Retail Workers Worry About Their Physical Safety While on the Job

January 10, 2024 Pete Cavicchia

While e-commerce has dramatically changed how everyone shops, the winter season — marked by the holidays and an early January when people are shopping for must-haves for the year ahead — is still a very busy time for retail.

Petty crime, theft, and vandalism are big concerns for consumers and their sense of safety.

Those issues are even more pressing for the retail workers who are employed at everything from big chain stores to small mom-and-pop businesses.

A season marked by increased shopping activity brings with it safety concerns from the people employed by the retail industry.

A first-ever Motorola Solutions retail worker survey

Motorola Solutions released its first-ever report on “The State of Retail Worker Safety.”

It offers an eye-opening look at how personal physical safety stands central for retail employees as they head to work.

Motorola Solutions employed independent market research firm Researchscape. They surveyed more than 1,000 U.S.-based retail store managers and associates in November 2023.

The results? They found that petty theft has grown by 54% over the past year. That was followed by grab-and-run incidents at 35% and hostile customer interactions at 31%.

“As a result, nearly two out of three [retail workers] are at least somewhat concerned for their personal safety at work,” according to a press release.

“The holiday bustle can be a stressful time for retailers. Sales associates and managers shouldn’t have to be concerned about their safety on top of everything else,” Sharon Hong, vice president, Ecosystem Solutions at Motorola Solutions, said in the release. “Our report found that retail workers are looking for more technology that can help them be better aware of safety threats, spot illicit activity and communicate quickly and seamlessly with other employees and first responders should an incident arise.”

A push for more advanced physical security technologies in retail

When it comes to what technologies are at the disposal of these employees during an emergency, the report showed that somewhat analogue, out-of-date systems persist.

About 58% said they use landline telephones, 45% pointed to PA systems, and 28% said they “rely on yelling to inform coworkers of an incident.”

These workers did point out some of the more modern security technologies at their stores.

The survey shows 76% said their stores have video security systems, 64% mentioned alarm systems, and 44% said their businesses use merchandise sensors.

That being said, 42% declared AI tech that could “detect guns” would make them feel much safer.

Additionally, 36% said they would like to see access control systems that could lock doors in the face of a threat, 30% reported they would like to have wearable or mounted panic buttons, and another 30% said they would like to have license plate readers on hand to pinpoint vehicles tied to criminal activity.

About 26% said they’ve considered leaving the industry as a result of their personal safety fears.

“The retail industry employs tens of millions of Americans and contributes trillions to the U.S. economy each year,” Hong, concluded at the end of the release. “Technology, communication channels and preparedness training can help to create safer store environments for employees and shoppers alike.”

Ways to Keep Security in Mind During Holiday Travel Season

December 13, 2023 Pete Cavicchia

The holiday season is here and 2023 is about to come to a close. That means increased travel, contact with strangers, and exposure to personal security risks. Experts are saying that this will be one of the busiest holiday travel seasons in recent memory, as post-pandemic behaviors return to pre-2020 normalcy.

Whether it be concerns over one’s health, finances, or physical safety, it’s important to keep security at the top of mind while enjoying the celebrations that come with the month of December and the start of the new year.

Fortune reports that nearly half of America plans on traveling between Thanksgiving and mid January. With so many people in flux, it means elevated personal safety and security risks.

Be safe on the road

One area people need to keep in mind is road safety. The American Red Cross details some recommendations travelers should keep in mind if traveling by car this holiday season:

Inspect the car to know it is in good condition before hitting the road.
Bring an emergency preparedness kit that includes first aid supplies.
Notify friends and family of travel plans — this includes departure times, expected routes, and anticipated arrival times.
Monitor the local weather reports before heading on the journey.
Get enough rest to be sharp and alert during the trip.
Put standard driving safety procedures in place, including buckling one’s seat belt. Also, this is important — do not drive impaired by alcohol or other substances.
Respect road rules and exercise caution in school or work zones.
Put the cell phone down to avoid distractions while driving.
Take advantage of rest stops and rotate drivers during long trips if possible.
If there’s car trouble, pull off the road as soon as possible and call for help right away.

Pay attention to air travel safety tips

The Transportation Security Administration (TSA) released its own guidelines for air travel safety.

The TSA reports it has “screened a record number of passengers this year and anticipates airport security checkpoints nationwide to be busier than ever this holiday travel season.”

Here are the TSA recommendations for airport and air travel safety:

Pack smart, which means making sure not to bring prohibited items through airport security — this could be certain foods and liquids. Head to TSA.gov for a list of acceptable items.
Be sure to have appropriate ID on hand.
Get there early, especially during travel days that will be busy. It’s recommended travelers arrive two hours prior to scheduled flights.
Ensure all firearms are properly packed in a hard-sided and locked case in a checked bag — declare all firearms at the ticket counter during the check-in process.
Prepare for new checkpoint screening technology that will be on hand. This includes 3D imaging of passengers’ bags.
Call ahead to TSA Cares’s toll-free line — 855-787-222 — at least 72 hours before a flight with any questions about screening procedures.

Personal health tips for traveling

The Centers for Disease Control and Prevention (CDC) offers public health recommendations for holiday travelers:

Stay up to date on routine vaccinations, especially if international travel is a part of one’s holiday plans. Given that the holiday season converges with cold and flu season, be sure to get the latest COVID-19 vaccines and seasonal flu shot before traveling.
Wear sunscreen of SPF 15 or higher if traveling to a place where there will be risk of high UV exposure.
Take steps to avoid bug bites — this could include mosquitoes, ticks, fleas, flies, and even bed bugs if hotel stays are included in holiday season travel. If a traveler gets a strange bug bite and starts experiencing symptoms of illness, contact a health care provider.

Additional personal safety precautions

Beyond travel-specific concerns, always be aware of one’s surroundings. When traveling to another country or a new place, Nationwide recommends checking “the State Department's website for country updates and enroll in the Smart Traveler Enrollment Program (STEP).”

Additionally, Nationwide stresses that travelers make copies of important documents — think driver’s license or passport — before going on a trip. Save these online and keep multiple hard copies in case these crucial documents get lost or stolen.

Finally, always be wary of using public Wi-Fi connections. This is a prime way hackers try to access personal and financial data.

The holidays offer a period of rest, relaxation, and family reunions. They are meant to be celebratory, but just be sure to stay safe.

Modern Banking Requires Robust Physical Security

December 5, 2023 Pete Cavicchia

Perhaps no sector is more sensitive than the financial services industry. The data and financial resources protected by these institutions are incredibly vital, often the lifeblood of individual consumers and major businesses alike.

It should be no surprise that banks and other financial entities are major targets of cybercrime. While cybersecurity protections are often the focus today, it’s important to note that physical security must be prioritized as well.

In a new piece for Fast Company, Matt Tengwall, Senior Vice President & Global GM, Fraud and Security Solutions at Verint, outlines why it’s important that robust physical security defenses are put in place.

He points to the fact that banks and credit unions are experiencing substantial growth, which — while a positive development — attract unsavory security threats. By having strong security, banking institutions encourage confidence among consumers and business partners alike.

“The emergence of advanced digital technologies, growing bigger each day, offers a two-fold opportunity. On one hand, it facilitates easier system integration. Networked video surveillance platforms, for instance, can integrate with various digital systems, providing a unified security solution,” Tengwall writes. “On the other hand, the very reliance on these digital solutions necessitates fortified physical security to protect the hardware that drives them.”

While rapid digitization sometimes overshadows physical security programs, Tengwall explains that threats to actual buildings and banks are very real today.

“In a digital age, the nexus between the physical and the digital is more intertwined than ever,” he adds. “A breach into a data center, for instance, can jeopardize millions of records, translating into massive digital disruptions.”

Fintech solutions have become the key go-to innovative solutions for banks, but Tengwall rightly states they are supported by physical hardware. Examples include servers, data centers, and networking equipment. This physical infrastructure supporting digital products are all firmly targets for bad actors.

“Protecting these vital assets, which play an important role in maintaining client trust, is as crucial as securing the digital data they hold,” he explains. “So, while digital transformations offer unparalleled opportunities, they also necessitate a renewed focus on the age-old principles of physical security. Banks must recognize and act on this dual mandate to truly secure their future and that of their clients.”

It’s true, the digital age is here and there is no turning back.

New technology has made banking more efficient and accessible than ever. While embracing modern tech solutions is key for 21st century business, physical security can’t be left in the rearview. Instead, it must be prioritized and made central to any modern security policy.

Best Practices for Protecting Physical Data Centers from Threats

December 2, 2023 Pete Cavicchia

Today, the physical data centers that store a company’s most vital assets are often on the frontlines in the battle against hackers and criminals.

In a new piece for Data Center Knowledge, Sam Prudhomme, President of Accelevation’s Data Center business unit, writes that these facilities are increasingly targets as investments in AI and cloud computing become the norm for most companies.

“The value of information housed in data centers opens the pathway to potential damage caused by an unplanned outage,” Prudhomme writes.

A growing threat

It’s important to note these specific breaches were once rare.

There were only five incidents of theft or sabotage at data centers in the decade between 2006 and 2016. Prudhomme explains that the first half of this year, alone, there were more than 70 “significant data breaches,” citing reporting from IT Governance.

“There is a tendency for data center physical security to focus on the first few lines of defense — perimeter security and controlling admission to the site,” Prudhomme writes. “While these measures are essential, they do not preclude the need for attention and investment into security the data center white space and the hardware it contains.”

External and Internal Bad Actors

The focus is often on external threats — of individuals coming from the outside and causing physical breach.

Prudhomme offers the troubling reminder that oftentimes “the greatest and most under appreciated risk” to these centers is the “intentional human sabotage by an actor with insider access.”

With these disturbing realities in mind, he writes that not having the proper defenses in place to proactively protect a data center from external and internal attackers leaves the center — and the greater company as a whole — at great risk.

This bears reputational risk as well.

“Once access to the hardware in a data center’s white space is obtained, the capacity to do immense damage is great, both to the company whose digital assets have been tampered with, as well as the data center owner’s reputation,” Prudhomme asserts.

A multi-pronged approach

One thing that must happen is an audit of the existing physical security protocols for a data center. Physical security officials can’t just assume a building’s systems are “threat proof.”

A multi-pronged approach has to be applied. This means locked gates, security personnel that are well trained and armed, and facial recognition tech — or other forms of biometric security clearance programs.

An AI-Focused Future

Looking ahead, AI is going to be the word on everyone’s lips.

“The current investment in artificial intelligence is massive and widespread. Generative AI, specifically, has the potential to be the most economically and socially impactful technology of the decade,” Prudhomme explains. “There has been a great deal of data center capacity leased in the last three months to host generative AI workloads, and many of the key players in the space are gearing up for the next phase of the AI arms race.”

Shoring up a physical data center to be shielded from the wide range of threats that exist isn’t easy.

This requires great foresight on the parts of both security professionals and company executives. It means taking into account the great complexities of how hackers and physical attackers carry out their crimes in the modern world.

It’s incumbent on all stakeholders in protecting a company’s data to be wary and aware of all possible threats that target data centers today.

Physical Security Professionals Are Growing Increasingly Wary of Cyber Attacks

November 1, 2023 Pete Cavicchia

As physical security staffs have to worry about cyber threats increasingly more than in the past, it makes sense that concerns over things like ransomware and hacks of IoT-connected devices are at the forefront today.

Now, a new survey released in October is offering a clear snapshot of just how pressing these concerns are in the physical security world. Industry leader Genetec surveyed 5,500 global physical security professionals who distilled these cyber fears.

Among the findings, 31% of end-user respondents said their company or organization “was targeted by cyber threat actors in 2023,” according to a press release.

Within that group, 73% in the intelligence and national security sector were victims of these attacks — the highest percentage by far. This was followed by 46% in banking and finance, and 21% of those in the retail sector.

The survey revealed that 36% of end-user respondents said cybersecurity vulnerabilities were a “top challenge” facing their companies this year. One sector where an attack can literally mean life and death for its customer base is healthcare. Genetec reports that 43% of respondents in this field said cybersecurity vulnerabilities were the top challenge of 2023, more than for any other group.

In light of these concerns, companies are addressing cyber threats more directly than in the past. The survey shows that 42% of end-user respondents said their companies are currently harnessing cybersecurity tools “in their physical security environments.” This response illustrates very clearly just how serious these cyber concerns are. Just a year ago, 27% of end-user respondents in Genetec’s survey said they put proactive measures in place in response to cybersecurity threats.

“It is reassuring to see growing awareness of the cybersecurity of physical security systems," Mathieu Chevalier, Principal Security Architect at Genetec Inc., says in the release. "As more organizations look to implement enhanced cybersecurity measures, they need to look for manufacturers who are committed to cybersecurity and building tools that help them streamline the maintenance and updates of their systems.”

The qualms physical security professionals have over cyber-attacks aren’t theoretical. These attacks can inflict very real damage. In a blog post for Embedded Computing Design, Tim Morin writes that cyber-attacks can hit physical assets like manufacturing systems and shipping and distribution pipelines.

In this connected age, physical security officials can’t discount these trenchant calls for vigilance that are circulating so loudly today. They must build physical defenses that have cyber concerns firmly in mind.

A Look at the Top 5 Modern Physical Security Threats

October 25, 2023 Pete Cavicchia

With the constant news of everything from hacking attacks compromising security cameras to store break-ins and looting, it’s an era where businesses large and small need to be on high alert constantly.

Changes in technology and the evolution of ever more sophisticated criminal attacks have made this a very complex time for physical security officials — they have to stay abreast of all the changes that are defining the security landscape today and do everything in their power to keep their companies safe and secure.

Thinkcurity recently published an overview of the five most significant physical security threats today.

“We can expect cyber and physical security threats and vulnerabilities to converge. Our various internet of things (IoT) devices will pose more of a threat to digital and physical security,” the website reads.

Here’s a look at the top threats they identified:

1. Modern Threats are Outrunning Organizational Changes: Modern companies keep trying to update their physical security protocols to address the wave of modern threats. This means physical security has to be folded “into the everyday functions” of a business. While that seems intuitive, criminals who are aiming to attack a company or firm are adapting at a pace that far outruns these organizational realignments. This means physical security teams have to get everyone in a company aligned on what is at stake, train everyone on the team in the latest technologies and protocols, and make sure security stakeholders in a company aren’t siloed away. Instead, they all need to be integrated to work cohesively to respond to any new threat.

2. Hybrid Work Environments Make it Difficult to Keep Track of Who is on Campus: Since nearly every business has embraced hybrid work models since the COVID-19 pandemic, it has made it more challenging for security teams to monitor who is at the company’s physical campus at any given time. There are tools to track who is on site. This includes “mobile guard software” that can allow security officials to have “geolocation data” and software that can pinpoint who is working at home. Another option comes in the form of mobile-first access control systems that allow a security official to know who is in the building in real time.

3. Current Cyber Attacks are Exploiting Connected Tech Vulnerabilities: It’s important that all businesses today embrace modern, cloud-connected technology. That being said, having everything connected to the Internet exposes more points of entry to bad actors who hope to access sensitive data and compromise the physical safety of any given building. Thinkcurity writes that companies need to “bring together cyber security and physical security operations” — it’s the only way to address these multi-pronged attacks that are designed for our IoT-centric world.

4. Labor Shortages Provide Their Own Risks: Much has been made of the current reality of nationwide labor shortages that have hit nearly every sector in the post-pandemic U.S. Thinkcurity stresses that while this has always been a problem for the security industry, it has gotten even worse in recent years. They write that "understaffing makes the problem even worse, leading to burnout and low morale.” This means it’s high time that companies embrace HR and talent management software to pinpoint the right job candidates. Businesses also need to offer competitive incentives to recruit and maintain a steady security workforce.

5. Increased Crime: In recent years, incidences of crime like robbery, burglary, and theft have increased. This has all coincided with an economic downturn as well as the societal ruptures brought about by the pandemic. It’s all made for a big headache for security officials. In order to be ready to address these frequent threats, it might be prudent for businesses to invest in modern security softwares and devices to better offer real-time responses and defenses.

“Security needs to continually adapt to this changing threat landscape. To do this they’ll need to assist organizations in achieving comprehensive situational awareness. They’ll also have to focus on de-escalation to prevent threats from causing more damage than necessary,” Thinkcurity concludes.

It’s a complex — even harrowing — time for companies of all sizes. Security has to be prioritized.

Experts Stress a Proactive — Not Reactive — Physical Security Plan

October 13, 2023 Pete Cavicchia

At the recent 2023 Global Security Exchange conference, leading experts in the field convened to share their best practices, shedding a spotlight on today’s trends that are driving the greater security sector.

One common theme that emerged is one that security professionals from businesses both large and small should make note of — a robust physical security strategy has to be proactive, not reactive.

‘There’s always some crisis’

Recently, BizTech Magazine’s Rebecca Torchia covered the conference, outlining the range of perspectives from this year’s conference.

For Larry Wansley — former security director for American Airlines and the Dallas Cowboys — “not much happens until something happens.”

In other words, security professionals have to be ever vigilant with an aggressive plan in place. They can’t be passive, waiting for a potential breach. Wansley revealed that the American Airlines headquarters had lax standards until someone tried to attack the company’s chairman.

“Right after that, we got checkpoints. We got biometrics. We got everything that I had been trying to get for a long time,” he recalled. “There’s always some crisis, some situation, that drives the response.”

Training is key

Torchia reports that Janet Lawless, CEO and founder of the Center for Threat Intelligence, discussed why it’s necessary that everyone on a security team stays abreast of the top threats of the day.

She said that bad actors have better funding and more comprehensive criminal networks to carry out breaches than in past decades. To combat this, personnel training has to be front and center. That being said, Lawless warned that “many organizations feel hindered by a lack of security funding,” Torchia reports.

Lawless pointed to the very common sense — but often forgotten — recommendation that employees at any company turn off their work computers and devices when they are away from their desks. Sensitive data are left open and accessible to criminals who enter often-deserted offices.

“Run background checks on everyone, and train everyone to take things off their desk,” Lawless stressed.

Keep tech up to date

Outside of these tried and true recommendations, Torchia highlighted the fact that many of the event’s speakers emphasized just how crucial it is that businesses invest in the most advanced security technologies.

Regular audits must be performed to ensure everything is updated. Lawless pointed to the fact that many surveillance cameras are poorly secured — it’s incredibly easy for an intruder to physically move a camera away from doors and points of entry. If leaders in a company invest in technology, then they must maintain it.

From going on the offensive against criminals to emphasizing staff training to updating old technologies, what was the pervading theme of the conference? All businesses must have dynamic and confident physical security approaches to keep data and personnel safe.

Ways to Bolster a Company’s Network-Connected Physical Security Systems

October 6, 2023 Pete Cavicchia

Given now is a time where all systems are interconnected and Internet-supported, the distinctions between cyber and physical security are increasingly blurred. That means that a firm’s network-connected physical security systems have to be protected robustly.

In a recent article for SecurityInfoWatch.com, Antoinette King, outlines the best practices for protecting these systems in an IoT-centric age.

From analogue to digital — The evolution of modern physical security

King starts out by stressing that connected devices foster efficiency for companies, but they bring risks that didn’t exist in the pre-Internet era.

She writes that, two decades ago, physical security systems were designed to be stand-alone tools that were separate from one another. Exterior security was different from interior security, which was different from closed security television, in turn.

All of this made for an unwieldy system. That all changed with physical security information management systems (P-SIMS).

“Physical Security Information Management Systems (PSIM) were software that provided platforms and applications created by middleware developers. They were designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface,” King explains.

This didn’t last because middleware is exactly what it sounds like — a midway connection point, another unwieldy step in between two different systems.

Hence came the “single pane of glass” approach of today, with integrated physical security solutions becoming the name of the game.

Recommendations to keep these systems safe

While these systems are efficient, they possess inherent vulnerabilities. She cites weak authentication and authorization, which can be targeted easily by hackers. Additionally, many of these systems feature outdated firmware and software, possess insufficient encryption, and hold secure boot mechanisms that leave a lot to be desired.

Outside of this, external flaws of the day such as lax auditing standards and the presence of global supply chain vulnerabilities mean many physical security systems are left exposed to attacks.

Some of King’s recommendations to address these concerns are:

Protect data rooms — King says many of these spaces are used for data storage and often are left without the needed updates and renovations to protect the sensitive information they contain. She says that the physical rooms should be “reconstructed from floor to ceiling with solid, impenetrable construction.”
Emphasize access control protocols — Given that access control systems like card readers and digital credentials are connected to WiFi and Bluetooth today, King stresses just how vulnerable they are to hacks. One way to protect these systems is to do a full audit — when someone leaves a role at a company, make sure their credentials are taken away. No one should have power over access control systems that they no longer need. It’s too easy for a bad actor to get their hands on them.
Fasten the locks — When it comes to traditional manual locks, King says “ensure they are of suitable security construction, six or seven pins keyways, a long throw deadbolt, and a regularly audited key control system with no master keys issued.”

With the rise of new technologies — time will tell how tech like AI will disrupt the physical security space — it’s important that every member of the team does everything they can to keep a company’s physical security systems hacker free.