The Enemy Within (or is it you?)

We are pleased to share the the following blog by Sam, from Echo 3 Scotland Ltd. Sam has an extensive history in operational planning and delivery within the crowd management and security industry within the United Kingdom.

 

You can contact Sam via – sam@echo3scotland.co.uk

 

The Enemy Within (or is it you?)

 

In recent months I had the pleasure of attending on of the first courses delivered in partnership with the Security Industry Authority (SIA) on the subject of counter terrorism and what the private security industry can do to assist prevent terror attacks.

During the presentation a video was shown of how easy it is to gather people’s personal information and how quick.

 

After the session this sparked a thought and memories from the past. Having not been the greatest adoptor of social media, I have always found it strange what people are willing to share. Unfortunately this has had an impact on some of the events I have worked on and created security risks. The thought was, are these employees, staff members, volunteers  at event aware of the threat they posse?

 

As a social experiment, I wondered how easy it would be for me to obtain information that would allow me to gain entry into an event. As my background is in security and crowd management, I would go down the lines of that. This is purely an exercise and at no point would a live event be put at risk; researching events that had past. How would I go about getting into one of these events?

 

Where was the best place to start; as with all research these days – the internet. A live and up to date library of information, photos and video. This would allow me to do everything I needed without having to just chance my arm on the day.

 

Accreditation

My first thought was, I don’t really want to try and get in via a security company, but I want a pass that will get me anywhere I want; backstage or technical areas is an added bonus. Although I know if I do that there is more of a chance of getting caught. So, I will settle with getting into the event where I would no longer need the pass checked.

 

 

Within minutes, I found what I needed. The need to share, brag, boast or just shear excitement provided me with what I needed. If you look hard enough and with a bit of luck you will find someone that will share their accreditation, working pass or backstage pass. A quick bit of work on photoshop, a laminator and lanyard and presto, my own pass. The advancements in home printing and computer editing now makes it possible to turn out fake passes within minutes; I would even suggest that one could possibly do it from a phone – a snap of someones pass, edit it on your phone and get it printed off.

 

We would all love to say that our security providers are on the ball and would pick up on a fake pass, but if you are being completely honest with yourself, the chances are a bit of blagging and the pass holder is in there.

Due to this, the security features for large events are getting more complex to beat your average blagger, but no one can account for the stupidity of a pass holder.

The greater majority of  events can not afford these features and the tech behind them.

Another weak point in accreditation is the pass sheet/board. We stick them to walls and fences about the sites we work in to allow the guards to refer to when checking accreditation. What happens at night though? Do we cover every position that has a pass sheet, do we remove them every night or do we just leave them up. My money is on the latter. Would not be hard for someone to remove a pass sheet and sell it on.

Checking in

It is beyond me why some people need to share were they are at every minute of the day. If you believe conspiracy theorists, these people are the government poster children. It is baffling why individuals would do this when working in the security industry. If I see you checked in with an event, that gives me a name to relate to when talking my way into the event. There is then the occasional superstar, that checks themselves in when working in a sensitive area; ticket office, cash room, artist compound or control room. Now take the thought of a new format such as Snapchat. Start a conversation and you could end up with images of this area.

Recruitment /who works for you.

My next option would be to get in with the security provider. You could suggest that means getting a job with them, or does it. After a bit of looking I would have to stay clear of larger providers, they want online applications (meaning I can be tracked), there is interviews and inductions before they give me the uniform I need. All of this could take weeks. Far too much hassle to get into an event.

 

There are other options though. A quick search of social media closer to the event day and you start to see posts of desperation or hope. It seems to be the way of security these days. When the bigger providers cannot supply the volume of staff they need they approach subcontractors. These contractors do not conform to the same rules and screening levels that the main provider informs their clients they will. If you follow the cause and effect of this, that the control of security staff coming on to certain sites is very loose.

 

There are a few option in this.

Option 1

Staffing levels are under demand, so the main provider has a last push on the recruitment drive. This example is less than a couple of weeks out from the event. I may have to attend an open day or a phone interview. The chances are the security screening is going to be limited to zero. This means through very limited interaction and effort, I get a job, a foot through the door and at some point the opportunity to ditch the uniform and be off having fun.

 

Option 2

The main contractor has subbed out to other companies. The chances are these companies have subbed it out and suddenly you can get in the door with a company name and contact in that company. A few hours hanging about, then slip away when the doors open (you just need to say you are going to the toilet.)

 

Option 3

The last minute let down post. These are becoming more and more popular. Social media sites are full of forums and groups that give you access to these posts. A bit of research in advance and you know a few names and a foot in the door.

 

Stock control

 

In a casual industry with a high labour turnover, it is very easy to get hold of event and security companies uniform. A few pounds on ebay and I have all I need to get through a door and mix with the staff. If I push my luck, I could blag into areas I have no right being in.

This allows me to continue this action over and over. By following the security providers social media feeds, I can even figure out where they are working in advance. Again, assisting me in my preparation.

 

Things to think about.

In this summary of how easy it can be to breach security at an event, I have only covered a security provider. On an event site there are multiple agencies, bar staff, cleaners, site crew or police (although risking a harsh punishment if caught). How do these other agencies bring in labour? A bit of research and I bet I could get through that door.

 

What could you do to prevent, reduce or make it harder for people to breach your security.

 

The accreditation system – have those collecting it sign for the pass, with some form of terms and conditions. This may make them realise that posting a quick selfie with their pass could be harmful.

 

Have a social media policy. Inform your workforce that if they are going to talk about an event, do not do so until the event is over. Do not take photos in secure areas, be aware of what is in the background. If you are going to check in, choose the greater area or a generic check in used by many.

 

Subcontracting, what controls and screening do you have in place. Who are you allowing onto your event site, remembering that they are representing your company.

 

Stock control – How do you control your uniform? Does it just get handed out and no control measures? What do you do when people leave? Is the uniform that generic that it is easy to copy?

 

We can always improve, some ways are simple and some take more effort. Complacency is the greatest enemy to safety and security. As an industry we have to stay ahead of those that would look to exploit our weaknesses. If there is an improved way of working, why not implement it; just because that is the way it has always worked does not mean you should continue that way. Consideration for improvements in technology should be considered, after all there are those out there (like me in this experiment) that will use technology to beat you.

Sam at Echo 3 Scotland Ltd