ÐÇ¿Õ´«Ã½

Even an apparently small theft can damage staff morale and take up time and resources to sort out. And it's not just the small things that businesses have to secure themselves against. Under health and safety rules, companies have to be prepared even for a bomb blast. So it's worth looking at some common crime trends and some more tools in the security toolbox.

Physical security
Physical security covers the tried and trusted,old-fashioned measures. Even with the use of modern technology, they are still essential. From the perimeter of your premises inward they include:

• fences, gates, barriers, bollards
  
• doors, locks, glazing and the materials making up the structure of the building
  
• internal measures such as strongrooms, safes or computer strongboxes.

The primary function of physical security is to make it too difficult for offenders to reach the item(s) you are protecting.

If you have some form of active security such as patrolling guards, a monitored intruder alarm or monitored CCTV, then physical security has the secondary role of buying time for action to be taken to deter or apprehend the criminals.

In my experience, the most repeatedly successful non-domestic burglaries are attacks on gaming machines in pubs and clubs. A particular swift attack once took place on a social club. The premises had a comprehensive, monitored, intruder alarm, a covert CCTV system and a special police alarm. The offender took just 3.4 seconds to smash a window to gain entry, snatch more than £400 from two machines and leave the premises.

Access control
Access control most commonly involves the use of electronic controls using swipe cards, proximity cards and so on. These methods are simply ways of controlling who has the right to open doors to given areas or use particular equipment. A key-operated lock is the simplest example, and control is gained by using the lock and regulating who has the key.

Most access control fails because of incorrect use, the failure to close and lock doors, doors being held open or tailgating (where access by an authorised person allows someone else to follow on behind). The solutions exist technically but with a significant price tag.

Badging
The use of badges to show that people in a particular area, or building, are entitled to be there is really another form of access control. It relies on challenging people — staff, contractors or visitors — who are not wearing the appropriate badges. Its weakness is that often senior management, such as chairmen of boards of directors and hospital consultants, do not seem to feel that they should be involved, while others such as clerical assistants and nursing assistants soon learn not to challenge anyone. Badging will only work if it is universally applied or high-tech badging systems are used.

Criminals take advantage of weaknesses in access control to take a casual walk around a building to decide what items to take in a burglary a few weeks later. However, if correctly implemented, access control is a valuable defensive measure.

Repeat victimisation
Evidence suggests that once a criminal has paid an uninvited visit to your premises a repeat visit is likely. An example of this is where a professional computer thief wishes to complete his shopping list for a client. It may be that the printer he steals on his first visit is not on his list because it is a couple of years old and his client has specified the latest model — the model that you will acquire to replace the stolen item. If the thief gets the timing right he may even be able to relieve you of your new printer before you have had time to unpack it.

Staff theft
Over the years, I have visited many different organisations and have yet to come across a single building that has not suffered from internal theft — and that includes police stations.

The actual items stolen, whether from the company or employees, are in many cases, of so little value that the crime may seem insignificant. But this type of crime can have a significant effect on staff morale and, if allowed to continue, a culture of accepting petty theft can grow and become difficult to rectify. Each incident must be treated seriously and accurate records kept which may become the basis for a formal investigation.

Vehicle crime
By a considerable margin, the crime most frequently reported to the police is theft from motor vehicles. The main targets of this crime are frequently in-car entertainment systems, but criminals will happily take anything that is left conveniently in a vehicle. Laptop computers, mobile phones, leather jackets, handbags, firearms, pharmaceuticals and so on commonly appear on the lists of stolen property.

There are times when all the thief finds in the bag he has lifted is a load of dirty washing. But he will only discover his bad luck after the car window has been smashed and the bag taken. The bag will be discarded nearby and you may well retrieve the property but there is still a window to be replaced and insurance forms to be completed.

You may think that if you do not have a company fleet this crime will not affect your organisation. But what happens if an employee goes to their car to drive to work and finds that it has been broken into? Time will be spent reporting it to the police, possibly waiting for a visit by a scene of crime officer and arranging for repairs. Although few employers will penalise the member of staff for that absence, if the individual has a critical role in the company the consequences may roll out.

It must be a good policy to inform colleagues of how they can reduce the risk of losses to the organisation and to themselves while at work. It would also be worthwhile providing information so that employees can reduce their chance of becoming a victim in their non-working time.

There are a number of leaflets available, free, from the police covering many situations and you may be lucky enough to be able to get a crime prevention officer to come and give presentations on these subjects.

Policies, procedures and audits
A policy should be a comprehensive, but brief, written statement of your organisation's intentions regarding the security aspects of management. It does not need to be complicated. It is the cornerstone of any consideration of security and must establish the importance put on security within your organisation.

Procedures set out the details to be added to the policy. Any document setting out security procedures must nominate who is responsible for the various aspects of security and what is expected of them. For example, it may be the personnel department's responsibility to check on the previous employment history of prospective employees, but it is probably the facilities manager's responsibility to ensure that security procedures are followed. Above all else, it must be clear who is responsible for each aspect of security. If any area is missed, or unclear, criminals will exploit this weakness.

Security audits
These can be split into three main categories:

• internal audits. These are checks by, or for, senior management to ensure that the procedures are being correctly performed. The frequency of these checks will vary from daily to annually in different circumstances.

• external audits. These involve someone from outside the organisation making the same checks, but also includes the senior management's control of the requirements. The frequency of such audits is again variable. While matters such as stock control may be covered by external financial auditors, other matters within security will need another independent view.

• reviews. These will tell you if your procedures no longer fulfil your policy. It is no use achieving 100 per cent compliance in any audit if the procedures have become unsatisfactory. Therefore a regular, at least annual, formal, review of these areas is advised. Such a review will include any contacts for manned guarding, alarm or CCTV monitoring, cleaning and so on, but it may be necessary to include such items as the security of your suppliers and hauliers and other matters not under the direct control of your organisation. Agreements, or protocols, may need to be established to define, within contracts, what in security terms is expected of these outside agencies.

Bomb threat management
This is a subject that is, unfortunately, topical. It is a requirement of the health and safety legislation that every employer considers, and plans for, the threat or event of bomb attack. When considering this topic you will need to seek advice because the potential attackers can come from unexpected directions. Ask the police first and, if you think there is a higher risk to your organisation, talk to their Special Branch officers. The Home Office, through the police, has published a booklet, Bombs: Protecting People and Property, which is a good starting point.

However, one important point is not emphasised in the Home Office booklet. You not only have to consider the risk to your organisation and assess the chance of a random terrorist act, but you must also consider the risk that your neighbours cause to you. If they are a higher risk target, this should change your risk assessment. In this context, neighbour means anyone within 500 metres, a kilometre circle with your organisation at its centre.

Be realistic, seek advice and information, talk to your neighbours and put a considered report to the board.

If you have to evacuate your building because of a bomb threat, a suspicious package found nearby, or a bomb blast, neither you nor your colleagues will be allowed back through a police cordon for several hours at least. You, among all the other demands, will need to consider staff welfare. Can you make reciprocal agreements with another organisation to provide protection from the weather or access to telephones in advance?

The explosion of a terrorist explosive device is the extreme example of why the next topic is included.

Business recovery
Whatever the cause of a catastrophic interruption to your organisation, it will reduce the time that you are unable to service your customers if you have made a business recovery plan. For many reasons, from accidental fire to criminal acts, you may not be able to operate from your normal location or key elements cannot function. In advance, consider what would be required to minimise the down time. This may vary from the simple backing up of data to having offices and equipment on standby. It depends on your organisation and its requirements.

If you are sure that this is not within your management brief, who is responisble? You will need to liaise with them because it will affect your areas of responsibility.

And finally
There are two more potential traps you could encounter while beefing up your security. First, if you are making any significant change to the outside of your building, for example shutters or fencing, you may well need planning permission.

Second, you must not take any measures to enhance security that in any way restrict escape from fire. If in doubt, before you implement any changes, contact your local Fire and Rescue Service and talk to a fire prevention officer. If you restrict a means of escape from fire not only may you be break the fire regulations but, in the worst case, you could be guilty of manslaughter.