Intelligent Protection › Security Blog › Intelligence and Security › Protecting a Business Against Terrorism
by Virginie Roux, Head of Marketing

Is your business ready for terrorism?

For the last twenty years since the attack on the World Trade Center that marked the start of the “War on Terror”, terrorism has become an ever-growing concern for the security of Western countries, with attacks taking place sporadically.

So, what is terrorism, strictly speaking? Terrorism is the use of violence and intimidation tactics against persons or property to serve a religious or political cause. It appears under various forms with the combination of sophisticated and unpredictable methods that all serve the same purpose: installing insecurity amongst society to affect people’s behaviour who are made to live in fear!

In the corporate world, companies are concerned about operational contingency and of course their duty of care towards their staff and should therefore have plans in place to protect their business and their workforce in the event of an attack. The Charlie Hebdo attack in 2015 highlighted the need for companies to implement safety measures in the event that an attacker could potentially penetrate the premises. During this attack, two armed men entered Charlie Hebdo’s offices and forced one of the staff members before they killed her to enter the security code that granted access to the second floor, where a meeting was taking place between journalists and cartoonists of the magazine. Everyone present in the room was killed.

The two attackers then managed to flee the scene, killing police officers outside before finding refuge in a print shop where they took the owner hostage. During the siege, an employee who managed to hide, relayed back information to the police by text via his mobile until the terrorists finally emerged outside, where they died.

This terror incident raises the question: what to do as a company to prepare for the eventuality of a terrorist attack? In this blog, we will discuss the measures that should form part of your security procedures to ensure the safety of your workforce. Of course, while a terror attack cannot be stopped, a company can limit and reduce the impact of a terror attack through planning and understanding.

What types of terrorist attacks should a company prepare against?

Of course, some forms of attack are very difficult to defend or prepare a company for, but it is good for firms to have a grasp on the threats. Companies can prepare for various types of scenarios as terrorists employ different stratagems, the aim for them is just to create the biggest impact by killing the maximum of people and causing disruption. Employees could come under attack at their workplace but also when they are travelling for work and still under the care of their employer. It is important for them to be familiar with the different acts of terrorism that can arise.

Active Shooter

An incident during which one or several active shooters target a group of people or crowd, shooting them indiscriminately whether this is in a public or private place for a political or religious purpose. Examples of this are the Charlie Hebdo attack in 2015 and the Christchurch mosques attacks in 2019.

Bombing

Terrorists use explosives to target either government buildings, points of strategic interests, heavy-crowded areas including airports, stadiums or arenas, or may specifically pick out large televised events such as a marathon or a Royal wedding. An example of this is the coordinated 2019 Sri Lanka Easter bombings, targeting three churches and three luxury hotels.

Kidnapping

Certain locations in the world are more exposed to the risk of kidnapping than others. Generally, terrorists kidnap their victim to ask for money or for a favour in exchange of the person’s life. But the government of Great Britain and of other countries don’t negotiate with terrorists, as this would lead to more kidnappings. Employers should ensure that their staff is well-informed about the security situation in the country that employees are travelling to prior to their trip using our travel advice and that they only use safe methods of transports and only stay in safe hotels.

Hijacking

Hijacking corresponds to the seizure by terrorists of a vehicle, ship or plane while it’s in transit. Since the 9/11 attack, airports have limited the risks of hijacking by implementing safety measures to counter terrorism in aircrafts.

Cyber terror attack

A cyber terror attack corresponds to any premeditated actions that is politically driven that target information, computer systems or programs to disrupt and cause panic amongst the population. In the event that critical infrastructures such as power networks, trading platforms and healthcare systems are targeted, the results could be disastrous causing in the worst-case scenario for instance a power blackout or a nuclear meltdown - if terrorists managed to take over the control of a nuclear plant - although this would be very hard to achieve. The WannaCry ransomware cyber-attack that targeted the NHS’s computer network that lead to the disruption of health services, demonstrated how potentially dangerous this kind of attacks could be.

Nuclear or Chemical attack

A few years ago, this concept would have been far-feched, however, since the Salisbury novichok, the use of nuclear or chemical weapons against the public or specific people is a reality. In the case of the Salisbury attack, many businesses were affected for weeks.

Vehicle used as weapons

Since the Nice terrorist attack, during which a lorry driver drove into a crowd of people, copycat attacks employing a vehicle to kill pedestrians have happened in the last few years around the world. Such attacks are difficult to predict but major cities have since used bollards as an effective deterrent method. Examples of this type of attack are the 2017 Barcelona attack in Las Ramblas and the London Bridge attack during which terrorists rammed a van into pedestrians.

Prevention remedies

Prior to designing any plan of actions, ideally someone from the security department or with a good understanding of health and safety, if the company is small, need to conduct a risk assessment to detect any eventual failure in your security system. In a risk assessment, potential threat should be identified with their overall impact and the likelihood that the risks may materialize. For each threat, the existing measures that are already in action to mitigate the risks should be indicated with propositions for new measures to limit them even further.

When writing a risk assessment, it is essential to take into account the elements of the business that need protecting such as people involved with your business (your personnel, visitors, clients, etc), any physical assets the company has (building, equipment, etc), any sensitive company information that is stored (IT, files, online payment terminals) and the supply chain.

In order to limit the risks faced by a company during an eventual terrorist attack, various measures should be taken in line with effective security procedures and appropriate installations following this model:

DETER

Investing in security systems that make it more difficult for attackers to strike is a good deterrent method to prevent an attack from happening. The key is to make it as difficult as possible for intruders to penetrate the premises and get to their intended location. Visible systems such as CCTV with clear 24h/24 monitoring signage, motion detection lights and security gates will make criminals think twice before making an attempt, as it gets harder for them to enter.

DETECT

Surveillance cameras will enable security officers to monitor for any suspicious behaviour and be responsive before the situation develops. At that point, you can either get your security guards to deal with the suspect or call the police directly depending on the threat involved, while you put employees in safety. Large organisations can also install metal detectors at their entrance in order to detect weapons.

DENY

Visitors should not be able to just waltz in and out your office space or other sensitive parts of your buildings, access by the public must be restricted with the use of passes. As part of your security plan, visitors should report to reception upon arrival and be given a visitor pass that is handed back to the receptionist at the end of their visit. They must be escorted during the entire time to avoid having them wandering around the premises alone.

Only staff members must hold an access card to enter their workplace and reserve access should be defined for certain rooms that contain sensitive material or information, which should be protected by an access code or biometric system doors.

DELAY

If an attacker manages to penetrate into your workplace, slowing down their movements by locking down the premises will reduce the potential harm they could cause and may force them to backtrack. The need for an access card and the use of electric doors in certain parts of the buildings will represent obstacles that will stop an attacker from making progress.

DRILL

Effective planning will be key in response to any major incidents. The company must write a contingency response plan that includes security measures and procedures to implement in the organisation to manage an incident according to different scenarios, as well as the list of people in charge of enforcing the plan and contacting the authorities.

Having staff that are drilled in major incident procedures and first aid trained staff will limit the impact, should an event take place. In our blog article "Guide to Rapid Triage for Major Incidents", we talk through Triage in a major incident and how trained first responders will make a real difference to the survival rate of those injured.

“Security” is a word that personnel should be aware of as part of the company culture. In that end, staff members must prepare for the eventuality of a terrorist attack and should be familiar with the contingency plan through training and regular exercises; so, they know exactly what to do. Rehearsals will allow improvements to be made to the contingency response plan that will be constantly updated as a result.

When rehearsing drills, employees will be taught to apply the “Run – Hide – Tell” strategy in the event of an attack:

RUN

The company must establish an evacuation plan with all possible exits and routes to follow that must be rehearsed on a regular basis. The personnel should only exit the building if it is safe to evacuate depending on the location of the threat, whether it is inside or outside. If for instance an active shooter is on the move inside the building or an explosion occurred outside, it would be wiser to stay in somewhere out of reach.

HIDE

If members of the workforce can’t evacuate because they may be exposed to the threat, it will be safer to find a place to hide. In the contingency response plan, the company should have identified one or several incident rooms which provide safe locations to keep out of sight. Appoint several marshalls in the company responsible for directing people to it, who are also trained at first aid.

You should ensure that you have a first-aid kit, emergency supplies of water, the list of employees, contact details of emergency services and a phone with its charger in the room with internet access.

Employees should keep their phones on silent in order to remain undetected.

TELL

As part of the response plan, the communication plan shall describe the channel that will be used to relay regular information to employees during an incident about the situation and its evolution, as well as instructions to stay safe. You can choose to alert your staff via email, an intranet service or a team chat application that you use internally, which would ideally have a built-in mobile app. The communication plan will also specify who in the company will be in charge of communicating with the workforce and the authorities to inform them about the development of the incident inside.

Although chances that your business could be the target of terrorists are very small, preparing for the worst means that overall security at your organisation is high and consequently, the risks will be greatly reduced. Intelligent Protection International Limited can assist your company in developing security plans and procedures that provide appropriate solutions to your organisation. Conversely, its sister company, Intelligent Training International Limited, also offers training solutions for your workforce on security.