Employee Physical Security And Crime Prevention

Introduction

Taking steps to ensure employee physical security not just in the workplace, but also commuting to it, is an essential component of a comprehensive business risk management program. In light of a recent uptick in street crime (robbery, larceny, assault, etc.) targeting individuals and personal property across several major cities in the United States, Titan Grey recommends that businesses revisit this topic area and implement certain key risk management practices in order to mitigate threats to employee safety and security.

Scenario

Major cities have generally seen an uptick in street crime over the last year. Our review of the New York City Police Department’s CompStat data indicated a 25% increase in robberies, a 23% increase in misdemeanor assault, and a 15% increase in felony assault over the period from November 2020 to November 2021. The impacts have been broadly felt in office-heavy zones, such as Midtown Manhattan and the Financial District. To the extent these crimes target individuals on their way to or from the workplace, there are follow-on effects which impact not only the individual, but likely the employer as well.

Companies should take a broad view of providing for employee safety and security not only in the workplace, but around the workplace as well. While workplace incidents certainly do pose risks for businesses, so too do incidents occurring outside of the workplace—for example, on employee commutes.

Risk Overview

Employee physical security is of primary concern, and employers should have a strong interest in providing enhanced protective measures for employees for this reason alone. Furthermore, employees commuting to work are also likely to be carrying with them certain items of company property, such as laptops, mobile phones, etc. Finally, physical materials containing company and/or client (as applicable) confidential information may also be present. The loss of these items in a robbery or larceny scenario create risk directly to companies’ business operations in several distinct ways.

Risks

1. Employee suffers injury requiring hospitalization and/or treatment which negatively impacts ability to perform job duties.
2. Crimes committed against employees causes decreased workplace morale and negative impact to company culture.
3. Public relations and headline risk related to news stories about employees being victims of street crime on way to / from work at the company.
4. Risks posed by commuting to work lead to employee unwillingness to commute to workplace (where workplace is back to hybrid or full-time in-office), and potentially to employee resignations.
5. Open and unaddressed risks related to commuting to workplace yield increased difficulty in hiring for hybrid or full-time in-office roles, compounding challenges in the current (at the time of this writing) market for employee recruitment and hiring.
6. Loss of company devices yields capital cost for replacements.
7. Loss of company devices yields opportunity for unauthorized network access, theft of data / confidential information, ransomware attacks, social media account takeovers, and other cyber threats.
8. Loss of company devices as a set (e.g., laptop, mobile phone, RSA key, etc. all belonging to a single employee) yields increased risk of circumvention of enhanced security measures (e.g., 2FA, etc.).
9. Loss of company physical materials can lead to malicious use and/or disclosure of company (and, where applicable, company’s clients’) confidential information.
10. Loss of company credit / debit cards can lead to unauthorized charges / theft of funds.

The above list is a highlight of significant risks and is non-exhaustive.

Mitigants

1. Companies may consider relaxing dress code policies when typical office dress (e.g., business formal) presents increased risk of employees being targeted for robbery / street crime.
2. Companies may consider expanding / implementing / re-implementing work-from-home or hybrid model work protocols during times of particularly increased risk (see below re: threat intelligence and monitoring).
3. Companies may consider advising employees to refrain from using items, particularly bags, which contain or display company logos / branding where such logos or branding present increased risk of such items being targeted for robbery or theft.
4. Companies may consider holding trainings for employees on maintaining situational awareness while in public / commuting, and other topical areas of physical security risk management for individuals.
5. Companies may consider providing shuttle services or security-accompanied walks to transit hubs and/or parking lots.
6. Companies may consider providing private transit home for employees working late in the workplace.
7. Companies should ensure that areas around company offices which are under the control of company (e.g., parking lots, open spaces, etc.) are well-lit, subject to security camera surveillance with no blind spots, regularly patrolled by private security, and subject to other appropriate security measures.
8. Companies may consider reaching out to local law enforcement agencies to hire official details of law enforcement officers to provide security at company sites during key times (e.g., at high-traffic retail locations during times of elevated crime risk).
9. Companies may consider standing up internal risk management / threat assessment business units to assess and manage the company’s ongoing risk exposure.
10. Companies may consider engaging directly with local law enforcement agencies for bilateral communication regarding threat assessments related to crime affecting the company and/or employees.
11. Companies should consider deploying policies and procedures with employee trainings regarding the reporting and management of crime incidents.
12. Companies may consider deploying an incident response hotline for employees which provides real-time, 24/7 response capability for the company in managing threats to employee safety, data security, protection of confidential information, and other related risks.
13. Companies may consider deploying an “on-call” system for key IT resources in order to enable real-time responsiveness to device theft, network breaches, data security, and related risks.
14. Companies may consider deploying software technologies which enable remote location tracking and disabling of company devices.
15. Companies should emplace and periodically test procedures for network and other asset (e.g., company credit / debit card) access denial and re-credentialing in the event of access compromise (by theft or otherwise).
16. Companies should have certain key personnel identified as points of contact for media inquiries related to risks facing the company (e.g., elevated crime risk) and message broadly within the company that media inquiries should be directed to such personnel only. Such personnel should be properly trained and advised from various business functions / units / resources (e.g., legal) on responding to such media inquiries.
17. Companies may consider emplacing resources to engage with employees who become victims of crime to ensure such employees receive the full benefit of all company programs and resources available to them (e.g., counseling, healthcare, etc.) should the employee wish to so engage.
18. Companies may consider providing assistance for employees in managing personal risks related to the employee’s loss of personal property, personal credit cards, personal devices, and other such items. Such assistance may include the inclusion of certain insurance products as part of standard employee benefits programs.