Author: Gregory Schmidt, CPP, PSP, CHSS

Gregory M. Schmidt, CPP, PSP, CHSS of Eagle/ Trident Security is board certified in Security Management, Physical Security, and Healthcare Security supervision. He has over thirty years of experience developing dynamic security programs, plans and policies for businesses in Indiana, Kansas and Florida. His conversation-style personal safety seminars are highly regarded and always in demand. Mr. Schmidt is a member of ASIS International, the International Association for Healthcare Security & Safety and the American Society for Healthcare Engineering.

Employers Must Create Workplace Violence Action Plans

Posted by ASIS:
From “Employers Must Create Workplace Violence Action Plans”
Occupational Health & Safety (06/07/18) Davis, Jessica

Speaker Bo Mitchell, President of 911 Consulting and a retired police commissioner, on June 7 laid out for attendees of #Safety2018, “The Fatal Flaws in Your Active Shooter Protocol,” the statistics on workplace violence and how employers should prepare. Almost all active shooter situations are over in 4-5 minutes, which means it is difficult for police to deploy in time. Because officials can’t arrive instantaneously, Mitchell said, the true first responders in a workplace violence incident are the employer and employees, and training them to call the police is not enough. In active shooter situations, the Department of Homeland Security says to Run, Hide, and Fight. According to Mitchell, this protocol’s fatal flaw is that the first step should be Alert. He stressed that in a chaotic workplace violence situation, employers must have multiple methods to alert employees as to what is happening and what areas to avoid. He listed options such as a PA system, two-way radios, panic alarms, or alerts via cell phones, text messages, or locked computer screens. He emphasized that redundancy and multiple alarms are best. Appropriate response and protocol in an active shooter situation is complex and not intuitive, Mitchell said, so there are many points that are vital to include when training employees. He underscored that the main duty of police when entering an active shooter situation is to find the shooter, and that employees should be trained to understand that police officers cannot help them emotionally or medically in this instance.

Two Armed Citizens Kill Shooter Who Opened Fire in Oklahoma Restaurant

From “Two Armed Citizens Kill Shooter Who Opened Fire in Oklahoma Restaurant”
USA Today (05/25/18) May, Ashely. Reposted by ASIS.

A gunman opened fire inside an Oklahoma City restaurant, leading to two bystanders shooting him dead in the parking lot. Oklahoma City Police said gunman Alexander Tilghman, who walked into Louie’s Grill & Bar around 6:30 p.m. local time Thursday, shot three people: mom Natalie Giles, 39; her 12-year-old daughter, and another child. “A bystander with a pistol confronted the shooter outside the restaurant and fatally shot him,” Oklahoma police tweeted Thursday. On Friday morning, police updated that statement to say two people, Juan Carlos Nazario, 35, and Bryan Wittle, 39, shot the gunman. When police arrived, the gunman was dead. The shooter was the only person who died in the incident. His identity was not confirmed as of Friday morning and his motive was unknown.

Researchers Find Amazon Alexa Can Be Hacked to Record Users

From “Researchers Find Amazon Alexa Can Be Hacked to Record Users”
eWeek (04/25/18) Kerner, Sean Michael. Posted by ASIS.

The security firm Checkmarx on April 25 disclosed it has found that a malicious developer can trick Amazon’s Alexa voice assistant technology to record everything a user says. It is currently unclear if any hackers have ever exploited the flaw, which is not in the Amazon Echo hardware, but rather is an abuse of functionality in the Alexa Skills feature set. Developers can extend Alexa’s technology by building skills that provide new functionality for end users. Checkmarx found that there were several unbounded parameters that were available to Alexa skills developers that could have enabled a malicious developer to record and even transcribe what a user says, even after the user had finished communicating with the device. “Customer trust is important to us, and we take security and privacy seriously,” an Amazon spokesperson stated. “We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do.” The Checkmarx research found that an attacker could manipulate an Alexa Skill, which can be installed by unsuspecting users and doesn’t require any physical access or tampering with the Amazon Echo smart speaker. “The problem is that the attack we described leaves no trace, so a naïve user will not be able to know,” said Erez Yalon, manager of application security research at Checkmarx. “It makes sense that with the info they have now, Amazon can check if the Amazon Store hosts any malicious Alexa Skills.”

People Are Often Too Embarrassed to React to Emergencies at Work — Here’s How to Stay Safe Should the Worst Happen

From “People Are Often Too Embarrassed to React to Emergencies at Work — Here’s How to Stay Safe Should the Worst Happen”
Business Insider (04/09/18) Cain, Áine. Posted by ASIS.

Threat management and workplace violence expert Dr. Laurence Barton says employers should encourage workers to trust their instincts and remain “situationally aware” on the job, instead of emphasizing shooting drills and tactical exercises. He says employers need to adopt flexible emergency plans and policies that empower employees to trust their intuition, rather than static ones. For example, instead of telling workers to evacuate the building and meet up at another location, Barton said to order employees to evacuate and keep moving until they feel safe. Static plans can endanger lives, in the event of unforeseen circumstances, such as an attacker who is familiar with the contingency plans. A flexible plan should encourage individuals to do whatever they need to do to make themselves safe. He says workers struggle to follow their intuition at work, because they are lulled into a false sense of security and are fearful of appearing paranoid in the workplace. When dangers arise in the office, people often experience a sense of disbelief and paralysis. Barton has interviewed numerous survivors of violent workplace incidents, many of whom describe freezing up and not acting on the opportunity to flee. A situationally-aware person would identify a potential threat, such as loud popping sounds, trust their instincts and take decisive action such as evacuating the building.

Scam alert: If your own number is calling you, don’t pick up

By: Diane Lee

Updated: Apr 10, 2018 10:14 PM EDT  Via: WISH-TV Indianapolis

SPARTANBURG, S.C. (WSPA) – A new, disturbing twist on a spoofing scam call could do a number on you.

By now, you’ve likely heard of scams calls spoofed from a real number where that person has no clue his digits are being used. But, what about seeing your own number pop up on your caller ID?

Kiara Milks got a a call Monday night from her own number, and was curious.

“So, I answered and they said,’Hey, this is so and so from the phone company and I’m just calling to tell you that your account has been hacked and I want to verify a few things with you to let you know.'”

Those few little things: your Social Security number and telephone account number.

“It definitely would be one of our top scams, spoofing. It sounds like it’s pretty easy for scammers to do.  And it’s pretty easy for consumers to fall for,” said Vee Daniel with the Better Business Bureau.

She is specially concerned about seniors falling for this latest twist, one that’s blanketing the area.

“Some of my friends from church had also had an encounter last night around 10:30,” said Milks.

Through social media she found out in recent days people have been getting that call across the Upstate.

Imposter scams, including this latest spoofing call, account for nearly 50 percent of the 1,400 scams reported to the Department of Consumer Affairs in 2017 alone.

Some other scams to watch out for right now:

  • Bogus job offers that try to steal your personal information.
  • Rental scams that post stolen photos of real homes and make off with your down payment.

As for Milks, they might have known her number, but she wasn’t about to let the scammers do a number on her.

“It’s kind of scary to be honest because you don’t know how many people are actually giving their account information,” she said.

Urgent- New Email Scam Targeting REALTORS®

From the National Association of REALTORS®
A phishing email, purportedly from the “REALTOR® Party via DocuSign,” has been sent to some NAR members. NAR says the email, which contains an attachment, is a phishing attempt, and recipients should delete it. If you’ve opened the email and entered your DocuSign credentials, you should log into DocuSign and change your password immediately. Remember never to take action on or click on any links in emails that appear suspicious or for which you cannot verify the sender via a telephone call. It’s a good idea to provide this advice to clients, too. Learn about other actions you can take to secure your network and sensitive information.

YouTube Shooting Puts a Focus on Workplace Security

From “YouTube Shooting Puts a Focus on Workplace Security”
New York Times (04/06/18) Hsu, Tiffany; Nicas, Jack. Posted by ASIS.

Silicon Valley firms are known for corporate headquarters that resemble universities, where employees mingle with tourists, executives stroll between meetings without an obvious security detail, and collaborations take shape out on the quad. However, such places are difficult to secure. The shooting this week at the headquarters of YouTube, a Google-owned company in San Bruno, Calif., has highlighted the security risks of Silicon Valley’s relatively open corporate campuses — particularly as tech companies’ expanding influence angers more people online. The risk is not confined to the tech sector. Many companies across the country are similarly exposed, reflecting an open-door policy that for generations has pervaded corporate America, where safety training has long focused on fire drills, earthquake-sheltering procedures, and accident cleanup. Many companies now send their security personnel to gun ranges to test active-shooter threats in virtual reality. Insurance providers are offering lower premiums for corporate clients with stronger security. “If you can’t protect the work force, you’re putting your entire operation at risk,” says Arnette Heintze, a former Secret Service agent who runs a security consulting firm. Companies of all kinds have stepped up security. General Mills has made physical changes to its building in Minneapolis to better prepare for an active shooter situation. Wendy’s has installed upgraded security cameras throughout its headquarters in Dublin, Ohio; set up advanced access control systems that can lock down different parts of the facility; and upgraded its phone systems with emergency messaging capabilities.

Lawmakers Seek OSHA Standard on Workplace Violence Prevention in Health Care

From “Lawmakers Seek OSHA Standard on Workplace Violence Prevention in Health Care”
Safety and Health Magazine (03/14/18) By ASIS.

Thirteen House Democrats have introduced the Health Care Workplace Violence Prevention Act, legislation intended to curb workplace violence in healthcare facilities. The proposed bill would direct OSHA to create a standard that would require healthcare facilities to develop and implement facility- and unit-specific workplace violence prevention plans. The legislation follows regulation enacted in 2014 in California, which went into effect in 2017, directing Cal/OSHA to develop a workplace violence prevention standard. The California law implements an April 1 deadline for all covered healthcare employers in California to develop and issue plans to prevent workplace violence and ensure the safety of patients and workers. The federal bill, introduced by Rep. Ro Khanna (D-Calif.), is similar in that it mandates that workplaces create and implement comprehensive violence prevention plans with input from doctors, nurses, and custodial workers. “The Health Care Workplace Violence Prevention Act puts a comprehensive plan in place and is a national solution to this widespread problem modeled after the success seen in California,” Khanna says. National Nurses United (NNU), the nation’s largest union of registered nurses, applauded the bill. The proposed federal standard calls on hospitals to assess and correct for environmental risk factors, patient specific risk factors, staffing, and security system sufficiency, according to NNU co-president Deborah Burger.

How Access Controlled Revolving Doors Can Protect Businesses From Crime

From “How Access Controlled Revolving Doors Can Protect Businesses From Crime”
SecurityInformed.com (03/09/18) Thomas, Tracie. By ASIS.

Keeping the entrances and exits to a building secure is an extremely high priority for most organizations. Architectural revolving doors may not always be top-of-mind when designing a new security system. However, with recent technological advances—and considering that they occupy less floor space and are excellent at reducing unwanted air infiltration into an interior—it is time to consider their role in a complete physical security plan. Revolving doors can be a reliable solution for providing the first line of defense against unwanted entry. They are often deployed in buildings where public use is needed during the day, but controlled access is required in the evening. Thanks to technology employing electricity, today’s manual revolving doors are more capable than ever before. New security features include emergency security lockdown, remote locking, and access control integration. For example, facility staff can electronically lock the door in place by pushing a remotely located button, or an access control system can lock the door automatically at a specific time of day. Notably, standard revolving doors are not equipped to prevent tailgating, or an unauthorized person following an authorized person through an entrance. If this is a concern, revolving doors should be the first of several layers of physical security. Overall, standard revolving doors can be a simple, cost-effective, and easy to implement solution that helps prevent unwanted entry and keeps building interiors safe.

Ground Shipments Undergo Limited Security Checks

From “Ground Shipments Undergo Limited Security Checks”
Associated Press (03/20/18) Koenig, David. Posted by ASIS.

Packages intended to be placed on a truck, like the bomb that exploded Tuesday at a FedEx facility in Texas, are not screened as carefully as items carried by passenger planes. Delivery companies such as FedEx and UPS rely on a risk-based strategy, hoping to detect illegal or dangerous shipments by spotting something unusual about the package or the shipper. Screening every parcel intended for domestic delivery would be too expensive. Cargo on passenger planes must be screened, usually by computed-tomography scanners, said Jeffrey Price, an aviation-security expert at Metropolitan State University in Denver. However, if a package is going to be placed on a truck for delivery within the United States, as with the device that exploded on a conveyer belt at a FedEx facility in Schertz, Texas, “there is much less likelihood that it’s going to be physically screened with X-ray or even a person examining the package,” said John Cohen, a former counterterrorism coordinator at the Department of Homeland Security. For truck shipments, cargo carriers train employees to look for suspicious behavior, including anything that looks odd about the package. An employee at a FedEx center in Austin, Bryan Jaimes, 19, told reporters he never received new guidance from managers about handling packages. He said his job is to load the trucks and that he assumes other workers earlier in the shipping chain give packages a once-over before they get to him.