Friday, April 22nd, 2011

The “NEW” National Terrorism Advisory System

by Kelly Klatt

Well ….. The DHS finally did it !    They decided the old color coded Homeland Security Advisory System was no longer working … News Flash.          We now have the National Terrorism Advisory System a much simpler two level program with expiration dates.  Kind of like that quart of milk in your frig.

The DHS explains it this way …

“The National Terrorism Advisory System, or NTAS, replaces the color-coded Homeland Security Advisory System (HSAS). This new system will more effectively communicate information about terrorist threats by providing timely, detailed information to the public, government agencies, first responders, airports and other transportation hubs, and the private sector.

It recognizes that Americans all share responsibility for the nation’s security, and should always be aware of the heightened risk of terrorist attack in the United States and what they should do.”

The new two levels of alerts are:

Imminent Threat Alert

Warns of a credible, specific, and impending terrorist threat against the United States.

Elevated Threat Alert

Warns of a credible terrorist threat against the United States.

NTAS Alerts will only be issued when credible information is available.

These alerts will include a clear statement that there is an imminent threat or elevated threat. Using available information, the alerts will provide a concise summary of the potential threat, information about actions being taken to ensure public safety, and recommended steps that individuals, communities, businesses and governments can take to help prevent, mitigate or respond to the threat.

The NTAS Alerts will be based on the nature of the threat: in some cases, alerts will be sent directly to law enforcement or affected areas of the private sector, while in others, alerts will be issued more broadly to the American people through both official and media channels.

What does that mean to you and me ?    Not all the information will be going to all the people all the time.  But the good news is, these alerts will expire, unlike the old system that just seemed to never change and eventually became irrelevant.

Sunset Provision

An individual threat alert is issued for a specific time period and then automatically expires. It may be extended if new information becomes available or the threat evolves.

So there it is …  no more pretty rainbow of death, just a two tier method of keeping us on the edge of our seats.  Let all hope and pray that this program continues to keep us all informed and safe.

Thursday, July 29th, 2010

Kelly S. Klatt, CPP on SecurityInfoWatch Radio

by Kelly Klatt

International Association of Professional Security Consultants (IAPSC)  members, Kelly S. Klatt, CPP and Curtis Baillie, CSC participated in a 40 minute SecurityInfoWatch podcast about their experiences starting and running independent security consulting businesses. The podcast titled, “Getting Started in Security Consulting” covered topics including  making the transition from law enforcement and corporate security to consulting, setting up a small business, marketing your security consulting business and finding clients, working as an expert witness and more. The IAPSC organization was also discussed as well as the upcoming Successful Security Consulting pre-seminar (October 10 & 11, 2010) being presented at the ASIS Conference being held in Dallas, Texas.

Click here to listen to SecurityInfoWatch podcast #52.

Tuesday, July 27th, 2010

Natural Catastrophe / Emergency Response Preparedness

by Kelly Klatt

With the recent severe weather conditions experienced throughout the US as well as the current 2010 Hurricane season, we thought it appropriate timing to issue our annual reminder to review and test your local Disaster Preparedness and Emergency Response procedures, as well as to fine tune aspects of your plans, if needed.

As you know, whether you are situated in a hurricane zone, tornado alley, wild fire, earthquake or other natural catastrophe (NatCat) area or in the event of any other type of catastrophic or severe event, it is vital to the safety and well being of your visitors, guests, team members and the ongoing operation, to ensure that all your team members are familiar with your procedures in advance of an event.

We would also like to take this opportunity to suggest you revisit your Crisis Management and Disaster Recovery process and the Pre-positioned Disaster Recovery Services provided by available contractors.  Forward thinking companies utilizing our “Strata” program at  Center for Security Solutions, will find that these issues are already  addressed and that a competent disaster recovery company is on-call for you.

As a reminder, disaster recovery companies are also available to provide remediation of property damage in connection with other events such as asset stabilization after a fire; water extraction and dehumidification related to water damage from pipe bursts or malfunctioned sprinkler heads or water intrusion from driven rain; etc.    They have an extensive range of remediation services and, in most cases; their rates have been negotiated with insurers, which will help expedite the claim adjustment and settlement payment process.  While your Directors of Engineering and Security should already be aware of this, please share this reminder with all appropriate members of your Executive Committee and Team Members.  Let us at C4SS know if you have any questions in this regard.

And, for those of you in a hurricane zone, the most recent predictions are estimating a very robust season.  While the website is probably already in your “Favorites” file, up-to-date storm tracking throughout the season can be accessed via the NOAA website at   Obviously, all of us are hoping for the best, again, this season!

Sunday, July 25th, 2010

Walking the Line of Competitive Intelligence

by Kelly Klatt

In previous posts we have talked about how economic espionage effected Apple with their release of the iPhone 4 and some different ways to lower the risks of economic espionage.  A big part of running a business is gathering competitive intelligence on what other companies in your industry are doing, but at what point does competitive intelligence become economic espionage.  As we have said, the later is illegal and gathering competitive intelligence can become a federal offense that sends you to prison with fines.

Gathering competitive intelligence, if done by legal means like the internet, is OK if the information you are gathering is public.  Competitive intelligence doesn’t have to be information that is secret, there is a lot of information that is available to the public that no one is paying attention to.

So what is the difference that turns competitive intelligence into economic espionage?  There are two types of competitive information, material and non material.  Non material information doesn’t really fall into the realm of competitive intelligence. You can’t use non material competitive intelligence to enhance your business, or effect the business you are gathering competitive intelligence on.

Once you have determined that the competitive intelligence you are gathering is material, the part that makes it legal is whether the information is public or non public. You can determine this by checking the source of your competitive intelligence and then trying to verify the information from another source. If you can’t verify the information publicly, your competitive intelligence may fall under the jurisdiction of economic espionage.

We caution security consultants to warn their clients of the risks on both sides of this coin. If you are the company that is gathering the competitive intelligence, a wrong step can ruin the reputation of your company.  From the security side, a security advisor can build a plan for your company to protect the risks of competitive intelligence gathering and help you avoid the fallout that can occur from leaks in your castle walls.  While we hope that the world doesn’t become a place that needs intelligence protection for corporations, we feel its best to build protections up front to avoid the temptation.

Friday, July 23rd, 2010

Reducing the Risks of Economic Espionage

by Kelly Klatt

In 1996 the United States government made it a federal crime to gather trade secrets for economic benefits.  While economic espionage makes a great subject for movies, economic espionage is a real threat to businesses with secrets to keep. As we are sure you have heard, the recent events around Apple’s iPhone 4 are a perfect example of how economic espionage can hurt a business, especially one that everyone is watching.

Here is how the economic espionage unfolded: The world is watching waiting for any hint of a new iPhone and a prominent blog is trying to get the information.  Said blogger obtains information for pay, and releases it on their blog.  Once the information is leaked, it creates a snowball effect causing Apple to release a phone to market that isn’t properly tested and has antenna issues. This causes Apple millions of dollars in damage not only with advertising dollars, public relations and the cost of giving early adopters “bumpers” for their phone trying to save face. While this is economic espionage at its most extreme, most companies don’t even know that economic espionage is happening to them.

So how do you protect your company from economic espionage?  Security Consultants work with a company to identify risks for economic espionage, and you would be surprised how often security consultants find security risks in the most obvious places.

Thinking of economic espionage, most likely your idea is something influenced by Hollywood.  A hacker is hired to break in and steal sensitive data, but we find that most economic espionage leaks are people leaving an office door unlocked, or a key employee having one too many drinks at a bar and spilling sensitive data to a seemingly harmless patron.  “Desk top surveillance” is the classic and simplest cause of sensitive information loss.  This is where an unthinking holder of sensitive information, leaves documents on his desk at the end of the day and night time employees or cleaning crews have free access to this information.  The “Clear Desk” policy is the simplest defense against this oversight.   No one goes home before everything on their desk is securely locked away.

Today’s world is safer than ever, but we need to remain vigilant if we are going to protect sensitive economic data from the world’s top economic espionage experts. Just because something is against the law, unfortunately doesn’t mean people wont do it.

Wednesday, July 21st, 2010

Social Media and Corporate Security

by Kelly Klatt

We came across this article over at the conversation agent about how crisis communication works in a world where social media exists.  They do a great job of exposing the risks of social media in a crisis communication environment. We think they did a great job of applying their knowledge of social media to the field of crisis communication, but what about other areas of corporate security?

Executive Security and Social Media

In a world where executives are posting their movements to sites like Twitter and Facebook, its becomes a security risk when they are in environments where close protection is required.  One of the things we recommend security consultants do, is question people about their social media activity, and council them on using it safely.

Competitive Intelligence and Social Media

Economic espionage is a reality today more than ever, and social media can be an easy place for employees to leak sensitive economic data.  While it sounds unlikely, for the person that is looking, it will become obvious when a key employee leaks financial information.  Having a social media policy in place can help, and we recommend that security consultants build a comprehensive social media plan that will protect the company and its employees

Its not about control, it’s about knowledge

Social media is a real part of the world today, and we feel it is better to educate employees rather than try to control their involvement in these activities.  A security consultant who educates, limits the risks to corporate security in the workplace and outside of the workplace, building a safer environment all around.

Saturday, July 17th, 2010

Reducing the Risk of Workplace Violence

by Kelly Klatt

Many people think of workplace violence as something extreme like a disgrunteled employee coming to work with a firearm and shooting fellow employees or former managers. Workplace violence is not always as extreme as this and can come in many forms. For example, workplace violence is really any time one employee feels threatened by the actions or presence of another employee. That is it. What’s even more important about workplace violence is the effect it has on productivity of employees. Employees who are scared or intimidated by workplace violence are less productive and make poor decisions.

We find the best thing you can do to lower the risks of workplace violence is educate your employees on what workplace violence actually means. This will mitigate 99% of your risk of workplace violence and give your employees a forum to discuss what a safe workplace means to them. This “workplace violence forum” can be done as often as you need to, but we recommend no less than once a year for smaller workplaces.

As a security consulting firm, there are a few things we can do to manage the incidence of workplace violence. We work with management staff to advise them on the most common times workplace violence is likely to occur and then come on board to help manage risk during those times. Layoffs are an unfortunate part of the business cycle, and do provide quite a bit of risk when it comes to workplace violence. Security advisors can facilitate these events to minimize the risk of workplace violence, making sure that your management staff executes the layoff decision in a manner that maximizes the safety of those that are fortunate enough to stay.

Thursday, July 8th, 2010

Balancing the risks of Commercial Security Systems

by Kelly Klatt

Commercial Security Systems come in many different flavors. What we have found in our work is that the company that sells commercial security systems may be more interested product functionality than developing a security system that balances risk detection with peace of mind. Our philosophy is always to provide a secure environment without alarming the people in that environment. Because a security system is such an integral part of a functional security plan, our security advisors want to make sure that our clients commercial security systems fit within this philosophy.

Many great examples of executing commercial security systems that don’t intrude on the environment can be found in the city of Las Vegas. Someone is always watching in Las Vegas Casinos, because there is so much at stake there. With so much money involved, and the increased focus of terrorism on tourist destinations quality security is more important than ever. Yet you have to look very hard to find the obvious presence of commercial security systems. This is very important to their industry which is built around fun and relaxation. When some people are exposed to increased security measures, it has almost the opposite effect.

If you are in the market for a Commercial Security System or looking to overhaul your current one, we recommend meeting with a security consultant to talk about the balance between protecting your environment and enjoying your environment. Build yourself a quality security plan, but don’t do it at the expense of peace of mind.

Wednesday, July 7th, 2010

Outsourcing Security Consulting

by Kelly Klatt

Good outsourced security consulting provides a complete management guide for contracting security support services, particularly those associated with protective organizations.  It helps security and facility managers through the quagmire of conceptual planning, proposal evaluation and contract negotiation, and helps them to realize cost savings, improve productivity, and elevate the quality level of the contracted service.

Organizations can have a wide range of security needs, from managing the risk associated with layoffs to executive protection. Having full time security staff to meet the needs that don’t fit into the daily operations of the company is not as cost effective as finding a company that can provide on demand security consulting to get you through those times. Many times smaller companies will put themselves and their employees at risk because they are not aware that you can hire outsourced security direction with products like Strata.  At the very least, we recommend meeting with a security consultant once a year to discuss the needs of your organization.  A few other resources are the Association of Security Consultants, International Association of Professional Security Consultants and blogs like this one that keep you up to date on the security consulting industry.

As we always say, security is important.  You don’t have to have your own in-house security staff to make sure your company and employees are secure. You can build a solid security plan by outsourcing your security concerns and relying on the advice of a professional security consultant.

Tuesday, June 15th, 2010

Balancing Close Protection with a Calm Environment

by Kelly Klatt

As a public or highly visible private figure, there are many instances where it is necessary to have close protection and the extra peace of mind it brings, when moving in areas where there is uncertainty as to the safety of you or an important principle in your care.  With the nature of the world today, along with the added exposure of new forms of media, its more important than ever to have a good close protection plan.

One of the things we find with public or highly visible private figures is, having the wrong implementation of a close protection movement can present a negative image to their fans or constituents.  At C4SS we feel that close protection should be non intrusive, yet effective.  When we implement movement of an important figure we seek to minimize the impact that close protection has on their image.  There must be a balance that is struck between alerting potential threats of the presence of executive protection, and minimizing the psychological effects of the presence of close protection on the people in attendance at an event.  Some of the ways we do this are:


Our Security Consultants are trained to understand the threats of any personal security situation.  While our main focus is on close protection and safety, we also feel that having a psychological understanding of our environment and the effects that close protection security can have on it is essential to minimizing the risk, and we work that into our training.


A lot of people are unaware that one of the biggest steps to executing a successful close protection movement is planning.  To provide effective close protection, a security consultant will spend time up front planning routes and balancing the risk of the close protection movement.  From this the security consultant can effectively gauge the risks of movement and devise an effective security plan.


During movement, as we have said before, there is extra special care to not intrude on the environment in a way that provides any more awareness than is necessary.  What we mean is, with close protection, you want to alert the bad guys that you are there, but not in a way that it frightens the other people who are in attendance.  Naturally, close protection is not just for events.  Some public individuals need close protection up to 24 hours a day, and our security advisors have skill in all types of close protection services.

To summarize, we feel that close protection is a necessary service.  We also feel that close protection does not need to be intrusive and that with proper security consulting the effect of security on the principle, their friends and family and environment they operate in can be minimized.