Terrorist Watch – Your workplace

If you see somethingTerror in the workplace could happen to you. Remember, the flight instructors who taught the 9-11 hijackers didn’t know they were dealing with terrorists. But they were.

Retail

Bombs are traditionally the weapon of choice against the retail sector and certain industries or public buildings. They may form part of a targeted attack or the placing may be relatively random. The purpose is to cause economic damage directly and via publicity, not casualties. Most terrorist bombs are improvised. The most practical way to categorize them is by means of delivery:

Air and sea-borne (aircraft, rocket, parachute; ship, boat or mine).

Hand-carried (suitcase, briefcase, handbag).

Letter or package.

Other bombs, including incendiaries.

Suicide.

Vehicle (car, truck, bicycle).

Watch for:

Unusual requests, such as when the 9/11 student pilot was only interested in learning to fly and not how to land.

Someone carefully placing a bag or package, or putting something in a fairly inaccessible spot like the back of a shelf in a shop rather than just dropping it absent-mindedly.

Unusual parcels that smell of chemicals, tick or are just suspicious to you.

People conducting themselves in a strange manner or dressed inappropriately for the weather and climate.

Odd vehicles; unnecessary deliveries; unexplained movers; cleaners and contracted employees in abnormal places or without proper identification.

Office workers and travel/transport

Rule One: Assume your business has potential for terrorist activity. The point is not to be paranoid, but ready should you become a target. Sensitive office information should be carefully guarded. This can include staff names and addresses, home and internal telephone numbers, product information, customer details, technical specifications and chemical and biological formulas. Terrorists are known to have special interest in the last two. All travel and transport information should be treated as sensitive at all times. This means that car rental operations, warehousing and distribution employees, courier services, travel agencies, rent-a-truck companies all have the potential to be misused by terrorists.

Terrorists may use a disgruntled or vulnerable insider to damage an organization or business. They may also try to place a sympathizer among your staff. Encourage a culture in which security is clearly recognized as important and ensure that security measures are kept up-to-date and shown to be a high priority.

Watch for:

Anyone, including coworkers, attempting to access sensitive information unnecessarily.

Maintenance contractors and any services that are contracted out. A cleaner may have no access to sensitive information but may be able to plant a listening or other device that could cause equal damage.

Anyone attempting unauthorized photography. Remember that mobile phones are not secure and many have built-in cameras.

Electronic attack

Electronic attack usually involves hacking into computers to gain unauthorized access to the data or control software of systems in order to acquire or corrupt that data, or disrupt its functioning. Any system connected directly or indirectly to the internet or public networks is at risk. Sophisticated attacks may not be detected by routine security measures such as firewalls and intruder detection systems.

Electronic security is down to whoever makes computer purchasing and maintenance decisions. If that’s you, take the following precautions:

Buy from reputable manufacturers and suppliers.

Try to ensure that those who maintain, operate and guard your systems are reliable and honest and have qualifications in internet security.

Seek regular security advice from system and service providers and make sure you act upon it – pre-empt attacks rather than wait for them.

Consider encryption for particularly sensitive information.

Invest in security cabinets and fit locking doors.

Don’t leave storage disks/thumb drives lying around.

If security decisions are not your responsibility, encourage those in charge to take the above precautions. Also:

Take basic security precautions in order to prevent software or other information falling into the wrong hands.

Don’t leave sensitive material lying around, clear all work material from your desk after each working session.

Always back up.

Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

Other practical tips to protect yourself from cyberattacks:

Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

For e-mail, turn off the option to automatically download attachments.

Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Confidential waste

Material thrown away could be of use to terrorists. Treat office waste as carefully as you would your own confidential information. The principal means of destroying confidential waste, whether paper or magnetic media are as follows:

Shredding

The maximum recommended shred size for papers containing sensitive or confidential information is 15mm by 4mm.

Incineration

Incineration is the most traditional and still probably the most effective way of destroying waste, provided a suitable incinerator is used.

Disintegrators and hammer mills (industrial shredders.)

Pulping

Abrasion

Degaussing (magnetic erasure of data), acid and chemical techniques