April 25, 2017 by Angela Stelmakowich
PHILADELPHIA – The value of staff monitoring and reporting to identify behaviours that may seem linked to the risk of terrorism and workplace violence should not be underestimated, Harry Rhulen, chief executive officer of Firestorm, suggested Tuesday during an educational session at RIMS 2017 Annual Conference & Exhibition.
“The ability to identify those people (possible threats) and the things that they are going to do are in the hands of all of us,” Rhulen said during the session, Terrorism Measures You Can Take: Lessons from Nice, Paris and Mumbai, at the conference Apr. 23-26 in Philadelphia.
“Actually, the eyes and the ears of your employees – if they’re well-trained, if they understand what the issues are – are a far more useful tool that we’ll get more data and intelligence from than you might from almost anything else,” he said.
“A lot of people say they are not worried about terrorism because they just don’t think there’s anything that they can do,” Rhulen told attendees. “They rely on the government to deal with the terrorism issue. One of the things I can tell you is the vast majority of the resources for combating terrorism are in the hands of private business,” he reported.
“Having a behaviour risk program within our organization, having training on behaviours of concern,” Rhulen said, is needed. “You need to have a system in place for people to report” behaviours of concern through some kind of anonymous tool, he said.
Although a hurdle has been that nobody wants to get involved and report possible cues, “what everybody needs to understand is if we’re going to combat terrorism and if we’re going to combat workplace violence, it’s going to need to be on a basis where we err on the side of caution, not on the side of privacy,” Rhulen emphasized.
Better employing employee reporting is just one of a host of “things we can do to identify those people in our population,” he suggested.
Pointing out that many U.S. state and federal enforcement bodies are “monitoring social media or monitoring all kinds of other communication tools to identify these people before they act,” he said, “you can do that within your organizations as well.”
Rhulen argued “the media has built up the idea of active shooter, terrorism and all these things to the point where you think there’s a terrorist around every corner. That’s just not the case.” That said, “I think what you have to understand is they don’t until someone does,” he cautioned.
Whatever steps organizations can take to be better prepared, informed and trained are worthwhile since terrorism or like attacks are rapidly changing, Rhulen pointed out.
Consider, for example, the growing use of vehicles as weapons to cause mass casualties. “Last year, when we were talking about terrorism, when we were talking about active shooters, other things, the issue of vehicular attacks really never came up,” he told attendees.
“One of the things that happens in terrorism, as well as just in terms of trying to plan for mass casualties, is the rate of change,” Rhulen said. Things change on a regular basis, so it is essential to keep “your plans, your training, your education, your thought processes broad enough to understand that bad people are going to find new ways to do things.”
Citing the examples of autonomous vehicles, “think about technology, think about how technology can be used in nefarious ways,” Rhulen suggested.
“The autonomous vehicle is something that is going to change this issue of vehicular attacks significantly. So understanding how you control the movement of vehicles on your property, around your building, all those kind of things” is imperative.
“I think vehicles are going to become a more and more prevalent part of the weapons that people are using,” he noted, adding that he expects physical measures to prevent vehicles from getting too close to buildings, for example, are “going to become more and more important over time.”
That said, with any tool, “there’s got to be a plan that’s built around the tool,” he said.
Every organization should be doing a comprehensive vulnerability threat analysis – or updating that assessment – annually, Rhulen said. “One of the reasons it’s very important that it be at least annual is that rate of change issue that I mentioned. Because of technology, things are changing all the time,” he noted.
When working through plans, “make sure you do best exercises; make sure that that’s part of your normal planning process,” he recommended. “You need to keep terrorism, active shooter and those things within a context of the likelihood. Yes, the severity is extremely high, so we have to plan for it,” he said.
Having an understanding of what terrorism-like conditions “can have on your organization in your immediate area is important,” Rhulen emphasized.
But it is also important to keep abreast of what is going on in regions close to your area.
Consider if terror cells were identified in an adjacent region. “Knowing that you live or work in an area that has that kind of situation or opportunity should make you more vigilant in the things that you’re doing,” he cautioned.
“Five years ago, no one was talking about cyber. Now, it’s sort of just assumed that every company is going to buy a cyber policy,” Rhulen told attendees. “I think you’re going to see a similar fairly rapid transition to where terrorism, active shooter, some of these other (insurance) coverages are going to start to pick up as well.”
In step with insurance developments is going to be the “area of risk management around it,” he suggested.
“The stuff that you do beforehand – that predictive work and that preventive work – is what’s going to determine how well you perform during an event,” Rhulen argued.
“If you haven’t thought those through, practised them, trained on them in advance, you’re going to have a very suboptimal outcome if you try to do that at the time.”
His recommendations? Ensure there are insurance coverages in place to cover terrorism, active shooter and mass casualty-type events; understand any exclusions within the policy; train people on behaviours of concern and put in place anonymous reporting; do your threat assessments; and make sure that everybody is involved by carrying out test exercises.
“By creating an overall awareness, by making people more prepared, you’re going to create a culture within the organization that reacts better when something does happen,” Rhulen said.
More coverage of the RIMS 2017 Annual Conference & Exhibition