A recent article in Security Magazine provided some interesting statistics from a recent survey on business workplace violence policies conducted by the law firm Littler, Mendelson.
The survey found that, in response to recent mass shootings at U.S. workplaces, fifty-two percent of employers have updated or implemented a “zero tolerance” workplace violence prevention policy.
Forty percent of employers have developed an emergency response plan and a pre-employment screening process. Thirty-eight percent have conducted employee training sessions about recognizing and responding to a potentially violent situation; thirty-three percent have performed a safety and security audit; and twenty-eight percent have conducted active shooter response training.
Eleven percent of employers responding to the survey say they have taken no action because violence is not considered an issue at their workplace, and another one percent have not acted for fear of violating disability or discrimination laws.
What percentile is your business in? If you are in the eleven percent that have taken no action because you do not consider violence an issue at your workplace, I would encourage you to re-evaluate your thought process in this area. How many business affected by violent incidents considered violence an issue before tragedy struck? I would venture to say, very few. Our firm is usually called in after the fact – after an incident has occurred, which is unfortunate. Having a solid workplace violence policy, employment screening, employee training and robust security program can not only protect you and your employees from potential harm, but also protect your business from potential legal liability and adverse publicity.
“…everybody was running to one side of the store. Families were huddling together.”
“They were hysterical.”
On February 9, 2016, 68 year old David Brian Evans fatally shot a Harford County Sheriff’s Deputy inside a Panera Bread Company restaurant in Abingdon, Maryland. Another Sheriff’s Deputy along with the gunman were killed in a subsequent shoot-out.
The quotes above were from witnesses inside the restaurant at the time of the shooting.
During times of great stress, blood pressure can shoot from 70 beats per minute to over 200 beats per minute in less than one second. This leads to increased respiration and failure of visual, cognitive, and motor control systems. Under extreme life-threatening duress, the body prepares itself for “fight or flight” by sending blood to large muscle mass. This is good for running or charging an opponent (gross motor skills). It also results in the loss of fine and complex motor skills, cognitive reasoning, and diminished senses (tunnel vision, auditory exclusion).
Awareness and training can help overcome some of these physiological responses to danger. Active Shooter training incorporates “Run, Hide, Fight”. It is simple to remember and relies on gross motor skills. In an active shooter situation, your first priority should be to run – get out and get to a safe place. If running is not an option, then hide. As a last resort, fight.
Witness descriptions of the chaos inside that restaurant noted the fact the people could not process what was happening and worst of all, people instinctively huddled together in a corner.
It is an unfortunate fact of today’s world that you must continually be aware of your surroundings and know what is going on around you. There are four steps, known as the OODA Loop, that will increase your chances of surviving a life threatening event. The faster you complete these steps, the greater your chance of survival:
Observe: See what is happening and know what is going on around you.
Orientate: Filter that observation and recognize the threat.
Join me at the ASIS International – St. Louis Chapter Expo and Seminar on Thursday, August 13, 2015 from 8:00 AM – 7:00PM at the Holiday Inn Southwest & Viking Conference Center, 10709 Watson Road, St. Louis, MO 63127, where I will be speaking about Workplace Violence, Prevention and Investigation. The event is free, but registration is required. For more information and to register, please visit the ASIS St. Louis Chapter 39 website.
We recently completed two projects: one involved the investigation of a theft and potential data breach at a major firm, and in the other we were asked to conduct an in-depth security review for a major corporation that recently had an intruder breach their premises. What we found is all too common in many businesses today. Business security is not a priority until after an incident occurs.
You can’t open the newspaper or listen to the news without reading or hearing about a data breach, embezzlement, financial fraud, or workplace violence incident. There are many reasons why basic security processes and procedures are not put in place. The reasons range from cost concerns to naiveté. The truth is, once an incident occurs, the monetary and non-tangible (business good-will) cost to a business can be devastating.
There are recognized industry standards for security for both small and large businesses. Implementing those standards can help protect the business from a security breach, legal liability, and financial loss.
Financial Safeguards
In the 2014 Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud and Abuse, it was reported that the median cost of a single fraud incident to small businesses was $154,000.00. Five simple steps businesses can, and should, take to help mitigate financial fraud are:
Conduct background checks on all employees.
Implement a written code of ethics.
Divide bookkeeping and check signing authority.
Deliver bank statements – unopened – to top management.
Implement a fraud reporting mechanism or hotline (over 40% of all small business fraud is discovered through tips).
Physical Security
American National Standards Institute (ANSI) and ASIS International are recognized as the standard bearers of physical security. Both organizations conduct extensive research on physical security and publish standards that are recognized the world over. Each business should conduct a security risk assessment along with a cost benefit analysis. The size of your business will dictate how in-depth that assessment should be. Areas to consider in assessing the physical security of your business include:
Security policies and procedures
Security lighting
Barrier systems
Intrusion detection systems
Physical entry and access control
Video systems / Video surveillance
Alarms
Personnel
Workplace Violence
The Occupational Safety and Health Administration (OSHA) estimates that about 2 million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides. The monetary costs of workplace violence have been estimated by the National Institute for Occupational Safety and Health to exceed $120 billion per year, and the human costs are immeasurable.
Workplace violence incidents can come from a customer, an employee, domestic disputes that spill over into the workplace, and criminal acts.
Employers should take some basic steps to address workplace violence by adopting policies and procedures that demonstrate to their employees the importance of a safe workplace. Those steps should include:
A written zero-tolerance policy for incidents of violence or threatening behavior in the workplace.
Substantial disciplinary action, up to and including termination, for harassing or threatening behavior.
An easy system for employees to report suspicious or threatening circumstances.
A documented and detailed action plan outlining how the business will respond to those reports.
A system for documenting those reports and the action taken by the business to address the report.
A written and detailed emergency action plan in the event of a violent incident.
Cyber Security
The 2014 Data Breach Investigations Report, compiled by over fifty organizations from around the world reported over 63,000 cyber security incidents and over 1,300 confirmed data security breaches across twenty-seven countries in 2013. Most of the breaches fit some basic patterns:
Web App attacks (35%)
Cyber Espionage (22%)
Point of Sale intrusions (14%)
Credit Card Skimmers (9%)
Insider Misuse (8%)
Crimeware (other malware incidents) (4%)
Miscellaneous errors (2%)
While all industry segments were touched by cyber-attacks, the primary businesses affected by these breaches were retailers and the service industry. Some steps businesses can take to deter data breaches include:
Restrict remote access
Enforce password policies
Do not browse social media, public websites, or personal e-mails on POS systems.
Know your data and who has access to it.
Review user accounts.
Encrypt devices (laptops, hard drives, thumb drives – anything with data that could get lost or stolen).
Move highly sensitive or valuable assets to a secure location.
Properly dispose of information assets, and verify that they have been sanitized prior to disposal.
Use two-factor authentication.
Have a plan in place should a cyber-attack or data breach occur.
Summary
All businesses should be conducting security risk assessments. A security risk assessment will highlight areas that are vulnerable and help gauge the likelihood or impact. These should be done on a regular basis. A good risk assessment program will combine inside expertise and oversight with outside experience and insight. Using a third party to work with the company on a risk assessment will bring in a high level of security expertise not normally found in-house, as well as an unbiased and pragmatic view of policies and procedures in place. Once the risk assessment is conducted, the business should be prepared to make changes and to monitor the results.
The time to conduct a security risk assessment is now, not after an incident occurs.
According to a survey published in February 2014 by the Workplace Bullying Institute , 20% of workers surveyed said they have been bullied at work; 44% either saw or were aware of bullying in the workplace; and 7% said they are currently being bullied at work. Their definition of Workplace Bullying is: repeated, health-harming mistreatment of one or more persons (the targets) by one or more perpetrators. It is abusive conduct that is:
Threatening, humiliating, or intimidating, or
Work interference — sabotage — which prevents work from getting done, or
Verbal abuse
Unchecked, workplace bullying can lead to workplace violence.
The Occupational Safety and Health Administration estimates that about 2 million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides. The monetary costs of workplace violence have been estimated by the National Institute for Occupational Safety and Health to exceed $120 billion per year, and the human costs are immeasurable.
Employers should take some basic steps to address workplace violence by adopting policies and procedures that demonstrate to their employees the importance of a safe workplace.
Those steps should include:
A written zero-tolerance policy for incidents of violence or threatening behavior in the workplace.
Substantial disciplinary action, up to and including termination, for harassing or threatening behavior.
An easy system for employees to report suspicious or threatening circumstances.
A documented and detailed action plan outlining how the business will respond to those reports.
A system for documenting those reports and the action taken by the business to address the report.
A written and detailed emergency action plan in the event of a violent incident.
“Communication is vital when it comes to both preventing and responding to workplace violence. That communication must include both management and employees to ensure policies are not only implemented but adjusted as necessary to respond to the changing environment. The goal of working together is to keep everyone safe on the job.” (Ashburn, Employers Have an Obligation to Address Workplace Violence, 2014)
Simpson Security and Investigative Advisory Group, LLC can help businesses develop a workplace violence action plan, provide strategies for mitigating the risk of workplace violence, and provide workplace violence training to managers and employees.
On Wednesday, April 2, 2014, Specialist Ivan Lopez, United States Army, kills three and wounds sixteen at Ft. Hood Army base in Killeen, Texas. Lopez used a personally owned .45 caliber handgun, and took his own life when confronted by a U. S. Army military policeman.
Reporters gather outside one of the entrances to Fort Hood military base near Killeen, Texas. Spc. Ivan Lopez killed three fellow soldiers there before committing suicide Wednesday.(Photo: ASHLEY LANDIS, EPA)
By all accounts, SPC Lopez was a troubled young man. Twenty-four hours news coverage provides ample speculation, blame and conjecture about what could have been done, what should have been done, and what should be done in the future to prevent these tragedies.
Rather than classify this as a military problem, it may be more appropriate to look at it as a workplace violence problem. Workplace Violence occurs in the government work environment, the public work force, and in private industry. The term “going Postal” was coined by the seemingly inordinate number of workplace shootings that occurred in the U. S. Postal Service, starting with Patrick Sherrill gunning down fourteen of his co-workers in Edmond, OK in 1986. In 1999, two deranged individuals murdered twelve of their fellow students at Columbine High School, and there have been several school shootings throughout the country since then. Now, the spotlight is on the military, which just had their fourth high profile mass shooting in a relatively short period of time.
Are postal facilities, schools, and military bases any less safe than your average business , town, or public facility? Statics say no. Because mass shootings are relatively rare, occur in a highly public places, and have the added tragedy of the randomness of the victims, they lead to hyped news coverage. And we search in vain for an answer as to why. Often, that answer is known only to the perpetrator. What is known from research in past mass shootings is that mental illness is a prevailing factor, and the killers generally target places and/or people they consider responsible for their perceived unresolved grievances. Another factor to consider are “copycats”. A postal worker, student, military personnel, or other deranged worker sees the spotlight given to previous killers in their specific environment and decides that is the solution to drawing attention to their issues, however misguided that thought process is.
According to the FBI, there is no demographic profile of an active shooter. Many active shooters display observable pre-attack behaviors, which, if recognized, can lead to the disruption of the planned attack. The pathway to targeted violence typically involves an unresolved real or perceived grievance and an ideation of a violent resolution that eventually moves from thought to research, planning, and preparation. While not every active shooter can be identified and thwarted prior to attacking, many potential active shooters who appear to be on a trajectory toward violence can be stopped.[i]
Based on initial reports, this appears to be the case of SPC Lopez. He was reported to have been suffering from depression and anxiety, was involved in a dispute or altercation at his place of work, left the scene and returned later with a handgun which had been recently purchased. Whether this tragedy could have been prevented will be the subject of debate for the foreseeable future. Knowing the warning signs of violent behavior, having a viable and enforceable threat / violence policy, and having a straightforward, workable grievance solution process are all steps to reducing violence in the workplace.
Simpson Security and Investigative Advisory Group, LLC has extensive experience in dealing with workplace violence issues. Please contact us for workplace violence investigations, mitigation strategies, and training.
[i] FBI Law Enforcement Bulletin, May 2013, Addressing the Problem of the Active Shooter, Katherine W. Schweit, J.D.
mployers have developed an emergency response plan and a pre-employment screening process. Thirty-eight percent have conducted employee training sessions about recognizing and responding to a potentially violent situation; thirty-three percent have performed a safety and security audit; and twenty-eight percent have conducted active shooter response training.