While building owners and property managers frequently prepare for natural disasters, they should also be ready to respond to security threats. Is your property prepared for a terrorist or cyber-attack?
Building owners and managers can’t predict when a terrorist or cyber-attack might strike. An emergency preparedness plan, however, is a strong defense against such threats. Building owners and property managers need to learn how to protect residents and property against security threats and potential terrorist attacks and be able to implement a planned response. Investors and tenant organizations now also expect property managers and building owners to be better prepared in case of a terrorist or security threat.
When a Somali terror organization released a propaganda video calling for attacks on shopping malls in the U.S., Canada, the UK, and Europe in February 2015, Real Estate Roundtable’s President and CEO Jeffrey DeBoer said, “Terrorism risk mitigation—against both physical and cyber-threats—is a top priority for the real estate industry. It is a critical aspect of managing any facility where people live, work, shop, and play.”
After 9/11, the Real Estate Information Sharing and Analysis Center (RE-ISAC) shortly was formed. RE-ISAC is a partnership with the U.S. Department of Homeland Security, commercial facilities, and law enforcement agencies to counter potential terrorism and security breaches by sharing information and developing responses. Since its inception, the real estate industry has increased awareness among building owners and property managers to address homeland security issues such as emergency preparedness and response planning.
The six recommendations by RE-ISAC for building owners and operators to develop a preparedness plan are:
- Recognize their responsibility to address terrorism-security issues, including emergency preparedness and response.
- Build relationships with law enforcement officials at all levels.
- Report suspicious incidents or activity to local law enforcement and the federal government.
- Undertake reasonable risk assessments of buildings and portfolios.
- Develop emergency preparedness and recovery plans for businesses and buildings.
- Participate in emergency-response exercises as requested by the Red Cross and government officials.
Among the steps RE-ISAC suggests taking include establishing an emergency planning committee, communicating the plan to key stakeholders—including staff, tenants, and third-party service providers—and testing of emergency preparedness.
According to the Building Owners and Managers Association (BOMA) International Experience Exchange Report (EER), the building industry has more than doubled its expenditures in providing safe and prepared environments since 9/11.
BOMA believes that emergency planning for buildings must be tailored to each unique situation. BOMA suggests many physical security measures that properties can take for security and emergency preparedness. These include deploying visible security cameras and motion sensors; increasing perimeter lighting; increasing security personnel; removing vegetation in and around perimeters; locking devices on manhole covers in and around facilities; limiting access points, and developing an evacuation plan utilizing exits and stairwells.
In addition, BOMA suggests staff training should emphasize how to take notice and report suspicious packages, persons, devices, or other unusual materials immediately.
Avalon Properties, which operates multifamily apartment units in Arlington, Va., recently started improving its visitor policy by having guests sign in with the concierge upon entrance, who will inquire if a resident is expecting them. If the visitor indicates that they don’t know if the resident is expecting them, they will be asked to wait in the lobby until the resident is contacted.
Staff should also be trained in how to handle threatening telephone calls or bomb threats. Mail and package screening procedures and explosive detection devices can also be put in place.
BOMA also recommends procedures for hostage, chemical, or biological scenarios. Property managers can even consider conducting a study of vulnerability issues in the structural engineering of the property, including its power, water, electrical, and air systems.
Because buildings use computerized building management systems, owners and property managers should consider cyber-security to guard against cyber-threats, such as hacking and viruses. Cyber-crimes are very costly to an organization. According to a new study on the overall cost of cyber-crime conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the annual cost of cyber crime for companies across seven countries including the U.S. was $15 million last year, which includes the costs associated with business disruption. The data represents a nearly 20-percent increase year over year and an 82-percent increase in six years. The study suggests that the return on investment for an organization deploying security intelligence systems is nearly $4 million. Cyber-attack response strategies can include hiring a certified cyber-security expert, encryption technologies, data loss prevention tools, and policy management procedures.
There is no way of knowing how much warning time there will be before a security threat such as a terrorist, biological, or cyber-attack, so being prepared in advance is critical. Now more than ever building owners should start creating or revising their organization’s emergency plan. And with September being FEMA’s National Preparedness Month, what better time to start then now?