Maintaining Security Vigilance During a Crisis

(Originally published Feb 2020, download PDF here)

We first heard of COVID-19 back in December 2019 and since then, we never could have predicted what would have unfolded. Our day-to-day work as protective intelligence professionals has changed dramatically. Not only are many of us working remotely in order to adhere to social distancing requirements, but our responsibilities have virtually morphed overnight.  

Outside of our typical threat hunting duties, we’re now tasked with tracking the spread of the virus as it impacts our workforce. We are constantly digesting the latest recommendations from the Centers for Disease Control and Prevention (CDC), tracking actions by state governments, briefing teams and leaders across the business, as well as supporting crisis response and human resource teams. If we are doing it all perfectly, we are not only mastering the COVID-19 response — but also remaining laser focused on our daily intelligence support tasks.

But let's be honest, we cannot be “perfect”. Perfect has raised its ugly head time and again and shown itself to be the enemy of good — this is a security professional’s absolute truth. We want to use this time to authentically engage with our peers, realizing this is a very stressful season, and we do not actually have all the answers. We can encourage one another, share lessons learned, and lean on one another to keep our teams as proactive and informed as possible. We also need to remain flexible and creative. As we prepare for tomorrow, we must still remember to focus on the threats of today.  

Below we’ve highlighted drivers of increased threats to our assets during this crisis, as well as several lessons learned from past challenges. We feel that these topics can facilitate constructive dialogue among our peers, help us address the challenges before us and those we anticipate in the near future.

Understanding The Bigger Picture

While our attention is on COVID-19, we will naturally lose some of our focus on the traditional threats that we are so familiar with — there’s only so much time in the day, even when teams are working significant overtime.

The COVID-19 situation is relatively unpredictable, information is fragmented, and the actions we can take to protect our organizations (months after the first US infection) are limited. On the other hand, physical threats to our assets are a constant, they are a “sure thing” — you can count on them not only persisting, but actually increasing during a crisis like this.

We must ask ourselves, is this truth reflected in how we’re executing our work today?

Are security resources being overly-dedicated to mitigate losses related to COVID-19, or are they being focused proactively on the typical threats to come, both during and in the aftermath of COVID-19? 

Consider the dynamics outlined below that are likely to increase the volume of physical threats that security teams face.

Environmental Dynamics Influencing Corporate Threat Profiles

In threat assessment, we often speak of “inhibitors” — those pillars in a person’s life that keep their behavior stable, inhibiting them from considering violence as a means to solve their problems. Job security and personal health are perfect examples of inhibitors that will be weakened during this crisis. Additionally, people’s lives are turned upside down if the 40 hours per week they usually commit to work or school have been reduced or eliminated altogether. This is a dangerous mix which leads to an overwhelming feeling of loss of control and structure. Virtually everyone we know, including our team members, employees, and families are impacted by factors that are creating anxiety and stress.

An important fact to remember is that persons of interest are no different — they, as well will experience a severe degree of life stress, that if not managed properly could become a triggering event. It's important to call out these issues and notice the impact each could have on a person:

• Threat or fear of job loss
• Providing food and shelter for one's family
• The loss of loved ones to COVID-19 
• Fear of limited access to testing and medical care
• Political turmoil, especially during such a polarizing election cycle
• Access to safe and reputable childcare (now that schools are closed)

While we do not want to heighten one's fear just for the sake of it, it is critical to note that virtually every basic human need is now perceived to be at risk — and this is no small concern.

Organizations Become More Vulnerable During a Crisis

All of the previously referenced dynamics are magnified when we consider how our organizations might be more vulnerable during times of crises. At the most basic level, our security teams are now decentralized, stretched to the max, and working significantly more hours than normal. Team members may be preoccupied with the health and safety of their own loved ones, and become inadvertently less focused on the mission of protecting principals and assets. This, coupled with complexities in the work environment can lead to severe challenges. For example, special circumstances such as the COVID-19 situation often lead to temporary changes in security protocols and standard operating procedures. This can create more opportunities for an adversary to exploit the situation, especially when our teams are preoccupied and operating with reduced manpower.

Additionally, when it comes to our primary responsibilities of being proactive for physical threats, our energy has been significantly redirected toward COVID-19 related tasks. Projects focused on COVID-19 response decrease our ability to focus on traditional assignments. For example, we are inundated with tasks that are taking away from our efforts to address traditional threats: assisting human resource teams, supporting crisis response teams, briefing business leaders, and more. We acknowledge that security teams need to rise to the challenge of assisting in these critical areas, but we must also be aware of the opportunity costs of doing so. As a final point, because law enforcement and emergency medical services are also stressed during this time, they will likely be slower to respond when their support is needed. If a program is heavily reliant on off-duty law enforcement to augment operations, those resources may be severely depleted or completely unavailable at this time. 

Specific Threats to Business Leaders

The COVID-19 situation tends to put business leaders in the spotlight based on how they chose to address the challenge that it brings. Consider the press conference that President Donald Trump held on the White House Lawn on March 13, 2020 where he was joined by the Chief Executives of several large companies. As we see more often in this political climate, when a business leader shares the stage with an elected official, intense criticism can follow. On a similar note, we know of several business executives around the country receiving sharp criticism and direct threats because of their organization’s internal response to COVID-19 around the following points:

• Being callous in not giving their employees sick leave if they were affected by COVID-19
• Not putting response measures in place soon enough
• Allowing affected employees to continue to come to work
• Prematurely implementing massive workforce reductions

These elements working together are highly likely to raise the personal threat profiles of business executives when they are cast in a negative light. And in contrast, executives that took actions perceived as being empathetic, proactive, and generous have received significant praise.  

Lessons Learned

We are in a new operating environment and uncharted waters. The next few months will be challenging for everyone, including the people and property you protect.

Let’s not forget the fundamentals

From a protective intelligence operator’s point of view, two important facts remain true:

1. The threat actors you know about today are not going to take a break because you are overwhelmed at the moment.
2. New threat actors are not going to always announce their intentions when they become a threat to your people and property. 

Stressful times such as this will likely create new persons of interest for your team, and these individuals may be more difficult to identify, especially as they manifest from inside your organization.

Take bold action

Simply put, as a security professional you must take action with the best information available and then pivot when required. Inaction is a recipe for disaster, and focusing on only perfect outcomes leads to indecisiveness. Our programs will be defined by how we act in this time of crisis, and in order to succeed we need to be more creative and scrappy, realizing that there is no authoritative playbook for addressing what we are facing today. We will experiment, make adjustments, and occasionally be surprised by the success that comes under intense pressure. 

Instill confidence in your team

Be reasonably concerned — and cautious. Now is not a time for panic, over reaction, and assigning projects that don’t deliver concrete results. Empower your team members, and allow them to take ownership of important tasks and departmental responsibilities. With the proper approach, you will be able to better understand what the new normal looks like, and at the same time, demonstrate confidence to your stakeholders and leadership.

Final Thoughts

None of us have ever experienced a situation like this — one that has such a broad impact on both domestic and international organizations. The best solutions to address COVID-19 challenges will be those that are simplest and adhere to the fundamentals that guide the work that we do everyday. We need to collaborate with our peers and remember that those lessons learned plant the seeds for future successes. While there are a range of factors that are likely to increase threats and vulnerabilities, many will remain more predictable and we can continue to ensure safety for our people, property, and our brand’s reputation.