Blog – Pinkerton Pinkerton is a global leader in security & risk management solutions. Find out how your company assets can benefit from our protective services. Sat, 24 Feb 2018 21:07:19 +0000 en-US hourly 1 The Problem with EHS Handling Risk Management Wed, 14 Feb 2018 16:01:08 +0000 In the past several years, we’ve noticed an alarming trend where companies add Security responsibilities to their Environment, Health and Safety (EHS) departments/positions. Before we get too far into this post, we want to say that we have the utmost respect for people in EHS positions. The work they do is invaluable. Brand reputation management, employee safety, regulatory compliance, environmental sustainability and many other areas are influenced by their efforts. For multinational companies with a variety of brands, global facilities and a disparate workforce, the workload EHS professionals handle is daunting.

And that brings us to the point of this post. EHS has enough to do! But what Pinkerton Director Daniel Alabre has seen recently is that they are being given even more to do…a lot more. “As corporate threats, such as active shooters and cyber-attacks, have risen in the past decade, companies are scrambling to find people to shore up their security protocols and processes. Too many times, it’s given to the EHS teams who have little or no experience creating corporate-wide security plans.”

What Does EHS Do?

According to the National Association for Environmental Management,

[EHS] involves creating a systematic approach to managing waste, complying with environmental regulations, or reducing the company’s carbon footprint. Successful EHS programs also include measures to address ergonomics, air quality, and other aspects of workplace safety that could affect the health and well-being of employees.”

Some of EHS activities can include environmental regulation compliance, sustainability practice implementation, workplace accident prevention, emergency preparedness and eliminating hazards that could result in injuries. Based on that very broad description, it would seem that adding “Security” to the EHS role makes sense. And, it allows executives to feel like they have addressed potential risks by assigning the responsibility of mitigating the risks to people within their companies. However…

Checking the Box is Not Enough

With mounting pressure on the C-Suite to have formalized security plans and procedures that anticipate threats and mitigate risks, it is not enough to give this responsibility to EHS and “check the box” that it is handled. “What happens is that security is folded into the EHS position with the belief that their work is closely enough related and relevant,” says Alabre. “But often the people have no security training, don’t have a security or military or police force background, and have to make it up on the fly.”

Alabre says that one main reason given for why companies would add Security to EHS is cost. “They figure they can kill two birds with one stone,” says Alabre. “But that’s shortsighted. In the long run, they aren’t likely to have security protocols developed by risk management professionals. That could create future issues and bigger costs.”

Lawsuit Prevention is Not the Same as Risk Management

“EHS professionals wear a lot of hats but one major area of concern is preventing lawsuits and government fines across a wide range of areas,” explains Alabre. “Environmental mishaps, workers compensation claims, and health code and OSHA violations are a just of few areas where they work to prevent legal actions. However, that’s not the same as managing risks that have a different type of impact.”

As we’ve written about several times previously, performing a comprehensive risk assessment that takes a holistic approach to security is critical, especially in today’s increasingly connected global business climate. So while there is certainly some overlap between EHS and risk management/security, each has its own discipline that requires a high level of professional experience. “An EHS team would not likely have access to a global network of security professionals who are constantly gathering intelligence that could influence business decisions such as where to open a new facility or whether or not an executive team should travel to a certain destination,” says Alabre. “Understanding the threats companies face, the probability of risk and creating plans to mitigate those risks should be handled by teams that have done it before, not an add-on to someone’s job responsibilities.”

For certain, EHS and Security teams should work closely together, not in silos. Being aware of the issues facing each is critical so that plans that incorporate disciplines from both areas are applied, creating a safe and secure environment.

Pinkerton’s Top 5 Posts of 2017 Tue, 16 Jan 2018 10:05:13 +0000 What a year 2017 was. The world saw a lot of major issues affecting global security take center stage for companies, governments, and individuals.

The United States swore in a new and, to some, controversial President after a contentious election. North Korea flexed its military muscle by demonstrating nuclear missile capabilities that threaten nearby South Korea, Japan, and China among others. Terrorist and “lone wolf” attacks in Paris, London, Las Vegas, Stockholm, New York and far too many more locations left the world shaken. Natural disasters, such as the record-breaking hurricane season in the Caribbean, wildfires in California and earthquakes in Mexico, Iran, and Iraq, left thousands dead and thousands more injured and/or homeless.

As the year went on, we dove deep into a lot these issues via white papers, our new Insights Podcast, our Daily Insights Intelligence Briefs and, of course, here on the Pinkerton Blog. As we start 2018,  we wanted to look back at the posts that were read the most by you, our loyal followers, in 2017. For that, we are grateful and look forward to keep you up to date on worldwide security issues that could affect your business, your employees and you.  

Pinkerton’s Top 5 Security Blog Posts of 2017

Active Shooter Response Plan

The popularity of this post, which we originally published a few years ago and updated for 2017, indicates that mass shootings, like the one at the outdoor concert in Las Vegas that left 58 people dead and nearly 600 hurt, are still top of mind for our readers. This post provides insight on why an Active Shooter Response Plan is critical to any company’s security.

Key Tips for Residential Executive Protection

The internet has connected millions of people. Unfortunately, it means that normally low-profile executives’ personal lives are more exposed and new threats to their home and family have arisen. Our readers found this post, which outlines steps to take to protect that which is most valuable to them, very useful.

How to Layer Large-Scale Event Security

As the Las Vegas shooting and the Ariana Grande summer concert bombing demonstrated, new ways of layering security at large events is needed. In this post, Pinkerton Eric Rose notes the weaknesses in some security protocols and what could be done to mitigate the risks involved with large-scale events.

Measuring Security Risks & Business Impact

Measuring risk is perhaps one of the most complex issues in the security industry. No wonder this post was popular! So many opinions vary on what “risk” is and what factors should go into measuring it. But over the past 160+ years, Pinkerton has been able to hone the complexity of risk measurement into a seemingly simple formula, which Pinkerton President Jack Zahran breaks down in this post at a time when the company unveiled its Pinkerton World Risk Index Report.

Enterprise Security: Definition & Trends

Enterprise Security is a big topic and is clearly on the minds of our corporate clients looking to protect their assets. But what is Enterprise Security? And why was it looked at with such importance in 2017? Jack Zahran and Pinkerton Vice President Richard Gurley provide a definition in this post and trends to look out for well into 2018.

From all of us at Pinkerton, we thank you for being frequent readers of the Pinkerton Blog. We look forward to bringing you more news, tips, trends and analysis regarding global security in 2018.

Protecting Critical Infrastructure (Before It’s Too Late) Mon, 18 Dec 2017 11:00:38 +0000 Everyone knew it was coming. Weather forecasters and hurricane experts had predicted it for more than two weeks. A potentially catastrophic storm would hit islands in the Caribbean and there was little doubt that Puerto Rico would be among the hardest hit. And yet, it appeared that the island was ill prepared for the damage Hurricane Maria would inflict on the Puerto Rico, its inhabitants and the critical infrastructure. Since they were warned of its approach, how could that be?

“You can’t prepare for a storm of that magnitude in two weeks,” explains Pinkerton Director Sam Stone. “You need to anticpate the potential of a storm and have a plan of action that you can then implement when required. And the main problem was too many businesses didn’t anticipate the possibility of a storm like Maria.”

A Response Plan is Proactive

Puerto Rico is a prime, and current, example of what happens when critical infrastructure fails and there is no advance preparation. Systems break down. The reliability of having clean water, electricity, operational medical equipment, passable roads and available air travel is severely compromised. Unfortunately, it becomes very clear how many different ways people and businesses that are not prepared for such a catastrophe can be effected.

“Unfortunately, many companies did not have a disaster response plan in place,” says Stone. “And even if they did, they didn’t consider a situation where infrastructure would be impacted for weeks instead of hours or days. Getting gasoline to keep generators up and running became a major issue for companies with brick and mortar operations. Other issues stemmed from travel security, communications, and the inability to evacuate. Firms that didn’t have additional protection in place hours or days prior to the storm hitting were exposed. ”

Though the name implies a reaction to a situation, a Disaster Response Plan actually is one that anticipates many scenarios that could severely impact a company’s operation. “Knowing what to do and when, training people on the plan, having the appropriate contracts in place, and being able to deploy resources quickly are critical components when internal and external infrastructure goes down” advises Stone.

Ad Hoc Reactions to Disasters

“Whether it’s a natural disaster or a man-made situation, like an active shooter, anticipating the business impact and planning for contingencies makes a big difference,” Stone says. “In the case of a power outage, what is the company’s communication plan and does the company have resources it can deploy to help protect people and property? For example, if cell towers are ineffective, what resources does the company have in place to communicate to personnel? Is the plan tailored to the site and its unique geography and infrastructure? Are company personnel on the ground knowledgeable and empowered to execute communication contingency plans?”

As many companies found out during this year’s hurricane season, not knowing the answers to these basic questions can leave employees and assets at risk.

“A lot of the planning seemed to be ad hoc, just based on the current situation,” says Stone. “While Maria was unprecedented for Puerto Rico, companies that had a risk-based disaster response plan fared better than those who didn’t. And many didn’t take heed of past experiences to learn and prepare.”

Learning from the Past

There may be no better example from the past that could have aided Florida, Texas and Puerto Rico in preparing for Hurricanes Harvey, Irma and Maria than the devastation, and loss of infrastructure, witnessed as a result of Hurricane Katrina in 2005. New Orleans and much of Southern Louisiana was crippled by the huge storm that knocked out power, damaged buildings, flooded entire neighborhoods and was one the costliest natural disasters to ever hit the United States. “There was a lot to learn from Katrina and many companies in that region took those lessons to heart, putting in place plans to mitigate risks if a storm like that ever hit again,” says Stone.

Just weeks after Hurricane Katrina, Texas was faced with responding to Hurricane Rita. Texas government officials were proactive and issued an evacuation order. While that action anticipated the devastation the storm would bring, it did not take into account a new threat which came to frution from massive scale gridlocked traffic. When hurricane Harvey hit in Houston, local authorities seemed to take the wrong lesson from their experiences with Rita and an official evacuation order was not given. However, that resulted in many people staying in their homes and businesses ,overwhelming rescue operations. A safer option would have been to evacuate based on a well-planned and anticipated route minimizing the potential for traffic congestion. With Katrina, Rita and other storms in mind, a comprehensive disaster response plan would have incorporated lessons learned from previous disasters.

Financial Concerns Impact Infrastructure Protection Planning

One might wonder after so many examples of devastating storms, terrorist attacks and other incidents that impact infrastructure, why more companies are not better prepared. “In many cases, companies would prefer to accept the risk of a man-made or natural disaster instead of investing in emergency and security programs” says Stone. “This is a short-sighted view of risk. Many times, it is costlier for a firm to incur harm from a foreseeable threat than it is to invest in emergency and security measures. But America is a litigious society and we are seeing more and more lawsuits that result from ineffective or non-existent security, even in cases of terrorism and mass shootings.”

As we noted in our last blog post “The Interconnectivity of Risk & How It Impacts Businesses”, using a holistic approach to risk management allows companies to consider a lot more potential scenarios and create workable plans to mitigate those risks. Our newly updated Risk Wheel separates risks into four quadrants and then goes a level further by breaking those quadrants into nodes. In the case of hurricanes, they fall into the Hazard and Event Risks quadrant where Natural Disasters are a node.  But looking at the Risk Wheel, one can see how a hurricane could impact several other quadrants and nodes, such at Operational and Physical Risks/Business Continuity and Technology and Information Risks/System Integrity. For companies in the path of Harvey, Maria and hurricanes, these nodes were almost certainly impacted. For many, especially in Puerto Rico, they still are.

For companies in today’s connected world, being without key infrastructure for even a day can have a big impact. Stretch that out to several days, weeks and even months and the impact multiplies. Anticipating scenarios in which this could happen and creating a response plan that allocates resources can give companies the best chance for avoiding costs and recovering quickly when disaster hits. Let’s hope the events of the recent past can help companies mitigate loss of life, assets and resources in the future.

The Interconnectivity of Risk & How It Impacts Businesses Thu, 09 Nov 2017 10:40:55 +0000 Noted international economist Klaus Schwab said, “One new reality is global interconnectivity. The most crucial factor in accepting the new reality and confronting its opportunities and risks is our willingness to develop shared norms on all levels.”

We agree.

So when President Jack Zahran considered how to continue the development of the Pinkerton Risk Index, a global Index that measures holistic business risk, which Pinkerton first  launched in 2016, interconnectivity was high on his mind. “There has been a huge convergence and interdependence of how businesses interact regionally, nationally and locally. Seemingly, everything impacts everything else. So we knew the Risk Index had to be a dynamic, ever-changing resource that took this new reality into consideration.”

Zahran and Chief Intelligence Officer Brian McNary explain how the interconnectivity of risk has impacted global business operations and security.

Respect Interconnectivity

There are numerous  examples from the recent past of how interconnectivity affects elements of international business; perhaps one of the largest was the collapse of U.S. financial services firm Lehman Brothers in 2008.

The company, founded in 1850, at its peak had holdings of more than $60 billion and had risen to become the fourth largest investment bank in the United States. However, capitalizing on the housing boom, the firm had become over-leveraged in mortgage origination and, as a result of the subprime mortgage crisis, the company suffered unprecedented losses. The company filed for Chapter 11 bankruptcy on September 15, 2008, the largest bankruptcy filing in U.S. history, causing a 500-point drop in the Dow Jones Industrial Average.

“When Lehman filed for bankruptcy, the ripple effects were felt far and wide,” says Zahran. “The home mortgage industry, commercial loans, money market funds, the stock market, so much was affected by this one action. It really demonstrated how connected everything is today.”

Further, international markets were impacted, placing an  even sharper focus  on the interconnectivity of the global economy. Japanese banks and insurers were hit with nearly $2.5 billion in losses flowing directly from the the Lehman bankruptcy. The Bank of Scotland was exposed to more than $1 billion in claims against Lehman. More than 43,000 individual investors in Hong Kong lost massive amounts of personal wealth, when  “mini-bonds”  backed by Lehman became nearly worthless . The event is widely considered ground zero for the global financial crisis of 2008-09.  

Understanding that global events can affect your business in large and small ways is critical to creating a risk mitigation plan. “You can’t manage risk effectively if you don’t respect interconnectivity” stated Zahran.

Instability Can’t Be Insured Against

What the Lehman example highlights is that seemingly unconnected local events can create widespread global instability and uncertainty.  “A company can obtain insurance  against natural disasters” say Zarhan, “but not against the impacts of market or industry instability. This non-insurable risk area is what the Risk Index addresses. In that type of atmosphere, the threat of financial impacts, and eventual losses, can occur if you are not prepared to mitigate the risks.”

A company with operations on the Gulf Coast of the United States, for example, is likely to have coverage that includes losses incurred when facilities are hit by a hurricane or other major storms.  However, a company based in China that relies on those companies for mission-critical parts may not have considered their own needs to be protected  from these storm impacts. Another company may invest mission critical operations in  facilities located in a politically volatile area of the world. Should a conflict or war break out that shuts down the operations, there needs to be a plan in place to ensure business continuity. If you have haven’t calculated these risks effectively, and proactively, it could have a widespread impact on your company.

Risk Measurement Must Include Probability and Impact

McNary says that there has always been an inherent problem with how companies look at risk. “They tend to look at what’s happening now and in the very recent past,” he explains.  “Companies would react to every fluctuation as if it was going to be the new norm. The reality is that a longer-term view could provide insight into what kind of impact the fluctuations would really have.”

Determining the probability of threats leading to business impacts is at the center of why Pinkerton uses different formula for calculating risk than the traditional one. The old model was:

Threat x Vulnerability x Consequence = Risk

But in Pinkerton’s latest white paper, “Building a Superior Model for Calculating Risk,” we introduce a more effective formula:

Threat x Probability x Business Impact = Risk

In the new formula, Vulnerability is now included in Threat since being vulnerable is a threat. The Probability of something occurring related to the threat is given a lot of weight. In our example above, a company that has operations in areas often hit by hurricanes would give this natural disaster threat a high rate of probability.  And the last element, business impact, is where McNary’s insight about historical perspective comes into play.

“While a company may have a high probability that a natural disaster will impact the business, if they analyze data from the past 20 years they may see that past occurrences didn’t result in stifling losses, just temporary disruptions. This information will then help them create a mitigation investment plan that is in line with the potential bottom-line impact.”

Using the Risk Index

While the Risk Index’s online, interactive map gives companies a global overview of risks, as defined above, the real benefit comes when creating a risk profile. “Our company has transformed how it looks at security by creating a holistic approach that has been adopted by the industry,” say Zahran. “The Risk Index allows us to provide even more analysis using a multi-level approach that goes deeper into risk categories.”

“Many factors go into creating a company’s risk profile,” says McNary. “The Risk Index looks at 60 sub-nodes in which threats could exist and examines them based on historic business impacts.”

Working with a client recently, McNary and his team used Risk Index 2017 to determine where the company should invest its security resources if a potential acquisition was to occur. “The company they were acquiring had multiple operations throughout the world. Each one had to be examined using the Risk Index, which pulls information from a variety of sources, including our own boots-on-the-ground intelligence. The key was determining how any risks would impact the company, its brand and its overall fiscal health.”

In another example, Pinkerton used the Risk Index to help a company standardize how it expressed risks throughout its global operation. “The company had disparate business units that, from a security standpoint, weren’t communicating risks consistently. The Index gave them a structure through which it could collect, analyze and report risk data, giving the C-Suite a full perspective on its exposure internationally. Armed with this information, it could plan security risk management budgets based on real data and forecasting.”

As Zahran explains, the evolution of the Risk Index 2017 is not focused on geo-political rankings like other tools in the industry; it is focused on holistic assessment. “We aren’t telling companies what countries are the safest. While that’s interesting, it’s not always relevant for the business decision. What is important is using the data, which is constantly updated, to provide a comprehensive risk analysis so that they can make an informed decision on resource investment.”

Click here for the full Risk Index 2017 report.

How to Effectively Manage Holiday Hiring Thu, 19 Oct 2017 19:07:58 +0000 ‘Tis the season to be hiring.

With the holiday season in the United States just over a month away, retailers and other related service industries will soon ramp up their hiring efforts for thousands of temporary positions. All of this recruiting is taxing on the personnel charged with interviewing, screening and hiring the new employees. And while the pressure to speed up the onboarding process is great, Pinkerton’s Marsha Hernandez, Managing Director, and Nancy Alt, Director of Global Compliance, warn that cutting back on due diligence procedures can be detrimental in the long run.

More Hires, Shorter Time

Holiday hiring presents unique challenges for human resources departments; they are required to maintain the organization’s standard hiring protocol while dealing with a significant increase in the number of open positions and applicants. All for employees who may only be with the company for one to three months.

“The HR staff is used to the normal recruiting flow and timelines,” explains Hernandez, “but when they are moving triple or more the volume of applicants through the same process, they need to be very efficient. Having a very good repertoire with their background information provider to ensure all are in tune with the timelines and requirements is critical.”  

Alt adds, “Both HR and Consumer Reporting Agencies, like Pinkerton, are subject to many different regulations, and compliance to these regulations does not change with volume.”

Companies may try to truncate their normal hiring and screening process due to the short-term nature of the position. Hernandez warns  that this is a potentially costly mistake. “These employees have access to products and assets. They have contact with customers and employees. They represent the brand and can damage the company’s reputation just as quickly as full-time employees. Not doing enough to vet these applicants can come back to hurt the company.  Unfortunately this is something we have seen happen all too often.”

Critical Elements to a Seasonal Hiring Plan

Hernandez and Alt recommend that the following elements be included in any seasonal hiring plan. “The goal is to have as much information as you can to make an informed hiring decision, even for temporary workers,” says Hernandez.

  • HR will need to be sure that they have very solid staffing models and know what their average fallout rate is from background checks. This will let them know, on average, how many people they will need to recruit to hit their staffing number for this time period.
  • For each jurisdiction they need to recruit in, they will need to know what are  their typical turnaround time on background reports. They should be able to work with their background provider to get those averages. Based on the answer, they should adjust the recruiting schedule accordingly to ensure they start early enough to get the number of new hires they will need for this period.
  • The company needs to look at their current background  package for their full-time, regular employees and decide if the same background package is necessary for this seasonal position. They need to look at the job position and the risk associated with that position. If they are able to reduce the scope of the package without sacrificing safety, regulatory obligations, etc., then it may be beneficial to look at the scope to reduce the turnaround time of the background report.
  • The HR teams need to know the “Ban the Box” and “Fair Chance” policies where they will be recruiting. The “Box” is the part of an employment application that asks if the applicant has a criminal record. As of August, 2017, according to the National Employment Law Project (NELP), 29 states, the District of Columbia, and over 150 cities and counties have adopted Ban-the-Box or Fair Chance policies. These policies were enacted to force employers to remove the conviction history question from the hiring application to ensure they look at all applicants for their qualifications first, prior to running the backgrounds. Once an offer is made, the company can run a background on the applicant. If a background returns derogatory information, it will be at that time that they can ask the applicant about the criminal history. While these policies ensure an equal opportunity for all applicants upfront, it ends up adding to the turnaround time and cost of recruiting if derogatory information is found later in the interview. This is a critical issue when you are trying to ramp up quickly.
  • Companies need to be mindful that the provisions of the FCRA do not distinguish between full-time and seasonal workers. HR departments need to be disciplined to apply the appropriate adverse action response procedures to avoid costly violations.

In addition, there are many more regulations that the HR Departments must adhere to along with their own hiring policies and company requirements. However, following policies and procedures ensures consistent treatment of applicants and is critical to staying out of regulatory space and lawsuits.

Anticipate Delays in the Seasonal Hiring Process

Another challenge HR teams face in seasonal hiring is that the process for a background investigation can take longer simply based on the sheer volume of applicants that companies try to process during that time. “Retailers, warehouses, delivery services, and others are in peak at the same time,” says Alt. “The courts are inundated with volumes that are substantially more than their staffs are manned to handle. This can cause delays, which should be anticipated.”

When processing backgrounds during holidays, courts are often closed and personnel limited due to holiday vacations. That can affect turnaround times for background checks. In addition, Ban the Box and Fair Chance, if applicable in the State where the applicant will work, extends the process since companies are not allowed to ask the conviction question up front. “These expected delays are one reason some companies give for not following their normal hiring process,” says Hernandez, “but they shouldn’t.”

Red Flags and References

Compliance with HR regulations is a broad area that is constantly changing. There are many different regulatory bodies, federal, state, and local jurisdictions that all have different requirements. To maintain compliance, a company must know all of the regulations that the organization is subject to and to comply with them. There is no shortcut to compliance. While all the rules may differ between regulatory or jurisdictional bodies, companies must be aware of them and follow them, or know that they have the potential to suffer penalties or lawsuits. For example, under the Fair Credit Reporting Act, consumers can file suit against both businesses and individuals for both intentional and negligent l non-compliance..

Keep Background Checks in Mind

So, while maintaining compliance, how can an interviewer determine if a candidate poses a risk? “When interviewing, it’s important to always have a background check in your mind,” Hernandez explains. “People know their own life really well. If something they say doesn’t match with their application, that’s a red flag to be investigated. So, too, is if they can’t answer some basic questions about their professional life like the title of a past position.”

Then, she says, you have to perform the necessary checks, such as contacting references. “Reference checking is one of the most often ignored steps in the hiring process.  Conventional wisdom says that applicants will only provide references certain to give positive reviews, however, the reality can be very different. While checking references can add cost and potentially be time consuming, valuable information can obtained during this process. ”

Hernandez and Alt stress the importance of doing comprehensive background checks on all candidates whether for full-time or seasonal, temporary positions. Though the cost of time, money and resources is greater than a scaled-down hiring process, Hernandez warns that being pennywise can be pound foolish. “The cost of not doing a proper screening and background check can be huge, both financially and to a company’s brand. The peace of mind of knowing you did all you can to ensure the safety of your customers and employees should be worth the investment.”

Related Posts:

“Who Took That? Preventing Employee Theft in Retail”

“Social Screening: What Can You See?

“Corporate Background Checks: Top 5 Errors & Mistakes”

Why the South Korea Winter Olympics Will Be Business as Usual Tue, 12 Sep 2017 15:34:31 +0000 If you are hosting a party, the last thing you want is a neighbor intruding and launching things over the fence, threatening to disrupt the festivities. And while that threat is certainly looming for South Korea as they prepare to host the 2018 Winter Olympics in February near the border with North Korea, Pinkerton Director David Rotger says that South Korea’s security will be the highest quality and the upcoming Games should be business as usual.

South Korea is Not Brazil or Greece

Prior to the 2016 Summer Olympics in Brazil, threats to the visiting public, athletes and officials were reported for several years. Pinkerton issued many warnings through our daily Insights alert and posted about key threats to Olympic security in a blog post. The issues ranged from an underfunded police force to facilities not being completed on time to the Zika virus. “Perhaps more than any Olympic Games in recent history, the Rio Olympics were rife with security issues that had officials on high alert,” said Rotger. However, the Rio Games went off without incident and were deemed a success from a security standpoint.

Similarly, the 2004 Summer Olympics held in Greece were beset with security issues leading up to the Games. CBS News went as far as to proclaim “Athens Olympic Security a Mess” less than a year prior to their start. The threats stemmed from dilapidated infrastructure, under-trained security staff and disorganization.

But according to Rotger, none of those issues are present for the South Korean Olympics.  “Pyeongchang is a modern city in a country that is very advanced,” says Rotger. “They don’t have the uphill battle that Greece or Brazil had where major work had to be done just to bring systems up to modern levels of functionality. Besides the normal threats of hosting a major event, South Korea doesn’t have the additional burdens other host regions have had.”

Pinkerton’s Risk Index verifies Rotger’s claim. Developed in 2016 with an update releasing this fall, the Pinkerton Risk Index measures the potential risk to business continuity and operations for regions/countries throughout the world based on Pinkerton Risk Wheel. In the chart below, you can see risks in South Korea are low:

Compare that chart to that of Brazil:

And Greece:

And for comparison, here is the chart for the United States (which will host the 2028 Summer Olympics in Los Angeles):

There is one risk area in South Korea, however, that stands out as being higher than the others for the country: Social Political risk. And for that, they likely can blame their neighbor to the north.

North Korea Could Threaten Olympic Security…But Unlikely

“There is, of course, the elephant in the room and that is North Korea,” says Rotger. “The international community, business leaders and security officials simply can’t predict what that country may do, if anything, to disrupt the Games. It’s a variable that has to be considered.”

Early on, there seemed to be some indication the North Korea would welcome the Games. As recently as June this year, a co-hosting scenario where select events would take place at North Korean venues was still being considered, though the idea was scrapped due to lack of time to prepare.

Yet ever since the Games were awarded to South Korea, media reports have been warning that the political and military stance of North Korea could threaten the Games. Last week, North Korea tested a missile by firing it over the north end of Japan. Recent messages from North Korea President Kim Jong Un and United States President Donald Trump, communicated through press conferences, official statements and Twitter posts, have escalated the concern.

The North Korean threat cannot be dismissed.  However, these Olympics are similar to other events where terrorism, whether state sponsored or not, is a possibility. The greater likelihood for risk comes from more mundane and predictable sources.

“Typical” Risks Will Come with South Korean Olympics

“What we will likely see in Pyeongchang are the typical risks that come with most big events” Rotger explains. “Top among them will be logistics. The host city is more than two-hours from Seoul, where most people will arrive.” The distance, he says, will create challenges for companies sending dozens of representatives to the Games.

“Keeping track of where everyone is will be difficult since roads will be very crowded and alternate routes will be used.” Rotger also notes that finding places for people to stay, if not done already, will be very difficult. “Companies may have people spread out over a large geographic area, increasing the risk since security measures will be stretched.”

Ginger Happe, another Pinkerton Director who has overseen security for many large scale events, says that it will be important for companies to have a well-constructed contingency plan should something disrupt the Games.

“Companies need to start planning now for what their people will do should disaster strike,” she says. “How will you communicate with all your representatives? How will you get them out of danger areas or out of the country if needed? How will family members be alerted about the status?”

Rotger agrees, noting that while the risk of a large-scale terror attack may be low, recent “lone wolf” incidents, like the one in Barcelona where a single driver plowed a truck into a crowded street, are always possible…and mostly unpreventable.

“People need to know that those events are our new reality. Officials do what they can to prevent them but they are nearly impossible to predict. It’s important that companies and individuals have a plan, especially for communication, if an incident occurs at the Winter Games.”

Mitigating Risks in the Litigation Process Mon, 21 Aug 2017 11:00:26 +0000 It’s often said that we live in a very litigious society, where people are suing other people or companies all the time. There are a myriad of circumstances that can expose a person or company to litigation including failed businesses or partnerships, the use of questionable business practices, perceived employment or housing discrimination, environmental or real estate development protests, alleged personal injury and contentious divorce and family matters. These are just some of the variety of reasons companies or individuals may wind up in court. In short, you and your company are at high risk for litigation. For those unprepared to face this eventual litigation, these risks increase in costs and the likelihood of an unfavorable outcome in court.

In this post, Pinkerton Director and former Suffolk County Assistant District Attorney Ellen Lemire provides insight into the risks of litigation and two key areas where in-depth investigations are required to gather vital information. “A lot goes into investigating a legal claim or other action, but lately we’ve seen a lot of activity around due diligence and witness location and interviewing,” says Lemire.

Know Thy Enemy

Perhaps “enemy” is too strong a word here, but this oft-used phrase derived from “The Art of War” by Sun Tzu is relevant when preparing for ligation. The full context of the quote is even more applicable:

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.
If you know yourself but not the enemy, 
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.”

Due Diligence is a key activity that helps to understand the forces a company or individual is up against when faced with the actual or potential threat of legal action. Lemire gives an example of how it helped a recent client.

“We were asked by a real estate development company to help them find out about possible obstructions to their proposed development. Several groups had formed to block the development and the law firm needed to know how  at risk their client would be. We initiated an investigation on several fronts to present a full picture of what was coming down the pike.”

One of the groups voicing their objection were the surrounding property owners. They were organizing a potential lawsuit to stop the development. “The law firm needed to know where their client was vulnerable and the level of resources this opposition group would potentially have. We researched the key players to determine the overall risk.”

Using public records, Freedom of Information requests, court documents, physical surveillance and even social media activity, the team amassed information that could provide some ammunition to diminish or counter the local real estate owners claims and credibility before a judge or jury.

It was also important for the defending law firm to understand where their client, the development company, was vulnerable. “We used the same tools to discover any potential issues regarding the company’s reputation and practices that could come back to haunt them during these proceedings. It’s always good to know what’s out there.”

Lemire also noted the company’s need to keep a tight lid on their own information so that it does not leak out and become part of the other side’s case. “Often, we will use Technical Surveillance Countermeasures to ensure that there are no listening devices or other spying instruments being used in board rooms, hotel conference rooms and other areas where sensitive information is discussed.”

While a due diligence investigation provides a wealth of background information, witnesses can also play a key role in litigation support activities…if you can find them.

You Have to Find Them First

Witnesses can provide key testimony in court cases but, you have to find them first. And notis often not an easy task, but requires access to  investigative skills that most companies and law firms don’t possess.  “We had an assignment once regarding a big accident that took place between two cargo trucks,” Lemire explained. “The law firm representing one of the company’s involved knew there were many eyewitnesses. However, the potential witnesses were  truckers who travelled cross-country  on a daily basis. Finding them was going to be a big challenge. We were successful because we had a national network of associates that could assist in the investigation.”

Not all witnesses are “good” for a company. That is a big part of the witness interview: determining if they will provide positive or negative testimony regarding a company or individual. “Finding the witness is one thing,” says Lemire. “Knowing how they will present their account of the situation is another. We are hired to discover who would be beneficial witnesses and who to avoid. It sometimes boils down to demeanor…are they telling the truth and do they seem trustworthy. And you can only find that out via face-to-face interviewing.”


Lemire says that litigation support is a rapidly growing part of Pinkerton’s business. “It’s a natural fit for our company since we are the world’s first detective agency. We’ve always had experienced investigators and now we have them throughout the world. As global companies get involved in litigation that spreads across many nations, that network is a critical benefit.”

Why Embedded Security Provides A Different Level of Protection Wed, 19 Jul 2017 11:00:12 +0000 Some companies have the time and resources to create extremely competent security teams that understand their company, the mounting threats being presented in our increasingly connected world and methods to mitigate these risks.  But many companies simply don’t have the necessary amount of time or resources. Despite their best efforts, building an international, national or even regional security team is no easy task. But with the use of embedded security, companies can achieve a different level of protection almost overnight.

In 2012, Pinkerton introduced the Pinkerton Dedicated Professional (PDP) service to address this very problem. And as our Vice President James McClain explains, the demand for the PDP service has been growing rapidly ever since.

What is a PDP?

A Pinkerton Dedicated Professional is someone hired and trained by Pinkerton that works exclusively for one of our client companies. The PDP is an embedded security employee working at the company just like the client’s  full-time employees. Immediately the client benefits from the PDP because the Pinkerton professional  brings with him/her Pinkerton’s global network of intelligence gathering and “boots on the ground” knowledge garnered from the  thousands of other Pinkerton professionals around the world.

“Security needs change almost constantly,” explains McClain. “What might have worked a year or so ago could be ineffective now. So, having someone, or several people, within your company that have the latest intelligence and tactics can make a critical difference.”

How a company benefits from hiring a PDP is best demonstrated through a recent example. A healthcare company brought in a PDP for executive protection. On the surface, that would seem a somewhat routine security operation that could be handled in-house. But as we explained in a recent blog post, there are several modern challenges with today’s executive protection.  The employees requiring security services were travelling internationally and visiting emerging markets. The company did not have the resources to provide the type of security these global activities required.

“The PDP was a supplement to their existing security force,” said McClain, “and was armed with intelligence gathered in-market as well as through media and other sources so that protection protocols could be put in place to mitigate risks.”

The Operational Impact of a PDP

As we’ve noted already, the biggest benefit to a PDP program is that it includes the experience Pinkerton has built over the past 150+ years along with its global network of resources. But there are many operational benefits as well.

The hiring and training of a PDP is Pinkerton’s responsibility. This frees a company from having to spend time and resources recruiting, and then training, new personnel.

“Not only are we experts in security but, we are also skilled at finding the best available security personnel for the task at hand,” explains McClain. “We know what a client needs and we know what to look for in a PDP to match the skillset with the assignment.  That cuts a lot of time out of the recruiting process so a company has someone in place much faster than the traditional in-house hiring route.”

Also with a PDP in place, company staff can focus on their core business and not be burdened with having to operate a security network, which for many companies just isn’t possible. “Monitoring trends, staying up-to-date on the latest technology used in security, developing new security measures based on ever-changing situations and implementing new risk mitigation programs can be a monumental effort,” McClain explains. “Many companies don’t have the personnel or expertise to manage it so they opt to work with an outside firm where security is the core business. ”

PDP Case Study

We recently published the following case study which outlines a recent PDP program for a client. Highlights from that case study include:

The Situation

A new leadership team immediately recognized large inefficiencies with the management of their guard force. With each facility executing contracts for security guarding services, the company was unable to take advantage of the cost-savings that consolidated regional and country-level contracts could provide.The need to create efficiencies from guard force management paved the way for exploring third-party solutions. Leveraging expertise in effective guard force management on a global scale justified the decision as cost-neutral spend.

The Solution

Pinkerton proposed the utilization of Pinkerton Dedicated Professionals (PDPs), fully-dedicated embedded security resources at the local facility level to drive operational continuity. The company could now access a global network of trained, vetted professionals who operationalize centralized corporate risk management strategy across the large footprint of over 500 locations in 180+ countries. Choosing PDPs vs. sourcing Direct Hires was an easy decision to make. There was a lower cost of talent acquisition and, by relying on Pinkerton’s institutional knowledge of risk management best practices from servicing thousands of clients worldwide, it provided our client the opportunity to focus on their primary business.

Recent Trends Increase PDP Needs

“Companies operate in a world today where so much is interconnected,” says McClain. Global supply chains are impacted by technology. Brand protection can be challenged by the “dark web” and social media. Executives are travelling to dangerous but emerging markets.

“No longer is security a matter of ‘guards and gates.’ Executives want to know, with up-to-the-minute intelligence, where the company and its employees are at risk. And, they want someone at the table who can help create plans to minimize those risks now and for the long-term.  That need is driving much of our recent PDP engagements and I see that continuing for the foreseeable future.”

Driving this growth is a special PDP program involving dedicated intelligence analysts that can provide strategic direction and full-scale planning for the implementation of security plans that match company goals. “We put a Pinkerton at the planning table along with the other executives,” says McClain. “Today’s business environment requires a strong synergy between business goals and security planning. The PDP analyst will understand a company’s core business, learn its short and long-term goals and work with internal teams to create a security plan that aligns with company objectives.”

To learn more about a PDP program, see below for several resources:

Case Study: Embedded Personnel Instrumental in Manufacturing Firm’s Security Transition and Ongoing Operations

Case Study: Dedicated Analysts Navigate Clients Through Political Protests

Benefits of Pinkerton Dedicated Professionals (PDP)BENEFITS OF PINKERTON DEDICATED PROFESSIONALS (PDP)

Active Shooter Response Plan Wed, 28 Jun 2017 16:12:14 +0000 Recently, five people were killed by a gunman in New Mexico. Just two days prior to that, a San Francisco UPS employee killed three co-workers before killing himself. Earlier in the same month, five people lost their lives before a gunman shot himself to death in Orlando. The frequency of these tragedies, three in just three weeks, indicates the real threat that exists that people could find themselves in an active shooter situation.

In 2014 during an unfortunate series of tragedies in that year, we published the active shooter response plan below to help people be prepared. We have updated it and present here again.


As the United States Department of Homeland Security states: “. . . there is no pattern or method to the selection of victims by an active shooter, and these situations are by their very nature unpredictable and evolve quickly.” In the same way we have no control over a natural disaster, there is no way to prevent an active shooter situation. However, there are ways to lower the risk.


Every company (and by extension their employees) is vulnerable somewhere, in some way, to threats and risks. Threats are often out of a company’s control and can pose an immediate danger at any time. Risks, however, are what make your company vulnerable to those threats. Risks are the elements that can be controlled if the company is made aware and has a plan to mitigate. For example, if a company does not have a sign-in procedure for employees, vendors and guests, there is a greater risk that someone intent on harm can enter company property. Where your company is most vulnerable to these threats can be  determined through a comprehensive risk assessment, after which a plan can be created and implemented to reduce those risks.

It is common for people to assume that an active shooter risk assessment is something that should stand on its own. However, this is far from the truth. Determining where you are vulnerable during an active shooter situation should be a subset of a workplace violence assessment which is part of a larger emergency and disaster response plan.


The emergency and disaster response plan establishes, in detail, the necessary actions that should take place during an emergency situation, of which the  active shooter threat is an example. Having and then implementing a plan is critical during and  an emergency situation. For example, the notification time standard in an emergency situation is less than one minute. Therefore, the ability to communicate quickly and successfully is essential. To ensure successful communication, multiple systems should be considered. Public address systems, telephone trees, mass text messaging, email, or call systems are just a few of the ways to effectively announce imminent danger. In 2007, school officials at Virginia Tech were criticized for being slow to communicate the threat of an active shooter on campus. Technology has improved since then, with more ways to communicate including social platforms such as Snapchat, Twitter and Facebook Messenger and advanced mass-email/text systems that can distribute up-to-date development instantly. The key is that people know which platform or platforms to use for priority updates and that messages are delivered in a timely manner.

At the first announcement of danger, all employees should already have a familiarity with the protocol to follow. This means that all employees should have a basic understanding of the response plan as part of their training. Depending on their position and location relevant to threat areas, different people within the company, such as security officials, should be given additional information and instruction. This hierarchical distribution of information ensures that the entire company will be well prepared in an emergency.


Once your plan is created  it is essential to practice implementation. Recurring training and exercises should be standard within any company. It is not enough to have an annual fire drill or tornado warning practice. There is a high value in training to reveal areas in which the team must improve. For example, what if the individual assigned to initiate the telephone tree is not in the office? Does the second in charge know where to begin? What if a shooter has taken hostages? Do you have a system for knowing, at any given moment, who is in the building? Questions such as these will get addressed in a training situation.

Remember the saying: “You will react the way you train.” In the movie “Captain Phillips, ” which was based on a true story, the crew reacted slowly and without urgency to the approaching boats, which they would soon discover were filled with Somali pirates. By the time they took the threat seriously, it was too late. As you initiate training exercises, stress to the trainees the importance the training has as a way to save lives, including their own. While workplace violence and active shooter situations are very rare, a company must take the necessary steps to plan for the worst case scenario since there is no way to predict when a situation will arise. Don’t be caught off guard!.

]]> 0
How to Layer Security for Large-Scale Events Thu, 08 Jun 2017 19:30:17 +0000 For Pinkerton Director Eric Rose, large scale event security has been on his mind for several years. “People haven’t been taking security at events like sporting contests or concerts seriously enough,” he explains. “I’ve felt for a while now that it was only a matter of time before something bad happened.”

And sadly, it did. While we were working on this post, a topic Rose suggested months ago, tragedy struck in Manchester, England. A bomber killed more than 20 people at a Ariana Grande concert. And for Rose, it cast a spotlight on an industry that needs to dramatically alter how it considers security at events like these. “Event security just can’t be a budget line item or a box that gets checked,” says Rose. “Security must be at the forefront of any event planner’s mind as a critical element to the event’s success.”

A Show of Security Force is Not Enough

According to Rose, security at events has been traditionally handled by local law enforcement and/or hired off-duty uniformed officers. Simply alerting the authorities that an event was taking place and having them present was considered ample security. “The mindset was that if you have enough uniformed officers present, that alone would be enough of a deterrent to thwart any plans to disrupt the event.”

But the reaction to a visible security force is akin to a speeding driver seeing a police car and slowing down. The problem is that once the police car is out of sight, the driver resumes speeding. “Posting police at a venue only handles the issues that are right in front of them. Yes, they are a deterrent and they can certainly react to situations and maintain order. But more is needed to prevent incidents from occurring in the first place. Pinkerton recommends a layered approach.”

Layered Security Combines Multiple Tactics

Layered event security means that several tactics are used, some of them clearly visible and others behind the scenes, to provide protection to event attendees and staff.

Law Enforcement

“The first layer is law enforcement,” says Rose. “A venue absolutely needs to have highly visible officers that not only deter crime but assure attendees that security has been addressed. If an incident takes place, they will play a critical role in crowd control while helping to clear the crime scene so that an investigation can take place.”

Private Security

The next layer is private security and Rose says the key issue is intelligence gathering and doing a full security risk assessment. That takes place far in advance of the event. “We will look at past attacks of similar events, learning all that we can about where vulnerabilities were that allowed the incident to occur. We will also use our global network of resources to monitor current events to determine if anything would be a trigger for a possible attack. We then communicate all that information to our team that has ‘boots on the ground’ so they can act on the intel.”

With a private security force, it’s unlikely  event attendees will know they are there. And that is by design. “When our team is on the ground, they are there gathering information that can be shared through the security detail. An undercover agent can get much closer to suspects and monitor their movements, reporting to others as needed so that a plan to suppress a potential attack can be made.”

For best results,  private security would  act as the overall coordinator of the layered approach, keeping all parties informed of developments, while monitoring intel gathered from multiple sources. “At Pinkerton we take a holistic approach to how we manage event security,” says Rose. “Ideally, we are at the table very early on in the event planning process so that we can influence how the event logistics are addressed that could affect security. We work with law enforcement, venue management, event planners and promoters, performers, presenters and their security forces, ancillary business operators like parking lots and concessions, so that we address as many vulnerability points as we can.”


Advances in technology have both helped and hindered security in the past 20 years. Social media, as an example, has given security teams a way to learn about disruptive plans being devised by criminals. Teams can set up a “geo-fence,” which focuses social media monitoring to a specific geographic area, to look for messaging that could indicate an attack is being planned. However, technology has also sped up how fast those attack plans can be enacted since communication is nearly instantaneous, making it hard for security teams to stay ahead. Overall, though, Rose believes that the strategic and effective use of technology has advanced security efforts greatly.

“It’s easier than ever to communicate with our team who, at an event, could be spread out miles apart,” he explains. “If we learn a key piece of information from our intel gathering, we can now text that out instantly so that the whole team has it. We can communicate and act as fast as the criminals can.”

Intel Gathering and Surveillance

A critical layer to providing security at a large-scale event is the constant gathering of new information through ongoing surveillance. “Situations change in an instant,” says Rose. “It is critical that there are dedicated surveillance personnel who are trained to look for suspicious activity and report their observations.” Rose and his team recommend elements such as bomb-detecting dogs, undercover agents, rooftop surveillance teams and even drones, if permitted, to get a full picture of the event scene. The goal, he says, is to expand the perimeter of security for a venue beyond just the venue and immediate surroundings.

A Change in Culture is Required

More than any new or improved tactics, providing a high level of security for large scale events in today’s world will require a change in the attitude and culture found among venue owners and event promoters, according to Rose. ““It’s just not prudent to maintain a ‘It won’t happen here’ attitude when it comes to security. Security can’t be the first line item reduced when expenses get too high. Today’s security is complex because so are the threats.”

Rose says a culture shift like the one that took place in the air travel industry is required for large scale events. After the 9/11 attacks, airport security changed dramatically. Imagine telling someone prior to those attacks that before boarding a plane they would have to remove their shoes and belts, they would not be able to bring liquids larger than 3.5 ounces and that they should plan to arrive 1.5-2 hours prior to departure due to security checks. But today, the industry culture has changed and those rules are the accepted norms.

Recent terrorist attacks, like that in Manchester, have cast a spotlight on venue security but Rose says operators need not concentrate as much on why attacks occurred. Rather, he says, they should focus on how.

“Motive is not the major concern for security teams. Our concern about these recent attacks is how did they happen? Where were the vulnerabilities and why were they there? What systems and tactics might have prevented them? These are the questions that need to be asked far in advance of any future event so that risks can be mitigated before they become reality.”