Building the Safety Net

Building the Safety Net

By Mike Ginty

When most people think about surveillance cameras and security systems, they like you reading this sentence, probably tense up a bit because it all feels very confining like the walls are closing in on you and some even get that 1984 Orwellian feeling that “Big Brother” is watching. Yet those same people, post their entire lives on Facebook, Snapchat, and Instagram. They are fine with checking in on foursquare and using snap map to let their friends know what they are up to.  

And if you ask these people why they are okay with one over the other, most would say that the information is just going to their friends and they are choosing the content, but the real reason is that it is social and it has network effects. They are getting benefit from it. The more they post, the more others post, and the more they learn, discover, or feel like part of a community.

Unfortunately, we don’t think of safety and security the same way. Both individuals and companies think of security camera footage as being extremely private and therefore are unwilling to share readily even when it contains valuable safety information at others could learn from or use to prevent future incidents. But if you choose when where and how to share it, how is it any different than using social media. If you think about it, the practical application of crowdsourcing and crowd-sharing safety and security information could provide far greater benefit than most use cases on social media.

Some platforms like Twitter and Facebook are already being used to spread information, videos, and photos during times of emergency or natural disaster. Mobile devices and the cloud are, at the same time, both shrinking the world and broadening possibilities. With this technology is very easy to think that safety incidents and crisis management information, paired with photos, videos, and geo locations could provide great benefit to everyone from first responders, to families, and employers.

The ability to create a safety net fueled by mobile and cloud technology means we all benefit, and it gets better and better the more people use it and share safety information. Whole cities could become safer.

Contact us to learn more about how Bannerman is using network effects to make everyone safer.

Response: The last mile of any safety and security program

Response: The last mile of any safety and security program

By Mike Ginty

The common prevailing theory in the security industry is that a quality safety and security program should be first and foremost preventative, and ideally predictive. The theory being that if you put your focus into prevention and deterrence, you are afforded the luxury to  be less reactive.

And while it is true many would prefer to not have an incident happen in the first place, it should be noted it is difficult to prevent all incidents from happening and extremely expensive to attempt to defend against everything at once. So, when something inevitably does happen, you want to make sure you have the right response capability in place. To properly handle any incident, you can’t just react, you have to respond.

Whether it be a smashed window or a stolen laptop, it is simply not enough to react. Reaction is only the first part of the Response. A proper response is composed of the reaction, mitigation, notification, resolution and recovery.

Reaction - Should an incident occur, ideally your office has the right resources in place and the responding individual had the right training, but ultimately a reaction is based on instinct or muscle memory. Running toward the incident and running away from the incident are both a form of reaction. In many security programs, the reaction is just the alarm going off, when the window is broken.

Mitigation - Next you need to act to conduct damage control, i.e., evacuating people when a fire alarm goes off, turning off the valve when there is a leaky pipe, or starting CPR. Mitigation involves ensuring the immediate area is safe and preventing further incidents from occurring.

Notification - This is what happens after you can stop, take a breath and call for help. Sometimes this happens before the mitigation step, but ideally it would happen after. Notification involves calling for help or escalating to management.

Resolution - Resolving an incident often takes time. This is the part of the response when you fill out the incident report, fix the window, conduct the investigation, and communicate the outcomes to interested parties.

Recovery - This final step is often missed because everyone is in a hurry to get back to business as usual. But this is when you should reflect on the gaps that allowed the incident to happen, adjust policy and procedure for future prevention, and look at updating training around these types of incidents. Incident response is not really complete until this part is finished.

As you read these steps you might be thinking, response is not just the last mile, but also the longest. To some degree you are right, but it is also the part of security that can’t completely be fulfilled through the use of technology. Cameras, alarms, access control, and notification systems can help and do pieces of this, but ultimately having a trained security professional to handle most of the components is key. There is great benefit to having a trained security professional on site to respond to the alarm, triage the situation, document the incident, work with law enforcement, and write a detailed report to help management move on to the recovery phase.

No one wants to handle that call at 3 am. Having the right response team or process in place, makes even the worst situations much more manageable.

Cyber Security: Let's Get Physical

Cyber Security: Let's Get Physical

By Mike Ginty

October is National Cyber Security Awareness Month and information leaks are all over the newsfeeds. A leak or data breach is costly to repair and recover, and it is certainly costly to regain the confidence of customers and investors. According to Gartner, IT departments worldwide are going to spend $2.77 trillion in 2016 alone to secure their networks. But the first steps in data security don’t even involve software; they are good physical security practices that should be part of every company’s security culture. Here are five physical security measures which can be put in place to mitigate some of the most common cyber security vulnerabilities.

Access Control

It seems pretty simple, but it often gets overlooked. If you want to protect your data, you need to restrict who can access your data, and not just digitally, but the actual room or rack where your system is kept. Locking the area is a step in the right direction, but keys and combinations can be compromised. In order to truly secure the area you need to log who goes in and out of the space either with an access control system that logs individual users or by placing a camera in the area to see who is coming and going.

Visitor Management

Not all thieves break in through the windows after dark. Some of them walk right in the front door during daylight hours. Three things are core to any visitor management system: 1. Having a person at the front desk monitoring people coming in the front door. 2. Having a visitor log or digital sign in system. 3. Escorting visitors and vendors while they are in your space. In today’s open office environments, the casual lunchtime visitor could overhear conversations related to new market growth strategy, observe a cash flow projection model on a monitor or even snap a pic of a product in prototype. For all of these reasons, it is vital that you are able to keep a current and accurate list of who is in your space and guide what they see and hear.  

Device Security

In addition to locking your screen when away from your desk, having a strong password, and having the ability to remotely lock or wipe your device, simply locking up your devices goes a long way. Laptops and mobile phones make a mobile lifestyle very convenient, but they also make it very easy for a thief to grab a lot during the two minutes or less that most thieves are in a facility with an alarm going off. Laptops and mobile devices should not be left out overnight. They should either be taken home or locked up. This can be complemented by having a complete inventory of all devices as well. Sure a burglar might take a monitor, but they won’t get your data.


Shred early and shred often. Paper is is used less and less in our increasingly digital world, but it is not completely obsolete. Everything from board presentation slide decks to post-its should be shredded or disposed of using a certified secure destruction company. Securing your network means nothing if the same information is printed out and then discarded in the recycling bin.

Incident Reporting

Life happens. Laptops and mobile devices are lost or stolen, approximately 12,000 per week in airports alone. Having a robust reporting mechanism without fear of retribution, encourages employees to report incidents right away. All too often employees delay reporting because the system is too complicated, they are afraid of termination or they think they can recover the missing item on their own. If an employee has a lightweight way to alert the IT department, the chance of recovery and/or mitigation increases exponentially.

The right policies and procedures can help create a strong security culture that if implemented early and practiced regularly will become second nature for employees. With these simple physical security measures, all employees become an extension of the security team and help keep the company’s data safe.