Robust Solutions for an Evolving Threat Landscape

Are you prepared for the myriad of ever changing threats to your facilities?


Your corporate threat landscape requires a holistic, flexible and rigorous approach to identifying, reducing and managing risks. Threats of violence, the global health crisis, geopolitical issues, financial concerns and threats to reputation are ever evolving risks organizations face daily, no matter their size.

GMR 410, LLC helps clients understand and respond to employee, operational and facility safety, security and risk challenges. Our experts help clients make confident risk management decisions to improve their security operations and better prepare for emergency situations and evolving threats. As Trusted Advisors, we offer an extensive array of tailored solutions to promote safe operations while maximizing efficiency and value.

We are proactive and client oriented, building relationships to serve our clients, and providing Trusted Solutions to meet needs. Getting proactively in front of risk is the key to deterrence, and the ability to anticipate through solid fundamental experience is what we offer. Our priority is always to provide clients with exceptional risk mitigation strategies without compromise.

Ready to Support Clients Across North America
Our experts focus on providing service with integrity and uphold strong internal quality standards. Below are examples of our services:

Consulting Services
Anti-Skimming Inspection Program
Business Continuity
Executive Protection
Policy & Procedure Review or Development
Pre and Post Transaction Due Diligence
RFP Content Development
Risk Assessments
Security Program Gap Analysis or Development
Security Reviews
TSCM Program Development

Operational Security Services
Active Aggressor Policy Program
Authorized to Carry Weapons Policy & Program
Physical Security Penetration Testing
Security Equipment Inventory Audit with Testing
Security Equipment Post Installation Audit and Due Diligence
Security Officer Quality Assurance Testing Program
Violence-Free Workplace

Security Protection Design
Integrated Security System Design
R&D Assistance and Support
Security Planning using CPTED, Concentric Circles of Protection & Integrated Design Philosophies
Security Project Management
Security Standards Gap Analysis, Review or Development
Security System Procurement and Installation Project Management

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

GMR 410 Publishes White Paper on ATM Crime

GMR 410 has published a white paper on ATM crime. Written by Mary Gates, Vice President of Security, this publication provides readers a description of the different types of ATM related crime, along with regulations and tactics to mitigate incidents.


“Throughout my career in bank security,” says Gates, “I found state and local regulations, types of ATM vulnerabilities and mitigation techniques, to be ever evolving and scattered across a multitude of sources and sites. With this white paper, I aimed to summarize and consolidate information in plain language so security professionals and independent ATM operators can spend less time searching the internet and other resources and more time planning their asset protection strategy.”

This white paper will help personnel:

  • Better understand the different types of ATM crime
  • Make decisions to impact ATM related criminal activity
  • Reduce liability

More from Gates:  “Security decisions impact every aspect of your business. Becoming more informed, analyzing the security needs of your individual locations, categorizing locations based on their risk, implementing enhanced security strategies where appropriate, and working towards compliance with your ATM lighting program marry together to build a safety blueprint to help protect your customers, assets and brand reputation.”

You can download the white paper by going to https://www.gmr410.com/articles-resources/.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

The End of 3G

RAISING AWARENESS:  Are you ready for the end of 3G?

What does the end of 3G wireless technology mean for your organization? Any devices currently using 3G will go dark at the end of 2020 or early 2022[1].  If you have Alarm Systems, ATMs, Cash Recyclers, Smart Safes, or similar equipment running on 3G, have you enacted a plan to upgrade to 4G before this occurs?


 

GENERAL INFORMATION

The time to sunset 3G-supported technology has come. Businesses failing to do so risk disruption. By transitioning to a current generation technology, such as 4G LTE (Long Term Evolution) or 5G, organizations create opportunities for better customer experiences and increased efficiency. The right transition strategy can help a business put into place solutions to improve operations, help drive faster business decisions, improve customer service and more. Failure to fully migrate will cause disruptions in mission-critical functions which can ultimately affect operations, customer experience, and brand reputation. It is urgent that, if they have not done so, organizations begin now to help ensure business continuity.

IMPLEMENT A THOUGHTFUL ACTION PLAN

Each business will need to develop and implement a comprehensive action plan to ensure it is “business as usual” when the migration occurs. This includes choosing the right solutions using strategies driven by wireless, IoT and global needs.

1. Start with a thorough audit.

To be successful, organizations need to understand where and how their existing devices are being utilized, and plan and identify sunset dates for their current technology. Further, there must be an understanding of downstream reactions that could occur when legacy systems are altered. The audit addresses uncertainty, identifies true needs, and allows the business to begin consideration for solutions and associated budgets.

2. Plan for the right technology solution.

If an organization has been operating on 3G devices/modems for an extended period, it is important to consider the effects the enhanced technology could have on operations. Understand how the new technology can change procedures and operations. Identify the appropriate solutions, process, and procedures for network and personnel optimization.

3. Plan the transition strategy.

Identify internal and external resources to deploy your solutions, whether you need IoT expertise, app development, logistics planning, installation, or ongoing support, as examples. Consider requirements, resources, sunset timing, and opportunities as you plan and map your strategy.

[1] Contact your carrier for specific details on the sunset date of your 3G modem.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

 

 

Banks: Protect Your Branches

PROTECT YOUR BRANCHES:

Safeguard your customers and staff by identifying risks and taking action

Banks and other financial institutions are faced with the critical challenge of ensuring the protection of their people, assets and information. Security officers should utilize an ongoing assessment program to monitor and respond to changing risks and threats.

Known as a risk assessment program, the methodology used can be both facilities-based and incident-driven, considering all known sources of influencing information for the identification of risks as well as the examination of severity, frequency and operational impact.

Areas of examination should include, but may not be limited to, crime statistics, site incident history, neighborhood factors, nearby competitor security features, regulatory requirements and property issues. All identified risks are examined and mitigated individually with documentation maintained in department databases and reassessments driven by changes in the environment.

It is important to note the risk assessment differs from a security review. A security review assesses how effectively your bank’s security policies and procedures are being implemented, uncovers where security gaps exist and helps identify issues driving non-compliance with the security program. The risk assessment will identify your most critical resources and the weaknesses that can be exploited along with the likelihood of occurrence.

Approaches to the risk assessment process

Within the security industry there are quantitative and qualitative approaches to risk assessment and mitigation.

  • The quantitative approach involves scoring risk factors via a point system that ranks facilities by their overall score in order of risk concern.
  • The qualitative approach involves a similar analysis process but without the scoring and, instead, a focus on the identification of specific risks and the implementation of successful mitigation techniques without consideration for any arbitrary scoring or ranking against other sites.

Some banks have taken an approach that it is most important to focus on solutions and, accordingly, use a customized, qualitative process that analyzes facilities individually and incorporates the occurrence of incidents initially and one at a time.

Mitigate risk through a comprehensive evaluation of threats, risk and vulnerabilities

From insider threats to external forces, it is important for security professionals to remain vigilant in their understanding of the risks, threats and vulnerabilities in and to their organizations.

The methodology begins with the identification of the business to be conducted at the facility and its associated risks, analyzing the seriousness and frequency of those risks and then identifying and implementing the best mitigation options.

This is known as a facilities-based process. Risk for facilities is assessed in two parts: a pre-construction review and an ongoing, steady-state program. In pre-construction, it is assumed that certain base-level security protections will be implemented for the given business type under review. As an example, all branches of your bank, regardless of risk profile, will receive alarms, vaults and lobby video surveillance systems.

On an ongoing basis, the steady-state process requires that a current assessment for each facility be maintained on file with updates completed according to a defined process and as dictated by the frequency of major incidents.

For simplicity, updates are required during steady state when indicators point to a possible change in the level of risk or a change in the assets and people exposed. This can include the occurrence of a major event, a change in business function, knowledge that nearby criminal activity has increased or that property changes have taken place, including modifications to building design or equipment (such as the addition of an ATM).

Employing an incident-based process methodology involves the consideration given to the need to reassess the risk to facilities and to analyze the risk to individual staff following any major incident. This is done to confirm whether major events (i.e., an armed bank robbery) will or will not, on their own, dictate changes in protection packages.

These risk assessments can trigger short-term or temporary solutions to protection packages or point toward the need to reassess general safety and possibly redesign facility protections. Security staff are required to consider the need for reassessment during their post-incident review and to implement such assessments or reassessments as deemed necessary.

From insider threats to external forces, it is important for security professionals to remain vigilant in their understanding of the risks, threats and vulnerabilities in and to their organizations.

What are the differences between threats, risks and vulnerabilities?

You may be thinking, “I thought threats and risk are the same. What do you mean when you talk about vulnerabilities?” Threats, risks, and vulnerability are not interchangeable terms. Rather, they are the essential ingredients of an accurate risk analysis. In their simplicity,

Threats:

  • Need to be identified
  • Generally, cannot be controlled

Risks:

  • Can be mitigated
  • Can be managed to lower vulnerability or impact on the business

Vulnerabilities:

  • Can be treated
  • Weaknesses should be identified
  • Proactive measures should be implemented to correct identified vulnerabilities

What steps can I follow to assess the risks to my branches?

Once you decide to implement a risk assessment program at your bank, you should outline the steps of the risk assessment process you will follow, detailing how the careful evaluation of the business purpose, threats, risks and potential solutions come together to provide for the safety of individuals and the protection of assets and information. At a minimum, follow these eight steps to get started:

1. Identify the exposure in order to identify the areas of risk.

The starting point to consider when examining risk is the type of business being conducted at the site under review. By identifying the business type, the staff, assets and information at risk are more clearly identified. And those exposures must be clearly in mind when considering the likelihood and severity of potential attacks.

For example, a facility that handles cash takes on risks associated with that function, such as the risk of robbery, which other facility types may not experience. The risk to staff and the potential loss of assets are clearly seen when the assessment process begins with a look at the business type. This step is an efficiency in the review process that helps focus the reviewer on the most likely risks as opposed to a lengthy general review of all risks.

2. Identify the threats associated with the facility type.

Once the business type has been identified, then the review can be focused on the most likely risks associated with that business type and the corresponding exposures. Examples of threats for branches could include robbery, bomb threats, violence in the workplace, information loss, etc.

3. Examine the likelihood and severity of attack.

Reference internal and external indicators: crime statistics, neighborhood conditions, incident history, incident trends, security’s knowledge, consideration for what protection strategies other financial institutions are using, etc. By researching all possible sources of information, the degree of risk — both its likelihood and severity — can be gauged by the reviewer. All these factors drive whether the exposures are under significant risk of attack.

4. Evaluate the adequacy of the existing protection package.

Once the risks to the exposed people/assets/information are identified, the reviewer must consider whether the degree of risk (likelihood and severity of attack) warrants adjustment to the current protection package. This requires that each risk be examined one at a time to evaluate whether existing protection will provide an adequate safeguard. If the protection level is adequate, then no further action is necessary, and the assessment can be concluded. If any gaps or weaknesses are identified, then solutions and an action plan must be developed.

5. Identify appropriate solutions to gaps in the protection package.

Enhancements, upgrades, etc. may be required to further harden the branch. However, solutions must be appropriate to the risk and effective in mitigating the frequency and severity of the risk.

As an example, installing bullet-resistant glass at the teller line is not an appropriate solution to address a noted increase in risk associated with customer theft after-hours at the ATM. Instead, the installation of video surveillance cameras and security lighting enhancements or repairing broken fixtures is likely a more appropriate solution.

6. Once you have identified the solution and developed pricing, confirm the mitigation plan with the impacted business unit(s).

It is not uncommon to present a risk mitigation plan only to learn the site has been identified for a relocation project, remodel or is being closed. Therefore, it is important to take the time to inquire as to any business drivers that might require a modification of the solution or place the entire plan on hold, either temporarily or permanently. Safety is the priority, but a good corporate security business partner can always find an interim solution for sites in a state of transition.

7. With agreement on the decision to move forward and an implementation plan at hand, initiate and follow through on the application of the solution.

Work with vendors, project managers, etc. to drive the projects to completion.

8. It is important the installed solution is tested and validated as functional and beneficial for the intended result post-installation and in the real workplace environment.

The risk assessment should not be a one-time review. The world continues to evolve, as does your organization. Risk analysis is complex, and the threats are always there. Security measures, processes or procedures put in place three years ago may not address the threats and risks your organization faces today.

Understanding the magnitude of the consequence associated with those threats and risks, their likelihood to occur and the possible effects on your bank are the primary components to managing security risk at your bank.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial services, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

Hurricane Season Readiness

There have been 26 separate billion-dollar severe storms in the United States since 2017. With hurricane season upon us, it is incumbent everyone is prepared to respond to a hurricane weather emergency.


In our last blog post, we discussed tornado readiness. In this entry, we turn our attention to hurricanes. This information is designed to help you prepare for a hurricane’s impact on your organization, employees and community by highlighting the tasks you should complete before, during and after a storm. When the National Oceanic and Atmospheric Administration’s (NOAA) National Hurricane Center issues a watch or warning, use the time available to begin taking appropriate steps.

 

KNOW THE TERMS

From Penn State University’s Department of Meteorology and Atmospheric Science:

Tropical Depression:  An organized system of clouds and thunderstorms with a defined surface circulation and maximum sustained winds of 38 mph or less. Sustained winds are defined as 1-minute average wind measures at about 33 ft. above the surface.

Tropical Storm:  An organized system of strong thunderstorms with a defined surface circulation and maximum sustained winds of 39 to 73 mph.

Hurricane: An intense tropical weather system of strong thunderstorms with a well-defined surface circulation and maximum sustained winds of 74 mph or higher.

Hurricane or Tropical Storm Watch:  Hurricane or tropical storm conditions are possible in the specified area of the watch, usually within 48 hours. Individuals inside the Watch area should monitor updates from NOAA and local radio/television.

Hurricane or Tropical Storm Warning:  Hurricane or tropical storm conditions are expected in the specified area of the warning, usually within 36 hours of the onset of tropical storm force winds. Complete storm preparations and immediately leave the threatened area if directed by local officials.

Extreme Wind Warning:  Extreme sustained winds of a major hurricane (115 mph or greater), usually associated with the eyewall, are expected to begin within an hour.  Take immediate shelter in the interior portion of a well-built structure.

Short Term Watches and Warnings:  These warnings provide detailed information about specific hurricane threats such as flash floods and tornadoes.

Storm Surge: A dome of water pushed onshore by hurricane and tropical storm winds. Storm surges can reach 25 ft. high and be 50+ miles wide.  Storm surge is the greatest threat to life and property along coastal areas.

Storm Tide: A combination of a storm surge and the normal tide.

BEFORE THE HURRICANE

  • Contact your security vendors and other appropriate suppliers or contractors and place them on alert status.
  • Stay up-to-date on progress of the storm via radio, TV or NOAA. Ensure mobile device setting allow wireless emergency alerts.
  • Identify safe evacuation routes as well as alternative routes.
  • Review your shelter-in-place plan, making sure your disaster kit is fully stocked and fresh batteries and supplies are included.
  • Ensure your emergency communication plan is up-to-date and begin advance notifications. Verify contact information for all employees, suppliers and clients as appropriate.
  • Test your backup communications plan in the event of evacuation or office closure(s).
  • Back up all data. If your backup site is within the area that may be affected by the storm, consider backing up to a secondary location or the cloud.
  • Protect and secure vital records and critical business documents. Ensure they are accessible from anywhere.
  • Ensure remote access and verify a team is in place to manage updates to the company website and internal intranet during and after the storm.
  • Turn off and unplug all non-critical devices such as server monitors or workstations and other non-essential electrical equipment. Make sure any equipment is raised above potential flood levels or removed from threatened sites.
  • Check the integrity of your uninterruptible power supply (UPS). Move the UPS to the highest level possible above the floor.
  • Alert any third-party partners and suppliers about your relocation plan in the event the storm renders your location inaccessible.
  • Ensure appropriate personnel have their re-entry credentials from local law enforcement or other local government officials.
  • Obtain cash to allow for purchases in the event of extended power loss.
  • Validate any gaps in insurance coverage have been remediated.
  • Close appropriate offices in advance to allow personnel an opportunity to evacuate, if needed.
  • Inspect and make necessary repairs to drains, gutters and flashing.
  • Strap or anchor to the roof deck support assembly all roof-mounted equipment such as HVAC units and exhaust vents.
  • Install shutters or plywood over windows and glass doors.
  • Remove loose debris.
  • Anchor or relocate all non-essential exterior equipment to an indoor location, if possible.
  • Secure storage of flammable liquid drums or move them to a sheltered area. Never move flammable agents into main facility areas.

IMMEDIATELY FOLLOWING THE HURRICANE

  • Keep listening to radio, TV and NOAA updates to ensure the storm and all threats have passed.
  • Wait until the area is declared safe before entering to secure the site and survey damage. Call in key personnel and deploy your security vendors to triage systems and initiate repairs based on priority and ability to reach locations. Ensure safety protocols are in place before repairs begin; control smoking and monitor for open flame sources. Require contractors to share responsibility for fire-safe conditions before and during repairs.
  • Remain observant for safety hazards:  live wires, leaking gas, flammable liquids, poisonous gas and damage to foundations.
  • Clear roofs and gutters, removing all debris to prevent drainage problems.
  • Cover broken windows and torn roof coverings immediately.
  • Obtain 24-hour security and generators, if needed.
  • Separate and secure damaged goods for insurance purposes.
  • Continue to communicate with employees and customers through all stages of recovery.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial services, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or manmade disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

Planning and Preparing for Tornadoes

Tornadoes are some of the most dangerous and destructive storms on Earth. They develop almost without warning, leaving little time to react.

Unlike other natural disasters that typically occur in a specific geographic region, tornadoes have been documented in every state. In advance of a storm, taking precautions, such as developing an emergency plan, can help you stay safe if a tornado occurs in your area. Here is some general information to begin preparing and protecting your business, assets, and people.

GENERAL INFORMATION

Also known as twisters or cyclones, tornadoes are violent, rotating columns of air that extend from the base of a thunderstorm to the earth’s surface. According to NOAA:

  • Movement can range from almost stationary to more than 60 mph. A typical tornado travels at around 10-20 mph.
  • Detailed statistics regarding the time a tornado is on the ground are not available; however, the average is estimated at about 5 minutes.
  • There is no specific temperature at which tornadoes form. Rather, it is the relationship between the surface temperature and the temperature higher in the atmosphere.

Tornadoes have been observed on every continent except for Antarctica, with the majority – about 1200 annually – occurring in the United States, especially in a region commonly called “Tornado Alley.” First used in 1952, the term was used as the title of a study on severe weather in parts of Oklahoma and Texas by USAF meteorologists Ernest Fawbush and Robert Miller. “Tornado Alley” is a term mostly used by the media to describe a region or area with a high frequency of tornadoes. The National Weather Service and NOAA have not given an official definition to the term nor have they specified a particular area as “Tornado Alley,” The U.S. tornado threat shifts from the Southeast in the cooler months toward the southern and central Plains in May and June, and the northern Plains in Midwest during early Summer. It is important to note tornadoes can occur and have been reported in all 50 states.

The peak tornado season for the southern Plains (ex. Texas, Oklahoma, Kansas) is May to early June. On the Gulf Coast, it is earlier in the Spring. In the northern Plains and upper Midwest (North and South Dakota, Nebraska, Iowa, Minnesota) peak season is June and July.

HOW TORNADOES FORM

Before thunderstorms develop, winds change direction and increase in speed with altitude. This creates an invisible, horizontal spinning effect in the lower atmosphere.

Rising air within the thunderstorm updraft tilts the rotating air from horizontal to vertical. An area of rotation now extends through much of the storm. Most tornadoes form within this area of strong rotation.

KNOW THE TERMS

Air Pressure:  Also known as barometric pressure, this is the weight of a column of air that extends from the surface (ground or water) to the top of the atmosphere. A tornado has very low air pressure.

Funnel Cloud:  A rotating column of wind that has not touched the ground. Funnel clouds are called tornadoes when they reach the ground.

Gustnado:  A whirl of dust or debris at or near the ground with no condensation funnel which forms along the gust front of a storm.

Hail:  Frozen precipitation (ice) that forms in mid-latitude thunderstorms.

Jet Stream:  A powerful but narrow stream of wind that is in the upper troposphere.

Landspout:  The term for a weak tornado that looks like a waterspout.

Multi-Vortex Tornado:  A tornado that has two or more sub-vortices that circle the center of a larger tornado.

Supercell:  A dangerous type of thunderstorm that has a rotating updraft. These types of thunderstorms can last for hours and produce large hail, flooding, lighting, strong winds and tornadoes.

Tornado:  A violent, funnel-shaped rotating column of air that has contact with the earth’s surface and is extended from a thunderstorm base. 

Tornado Outbreak:  The occurrence of multiple tornadoes spawned by the same synoptic scale weather system. 

Tornado Warning: A tornado warning is issued when an actual tornado funnel has been sighted or detected by weather radar.

Tornado Watch: A tornado watch is issued when the weather conditions in a specific area or region are favorable for the development of a tornado.

Waterspout:  A tornado that occurs over a body of water.

BEFORE A TORNADO

"Dodge City KS Tornado 3" by fireboat895 is licensed under CC BY 2.0

“Dodge City KS Tornado 3” by fireboat895 is licensed under CC BY 2.0

  • Test your business continuity and disaster recovery plan specific to a tornado event and gather key stakeholder and first responder feedback.
  • Plan how you will re-route phone calls. Consider the possibility you may not have cellular service in the event of a widespread blackout.
  • Review your shelter-in-place plan, making sure your disaster kit is fully stocked and fresh batteries and supplies are included.
  • Back up all data daily. If your backup site is within the area that may be affected by the storm, consider backing up to a secondary location or the cloud.
  • Protect and secure vital records and critical business documents.
  • Know the difference between a tornado watch and a tornado warning.
  • Have medical supplies on hand.
  • Ensure all mobile device settings allow emergency alerts.
  • During an actual event with the potential for tornadoes:
    • Stay up to date on the progress of the storm via radio, TV or NOAA. Verify you can follow weather updates if there is a power loss.
    • Monitor for dark, greenish sky, large hail, low-lying clouds (particularly if rotating), and a loud roar (like a freight train).

DURING A TORNADO

  • Follow the instructions given by local emergency management officials.
  • If you are inside, stay away from windows and seek cover in a basement. If you do not have a basement, go to the lowest floor of the building and seek shelter in a small center room (such as a bathroom or closet), under a stairwell or in an interior hallway with no windows.
  • If you are caught in the middle of a tornado while in your car, shelter in place.
  • Keep employees informed via an emergency notification and incident management system.

FOLLOWING A TORNADO

  • Account for all employees. Address staff injuries; call 911 for those needing urgent medical attention.
  • Keep listening to radio, TV, and NOAA updates to ensure the storm and all threats have passed.
  • Continuously refer to the business continuity and disaster recovery plan to help determine appropriate steps for triage, recovery and continuing business operations.
  • Wait until the area is declared safe before entering to secure the site and survey damage. Call in key personnel and deploy your security vendors to triage systems and initiate repairs based on priority and ability to reach locations. Ensure safety protocols are in place before repairs begin; control smoking and monitor for open flame sources. Require contractors to share responsibility for fire-safe conditions before and during repairs.
  • Remain observant for safety hazards:  live wires, leaking gas, flammable liquids, poisonous gas and damage to foundations.
  • Remove all debris. Cover broken windows and torn roof coverings immediately.
  • Obtain 24-hour security and generators, if needed, depending upon the extent of damage.
  • Separate and secure damaged goods for insurance purposes.
  • Continue to communicate with employees and customers through all stages of recovery.
  • Review your plan to determine what worked and what areas needed improvement.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.