Noah Price, head of the G4S Academy, provides an overview of the security threats faced by the real estate sector, together with a useful outline of how to stay one step ahead through security best practice.
The threats faced by the real estate sector are varied and depend on factors including the nature of the business and who its owners/stakeholders are; its location; its size; its design, including the ease of access and retreat; the types of assets that can be found there; and critically, how good the security is. The pandemic has also had an impact on reshaping some of these factors and changing threat levels.
The principal threats facing the real estate sector include:
Property damage and theft - Property damage can occur at any time from natural causes or through deliberate harm from vandalism at one extreme, to terrorism at the other. Damage may be directly against the building, from damage to adjacent properties, or those in the close vicinity.
Theft against real estate includes opportunist thieves exploiting security lapses, and professional thieves targeting premises known to hold valuable assets, such as computers. Thieves also target employees’ and customers' own personal items such as bicycles, mobile phones and staff passes. When such offences occur, they highlight weaknesses in security which can be embarrassing for organisations, sometimes adversely impacting their reputation.
Increasingly, threats are against company data and intellectual property. This is not just an external threat, often it is people in buildings who commit thefts, as well as damage.
Vacant premises - Vacant properties are exposed to a number of threats and hazards, from burst water pipes and flooding to a range of threat actors with different intentions. Securing vacant properties speedily and managing authorised access thereafter (for example contractors) is important.
Theft and vandalism in vacant properties can include graffiti, broken windows, and damage to furniture and fittings, while the theft of valuable items includes metal and cabling. Fly-tipping is also an increasing issue on vacant sites, while the British Safety Council reports that up to 60 fires occur daily in or next to an empty property in the UK.
Illegal occupation of sites can include casual trespass; organised events, such as raves; urban explorers, squatting and traveller settlement. Owners of real estate have a legal duty of care to protect people on their sites from foreseeable harm, including those who trespass, further underlining the value of good security.
Conflict and abuse – Employers have to fulfil their duty of care to protect the health, safety and welfare of their employees, contractors, visitors and clients. This can be greatly enhanced by effective security. Services need to be tailored, as the guidance and support offered to those working alone when travelling to and from the workplace when at risk of abuse, harassment or voyeurism will require a different focus.
Impact of Covid – During the pandemic new ways of working meant cyber security, as well as physical security, was more difficult for many organisations.
The Government’s cyber security breaches survey of March 2021, found that, with the move to home working, employees and businesses became more vulnerable to cyber-attack. For physical security, the wearing of masks complicated the process of identifying individuals, while making it easier for offenders to hide their identity and conduct hostile reconnaissance undetected.
As employees return to work, fulfilling the duty of care and ensuring that staff and visitors feel safe, welcomed, and supported is key. Security is playing a vital role in adapting to change, and it is important it remains flexible and alert.
Terrorism - With the current threat to the UK from terrorism classified as ‘substantial’, meaning that an attack is likely, terrorism is one of the biggest security concerns.
While attacks could occur at any location, the most vulnerable are those highly populated buildings/areas, while specific targets may include financial, social, political, and religious institutions, as well as iconic landmarks. Many terror attacks have been stopped, often because of alert people noticing and reporting something unusual or suspicious. Businesses need to be aware of how terrorist attacks could be undertaken, including the danger of being supported by an insider, and need to keep abreast of the changing threat level and adjust their security approach accordingly.
Activism and civil disobedience - The use of campaigns and protests to raise awareness of political issues or reforms have significantly increased, creating a constantly evolving threat. While activists often target densely populated areas and iconic or key buildings, activism is not confined to city centres and populated areas.
Attacks may not be against the organisation directly, but it may become a target because it supports, represents, or has as a client, an organisation that someone wants to protest about. It may merely be near or en route to or from another locale.
Cyber security - Cyber threats are of particular concern in the real estate sector and these can take different forms including hacking, data breaches, and ransomware attacks. With many properties now relying on digital operations and ‘smart’ technology, the effects of attacks could range from a mere inconvenience to a full shutdown. Vulnerability is increased where commercial buildings have multiple occupancies, with interconnectivity and interdependent IT systems, which involve third parties.
Information on work systems that is illegally accessed and leaked can also cause acute embarrassment and adversely impact an organisation’s reputation.
Responding to ad-hoc threats - Organisations cannot plan for everything, but when unforeseen events occur, security is typically a ‘first responder’. It is important for organisations to find a security partner that is observant, proactive, and takes pride in supporting clients.
Intelligence is key. The G4S Academy provides regular, free security bulletins on potential threats, which can be a useful part of security planning.
The fundamentals of good security
In response to these threats, a number of fundamental elements need to be in place, in order to achieve good security and stay ahead of the evolving threat.
Regular risk assessment and planning
With regular risk assessment and planning being the foundation of good security, it’s worth taking time to consider whether the organisation’s risk assessments and plans are up to date. Have there been any changes in the assets that need to be protected? Are there any new vulnerabilities? Are the assessments incorporating the latest good intelligence – in real-time - and if so, are they being built into the plan?
In the same way that businesses use penetration testing to test cyber security, physical security should be tested against various scenarios. Table-top exercises can be an excellent way to identify possible weaknesses and be prepared.
A more holistic approach to training
Organisations can benefit from thinking about training in a more holistic way, especially as the role of security today incorporates customer service and is more than traditional security delivery. Security officers will receive training relevant to specific needs, however, it is also vital to encourage employees to take part in relevant security training. Joint sessions can be invaluable for all concerned and build rapport and understanding, which can become especially valuable in an emergency.
Working in partnership
The best security solutions will be achieved where security providers and clients work closely together, whether it’s the planning of an integrated security solution or a small change in an existing plan, collaboration can help to reach the best solutions, more quickly.
The partnership between G4S and JLL (one of the world’s largest property management companies) has transformed the approach to security, by embedding technology and challenging existing personnel procedures. This has resulted in delivering security solutions in a more innovative, efficient, cost-effective, and sustainable way.
Developing a strong security culture
Strong security culture will ensure that employees are security-conscious and aware of the most effective ways of protecting assets, including themselves. It is important to review the security culture on a regular basis, in line with changes to the threat landscape, working practices, and the technology being deployed.
Insights shared information and best practice
Good security utilises insights and shared information, while also using best practice from first responders.
For example, G4S is a member of The City Security Council, which aims to explore ways to improve collective responses to threats from terrorism, crisis, or emergencies. G4S uses the risk assessment and decision-making process, the National Decision Model. It also incorporates practices developed as part of JESIP (The Joint Emergency Services Interoperability Programme) which was developed to improve and standardise the way the police, fire and rescue, and ambulance services work together when responding to major incidents.
Balancing security and customer service
Security officers working in the real estate sector must be proficient in customer service. G4S can provide staff with an award-winning hybrid receptionist and security role. This can save on costs and improve security as well as result in an outstanding front-of-house experience for staff and visitors alike.
Embracing new ideas and new technologies
Technologies to counter the threats are constantly evolving. For example, lone worker devices enable staff working remotely to be in permanent contact with the security centre. Hand-held devices can be used to perform tasks that previously required officers to be sitting in a control room, thus enhancing the security service on the frontline.
Developments in access control, including biometrics and facial recognition, can also deliver better and frictionless security which can be especially important in the post COVID environment.
Building integration in security
Finally, security that is integrated and planned holistically is likely to work better, precisely because it has been designed to ensure that there are no gaps to be exploited. Physical security for example is best when security professionals work in harmony with good technology, and when integrated with personnel security (protecting from the insider threat) and cyber security (protecting digital data and systems).