Connecticut Companies Get Serious About Physical Security

In the aftermath of the September 11, 2001 terrorist attacks and hurricane Katrina, businesses are more mindful than ever about of potential consequences of such catastrophes.

When company owners and managers think about protecting their business, however, physical security often is at the forefront of their concerns. Few contemplate how to avoid or minimize day-to-day business disruptions caused by less calamitous occurrences. And ever fewer are analyzing such risks or developing contingency plans.

"The reality is that a lot of businesses are operated basically on luck - and when that luck runs out, folks are shocked," says Edmund G. Kardauskas, director of security risk-management services_ for Jennings Smith Investigations Inc. in Hartford. "A lot of emergency plans are, 'If something really bad happens I'm going to call 911.' But if an entire region is affected you instantly overwhelm all of those [responder] agencies.

"Security in the post-9/11 and post-Katrina world is not just randomly installing devices and having somebody at the front desk," adds Kardauskas. "It's not possible to completely eliminate the possibility of the adverse event, but it is possible to reduce the likelihood of major consequences.

"In order for this to be effective, an organization needs to have a commitment to provide a safe and secure environment and a solid plan for adverse events occurring," he adds.

Harvey Clark, a consultant for Dictograph United Alarm Services in Brookfield, advises companies large and small to develop short-term and long-term risk-management plans.

"We don't need a 9/11," he says. "It could be a gas leak, a chemical spill or a disgruntled employee. So it's in the business owner's interest to look at all the possible angles and say, 'How do we prepare for this?'"

The concept of business continuity planning is beginning to catch on.

The New Haven Manufacturers Association recently invited Waterbury Fire Chief Michael Maglione to discuss business disaster preparedness.

"It could be anything from breach of security to frozen pipes to power outages," says Maglione, who is on the coordinating council for the state's Department of Emergency Management & Homeland Security (DEMHS). "The main thing is to determine essential business functions and create a continuation of operation plan."

DEMSHS also has a number of programs in place and is developing others aimed at assisting businesses with emergency and continuity planning (see accompanying article).

Other resources include the federal government's Homeland Security Web site, www.ready.gov/business, which has information on protecting facilities and advice on developing plans to stay in business following an emergency; the National Fire Protection Association (www.nfpa.org), which publishes "NFPA 730: Guide for Premises Security" and "NFPA 1600," a guide for disaster/emergency management planning and operations; and the American Society for Industrial Security (ASIS), whose Web site, www.asisonline.org, contains a plethora of pertinent data.

Hiring an expert also may be helpful.

Kardauskas conducts risk and vulnerability assessments, starting at around $5,000 for a small company.

"We look at what can happen, what are the vulnerabilities and what do we have in place to deal with that risk," he explains. "We prioritize these things, give our recommendations for approaching each of these risks, then go into evaluating costs of the possible strategies.

"Then we come to an agreement with the company executive on how the plan should be pursued, including milestones, budgetary commitment and personnel,: says Kardauskas. "The strategy is executed. Results are measured."

The plan should be re-examined periodically and modified depending on circumstances.

"We look at company policies, procedures and processes, see what's happening in the surrounding community, measure criminality and social risks, and find out what other facilities are in the area, like power plants, airports, chemical processing facilities, even highways," he says.

Kardauskas recently did an assessment for a multi-building site next to a major highway, but company officials hadn't considered location in their list of concerns. A tractor-trailer accident, he pointed out, might snarl traffic for hours or send toxic fumes wafting towards the site.

"How many businesses can afford to cross their fingers and hope for the best?," asks Kardauskas. "What will those who are relying on luck do now that the company is a smoldering ruin with yellow tape around it, customers are ringing unanswered phones, no PR [public relations] organization is putting out a consistent message and an executive is standing in front of the cameras doing a deer in the headlights imitation."

Here are a few things to consider, in various settings, while developing, or fine-tuning, the physical security component of your business-protection plan.

Milford police officer Vaughan Dumas agrees that most companies, even including retail, are more reactive than proactive when it comes to security.

"I've only have had one business, a hotel, contact me before they opened," says Dumas, who heads his department's crime-prevention unit. "Most of the time it's done after the fact of an incident like employee pilferage or vandalism."

If requested, the crime prevention unit will conduct security audit for local businesses, involving "an inspection of the premises, inside and out, and recommendations," often for access control. He recommends using keyless entry systems for better management and accountability.

Kardauskas regards access control as "the foundation" of an effective program in any location.

"How you do that varies from environment to environment," he says, adding such programs could include a "good" receptionist or card access system restricting how people move through the building.

The technical parts of the program should be coupled with company policies and procedures and day-to-day responsibilities of employees, who should be held accountable for lapses.

"You need to have equivalent of an effective neighborhood watch program," Kardauskas adds.

Manufacturing

The Marlin Firearms building in North Haven doesn't resemble a medieval castle, but the underlying defensive principles are the same.

"It's probably not the most inviting place to want to break into," says company risk manager William Desrosiers. The facility is not open to the public and has plenty of physical barriers, including a fence around the property, a barbed wire gate and fixed and roving guards. There's sparse vegetation around the building and the entire area is well illuminated at night.

The 9/11 terrorist attacks "certainly made us re-evaluate what we do and why we do it," adds Desrosiers. "We realize there is more of a potential for somebody to break in even though we're not making explosives or things terrorists would use."

When developing their company's security plan, Marlin executives considered scenarios ranging from "whether a crazy person wants to steal our products" to "random acts" such as power outages.

"We did have the power lines go down, and luckily had a plan for that," Desrosiers recalls. "We had people onsite taking action within 15 minutes, which is pretty good for a weekend evening."

Manufacturers mainly worry about "questions of access and dangerous material," according to Jerry Clupper, executive director of the New Haven Manufacturers Association. "In some cases you have materials in a plant that are small enough and valuable enough to be carried off," he says. When Handy & Harmon, a company producing bi-metal strips for coins, had a Fairfield plant, "they had everybody go through metal detectors" to prevent theft of silver.

Manufacturers involved with transporting goods face added safety and security concerns, Clupper adds.

Retail

Proper design and layout and keeping corridors clear can help enhance store security, as can a greeter at the door, according to Milford police officer Dumas.

"Retail is much more open to the public," says Kardauskas. "You have to have an attractive environment that's easy for people to move around in, find what they want, and feel comfortable, but make it difficult for them to walk away with your stuff without paying. A late-night grocery is much different from a mall. In some areas, they create a shelter area for the person at the register, a ballistic envelope, and that's a huge deterrent. Your bad guys are extreme pragmatists."

National retailers often have their own security departments, and may deploy strategies such as not putting higher-value items close to the front of the store or alternating the direction of hangers to dissuade organized burglary rings from swiping entire racks of apparel.

Office and Service Businesses

Vigilance regarding visitor-management systems can minimize risks ranging from theft by contractors, cleaning personnel and temporary workers to violence.

Dumas says managers should engrave items likely to walk out the door, or do things as simple as wrapping computer wires around desk legs.

"Time is a criminal's enemy, and they'll only take what's easy to take," he says, adding some companies are tagging computers with tracking devices activated by phone lines.

Kardauskas says current or former employees may commit violence in the workplace, and domestic situations may trigger "hunting or predatory behavior" by someone tracking down an estranged mate at work.

The need for bodyguards depends on the profile of the person.

'If you're the head of a major worldwide corporation who has a very high political profile or various other risk factors, that may be something that should be considered," Kardauskas says. "It's definitely a case-by-case basis, which has to be carefully evaluated." For people who've been threatened, part of the analysis "goes to the motivation of the person making the threat."

Milford's Dumas sees cameras as secondary to "the main goal" of crime prevention, and notes the growing frequency of footage of crimes caught on tape turning up on news shows.

But cameras, especially well-positioned ones, can help cops catch criminals. Many are mounted so they're looking down on employees but may only catch the top of a suspect's head. Dumas advises businesses such as banks to install pinhole cameras at eye level in exit doors, where suspects may be inclined to remove a disguise.

"Most people are looking to keep their employees as honest as they can or protect themselves against their customers, theft or injuries," says Tom Koscal, owner of Tri-Star Security/Security Business Management in Derby. "Big Brother is moving into the population very rapidly, and the technology has changed in a way that's it's made some high-end stuff really affordable for small businesses."

Koscal recently installed a buzzer system and closed-circuit cameras for Naugatuck Day Care, a state-funded facility looking after 48 children from low- to moderate-income families ranging in age from three to five years old.

"We were just looking to keep everyone safe and secure and making sure no stranger could walk in off the street because we've seen on TV it can happen," explains director Joy Chrzanowski.

From her desk, Chrzanowski monitors three cameras in classrooms and one trained on a new, fenced-in playground.

The parents, mainly single moms, "love the security system," she says.

Safe at Home

Business protection and preservation are priorities for the state's Department of Emergency Management & Homeland Security (DEMHS).

"We are working closely with businesses and offer a number of services," says DEMHS deputy commissioner Wayne Sandford. "For larger businesses we have the Critical Infrastructure Protection Unit, and will send in a team of specially trained state troopers to conduct security assessments and make recommendations."

For smaller companies, there's "Operation Safeguard," a developing program providing information on "potential terrorism indicators" and advice on how to devise "a survival plan" for emergencies.

"We see our work with businesses as critical; we want them to have a continuity plan," says Sandford.

Patrick Chagnon, a detective assigned to the state police domestic terrorism task force, adapted "Operation Safeguard" for Connecticut from a program New York developed in 2000. It highlights 88 businesses vulnerable to possible terrorist activities, including fertilizer distributors, hardware stores, photo-processing centers, voluntary ambulance corps, self-storage facilities and tool and equipment rental places.

"We have information on what to look for specific to these businesses," explains Chagnon, who has presented the program to businesses and business groups around the state over the past two years, and recently trained 18 more state troopers for the task.

The DEMHS plans to ramp up "Operation Safeguard" by April. In the meantime, businesses can request presentations by calling 860-256-0800.

Another DEMHS program, Infraguard, focuses on business data protection.

The department also is working on a way to link security guards around the state with what Sanford describes as "the focal point for intelligence analysis" at FBI headquarters in New Haven.

"What we want to do is engage security guards to provide information," Sandford says. "Every day there are probably 1,000 police officers on duty [in Connecticut], but there are probably 4,000 or 5,000 security guards."

Covering Your Assets

Four years ago, the Terrorism Risk Insurance Act (TRIA) made terrorism insurance more affordable to businesses by creating a program providing federal funds backing up insurance companies' payment for certain terrorist-related claims. The idea was to stimulate business investment, which had slowed considerably after the September 11, 2001 terrorist attacks.

Last month (December) Congress passed a TRIA extension putting more of the burden back on businesses and insurers.

"Prior to the Terrorist Risk Insurance Act, insurers would not have been obligated to offer terrorism coverage; now it's a legal requirement," explains James Valverde, director of economics and risk management for the Insurance Information Institute in Manhattan. The Bush administration's strategy "encouraged insurers to price this type of insurance product in a reasonable way," leading to improved sales "in the vast majority of sectors."

The TRIA extension, however, makes major changes in the law.

"Certain lines that were previously covered under TRIA '02 are now excluded, so insurers need to decide whether to cover those lines because policyholders might want that coverage," Valverde says. He adds that exclusions include commercial auto insurance, burglary and theft insurance and surety insurance.

Several thresholds also have changed regarding how large the so-called triggering event has to be before the insurance kicks in. When TRIA became law in November 2002 the amount was $5 million. On April 30 it will rise to $50 million, and on January 1, 2007, it leaps to $100 million.

Individual company deductions and co-payments also increase under the extension. And insurance companies must pay more in losses before receiving federal assistance. That amount increases from $15 billion in 2005 to $25 billion in 2006 and to $27.5 billion in 2007.

Says Valverde, "It will be interesting, in context of the two-year extension, to see how far take-up rates will go.

Business New Haven, 1/23/2006