Archive for July, 2010

Thursday, July 29th, 2010

Kelly S. Klatt, CPP on SecurityInfoWatch Radio

by Kelly Klatt

International Association of Professional Security Consultants (IAPSC)  members, Kelly S. Klatt, CPP and Curtis Baillie, CSC participated in a 40 minute SecurityInfoWatch podcast about their experiences starting and running independent security consulting businesses. The podcast titled, “Getting Started in Security Consulting” covered topics including  making the transition from law enforcement and corporate security to consulting, setting up a small business, marketing your security consulting business and finding clients, working as an expert witness and more. The IAPSC organization was also discussed as well as the upcoming Successful Security Consulting pre-seminar (October 10 & 11, 2010) being presented at the ASIS Conference being held in Dallas, Texas.

Click here to listen to SecurityInfoWatch podcast #52.

Tuesday, July 27th, 2010

Natural Catastrophe / Emergency Response Preparedness

by Kelly Klatt

With the recent severe weather conditions experienced throughout the US as well as the current 2010 Hurricane season, we thought it appropriate timing to issue our annual reminder to review and test your local Disaster Preparedness and Emergency Response procedures, as well as to fine tune aspects of your plans, if needed.

As you know, whether you are situated in a hurricane zone, tornado alley, wild fire, earthquake or other natural catastrophe (NatCat) area or in the event of any other type of catastrophic or severe event, it is vital to the safety and well being of your visitors, guests, team members and the ongoing operation, to ensure that all your team members are familiar with your procedures in advance of an event.

We would also like to take this opportunity to suggest you revisit your Crisis Management and Disaster Recovery process and the Pre-positioned Disaster Recovery Services provided by available contractors.  Forward thinking companies utilizing our “Strata” program at  Center for Security Solutions, will find that these issues are already  addressed and that a competent disaster recovery company is on-call for you.

As a reminder, disaster recovery companies are also available to provide remediation of property damage in connection with other events such as asset stabilization after a fire; water extraction and dehumidification related to water damage from pipe bursts or malfunctioned sprinkler heads or water intrusion from driven rain; etc.    They have an extensive range of remediation services and, in most cases; their rates have been negotiated with insurers, which will help expedite the claim adjustment and settlement payment process.  While your Directors of Engineering and Security should already be aware of this, please share this reminder with all appropriate members of your Executive Committee and Team Members.  Let us at C4SS know if you have any questions in this regard.

And, for those of you in a hurricane zone, the most recent predictions are estimating a very robust season.  While the website is probably already in your “Favorites” file, up-to-date storm tracking throughout the season can be accessed via the NOAA website at www.noaa.gov.   Obviously, all of us are hoping for the best, again, this season!

Sunday, July 25th, 2010

Walking the Line of Competitive Intelligence

by Kelly Klatt

In previous posts we have talked about how economic espionage effected Apple with their release of the iPhone 4 and some different ways to lower the risks of economic espionage.  A big part of running a business is gathering competitive intelligence on what other companies in your industry are doing, but at what point does competitive intelligence become economic espionage.  As we have said, the later is illegal and gathering competitive intelligence can become a federal offense that sends you to prison with fines.

Gathering competitive intelligence, if done by legal means like the internet, is OK if the information you are gathering is public.  Competitive intelligence doesn’t have to be information that is secret, there is a lot of information that is available to the public that no one is paying attention to.

So what is the difference that turns competitive intelligence into economic espionage?  There are two types of competitive information, material and non material.  Non material information doesn’t really fall into the realm of competitive intelligence. You can’t use non material competitive intelligence to enhance your business, or effect the business you are gathering competitive intelligence on.

Once you have determined that the competitive intelligence you are gathering is material, the part that makes it legal is whether the information is public or non public. You can determine this by checking the source of your competitive intelligence and then trying to verify the information from another source. If you can’t verify the information publicly, your competitive intelligence may fall under the jurisdiction of economic espionage.

We caution security consultants to warn their clients of the risks on both sides of this coin. If you are the company that is gathering the competitive intelligence, a wrong step can ruin the reputation of your company.  From the security side, a security advisor can build a plan for your company to protect the risks of competitive intelligence gathering and help you avoid the fallout that can occur from leaks in your castle walls.  While we hope that the world doesn’t become a place that needs intelligence protection for corporations, we feel its best to build protections up front to avoid the temptation.

Friday, July 23rd, 2010

Reducing the Risks of Economic Espionage

by Kelly Klatt

In 1996 the United States government made it a federal crime to gather trade secrets for economic benefits.  While economic espionage makes a great subject for movies, economic espionage is a real threat to businesses with secrets to keep. As we are sure you have heard, the recent events around Apple’s iPhone 4 are a perfect example of how economic espionage can hurt a business, especially one that everyone is watching.

Here is how the economic espionage unfolded: The world is watching waiting for any hint of a new iPhone and a prominent blog is trying to get the information.  Said blogger obtains information for pay, and releases it on their blog.  Once the information is leaked, it creates a snowball effect causing Apple to release a phone to market that isn’t properly tested and has antenna issues. This causes Apple millions of dollars in damage not only with advertising dollars, public relations and the cost of giving early adopters “bumpers” for their phone trying to save face. While this is economic espionage at its most extreme, most companies don’t even know that economic espionage is happening to them.

So how do you protect your company from economic espionage?  Security Consultants work with a company to identify risks for economic espionage, and you would be surprised how often security consultants find security risks in the most obvious places.

Thinking of economic espionage, most likely your idea is something influenced by Hollywood.  A hacker is hired to break in and steal sensitive data, but we find that most economic espionage leaks are people leaving an office door unlocked, or a key employee having one too many drinks at a bar and spilling sensitive data to a seemingly harmless patron.  “Desk top surveillance” is the classic and simplest cause of sensitive information loss.  This is where an unthinking holder of sensitive information, leaves documents on his desk at the end of the day and night time employees or cleaning crews have free access to this information.  The “Clear Desk” policy is the simplest defense against this oversight.   No one goes home before everything on their desk is securely locked away.

Today’s world is safer than ever, but we need to remain vigilant if we are going to protect sensitive economic data from the world’s top economic espionage experts. Just because something is against the law, unfortunately doesn’t mean people wont do it.

Wednesday, July 21st, 2010

Social Media and Corporate Security

by Kelly Klatt

We came across this article over at the conversation agent about how crisis communication works in a world where social media exists.  They do a great job of exposing the risks of social media in a crisis communication environment. We think they did a great job of applying their knowledge of social media to the field of crisis communication, but what about other areas of corporate security?

Executive Security and Social Media

In a world where executives are posting their movements to sites like Twitter and Facebook, its becomes a security risk when they are in environments where close protection is required.  One of the things we recommend security consultants do, is question people about their social media activity, and council them on using it safely.

Competitive Intelligence and Social Media

Economic espionage is a reality today more than ever, and social media can be an easy place for employees to leak sensitive economic data.  While it sounds unlikely, for the person that is looking, it will become obvious when a key employee leaks financial information.  Having a social media policy in place can help, and we recommend that security consultants build a comprehensive social media plan that will protect the company and its employees

Its not about control, it’s about knowledge

Social media is a real part of the world today, and we feel it is better to educate employees rather than try to control their involvement in these activities.  A security consultant who educates, limits the risks to corporate security in the workplace and outside of the workplace, building a safer environment all around.

Saturday, July 17th, 2010

Reducing the Risk of Workplace Violence

by Kelly Klatt

Many people think of workplace violence as something extreme like a disgrunteled employee coming to work with a firearm and shooting fellow employees or former managers. Workplace violence is not always as extreme as this and can come in many forms. For example, workplace violence is really any time one employee feels threatened by the actions or presence of another employee. That is it. What’s even more important about workplace violence is the effect it has on productivity of employees. Employees who are scared or intimidated by workplace violence are less productive and make poor decisions.

We find the best thing you can do to lower the risks of workplace violence is educate your employees on what workplace violence actually means. This will mitigate 99% of your risk of workplace violence and give your employees a forum to discuss what a safe workplace means to them. This “workplace violence forum” can be done as often as you need to, but we recommend no less than once a year for smaller workplaces.

As a security consulting firm, there are a few things we can do to manage the incidence of workplace violence. We work with management staff to advise them on the most common times workplace violence is likely to occur and then come on board to help manage risk during those times. Layoffs are an unfortunate part of the business cycle, and do provide quite a bit of risk when it comes to workplace violence. Security advisors can facilitate these events to minimize the risk of workplace violence, making sure that your management staff executes the layoff decision in a manner that maximizes the safety of those that are fortunate enough to stay.

Thursday, July 8th, 2010

Balancing the risks of Commercial Security Systems

by Kelly Klatt

Commercial Security Systems come in many different flavors. What we have found in our work is that the company that sells commercial security systems may be more interested product functionality than developing a security system that balances risk detection with peace of mind. Our philosophy is always to provide a secure environment without alarming the people in that environment. Because a security system is such an integral part of a functional security plan, our security advisors want to make sure that our clients commercial security systems fit within this philosophy.

Many great examples of executing commercial security systems that don’t intrude on the environment can be found in the city of Las Vegas. Someone is always watching in Las Vegas Casinos, because there is so much at stake there. With so much money involved, and the increased focus of terrorism on tourist destinations quality security is more important than ever. Yet you have to look very hard to find the obvious presence of commercial security systems. This is very important to their industry which is built around fun and relaxation. When some people are exposed to increased security measures, it has almost the opposite effect.

If you are in the market for a Commercial Security System or looking to overhaul your current one, we recommend meeting with a security consultant to talk about the balance between protecting your environment and enjoying your environment. Build yourself a quality security plan, but don’t do it at the expense of peace of mind.

Wednesday, July 7th, 2010

Outsourcing Security Consulting

by Kelly Klatt

Good outsourced security consulting provides a complete management guide for contracting security support services, particularly those associated with protective organizations.  It helps security and facility managers through the quagmire of conceptual planning, proposal evaluation and contract negotiation, and helps them to realize cost savings, improve productivity, and elevate the quality level of the contracted service.

Organizations can have a wide range of security needs, from managing the risk associated with layoffs to executive protection. Having full time security staff to meet the needs that don’t fit into the daily operations of the company is not as cost effective as finding a company that can provide on demand security consulting to get you through those times. Many times smaller companies will put themselves and their employees at risk because they are not aware that you can hire outsourced security direction with products like Strata.  At the very least, we recommend meeting with a security consultant once a year to discuss the needs of your organization.  A few other resources are the Association of Security Consultants, International Association of Professional Security Consultants and blogs like this one that keep you up to date on the security consulting industry.

As we always say, security is important.  You don’t have to have your own in-house security staff to make sure your company and employees are secure. You can build a solid security plan by outsourcing your security concerns and relying on the advice of a professional security consultant.