The Washington Navy Yard in Washington, D.C., is supposed to be a secure facility, protected by checkpoints, armed guards and requirements of valid credentials for entry.
According to authorities, 12 people were killed and eight others injured when Aaron Alexis opened fire Sept. 16, 2013, in Building 197 at the facility.
So what went wrong?
The shooter used his electronic ID card to gain access to the Navy Yard, where he was assigned to work. He drove onto the installation and parked, before walking a short distance to Building 197 with a legally purchased shotgun inside his backpack. Once inside, according to investigators, Alexis made his way to an overlook above an atrium and opened fire into the cafeteria.
So what can employers do to prevent people with valid access to their worksites from doing harm?
“You need to first accept and acknowledge that the possibility of a violent incident occurring is real,” said W. Barry Nixon, SPHR, the executive director of the National Institute for the Prevention of Workplace Violence. “Once we recognize the potential for a problem, it puts us in the position to be able to develop a plan to avoid it, reduce the possibility of it occurring or to mitigate the impact should it occur.”
Background checks become an essential tool in the hiring process that can help identify problematic behaviors that warrant additional scrutiny, he added.
And employee screening shouldn’t necessarily be done just once. “I always encourage companies to conduct random background checks on their current workforce,” said Carol Fredrickson, the co-founder of Violence Free, a global violence-prevention consulting firm based in Phoenix.
But the biggest issue is that people don’t practice the security policies they’re taught, she said. “All employees need to be responsible for the safety of the workplace, and that includes being trained in workplace violence prevention policies such as access control and reporting any unusual red flags,” she said.
According to Steve Albrecht, PHR, a workplace-violence-prevention expert and trainer based in San Diego, “Many times people tend to rationalize the irrational behavior of a co-worker, letting behavioral problems pass without telling others, including their managers, HR or security personnel.”
It comes down to being aware, said Johnny Lee, the president of ePanic Button and director of Peace at Work, a Birmingham, Ala.-based organization that holds webinars and training events on preventing workplace violence. “Do co-workers or supervisors notice anything about someone acting suspicious? Look at all the warning signs; investigate; put prevention in place,” advised Lee, a former workplace-violence specialist for the Office of State Personnel in Raleigh, N.C.
How Secure Is Your Workplace?
According to ASIS International, an organization of security professionals based in Alexandria, Va., a fully integrated facility security program incorporates environmental design, detection systems, structural barriers, access controls, rapid communications, training and video surveillance.
To choose the right security measures for your workplace and apply them properly, it’s first important to conduct a risk assessment.
Security risk assessments can help organizations see obvious and more hidden vulnerabilities, said Albrecht. “They can reveal that employees leave critical access doors propped open or unlocked. They can show management that evacuation plans, active shooter responses and mass-notification systems need improvements.”
According to ASIS, a physical security risk assessment could include the following items:
- Documenting law enforcement, fire department and hospital locations and contact information.
- Documenting contacts for security staff in nearby facilities.
- Documenting other building tenants.
- Securing all building entrances after hours, and arming alarm systems.
- Securing dock/shipping areas at all times.
- Making sure all entrances, parking lots and grounds are well-lit.
- Securing doors and windows so they cannot be easily opened or removed.
- Actively monitoring video cameras during business hours and ensuring that cameras cover all entrances, exits and parking areas.
- Doing an inventory of electronic key cards, to ensure they are returned by exiting employees, and deactivating cards immediately after workers leave the organization or lose their card.
- Securing unassigned cards.
- Color-coding access cards for employees, visitors and vendors.
- Implementing commercial-grade security locks.
- Keeping master keys in a secure location.
- Tracking and auditing employees’ keys.
You should perform your physical security assessment at least annually to stay compliant with the bulk of the standards and frameworks, ASIS advises. If you take over additional floors or if the environment changes, you should re-examine the affected areas.
Put simply, the concept of access control “keeps good people in and bad people out,” said Albrecht.
Controlling access with keypads or swipe cards is one common way to prevent unauthorized individuals from entering the workplace or certain areas of it. But for a worksite to be truly secure, its visitor policies must be strictly adhered to. Politely holding access-controlled doors open for people who seem to belong there or allowing friendly strangers to get into the elevator with you can be the breakdown in security that leads to tragedy.
“There’s no proof of who they are unless you check their ID and ask a few questions,” Lee warned. The more familiar the faces are, the more this specific security breakdown occurs, he added.
“I’ve seen that visitor access rules don’t apply to family members, spouses or recently terminated ex-employees,” Lee observed, noting that these individuals may even have a swipe card or know the passcode to get in.
“The first step is awareness—knowing who is entering, who is on the premises and who is around you,” he said. “Say hello and make eye contact with all strangers. Ask suspicious people to verify their identity and purpose. If they get past you, use your company’s security plan.”
Most employees are very uncomfortable approaching strangers and asking them if they belong there, said Fredrickson of Violence Free. They don’t want to make others feel bad, or they’re embarrassed to question someone, or they’re not comfortable with confrontation, she explained.
Fredrickson suggested the following ways to approach a stranger or an unbadged person in the workplace:
“First, reframe the situation in your mind. Instead of thinking of this as a confrontation think of it as an opportunity to meet someone. Approach the person with one of these questions:
‘I see you’re not wearing a badge—are you new around here?’
‘You look familiar to me, but we haven’t met. My name is Sheila, and I work in accounting. Where do you work?’ ”
Even a simple “Hi. Can I help you?” could prevent a disaster.
Employees should be drilled on other procedures, too, such as how to handle banned individuals and what action to take if a potentially dangerous person gets by them.
When dealing with visitors, a security officer or front-desk employee should request access permission for the visitor; specify the date and time of the visit, the point of contact, and the purpose of the visit; and issue a visitor badge stamped with the date to prevent reuse.
Additionally, your company’s access-control database should be continually updated to reflect recent separations or any relevant personnel changes.
Using Building Design to Prevent Violence
Crime prevention through environmental design (CPTED) is a popular concept that proposes using design and the existing environment to reduce criminal activity. To provide maximum control, an environment is divided into smaller, easier-to-defend zones.
CPTED strategies include using technology systems such as electronic card access systems, security screens and video surveillance; organizational measures including policies that encourage observation, reporting and appropriate intervention; and architectural steps such as effectively using the facility’s layout to deter a violent incident.
Each of the CPTED focus areas builds upon and links to the others, said Albrecht.
One of the most basic CPTED strategies is to design multiple concentric layers of security so that protected assets lie behind several barriers. These layers start from the outer perimeter and move inward to protect the facility’s core. Each layer should delay an attacker as long as possible, according to ASIS. “If properly planned, the delay should either discourage a penetration or assist in controlling it by providing time for an adequate response,” the organization explained in its Facility Physical Security Measures Guidelines.
The most common perimeter barriers are fences and walls. Other physical barriers that can be used to control access are gates, turnstiles, secure doors and windows, and vehicle-access barriers.
Barriers can be augmented by security lighting, video surveillance and electronic access doors.
Each of these works well when installed, repaired, updated and regularly used, said Albrecht. “But the security culture must be driven by employee vigilance, not management edict. There are more employees who see more things, and they should be rewarded when they have the courage to come forward and report threats or security concerns.”
Added Lee: “Reporting avenues need to be supported from the top down. It’s better to prioritize prevention and intervention over reaction.”
Experiential learning is best, Lee advised. “Train, train, train. Practice someone coming in, handling an escalation and summoning support,” he said. “As we saw with the Navy Yard shooter, an expensive key card system will not stop a shooter with valid access.”
Roy Maurer is an online editor/manager for SHRM.
To read the original article on shrm.org, please click here.