CPNI – Savvy about security

CPNI – Centre for the Protection of National Infrastructure

Vigilant staff are one of the most off-putting factors for someone up to no good; it makes them think they are being watched, and that they are likely to be detected and intercepted.

How staff behave is a key indicator of an organisation’s attitude to security. Vigilant security behaviour – such as showing awareness of one’s surroundings – can help protect an organisation and the community that surrounds it. Security savvy staff will show any person planning to do harm that it’s not just security guards and CCTV they need to worry about if they want their attack to be successful. Alert employees are just as likely to spot suspicious activity and report it. At a time of high profile threats it is important that employees understand what they can do to keep themselves, the organisation and visitors safe.

Hostile reconnaissance

Hostile reconnaissance is an essential part of attack planning, whether it relates to terrorist, extremist protest or criminal activity. It is an information-gathering phase. And this is when you have the best opportunity to disrupt an individual intent on carrying out such activity.

Based on a research approach the Centre for the Protection of National Infrastructure (CPNI) has developed a selection of useful guidance tools to help organisations counter security threat. CPNI’s work included research into reconnaissance conducted by hostiles (individuals who want to harm or disrupt the people, assets or reputation of an organisation). This resulted in the development of a campaign framework which was trialled successfully in a variety of organisations.

Staff awareness

The premise is that you can encourage and develop effective vigilance behaviours in your staff. This in turn will help them become an active part of your protective security regime.

For an organisation this means understanding what constitutes good – and not-so-good – employee vigilance security behaviour, and then communicating this to the workforce. All of these elements are covered in CPNI’s guidance ‘Running a staff vigilance campaign’ which provides the tools and access to design materials to run a ‘security-minded behaviour’ campaign.

The guidance is structured around 5 Es:

• Education • Endorsement • Ease • Enforcement • Evaluation

For example, staff awareness will be boosted by clear explanation of the threat and clear guidance about what they can do personally. With this in mind, CPNI has developed a 4-step plan for delivering a successful employee vigilance campaign. This covers engaging senior management, putting together an overarching strategy, gathering a team to manage the delivery of the campaign, and developing and delivering the project plan. There are ready-made supporting materials in the guidance, including draft briefings, emails, intranet articles and posters, all of which are customisable.

Of course, building a security savvy workforce takes more than just one security measure, and more than just one campaign. The greatest and most sustainable impact comes from combining a number of protective security techniques, and ‘layering’ deterrence messages.

But it’s important to recognise the part that staff vigilance can play in helping to ensure that anyone with hostile intent is confronted at every stage of their planning process.

Finally, organisations also need to take account of the personal security of their employees, for those situations when employees may be at threat because of where they work. CPNI advice and supporting materials are available on the measures that staff themselves can employ to reduce the risk to their personal security.

The above guidance and supporting materials are available from www.cpni.gov.uk/advice/Personnel-security1/Employee-vigilance