The ISIS War on Soft Targets: Is Your Business Vulnerable to a Terrorist Attack? Top 5 Ways To Prevent Threats on Your Business

The ISIS War on Soft Targets: Is Your Business Vulnerable to a Terrorist Attack? Top 5 Ways To Prevent Threats on Your Business

Paris

Another terrorist attack on soft targets in France isn’t just scary, but utterly terrifying for a nation still recovering from the Charlie Hebdo, a news publication, attack less than a year ago. This is the most deadly terrorist attack, 132 killed, in Europe since the train bombings in Spain, in 2004, which killed 191 people.

These attacks beg the question what can people, and small and medium sized businesses, do to protect themselves? As someone who has worked with private sector businesses and nonprofit organizations for ten years, this is a question I continually ask myself.  The “war on terror” by western leaders, has become a “war on western citizens” by violent extremists.

The beginning of the holiday season, Friday’s terrorist attack in Paris, caused the President of France, Francois Hollande, to close its borders for the first time in modern history,  stating “ISIS has declared war.” ISIS has claimed responsibility for the three targeted attacks on a sports stadium, the Bataclan concert hall, and la petit cambodge, a Cambodian restaurant. In January 2015, when Charlie Hebdo was attacked in Paris, a small kosher grocery store was also under siege where four people were killed.

Last year as people were getting ready for the holidays, terrorists held a gun to an employee’s head at the Lindt Café in northwest Sydney, Australia. A man screamed he “represented an Islamic state” and that this was a terrorist attack. A 16 hour hostage crisis ensued. In February 2015, Al Shabaab called for an attack on the Mall of America, the United States largest shopping mall, located in Bloomington, Minnesota.

Its clear that places which were once the “Disneyland’s of the world” are no longer as safe as they once were.  The question remains, how can businesses and individuals protect themselves from these attacks? Reportedly, France authorities thwarted five previous attempts prior to Friday’s attack. The truth is, unless counterterrorism authorities stop an intended attack, as an individual or a business, there is no way to 100% prevent a physical assault.

As a small and medium sized business, here are five ways to be proactive against any physical threat that could occur, including an act of terrorism:

1.     Have a security prevention plan: As a business, especially if you operate a concert hall, sports stadium, movie theaters, or any other ticketed venue, one of the best actions you can take is to conduct a threat assessment and have an updated security plan. This can include magnetometers, no admittance of bags or bag checks. Procedures that directly let people know they cannot just take any weapon, including an AK 47, inside of your building without being stopped, which was the case at the Bataclan concert hall. The right security consultant can help you get a plan in place within a few days after a threat assessment.

2.     Focus on Incident Response:  For places, like shopping malls, restaurants, movie theaters and grocery stores where anyone is welcome into your establishment without passing through any security measures, an incident response plan is critical. This includes an Emergency Response Plan and a Business Continuity Plan. Having proper technology like digital camera systems and access control measures can be helpful in prevention of, and in response to, violent incidents. For any brick and mortar business this is especially important during the holiday season. Again, a physical security consultant can help you get this established quickly.

3.     Involve your employees: In developing plans for your business, this includes training the employees on how to both prevent and respond to potential incidents. Your employees are your first line of defense. They can let you know if something seems out of place or if they have a bad feeling about something or someone. Train them well and listen to them. You will be surprised how much information they absorb on a daily basis that you are not aware of in your own business. Not sure on the best way to train them? After an initial consultation, so an expert can get a good idea of the risks to your specific business, ask a security consultant to sit in on your next staff meeting to cover the five most important things for them to know to help keep your business safe and secure.

4.     Involve your guests: Living in New York City, the New York City Police Department and the Metro Transit Authority are constantly engaging New Yorkers with their campaign “If you see something, say something.” Have the same approach in your location. Encourage customers to share information that is important for you to know to enable a safe and secure experience for them. This can include sharing experiences of an interaction with another customer or an employee. Again, you will be surprised what information you receive, not only about other guests, but about your own employees. You can easily establish this with a generic email address or phone number for people to contact. Of course, the best way is through great customer service and asking people while they are in your store about their experience.

5.     Develop great relationships with law enforcement: Be involved in public/private partnerships committees and organizations. This can be with your local police department, or state and federal law enforcement. Being a member of public/private partnership committees, you can get updates on local intelligence, develop relationships with various law enforcement officials, and engage in information sharing with other businesses. The law enforcement community needs you as much as you need them in these situations. Contact your local police department and ask about their private sector initiatives.

In the end, if someone plans a suicide attack or intends to cause bodily harm, you may not be able to stop it. However, preventative measures can make it more difficult for a threat to occur, or can limit the amount of people hurt.

IMG_7470

Jessica Robinson, is a writer and Founder & CEO of PurePoint International. She has worked with a top 40 company and with the 2015 US Open. As a security & risk management expert and outsourced CSO (Chief Security Officer), she advices and consults with small and medium sized businesses on threat prevention and response. Learn more at www.the-purepoint.com.

Did you hear about Eataly?

IMG_9613

 

The Consciously Secure Entrepreneur: Did you hear about Eataly?

Eataly recently announced they joined the list of retailers to be victim of a data breach. They believe the malware was compromised at the NYC Retail Market Place location on 5th Avenue. The payment card transaction data of customers occurred from January 16, 2015 and April 2, 2015. Technology is changing quickly when it comes to data protection. Europay, MasterCard Visa (EMV), is the new technology for businesses to use at their Point of Sale to prevent data breaches.

So why is this important for businesses?

This is the new evolution of building out a more secure and innovative payment systems. A chip is embedded into newly reissued credit cards to make payments more secure is technology that was widely being used globally and is now in the US. Here are the three things you need to know:

1. Consumers love new technology: Especially if it means keeping their information more secure or it leads to a more efficient process. In the world of weekly data breaches, consumers want to know businesses are staying ahead of the curve and are current on technology and security trends.

2. Prevention Matters: EMV as a form of prevention results in less fraud. This technology upgrade will stop large amounts of data breaches, and if someone steals large amounts of data it will not be possible to replicate it onto a card to be used at another location.

3. Reduce Your Liability: As of October 1, 2015 businesses will be liable for all data breaches if the business has not converted to the new EMV technology. This means if a business experiences a data breach after October 1st, AND has not transitioned their payment system to include chip recognition technology, credit card companies (Europay, MasterCard, Visa, and American Express) will not incur or insure that loss. That loss will be the responsibility of the business owner for not using the highest level of technology available to have prevented the data breach.

Even with the new chips, all credit and debit cards still have a mag stripe.  There is no legal requirement for companies to convert by the October 1st deadline, so this will not happen overnight.  Businesses may need new card processors if one has not been replaced in the last few years. The best way to know is to contact your provider.

Moving to this new platform helps banks take advantage of this new technology and focus on:

1. Customer Experience: It’s a great way into increase trust with consumers.
2. Brand Message: It’s clear companies are taking strides to reduce security risks.
3. Simplicity: The banks are doing the work of replacing all the cards for their hundreds of millions of users. Business owners, simply need to upgrade their technology.

Don’t be the business that is forced to tell a customer the reason they can’t purchase food, get that birthday gift for their daughter, or pay a bill on time is because your company didn’t have this new technology. The lack of proper security prevention measures always becomes personal for somebody.

Stay tuned for part two where we discuss which industry is most vulnerable!

Risk Mitigation: Why Soccer Is a Lot Like Security

image1

Risk Mitigation: Why Soccer Is a Lot Like Security

I grew up watching the U.S. Women’s National Soccer team. Part of the reason is because I played soccer ever since I was four years old. The other reason is because it was truly my first love. I went on to on play division one soccer and now I own a security company that provides affordable outsourced Chief Security Officer services to start ups, small and medium sized businesses and nonprofits. I find as to continue grow my company, watching the women’s national team play means more to me today that perhaps fifteen years ago. Here’s why:

1. Leadership: Leadership important in any sport, but it’s incredibly important in a team sports. The leader is not only the coach, but also the caption and other people on the team that influences the behavior of others in a way that positively benefits the team.

As a leader, and owner of a company, in an industry where tough decisions often need to be made quickly, having the best people around me to provide the right information is critical. And when providing information to others I am aware of how the information I provide to clients affects decisions they make about their company and their budgets. Like in soccer, every CEO needs the right leader to help influence the right behaviors on their team. In this case, having the right safety & security partner to help them influence the correct behaviors of the people around them, through education, can help to positively influence company culture.

2. Teamwork: Soccer creates a sense of belonging, which is a basic human need. Soccer is a team sport, so naturally people are working together for a common goal. It’s also the coach that helps the team to understand what it means to lean on each other and put the team ahead of himself or herself.

I will never forget in high school playing in a playoff game against our rivals. That year, my senior year, I was MVP and in this game we went into overtime, and then into penalty kicks. This happens when the game continues to remain tied and penalty kicks are the last resort tie-breaker.
Each team can choose five people to take penalty kicks at this point in the match.

I was one of the five chosen for my team and I was up first. I made a penalty kick earlier in the game, and I was confident I would make it again. I went to the ball, looked at the goal, the goalie and then the ball. I took a few steps back and got in position to kick the ball. As I started take my steps towards the ball, I lifted my right leg, hit the ball and followed through with my leg in the direction I wanted the ball to go. I soon heard the other team screaming. I missed the shot! I couldn’t believe it. Heartbroken, feeling like I let the team down, I walked over to sidelines in tears.

The game went on and each player for my team, and the other team, went on to take their shots. It was agonizing to watch 9 people take shots as the match continued. Every single one of my teammates made their goals, and as a result, we won the game! It was an incredible reminder of the importance of team work and putting the team ahead of oneself. I may have been MVP of the season, but all of my teammates (including our goalie) that made their goals were MVPs to me. They had my back and I had their back, and it felt good!

Soccer creates a sense of belonging thereby making sure your basic human needs of connection are met. Soccer, like security, takes teamwork, and provides for a company’s basic needs – data protection, physical security and threat mitigation.

3. Threat Mitigation: Some soccer teams have someone that will go “Carli Lloyd” all over you! This is in reference to her incredible hat trick (3 goals in the championship match against Japan – all in the first sixteen minutes of the game). Lloyd and the team went out quickly on the offensive attack as part of their threat mitigation plan against Japan. Japan plays very offensively, and the U.S. team knew they had to play that way if they were going to have a chance against Japan.

In security, part of threat mitigation, is having a plan in case something unexpected happens and it’s about being preventative. The USA’s plan of scoring in the first three minutes, and subsequently to keep scoring, was part of the preventative, and offensive, plan to outplay Japan whom they lost to four years ago in the World Cup Final due to penalty kicks. Well, their plan worked!
Similarly, every leader has to have a preventative or risk mitigation plan for the unknown natural or man-made disasters that could strike at any time.

Leadership, teamwork and the threat mitigation plan employed by the U.S. Women’s National Team coach is how the sport of soccer can be similar to security. No matter how large or small your company is ask yourself: do I have the right safety and security person on my payroll? Do I have the tools to create the security culture I want so my team has my back? Do I have the right threat mitigation plans in place in case something unexpected occurs? And, will my clients still trust me if something unexpected does happen?

Jessica Robinson is Founder & CEO of PurePoint International, a firm disrupting the security market by providing affordable outsourced Chief Security Officer (CSO) consulting services for startups, international non-profits, and mid-size commercial businesses. She completes training and assessments for businesses in physical and cyber security and risk mitigation/business continuity. We help you create a safe and empowered workplace.
Click Here to Subscribe

Are You Doing the Simple Things: The Top 5 Habits to Protect Your Information

iStock_000013337219Large

 

Are You Doing the Simple Things: The Top 5 Habits to Protect Your Information

I often tell people we are in the new normal. The way we think about information and privacy is not the same as we thought about it even ten years ago. If we are using email, various websites or consistently saving files, getting into the routine of changing our passwords, updating our antivirus and becoming familiar with using cloud software is becoming more of an imperative. Below are the top five things people are not doing to protect their information. Some of it may seem very simple, but I continue to run into people that are not practicing these habits on a consistent basis. My guess is you know someone who isn’t as well.

1. Changing passwords every 4-6 weeks: This may seem rudimentary, but ask yourself when was the last time you updated your email, LinkedIn, Facebook, or banking passwords? Nowadays, there is a passcode for everything and I know it seems almost labor intensive to go through and update every single one. Mainly email accounts and website passwords (if you have a website) should be updated most frequently. Then continue with the websites you use most frequently and rotate that password every three to five months. TIPP: There are different apps that can add additional layer of security. Look at PassKey or Keeper for your phone or tablet. Passkey uses fingerprint technology for login on frequently used sites.

2. Updating the antivirus software when it expires: We get the 30 day reminder, then the 29 day reminder, then the 28 day reminder….It’s worth it to update your antivirus software when it expires. Remember why you paid for it the first time. Think about it as oil for your computer, similar to how oil is needed for a car. It’s a necessary tool to help make sure your computer is running well consistently.

3. For entrepreneurs, or solopreneurs – invest in secure email exchanges:  There are many ways for a small teams to invest in a secure email exchange at a low cost. It’s easy to not invest and to use your personal emails until someone’s email is compromised. If you are growing the size of your team, the one thing you will want to do for all aspects of your business is set the right culture from the beginning. In many cases, this will mean the onboarding process and having the right training. As part of that training, set expectations for data privacy of company and client information, and how emails should be used. Establishing the right culture early on will help tremendously in creating a preventative culture on data security.

4. Using the cloud: I know there are a lot of people still very resistant to the cloud.  If you have an external hard drive that’s great, but odds are you do not have it with you all the time. Then, of course, to have access to the cloud you need internet access. There are pros and cons to having the cloud or not having the cloud, and as I talk to people I find they are still hesitant to use it. However, generally, it is safer than email and can be safer than an external hard drive. You will want to know what layers of security are in place to protect your cloud, but that is something you would want to know for your email and computer as well. Google, Apple, and Microsoft are all reasonable places to start when thinking of using the cloud.

5. Do not respond quickly when email is hacked: You know its happening. Your friends contact you because they received an email from you stating you were in an overseas location, in danger, and needed $5000 immediately. How about when your computer is starting to run slow, are you are still hesitant to act? Don’t be! You could be seriously affecting your computer files, email, cloud, or external hard drive. Respond quickly to warning signs and if you think your email is compromised. Immediately change the password and if you think your computer was compromised with malware, run an anti-virus scan. That’s right, this would be the time you will be happy you renewed your anti-virus plan.

It’s all about prevention! These are the routine habits you can do at home or work to have a safe and empowered workplace and to lead a consciously secure life at home.

Jessica Robinson is Founder & CEO of PurePoint International, a firm disrupting the security market by providing affordable outsourced Chief Security Officer (CSO) consulting services for startups, international non-profits, and mid-size commercial businesses. She completes training and assessments for businesses in physical and cyber security and risk mitigation/business continuity. We help you create a safe and empowered workplace.
Click Here to Subscribe