What Department of Homeland Security taught me (part 2): Coworker and customer safety

suspicious.

Last post I talked about my all-day meeting with Department of Homeland Security and in particular businesses and organizational continuity.  When we hear DHS of course our first thoughts are of terrorism and 9/11.  That’s natural and DHS was an outgrowth of that.  However, mass shootings and other crises existed long before 9/11.  An example discussed was the McDonalds massacre.  These things often don’t just “happen”, clear warning signs exist before and during the crisis and I learned quite a bit on how to prevent and contain these problems.

While I don’t want to get “political” here, we discussed the amazing amount of attacks our country faces on a daily basis and how many are thwarted.  This website has daily reports of everything DHS is tracking and they are tracking anything unusual or out of the ordinary in order to look for patterns and any threats to citizens.  I suggest at least reading a few reports just to find out exactly what is being tracked in your sector.  Events happen every day:  fires, thefts, fraud, and shootings.  That’s usual, but DHS takes an overview and looks for events falling out of the typical pattern.

Within our own businesses and organizations we need to do the same.  This link has a series of great videos talking about it, but ultimately we instinctively know what is typical and what isn’t in our organizations.  We’ll dismiss these anomalies as just “oh well” or paranoia.  Something isn’t right, but since we can’t clearly articulate it, we ignore it.  You’ll say to yourself “well, if I see it again I’ll do something.”

Don’t!

The DHS rep told us numerous stories about a variety of national tragedies averted or mitigated because someone noticed an unusual behavior and that made all the difference.  The video states, and the rep emphasized, to look for unusual or suspect behavior not unusual or suspect people.  We’re often afraid of reporting an out of place behavior for fear of “profiling”.  If you focus on the color of their skin, the clothing on their back, or their pattern of speech then you might be discriminating.  However if the persons skin is dripping with sweat in spite of the cool weather, the color of the skin may be a factor.  Sweating in cold weather is unusual and they may in fact be nervous about what they are going to do.  That clothing on their back isn’t a factor unless it’s moderate temperature yet the person looks like they are going into the Arctic.  You get the idea.  Behaviors, not characteristics.

Ironically, some of the key factors of identifying unusual behavior are components of great customer service—engage the person.  Avoid allowing someone to slip into your office without being greeted.  Those wishing to harm us usually try to avoid contact.  The answer to “How can I help you” is a great way to do a threat assessment.  If they answer atypically then you have suspect behavior.  If you ask that to everyone who comes into your business then then you’ll have an established norm and out of the norm behavior will become abundantly clear.  Similarly, when people are in restricted area asking the same question gives you a baseline.  Someone’s probably lost (how many times have I searched a building for a bathroom!) and you can help them.  Customers will perceive these questions as you being helpful, which is always good for business!

During our meeting, we spent quite a bit of time talking about unusual phone calls.  It’s truly amazing what information people will give over the phone and the sophistication of scammers.  I told the participants about my incident with Citibank (link) and it was a great starting point.  I have a general rule about the phone:  I don’t give out information to a caller that they should already have.  If you are my credit card company, you already have my account number.  If you are my bank, you already have my PIN.  My ISP already knows my mother’s maiden name.    When I doubt the veracity of the caller, I tell them I’ll call the main number and ask for them.  I won’t call the number they give me, but the number on the bill.  Countless scams start with someone giving a caller a critical piece of information a legitimate person already has.  The caller that claims they work for your office supplier already knows your copier type and doesn’t need to be told in order to reorder toner (full details of this scam here ) I liked the story of the weary traveller giving their credit card info (http://www.snopes.com/fraud/phishing/hotel.asp).  I’m very particular about giving out any info, but most people aren’t and that’s why this scam works.  Repeat after me:  “I WILL NOT GIVE OUT ANY INFO TO SOMEONE WHO SHOULD ALREADY HAVE IT”

A corollary to that is the caller who asks too many questions.  The video I mentioned earlier here gives an example of someone calling an info desk at a mall and asking unusual questions.  Apparently the Phelps clan often will make a series of phone calls in order to determine information to properly prepare for a picket.  A good rule of thumb is to give out information over the phone that is publicly accessible.  Your hours, your location, your products, that’s publicly accessible.  When a caller asks your busiest time, the lighting in your parking lot or when staff usually leave at night., these facts aren’t publicly available and should give your pause for concern.  Each may have a very legitimate reason.  If you don’t like crowds, knowing busy hours is important.  If safety is a concern, knowing the lighting in the parking lot may impact when you shop.  When asked questions that require information not available to the public, don’t give it out.  The DHS rep gave a brilliant idea that not only protects your organization, but is great customer service.  Nefarious individuals don’t start with the tough questions like “Do your security guards carry guns”, but with softball normal questions asked every day.  Once they get into suspect questions, say  “I can find out that answer.  Can you give me a phone number or email I can get back to you with that answer.”  People who truly want the info will be glad to give you contact information, while those wishing to harm you are unlikely to readily give out the contact info.  They’ll press you for more info and then it’s time to spring into action.

You do have a plan for when you get a suspect call, right?  Most organizations don’t and those that do don’t always train their employees.  You might have a plan for a bomb threat, but do you have a plan when someone asks these unusual questions.  Here’s another tip I learned:  when you suspect something, call the authorities.  Let them assess the threat.  The phrase “It’s probably nothing” or “I hate to call you but,” is often the difference between a threat contained and a threat realized.  I liked this takeway:  99 times out of a 100 it’s nothing, but that 1 time it’s something may save 199 lives.  Those odds make it worth the call.

We also discussed the importance of sharing information with organizations.  Sure, you got that weird call asking about when the last person leaves the building and you called the police about it.  Did you think about who else to call.  Let’s say, for example, a weird call came into a local synagogue asking how many people go to pray on Friday nights and the person refused to leave their contact info.  What if he called every synagogue in the area?  Now we have a problem and the police may not have the knowledge to realize it immediately.  Three area Jewish organizations all calling within an hour — the police may not immediately see a threat.  However if that third synagogue says “Synagogue 1 and 2 in town just called us and said someone asked a bunch of unusual questions and refused to leave a contact number and we just got a call”, the threat is more imminent and when the person calls synagogue four you’ll be prepared.

Does your organization know who else might be targeted similar to you?  If you had a jewelry store, would you call other jewelry stores?  It’s good to identify those organizations.  Some will say that’s law enforcement’s job to identify those threats.  In an ideal world that’s true, but in practical application, the individuals in the meeting I was invited to indicated that they are unlikely to ever have the resources to identify such threats as quickly as someone in a particular industry or niche group.  What if all the subsidiaries of a company all get a call within a few minutes?  Law enforcement may not realize that Company A and B are both divisions of Z Inc, but employees of A and B know that and know that Z has recently been targeted for it’s recent political contributions.

You may think you shouldn’t get involved and it’s not my responsibility, but it is.  You might clean up every water spill so nobody trips and offer great health care benefits, but without clear policies regarding suspect behavior (remember not suspect individuals) you are leaving a huge hole.  Think of it this way.  The agent reminded us that while an organization usually can’t be held responsible for the behaviors of a criminal, if it’s later found out that multiple people saw the suspect behavior and did nothing, well I suggest you get a good lawyer.  It’s a heck of a lot cheaper to put some simple policies and training into place than defending multiple wrongful death suits.

If you think I’m done talking about this 6 hours of training, think again because I’ve got lots more to share.  Next time I’ll blog about protecting employees and customers not from suspect behaviors and actions of individuals, but threats from their physical environment and how to contain them.

Tags: , , , , ,

Leave a Comment

Copyright © DoctorDave Computer Repair in Lawrence Kansas |   intrepidity Theme by Top Blog Formula on WordPress |   Log In