"Acts of violence such as active shooters aren’t random,” says A. Benjamin Mannes. “From events such as Adam Lanza and Newtown, Nikolas Cruz and Marjory Stoneman Douglas High School, Jin Yu Park at Virginia Tech, and even Jared Loughner, who shot Congresswoman Gabby Giffords, all were planned.”

Mannes, who is a subject matter expert in public safety and former enterprise security executive for the nation’s largest medical board, and who serves as a Governor on the Executive Board of InfraGard, the FBI-coordinated public-private partnership for critical infrastructure protection, and on the Peirce College Criminal Justice Advisory Board.

“The June shooting at the Capital Gazette in a suburb of Annapolis, Maryland, is the most recent example,” says Mannes, who is not connected to the case, but who advises enterprises to include schools, colleges and corporations on enterprise risk management. “Jarrod Ramos had a long-term feud with several reporters over their coverage of a domestic harassment case against him. He repeatedly made threats to several reporters. It was a cancer that had been metastasizing for at least two years, but threats weren’t reported effectively. While the response time by police was amazing, you can’t bank on that when these issues could have been prevented.”

According to a recent FBI report, active shooter events are usually planned. The report notes that mass shooters don’t explode out of nowhere – they plan and prepare. Most have no diagnosable mental illness. And their attacks are almost always preceded by behaviors that stir apprehension in people close to them, possible warning signs that crop up over a lengthy period of time.

SEC0818-cover-slide2_900px

“An effective approach to corporate security includes the appointment of an enterprise-level executive who understands the physical, cyber and investigative threat profile faced by their organization,” says Benjamin Mannes, who is a subject matter expert in public safety and former enterprise security executive for the nation’s largest medical board, and who serves as a Governor on the Executive Board of InfraGard, the FBI-coordinated public-private partnership for critical infrastructure protection and on the Peirce College Criminal Justice Advisory Board.

Photo courtesy of Benjamin Mannes

What can enterprise security learn from this attack? “Like all others, this shooting could have possibly been prevented, if not mitigated, by the adoption of basic corporate security best practices on the part of the Capital Gazette or its parent company, The Baltimore Sun Media Group,” Mannes wrote in a recent editorial for Security magazine.

In addition, says Mannes, “You won’t get the best and the brightest by compartmentalizing and minimalizing your security based on considering it as an unnecessary evil and budget drain. Until corporate boards start looking at enterprise security as threat mitigation and risk management, then maybe we could start grasping the crux of this problem.”

Corporations such as Cox Enterprises,  Herbalife, Rackspace and Daktronics are taking responsibility for the standard of care for their stakeholders through enterprise-wide workplace violence mitigation and threat management programs that incorporate leadership, training and technology.

 

Mitigating Workplace Violence as a Team

Duane Ritter, Senior Vice President Enterprise Security and Corporate Services at Cox Enterprises in Atlanta (which includes Cox Communications, Cox Automotive and Cox Media Group) and his team are ensuring that the company’s 66,000 global employees go home safely from work each day. Ritter and his team have had an aggressive workplace violence policy and threat assessment team in place since 2012.

The Cox Enterprise threat assessment team includes Keith Davis, Manager of Investigations; Eric Winter, Senior Director of Investigations and Technical Risk; Rob Gray, Senior Director of Executive Security and Operations; Ed Mangan, Director of Business Continuity Planning and Crisis Management; and Carlotta Rogers, Manager of Business Continuity Planning and Crisis Management. It also incorporates personnel from HR and Legal, and an outside psychologist who is a threat assessment expert.

Incorporating other business units beyond enterprise security into the threat assessment team was crucial, Ritter notes, to “Let all employees know that they’re not alone because workplace violence is a ‘We problem,’ and we need to deal with it as a company.”

“I think the single biggest benefit to the threat assessment team is that it takes the responsibility for the decision making away from one person,” Eric Winter adds. “It used to be that a manager had to make a decision on whether someone might be a threat. Now, the entire team gets together to evaluate the situation and decide, as a group, any next steps.”

Involving other groups also adds resources to deal with wide-ranging threats against Cox Enterprises and its employees, due to the varied businesses in which it operates. Threats can be made against television personalities at Cox Media Group and can come from viewers and listeners, in addition to former employees and customers at the company’s internet service provider and automotive businesses. Yet, they are all assessed and mitigated in the same manner, says Eric Winter.

One example is employee training. Cox Enterprises trains its employees under its Situational Awareness for Every Environment (SAFEE) program, that addresses security and safety, at work, at home, while traveling – even on the internet, Winter says. According to Ritter, employees are very receptive to the training, in part, he believes, to recent active shooter events and the media coverage. “In addition, I believe that our employees are much more aware because they’re seeing their grade school kids being taught the same type of training at school,” Ritter notes.

“I think the single biggest benefit to the threat assessment team is that it takes the responsibility for the decision making away from one person.” – Eric Winter, Cox Enterprises

When any concerning signs arise, Ritter and his team step in quickly and seek help for employees before situations escalate. “Our strategy is rooted in partnership with our employees and ongoing education about safety in the workplace. We are committed to our employees’ well-being, and we have a system to monitor for any red flags. If employees really know that we are establishing a partnership with them, they won’t shut us out.”

One technology tool used is a LiveSafe mobile app that is available to all Cox Enterprise employees. “Our adoption rate is very high,” Ritter notes. “It gives us a two-way communication system to our security operations center or to the 911 center located near us. It has been a force multiplier for us. We now have more than 5,000 eyes and ears on the campus that report to our security operations center any strange behavior or unusual behavior – even people who aren’t wearing an employee ID. It allows employees to view our workplace violence policy and evacuation policies.”

Another threat mitigation tool is ensuring that employees understand the workplace violence policy as a part of the company’s code of conduct that employees attest to every year, in addition to programs such as Wellness and Safety Week.

In addition, Rob Gray and his team conduct physical assessments of company locations and sites to establish a security systems and technology standard. “It doesn’t entail using one particular camera manufacturer, but instead, ensures that each facility has cameras, access control, employee badges and more, to not only know who is entering and exiting each facility and when, but also to ensure employee communication and security and safety awareness,” Gray says.

Last, Ed Mangan and Carlotta Rogers of the company’s Business Continuity Planning group ensure that tabletop exercises are regularly held, with cooperation from local and federal law enforcement, including threat analysis of Cox facilities by SWAT teams, to unveil any potential security risks. “That’s been extremely beneficial,” Mangan says. “We also are constantly baselining against other companies. The security community is pretty small in Atlanta, and we have great contacts and partners. Atlanta is a dynamic community with a new Millennial population coming in, so we need to change with the times as not get caught flatfooted.”

“All that we are doing to mitigate workplace violence fits the culture of this company,” Ritter says. “It’s very employee-centric. This company and our team will go out of our way to help people and keep them safe.”

Such is also the case at Rackspace, according to Mark Terry, Director of Enterprise Physical Security.

 

Incorporating Technology

Rackspace is a managed cloud computing company based in Windcrest, Texas, a suburb of San Antonio. The company is has 1.2 million square feet of space, with 800,000 feet of office space.

Terry, who has been in his role for 11 years, has always had the funding and C-suite support for the company’s workplace violence program. As with Cox Enterprises, Terry is teaching company employees on how to stay safe outside of the workplace. “Our employees could get hurt while at the movie theater or the supermarket,” he says, “not just at work.”

Rackspace has an emergency conditions team, consisting of of employees who have volunteered and who receive CPR, life safety and active shooter training, and who know how to lead and direct other employees in an active shooter event. “If I have our emergency conditions team spread out throughout the building and who can lead the others, that is more important to me than [trying to provide] that type of specialized training to each employee,” Terry says.

SEC0818-cover-slide3_900px

Regarding active shooter training for Daktronics employees, Scott Peterson, Safety Specialist, says: “We made it clear that if you do the things we are asking you, in an emergency, you have a chance to survive. We want people to run; we don’t care where they run, just get away and be safe.

Photo courtesy of Scott Peterson

In addition to lockdown devices and safe rooms, Terry has employed Shooter Detection Systems’ gunshot detection sensors and has integrated the alerts with an Everbridge Safety Connection solution to reach all employees via SMS text, voice, mobile app, digital signage or desktop alerts in an active shooter event. It also allows him to know who is in the building and communicate with them and automate evacuation rostering.

“We’ve integrated Shooter Detection Systems’ gunshot detection sensors with Everbridge so that within 60 seconds all Rackspace employees receive an alert,” Terry notes. “It’s one tool in our workplace violence plan that I can count on.”

Albert Patin, Safety Manager, and Scott Peterson, Safety Specialist for Daktronics, also use the Everbridge solution as part of their workplace violence mitigation program, with an incident response team made up of employees who have specific roles in an active shooter event. “This team knows how to respond in a fire, weather emergency, electrical outages and violent intruder situation,” explains Patin. “Violent intruder events occur and can end quickly, so from a facility standpoint, our goal is to get employees out of the building.” Daktronics is based in Brookings, South Dakota, and the company designs, manufactures, sells and services video displays, scoreboards, digital billboards, dynamic message signs, sound systems, and more.

Located throughout the production and office areas are violent intruder buttons. The buttons are positioned in exits and populated areas can be push by any employee if a condition is identified. The incident response team also receives the notification and a dispatcher uses the Everbridge incident response software to sends a notification to all employees, personal phones, work phones, email and text. If the dispatcher is out of the building that day, a designated backup takes his/her place.

“We developed two types of training to go with the technology,” Peterson says. “It is role-based, and it ensures that the incident response teams knows when and how to use the violent intruder buttons. We also retrain the dispatchers on how and when to alert the police. We also enlisted a consultant and the South Dakota State Patrol, and local police and the Sheriff for training on run-hide-fight. We made it clear that if you do the things we are asking you, in an emergency, you have a chance to survive. We want people to run; we don’t care where they run, just get away and be safe.”

Rebuilding and Refocusing After Workplace Violence Occurs

Jana Monroe was CSO at Southern California Edison on December 16, 2011, when a gunman opened fire inside a Southern California Edison office building in Irwindale, California. The gunman, Andre Turner, killed two employees, and wounded two others, before committing suicide.

Jana_Monroe

Jana Monroe, CSO at Herabalife, and says that she has full C-Suite support for workplace violence mitigation, which includes a method for anonymous reporting.

Photo courtesy of Jana Monroe

“For two years after that incident we rebuilt and reframed our corporate culture [towards active shooter policies],” Monroe says. “But the most immediate action items included things that people didn’t read about in the media, including providing Uber rides, food and water to many employees, as 3,000 were evacuated from the building. Our corporate executives attended the funerals of the victims and provided security to the victim’s families for five days. After that, we formed a panel that included HR, Legal, Ethics and Compliance, Corporate Security and Psychologists who spoke to employees to determine the culture that was in place. From there, we put in place new policies, procedures and training to mitigate a shooting incident from occurring again and to be prepared if another incident should occur.”

Monroe is now CSO at Herbalife, and says that she has full C-Suite support for workplace violence mitigation, which includes a method for anonymous reporting. “That method has been successful because most people don’t want to be identified with information and that alludes to ‘telling’ on people. Obviously that stifles some of the ability for us to follow up.”

At Herbalife, Monroe has implemented a threat assessment team that consists of Corporate Security, Legal, HR, and Ethics and Compliance executives. “As an enterprise we have solid policies and procedures in place to protect our employees,” she says.

“Anonymous reporting is the number one technology that enterprise security should have,” adds Rodnie Williams, SVP Risk Management, Omnigo, and an enterprise security consultant. “’Telling on someone’ is not cool, but when you provide the ability to report it anonymously, it removes barriers. You also need to take into account how this new generation of workers share, deliver and consume content and information – they use mobile first. Anonymous reporting can work across multiple issues, such as mental health, in addition to working well across verticals and industries.”

Rodnie Williams

“Anonymous reporting is the number one technology that enterprise security should have,” says Rodnie Williams, SVP Risk Management, Omnigo, and enterprise security consultant.

Photo courtesy of Rodnie Williams

Williams also advocates investing in areas in an enterprise that have the highest probability of impacting a risk management program. “Security will put in place cameras, access control and other technologies, but most threats are coming from people who already have trusted access to our facilities. If you put into place things such as training, anonymous reporting, background investigations and drug screening, and then build around those methods, you will get earlier into the life cycle [of risks] and be able to provide earlier prevention and intervention.”