Wednesday, February 11, 2015
As both a former Director of Security and now an independent security consultant, I have rarely been a proponent of using “dummy” cameras as part of a security strategy.
Real cameras are used for several general purposes: To monitor areas/events in real time to (hopefully) initiate appropriate response as needed; and/or to record areas/events for investigative/documentation purposes; and/or to provide a visible deterrent to inappropriate activities; and/or to provide a heightened sense of security to the area’s legitimate users.
With that being the case for real cameras, here are the operational downsides of using “dummy” cameras: Obviously, there is no real-time monitoring of areas/events possible, so appropriate response to problems is not possible (and it would be cost-prohibitive – and economically foolish – to try to replace cameras with personnel); and obviously, there is no recording of events for investigative/documentation purposes (the chances of personnel being able to provide comparable information are slim). On the plus side, there might be a comparable visible deterrent to inappropriate activity, especially if the cost savings of “dummy” cameras vs. real cameras is used to provide additional “dummies.” But even that deterrent value might be negated if poor-quality “dummy” cameras (an oxymoron?) are used which are easily identified as “dummies” because of no lights or wiring connections. (NOTE: the only time I have ever used “dummy” cameras was to add the impression of even more cameras to an application of real cameras which already covered everything I wanted covered.
But to me, the primary problem with the use of “dummy” cameras is an unnecessary and thus unacceptable increase in liability. The heightened sense of security for legitimate area users is totally negated when it is learned that there is no real protection being afforded. Legitimate users will feel betrayed and tricked when the truth is learned (and it will be – someone will find out somehow). And the worse-case scenario will be when an incident occurs and a victim questions and learns why there was no ready response or at least visual documentation of the event. I have been involved in such cases as an expert witness (this would most probably evolve as a premises security liability lawsuit based on inadequate security) and have been able to opine that the “dummy” cameras created a false sense of security that did not truly exist, and this is actually worse than having no cameras of any kind: at least if there are no cameras present, legitimate users will not have any expectations as to the level of security and may thus be more aware of their own responsibility for personal security; where on the contrary a legitimate user may be less aware of personal security issues since he believes that he is being “helped” by real cameras.
Bottom line for me: “Dummy” cameras have the potential to cause more problems than they solve.
Thursday, November 13, 2014
We currently live in a society that is “an environment conducive to criminality:” virtually all aspects of the most popular forms of entertainment involve violence and anti-social behavior (movies, television, video games, etc.); the news media thrives on violence and anti-social behavior (count the number of such stories versus “good” or “nice” news); society by and large has come to accept violence and anti-social behavior (we abide such behaviors in our neighborhoods and schools, our criminal justice system is virtually an ineffective revolving door, etc.); and we expend resources to protect ourselves usually only after a tragic event has occurred. In other words, we may not like it, but we actually do – or can do – little about it.
We try to find reasons for violent behavior, and try to find ways to “predict” it in hopes of preventing it. But is such a lofty goal even possible? Or does the concept of preventing problems exist only in theory, not reality or practicality? Consider:
“Behavior modification” is a great term and concept – provided that we have some idea as to whose behavior we are attempting to modify. When the threat is external to an organization, how can we begin to know which of the next 732 persons to enter a facility is the one whose behavior needs modifying? How can we begin to know if the “behavior modification” techniques that might work on 731 of those persons will work on the 1 who will actually be the next shooter? If none of those 732 go on a shooting rampage today, does that mean that our “behavior modification” techniques were successful – or that none of them simply chose today as the day to shoot? Etc. etc. etc.
We see examples of our efforts to find a new way to predict the next shooter every time another incident occurs (and by the way, nothing PREDICTS behavior – certain behaviors may be indicated, but none can be PREDICTED). But the reality is that there is virtually nothing we can do because, even when some people see the signs, nothing is done because “if you see something, say something” is not socially acceptable, or is contrary to HIPAA (when the see-er is a mental or medical health professional), or is something that “…I was going to do later…” or whatever. Families, bosses, co-workers, fellow classmates, etc. see things every day that are indicators of potential violent behavior, but do nothing because it is simply not politically correct or they’re busy or they did not realize what they were seeing or a million other excuses.
After every new incident comes another discussion of the same things, and the results are always the same – nothing gets changed, because nothing can really be changed. Because even when problems are indicated before they occur, we still almost never do anything about them until after they have occurred.
Security professionals do not control organizational purse strings or the magic key to the CEO’s psyche, so we cannot implement the things which we know will pretty much stop the bad guys from doing most bad things most of the time. And all of the studies and nice terminology and fancy graphs will never change that fact. (And while agencies such as the U.S. Secret Service do a great job of behavioral analysis, remember that they have an entire division of professionals who do nothing but behavioral analysis and have the resources to investigate and check out their findings and leads and have to “only” protect a handful of key assets.)
So in the end, all we as security professionals can really DO (as opposed to discussing theory and hypothesis) is do the best we can with resources our bosses choose to expend – that is, protect to the best of our abilities, with whatever resources we have been allotted, whatever our bosses have decided are our key assets. Period.
Friday, October 03, 2014
Regardless of the extent of knowledge acquired via formal education or academic pursuit, it is almost always most beneficial to retain a security consultant or expert witness who has practical, hands-on experience in the subject matter at hand.
When a particular situation or case needs someone to interpret or present information that is based solely on scientific or theoretical fact, an expert with only an educational or academic background might be most suitable. But in circumstances requiring expert OPINION – knowledge of specialized information and its application to a specific scenario – an expert with practical experience is most valuable. In such cases, an expert who has been personally involved in the application of the relevant subject matter to a variety of diverse situations will be best able to provide the comprehensive insight that is needed to best assist the organization or attorney because he has had to not only know the subject matter, but has had to apply that knowledge to the situational nuances of the real world (a skill not generally found in experts who only possess academic or theoretical knowledge).
The primary value that a security consultant or expert witness brings to an organizational situation or legal case is his ability to apply general security principles to a specific situation because he has been there and done that.
Monday, May 12, 2014
Regardless of the size and sophistication of a business – from the sole proprietor of the neighborhood bar to the international conglomerate – the concept of providing a reasonably safe premises remains the same: namely, a business must provide reasonable security commensurate with reasonably foreseeable threats and risks; and reasonable foreseeability is generally determined by a conscious analysis of the inherent nature of the business and the history of general criminal acts at and around the business.
While large organizations may meet their obligation to provide a safe environment via sophisticated security programs with designated personnel and formalized policies and procedures, even small businesses must do something proactively to meet their obligation – they must still take into account the kinds of problems that they will likely encounter given their particular situation (i.e., location, nature of business, clientele, prior problems, etc.).
Many small businesses erroneously presume that their small size will somehow either preclude problems or somehow absolve them of their legal obligation to provide a safe environment. But statistics continue to show that small businesses – bars, apartment buildings, retail stores, etc. – are the venues where criminal activities are most likely to occur and consequently the kinds of places most likely to be sued for inadequate security. And the settlements and awards stemming from these lawsuits should give business owners and operators cause for concern.
This information is important for 2 reasons: First, it is prudent for businesses to understand that proactive attention to security matters is better and ultimately less expensive than after-the-fact litigation; and businesses that may find themselves involved in premises security liability cases need to remember that the criteria by which security is assessed will be the same regardless of the size of the business at which an incident has occurred.
Sunday, March 09, 2014
There is both an irony and conundrum related to active shooter scenarios at soft targets: These types of places – and by the way, “soft targets” refers not only to places that customarily have minimal or at least non-aggressive security programs but also to places where the site’s users customarily have some sense of it being a safe place (so even personal security awareness is low) – almost “create” their desirability as targets because they consciously choose (or, “make business decisions”) to maintain a low security posture. And while these “reasons” are sometimes economic, that is not always the full story: there still seems to be some prevalent thought among proprietors of soft targets that the appearance of aggressive security somehow conveys an impression of impending danger. And isn’t that ironic – some people actually believe that more security equates to or implies greater danger. (I may be wrong, but I never thought that banks were inherently dangerous because they have armed guards!?!
No one deserves to be a target for violence. But I tend to feel a bit less sorry for places at which violence occurs when it is learned that those place consciously chose to do little if anything to minimize or mitigate their vulnerability.
Tuesday, January 14, 2014
Can we almost always find ways to do a little more with a little less? Certainly, as we have all experienced. But here’s the downside: The reality is that we really don’t do a “little more” – we may do a “little more” in quantity, but actually do a “little less” in quality. And every “little less” that we do results in decreased service and increased liability (the old and true “you can pay me now or pay me later” adage).
When we talk about “working smarter” or better utilizing technology, we usually mean the replacement of people with machines and systems. Automation is not a significant part of this problem (smaller budgets for security), contrary to what many “new school” practitioners and security product vendors would have you believe. Surely automation can make security somewhat easier, but it doesn’t necessarily make it better, because people will always be part of the equation and people will always be a significant and costly and on-going budget line item. Virtually all of the types of services routinely provided by security personnel – preventive patrol, evicting trespassers, opening doors, providing escorts, conducting investigations, problem intervention, etc. – could not be accomplished without people. Can technology help? Sure. But successful conclusions to security incidents and problems rarely can occur without security personnel.
Other business operations don’t have the same problems as Security: When sales are down, marketing and advertising costs go up; when customer service complaints rise, personnel hiring costs go up; when floors get too dirty and equipment breaks down, housekeeping and maintenance costs rise. But even when security is at stake and problems and/or liability increase, the budget for security gets cut.
The panacea is not all the latest technologies and bells and whistles or even more operational security personnel. What we need is better security executives who can credibly sell security service based on accurate data collection and analysis, and who have the fortitude to strongly support and defend their positions even when such may not be politically- or career-correct (or wise).
Thursday, November 14, 2013
There has been an effort over the past several years to change the titles of persons who perform security functions within an organization: I have seen such persons in various industries called “asset protection specialists,” “loss prevention associates,” “protection officers,” “doormen,” “ushers,” even “ambassadors.” But regardless of a company’s job title nomenclature, these persons all perform, to some degree, the function of security: namely, protecting the assets of that company. And the function is more important than the title.
Perhaps companies believe that the word “security” has somehow taken on a negative connotation, that the presence of “security” somehow implies an admission that problems exist (the PR department’s nightmare). But in reality – especially in our post-9-11 world – the very concept of “security” should be embraced as a comfort. So maybe the root problem is that there is a misperception and misunderstanding of what “security” really is.
I think that most people’s primary exposure to and perception of what “security” is comes from the uniformed guards that they see wherever they go (it’s getting to be the Holiday Season, so perhaps the armed guards at the front door of Toys-R-Us will be back!). And because the guards in uniform look like police officers in uniform – whose primary job (people think) is patrolling and responding to problems – they equate the two types of personnel to that similar job function. But just as there is so much more to law enforcement work than the visible patrol officer, so too is there much more to “security” than observe and respond (which is amazingly ironic, since a good percentage of security personnel are only supposed to observe-and-report as opposed to observe-and-respond). And to compound the confusion, since police officers are usually seen in the aftermath of a crime that has already been committed, that ascription of similar function makes people believe that “security = problems.” But those in our profession know that the opposite is really the truth – that the foundation and raison d’etre of security is finding ways to identify and prevent (or at least mitigate) problems before they occur. The underlying principle of security should be to create a safe, inviting environment for all the persons who visit a company and have dealings with it.
So for those companies that have tried to be politically correct by re-branding the persons who try to keep them safe and to try to convey the impression that problems do not exist, that is certainly your choice. But I for one am comforted whenever I visit a place that proudly announces that it has good and strong “security.”