Open Offices and Holidays: A Parade of Risks

‘Tis the season for many businesses to stay open through the holidays and for some to take part in the tradition of partying or watching a parade warmly from behind office windows. That’s why businesses located near public events should inform employees of how their offices will be impacted during the holiday season.

Parades pose various operational risks to property owners and businesses, both inside and outside their buildings. On Nov. 23 alone, at least five large parades will inch their way through the streets of major cities like Chicago and Detroit. Macy’s anticipates 3.5 million spectators to pack New York City’s streets for its annual Thanksgiving Day Parade. That means 2.5 miles of barriers and street closings in the “frozen zone” between 77th and 34th streets, and businesses in the country’s most congested city should prepare for some disruption.

Theresa Morzello, the managing director for asset services for CBRE in New York City, has advised many companies who stay open or host events coinciding with parades and holidays. She said the first steps in mitigating disruption involve communicating with the event organizers and disseminating that information to tenants.

“This way they’ll know, for example, if one of their building’s entrances will close because of a parade,” Morzello said. “We also make sure that employees and their guests know the protocol for providing documentation for entering and exiting. That is usually handled in advance and lists are provided to security. And there are protocols for what to do when someone doesn’t have it. These are all things we do on a daily basis, but amped up a few levels because of the holidays.”

Morzello also said that property managers often try to utilize vacant office space because there is less potential for damage or disruption there. Wherever the gathering takes place within CBRE’s properties, she advises tenants to consider the following:

Hire elevator operators to help keep guests on their assigned floors.

  • Obtain a temporary alcohol license, if necessary.
  • Confirm that outside caterers are insured.
  • Address if the windows are operable and ensure they are kept closed.

But parades and crowded events are not relegated to big cities, as many major retailers take part in the festivities. Acadia Realty Trust manages hundreds of retail and office properties in the U.S. and Kellie Shapiro, vice president of risk management said clearing a physical path is the first step to mitigate safety risks during a high-traffic season.

“We issue a moratorium on any work during the holiday season. We email tenants reminding them to get everything done before Thanksgiving,” she said. “From then until New Year’s is not the time to have scaffolding and things like that.” She added that capital improvements are suspended across most of Acadia’s portfolio to avoid interfering with tenants’ operations during their busiest season.

Businesses can easily lose track of who’s coming and going during the busy holiday season, Shapiro noted. Acadia’s focus is on knowing its vendors, and she reminds tenants to be diligent about vetting third-party contractors for the sake of safety and reputation.

“You can protect your company by being diligent about who you bring in to your site. You should know who your contractors are – you don’t want to let some criminal just walk right in because you handed over the keys to your building,” Shapiro said. “You would hope tenants, if they saw something suspicious, would pick up the phone. We’d all like to secure something 100% but you have to know your limitations.”

Public safety in the U.S. has been headline news, considering the recent high-profile violence involving weapons and automobiles in just the last two months in Las Vegas, California, Texas and Manhattan. In a recent interview with Risk Management Monitor, Rezwan Ali, risk solutions group head of security at Falck Global Assistance, discussed how businesses and employees should review their emergency plans during high-volume times. He maintained, however, that the odds of being impacted by a terror attack is very low.

“When participating in larger events, such as the Thanksgiving Day Parade in New York, people tend to focus only on the parade and their phones taking pictures and posting on social media,” said Ali. “However, it is important to stay alert and aware of one’s surroundings. Not just to be prepared for terror, but also to prevent being a victim of crime. It is recommended to download apps either provided by the authorities or by media outlets that generate alerts allowing you to get direct notifications should anything happen in your vicinity.”

Security Technology: Reducing Risk for Law Enforcement

 

Nowhere is the work environment more unpredictable than on the front line. Front line employees, whether they work in customer service or high-level security, are constantly exposed to the biggest element of risk—the human element. Working in the field exposes employees to a variety of unpredictable factors, interacting with the public and operating in different environments, making it difficult to predict risks and properly protect employees from external threats.

This is particularly true in law enforcement and security industries, with “police officer” being named as one of America’s most dangerous jobs. It’s no wonder organizations (both public and private sector) are looking for solutions, especially when considering what is at risk. Obviously, employee safety is of paramount concern to any organization and should always be top priority, but there are other elements to consider. Attacks on employees or property can result in huge legal costs, and without physical evidence, it can be hard to recoup this loss. Businesses must also consider the risk to their public image.

To help fight crime and reduce the risks to their front line workers, many government law enforcement agencies and private security organizations are using technology solutions. These solutions, such as advanced security recordings and tracking devices, can act as deterrents. While providing law enforcement officers with more protection, they also help collect irrefutable evidence to protect the company from a legal perspective.

Personal security cameras

These personal security cameras have been adopted by numerous law enforcement agencies around the world, including the City of Clare Police Department in Michigan. The body-worn cameras are attached to the police officer’s uniform—recording footage and displaying a live feed on their front-facing screen. This works in two ways, by providing reliable video evidence from the officer’s perspective of the crime scene and also acting as a deterrent. This approach of alerting members of the public to the fact that they’re being recorded has been shown to reduce the occurrence of criminal activity.

GPS

While GPS systems have existed for a long time, more and more law enforcement agencies are taking full advantage of their benefits—particularly when it comes to pursuing vehicles. Tested with police departments in Arizona and Florida, GPS ‘darts’ are currently in development to reduce the risk to police officers and the general public posed by high speed traffic pursuits. The darts are fired using compressed air and discreetly attach to the vehicle being chased. This means the officer in pursuit can track the vehicle remotely, without the need to initiate a chase at dangerous speeds.

Drones

Perhaps the most controversial of these technologies, drone surveillance has been a hot topic in recent news. While opposition to their use is primarily in relation to privacy or military usage, for law enforcement they provide an affordable and convenient alternative to police helicopters. These small portable flying police drones are equipped with HD surveillance cameras, providing a birds-eye view of crime scenes or events. This live video feed can be monitored and recorded remotely, allowing officers to survey any danger in the area before making a physical appearance. Like body worn cameras, the video footage can also serve as valuable evidence in court. The future of drone technologies being adopted by police departments remains up in the air, however, as some public opposition looks to restrict their usage.

Gunshot detection

Possibly the most innovative of these technologies, gunfire locators or gunshot detection systems have proven to be extremely valuable in protecting front line workers and increasing response time in high gun crime areas. Already used in many cities throughout the United States, these systems use numerous super sensitive microphones (dispersed through a geographic area and connected to a central processor) to immediately alert police to the exact location, and even direction, of gunshots fired in the area.

While some of these technologies have yet to reach their potential, their benefits suggest it won’t be long before they’re fully integrated into police and security industries—and seeing widespread use around the world. While tracking devices and security cameras are nothing new, their improvement and innovative applications in recent years have made them invaluable. From collecting evidence to improving safety for front line workers, these high-tech security solutions effectively reduce risks faced by organizations operating in the sector.

 

Looking Beyond Compliance When Assessing Security

For a long time now, security evangelists have railed against the dangers of relying only on checkbox compliance. They warn that if you focus too much on the list of requirements, you’re bound to miss risks that may not actually be covered in rules and regulations. That’s why organizations need to start evaluating effectiveness alongside these audits, in order to get a more holistic view into the systems they are assessing.

“Organizations are so focused on meeting the letter of the regulations and mandates that they lose sight of the risks that the individual controls in the mandates are intended to mitigate,” explained security consultant Brian Musthaler in a recent blog post.

It’s a theme revisited in a ComputerWorld article, which cited a survey showing that just 17% of organizations have what they consider a mature risk management program—i.e., one that goes beyond ticking off items on an audit list. The maturation to risk-based security, the article emphasizes, is “about a not so insignificant shift in objectives—from compliance to making systems more resilient to attack.”

The principle holds true not just when evaluating and shoring up in-house infrastructure. It also applies to how enterprises evaluate partners. As security organizations seek to find a sane way to measure the IT security stance of partners and vendors, the most common first step is to do it by following a requirements checklist or questionnaire, or by asking for an auditor’s attestation of compliance with some kind of standard. Assessment guidance from standards like the Statement on Standards for Attestation Engagements (SSAE) No. 16, ISO 27001, and FedRAMP all come to mind here.

Serving as a compendium of best practices, measuring against these standards can give good indicators of where to focus resources and are a good place to start your evaluation. The challenge is that while necessary, using these methods alone for assessing security risks is not sufficient. A company may be compliant with all the appropriate regulations and have excellent security policies but may be completely ineffective in the day-to-day implementation of these policies—rarely does a questionnaire ask how many compromised servers a provider is currently running on its network. Also, no matter how complete a checklist or audit is, its results are only a point in time reflection and can’t measure the dynamic nature of the risks it is meant to assess for the duration of the business partnership. Even if a penetration test or vulnerability scan is included as part of a vendor assessment, it cannot reveal issues that may appear the following week.

Complimenting an audit with a continuous evaluation of security effectiveness allows organizations to augment their view into the security risks of the extended enterprise. In addition to gaining visibility into the weaknesses of a network, a data-driven, evidence-based assessment can allow organizations to proactively mitigate new risks as they emerge and identify issues that a regulatory audit was not designed to catch. By taking these steps, organizations can move towards a mature, risk-based security model and away from the more simple checkbox mentality.