Right now, maintenance of social distancing, self-quarantining, washing hands and cleaning surfaces defines risk management – and rightly so. However, as we battle the ongoing reality and impact of COVID-19, we are seeing an increase in warnings from law enforcement and security risk experts regarding individuals who may take the pandemic as an opportunity for targeted violence, scams and fraud, and other adverse behavior.
It is never too late for corporate leaders to begin increasing their awareness of threats during this time. Even if some infection numbers in the United States drop, the rate of the coronavirus is increasing exponentially globally – and we must be prepared for opportunistic threat actors.
A Global Pandemic Proves Fertile Ground for Threat Actors
John Demers, United States Assistant Attorney General for the National Security Division of the Justice Department, feels the coronavirus may actually prompt some terrorist groups to accelerate their plans. Threats and risks present before the pandemic have not disappeared. Instead, they, in a disturbing parallel to many contagions, are mutating to better attack existing and new vulnerabilities. These include:
- Phishing schemes targeting employees working at home
- Websites claiming to sell face masks and toilet paper
- An ISIS newsletter urging supporters to attack overwhelmed healthcare systems in the west
- A recent domestic terror plot, foiled by the Federal Bureau of Investigation (FBI), in which an assailant sought to acquire materials to bomb a Missouri hospital providing critical COVID-19 medical care
Supply chains, already pushed to their limits, face renewed vulnerabilities as the coronavirus magnifies top disruption factors, like natural disasters, transportation failure and compromise, market volatility and cyberattacks. Reopening facilities such as office buildings, restaurants and entertainment venues face challenges related to access control, sanitization, inventory and physical security. Iconic and symbolic destinations remain potential targets as well.
Key Considerations for Staying Vigilant of Threats Amid COVID-19
It is vital to ensure that critical elements of our pre-coronavirus safety, security and risk posture remain as strong as possible.
- Review security assessments, via conference calls or webinars, with company leadership or trusted advisors to ensure they rate pre-coronavirus risks on a scale of low to high risk based on their present likelihood and impact under current conditions.
- Emergency response and business continuity plans should be reviewed with specific attention paid to the implementation of lessons learned in the initial and ongoing response to the coronavirus and the implications those lessons hold for other threat scenarios. A strong emphasis should be placed on succession planning, cross training, remote support, the viability of alternate locations and the refinement of conditions guiding the availability and use of essential personnel at each level of the organization. Emergency response plans should be revised to consider the potential impact of depleted first response and detail the use of other supplemental resources. For facilities such as stadiums, hotels and convention centers, emergency management plans as well as site operation plans and guidelines should be at the ready for use by the requesting federal, state and local entities and revised to meet the new need while maximizing site protection.
- Contracted or proprietary security personnel should be augmented to mitigate shift fatigue and facilitate breaks. Every reasonable effort should be made to ensure on-site security and facility personnel are provided with multi-mode communication equipment, food, lodging and personal protective equipment (PPE). Security personnel should be fully debriefed on how emergency protocols and responses may have changed, such as varied security patrols.
- Critical security system infrastructure such as video surveillance, access control, lighting and intrusion detection should be tested for full functionality particularly given facilities may have been vacant for some time. Any repairs needed to these systems should be given immediate priority. Furthermore, security leaders should pursue methods of monitoring and controlling these systems remotely.
- The safety and security of critical infrastructure such HVAC, electrical, fuel storage, water and mechanical systems, should be ensured through protective fencing and gating, locks, tamper proof seals, audible alarms and video surveillance. These infrastructure elements, which are vital to the health and operation of a facility and its occupants, can be prime targets for threat actors particularly when easily accessible. Therefore, proactive and thorough identification of potential threats to any one or more of these critical infrastructure systems must be a part of the ongoing threat assessment program.
- Social isolation has increased web traffic across many platforms that allow people to connect with others. As such, companies must continue to devote, if not increase, resources to open-source intelligence monitoring to identify inappropriate, deceptive, threatening or illegal behavior or activities that may affect the security of their personnel, leadership or facilities. Ensuring designated personnel working remotely are equipped and trained to monitor social media and alert security and leadership to items of concern is a must.
- Online security awareness training focused on areas such as cyber security, active assailant response training, threat response protocol awareness, workplace violence prevention and company security policies ensures that your workforce stays informed no matter where their office may be. Furthermore, as human resource and security leaders shift from pandemic response to reopening mode, the challenges they will face continue to mount. As some employees transition into roles that require them to enforce health and safety guidelines (e.g., social distancing, facial masks), they will be even more in need of training on how to deal with security and threat risks.
The current environment meets many definitions of “worst-case scenario.” As long as there are individuals who would seek to compound the worst case in pursuit of criminal or terroristic gain we must remain actively prepared.