parts, including employees and students, campus or workplace IT and security systems, their vulnerabilities, and the threats that could affect them. Clearly highlight the risks posed by insider threats, then prioritize the risks and continuously assess and enhance your security infrastructure according to risk priority.

These are professionally trained teams that should be an essential part of any response plan, and who regularly update and stay on top of any potential threats that arise on a campus or facility. When you effectively train your staff to identify and assess potential threats of violence or cases of mental health, these threats can be stopped in their tracks before unfolding into a tragedy.

Managing Third Parties

Many employers conduct employment screening as part of their hiring practices, but it’s critically important to consistently apply these practices when looking at an overall comprehensive security plan for a workplace. In hiring third-party contractors, administrators must hold them to the same standards – from background investigations and screenings - prior to assignment to your organization.

By taking an “inside-out” approach, these institutions are better equipped to identify potential threats and intervene earlier in the incident cycle before a situation escalates into a full-scale emergency. The better we can educate people on what to look for – or how to install better protocols to prevent, rather than respond to, violence in the office or building – the more effective we can be at keeping ourselves and our teams safe.

This falls on the way we report these incidences in the news as well. If your institution has effectively identified and prevented a threat, share your success story. Better awareness of prevention and intervention success stories can build momentum for better and more effective anonymous reporting and shared best practices, as well as serve as a deterrent to potential attackers. A strong deterrent for would-be threats is continuous coverage of the good things people are doing to prevent threats from being carried out.

Currently, many of us seem to accept the idea that we are, and will continue to be, victims to criminal acts. With proper precautions in place and a more open dialogue on how to prevent instead of reacting, the narrative can change to say that we, as unified citizens, proactively combat the problem. We focus on successes. We report to our communities. We can prevent and intervene more effectively with a truly comprehensive security plan.

At the end of the day, we will never fully know what is going on in the mind of another individual – but we can help to keep each other safe, and be part of the solution that fights against threats and violence to secure safer tomorrows.  

About the Author: Rodnie Williams is the Senior Vice President of Risk Management at Omnigo Software and the founder of 360° Stay Safe™, both of which are committed to helping ensure safer tomorrows. Williams has 35 years in the security industry and is a sought-after expert in Enterprise Risk Management (ERM) and strategic topics. His security experience includes risk assessments, security program management, operations centers, regulatory compliance, CFATS, identity and situation management solutions, and technology deployments. Williams, a certified protection professional (CPP) through the American Society for Industrial Security (ASIS), has dealt directly with threats of violence, executive protection, crisis management and response, security risk assessment, security technology/system design, and workplace violence prevention.