Vol.26 | Issue 2 | June 2020
THE MAGAZINE FOR SECURITY PROFESSIONALS
Occupational Violence, Aggression and Duty of Care in Australia Page 14
18 Cyber Considerations in a COVID-19 World
28 What we have learned so far from the COVID–19 Crisis?
32 ASIAL new member listing
#SECURITYAWARDS
C A L L F O R N O M I N AT I O N S
Celebrating Excellence
2020
Australian Security Industry Awards
Recognising excellence, achievement and innovation in the Australian security industry. Awards Night: 22nd October 2020 Venue: Doltone House, Hyde Park, Sydney For information on award categories and how to nominate visit: www.asial.com.au/securityawards2020
ORGANISED BY
2020
Contents Vol.26 | Issue 2 | June 2020
OCCUPATIONAL VIOLENCE, AGGRESSION AND DUTY OF CARE IN AUSTRALIA
14 18
24
28
CYBER CONSIDERATIONS IN A COVID-19 WORLD
OUT OF ADVERSITY COMES OPPORTUNITY
04 President’s Message
09 2020 Australian Security Industry Awards
33 ASIAL Member recognition program
10 ASIAL in the news
34 ASIAL Monitoring Centre grading listing
05 ASIAL working for members 05 Do the right thing!
31 Safe Workplace Management
WHAT HAVE WE LEARNED SO FAR FROM THE COVID-19 CRISIS?
35 ASIAL podcast series listing ASIAL STRATEGIC PARTNERS
rsonal needs, er the relevant Product
SEC URI T Y I N SI DER | JUN E 2 02 0 3
PRES IDE NT’S ME SS AG E
Editorial and Advertising Security Insider is published by The Australian Security Industry Association Limited
Without doubt, we are living in unprecedented times. The social and economic upheaval caused by the coronavirus pandemic has been far reaching.
PO Box 1338 Crows Nest, NSW 1585 Tel: 02 8425 4300 | Fax: 02 8425 4343 Email: communications@asial.com.au Web: www.asial.com.au Publisher
Editor Bryan de Caires
We’re here for you Whilst the impact has been particularly hard for those working in crowd control and event security, many manpower and electronic security providers, large and small, have experienced challenging trading conditions. Although our staff have been deployed to work from home, all functionality of the Association remains in place. Throughout this difficult time, ASIAL continues to provide practical advice and support to its members and to ensure that members are kept informed of important developments. Over the coming weeks and months as we navigate our way through the easing of restrictions and the return of greater economic activity, we will all need to look afresh at how our business is structured and how we operate. Among the important lessons learnt from the COVID-19 crisis has been the need for businesses to be more agile and able to pivot to respond to new operating environments. There have been many examples of security providers who have been able to do this and adapt the services they provide to meet changing client needs. As an industry there will be many new opportunities in the future arising from this crisis. The seismic changes to our society as a result of the COVID-19 pandemic has resulted in an environment in which many established orthodoxies are being challenged. For security, the anomaly of inconsistent security licensing requirements across jurisdictions and addressing the lack
of a national licensing scheme which hampers the mobility of individuals and businesses, will continue to be a priority the Association will seek to advance. Despite national licensing being an obvious common-sense approach, and one ASIAL has been promoting at all levels for decades, it requires agreement by ALL jurisdictions. Adding to this challenge is the way licencing is managed, in some jurisdictions it falls under police and in others fair trading. Maybe the current situation the Country finds itself in could be the catalyst for positive change as all, including Governments will be reviewing how business is carried into the new landscape. But just as ASIAL helped achieve nationally consistent training requirements and Police Alarm Response Guidelines for the industry, we will continue to promote and lobby for national licensing. Finally, whilst the coronavirus has resulted in the cancellation for the first time in 35 years of the annual Security Exhibition and Conference, as with our industry, I am confident that it will be back bigger and stronger when it returns next year. Rest assured, ASIAL will be there for you! In the meantime, stay safe.
Editorial Enquiries communications@asial.com.au Advertising Anna Ho advertising@asial.com.au Graphic Design + Digital Mitch Morgan Design 0402 749 312 mitch@mitchmorgandesign.com www.mitchmorgandesign.com Editorial Contributors Tony Vizza, Daniella Traino, Dr Gavriel Schneider, Dr Paul Johnston, Joe Saunders and Chris Delaney. Print + Distribution CMYKHub Pty Ltd Published quartlery Estimated readership of 10,000 Views expressed in Security Insider do not necessarily reflect the opinion of ASIAL. Advertising does not imply endorsement by ASIAL, unless otherwise stated with permission. All contributions are welcomed, though the publisher reserves the right to decline to publish or to edit for style, grammar, length and legal reasons. Press Releases can be emailed to: communications@asial.com.au. Internet references in articles, stories and advertising were correct at the time of printing. ASIAL does not accept responsibility form is leading views. Copyright©2020 (ASIAL) All rights reserved. Reproduction of Security Insider magazine without permission is strictly prohibited. Security Insider is a subscription based publication, rates and further details can be found at www.asial.com.au. NEXT ISSUE: SEPT 2020 Printed ISSN 1442-1720 Digital ISSN 2207-8282
Kevin McDonald President 2,767
Avg Net Distribution per Issue
Security Insider Magazine is independently audited under the AMAA's CAB Total Distribution Audit. Audit Period: 01/04/2018 - 31/03/2019
4 SEC U R IT Y IN S IDE R | JU NE 2020
IN DUS T RY NE WS
ASIAL – WORKING FOR MEMBERS
DO THE RIGHT THING!
The Coronavirus (COVID-19) crisis has caused massive social and economic upheaval across all sectors of the Australian community.
As we navigate through these challenging weeks and months, every employer and employee in the private security industry are being urged to do everything that is reasonably possible to keep employees engaged in work during this difficult period.
The effects of the pandemic have been wide-ranging and challenging, with job losses, business closures and social isolation. During this challenging period, ASIAL’s advocacy work on behalf of members has ramped up further. The Association has made numerous representations to federal, state and territory government on a range of issues. These include: f Advocating the need to confirm security as an essential service; f Leveraging security industry capability when implementing measures in response to the COVID-19 virus (ASIAL is already playing a role in helping to facilitate this); f Requesting government offer 6-months licence fee relief for security firm and individual security licence holders affected by the COVID-19 virus; f Seeking the flexibility of state and territory regulators on licence renewals (including licence renewal training) and new applications during this challenging period; f Reaching out to law enforcement agencies offering to act as a centralised point of contact to ensure effective liaison between police and security;
The Association has also approached the United Workers Union with a view to making temporary variations to the Security Services Industry Awards 2010.
By everything possible, we mean everything lawfully possible. This is not the time to take advantage of Your employees, Your contractors, Your clients; or The government. We are all trying to get through this crisis to ensure there are viable businesses and continuing employment opportunities. f DON’T advertise on Facebook or other social media offering lower than minimum rates of pay under the award. f DON’T underpay employees. f DON’T get involved in sham sub-contracting. f DON’T try to double dip Government aid.
ASIAL does not and will not support any unlawful actions of businesses attempting to gain advantage over employees, competitors or the Government at any time – especially at this time when we should all be supporting each other. And importantly, don’t let shonky operators get away with it. If you come across a breach report it to ASIAL, we will ensure it is passed on to the appropriate authority for investigation.
WE’RE HERE TO HELP In response to the COVID-19 pandemic ASIAL implemented a range of measures to ensure continuity in the level of service provided to members. The ability to continue to operate on as close to a business as usual basis, is testimony to the Association’s commitment to provide members with the high level of service they have come to expect. The Association has continued to work with regulators, government, standards development, media, and to provide advice and support to members. Whilst our events have been postponed for the time being, we have run a series of webinars, posted topical podcasts, provided regular member updates and developed a dedicated COVID-19 web page. Members can rest assured that we will continue to provide advice and support during this difficult time, and when you need help we are only a phone call or email away. SEC URI T Y I N SI DER | JUN E 2 02 0 5
6 SEC UR IT Y IN S IDE R | JU NE 2020
A DV ERTO RIAL
3 signs you need new software to support your invoicing workflows How do you know when you need to bring software into your security business? Or update the software you’re already using? To help you identify the right time for these opportunities, we’ve put together a list of the top three signs you need to invest in new software to support and enable your invoicing workflows.
YOU’RE USING YOUR ACCOUNTING SYSTEM TO INVOICE JOBS Invoicing via your accounting system may be hindering your ability to grow and increase revenue, as it could lead you to miss capturing all the hours and costs involved in a job. This can be especially problematic for larger projects with many moving parts and complex retention payments. YOU’RE USING MANUAL TEMPLATES You’ve heard the saying that in business, time is money. So, if you’re still struggling to manually create templates for each job, it may be time to see if you can improve the efficiency of your processes. YOUR SOFTWARE ISN’T ACCESSIBLE IN THE FIELD Are you sending all the details of a job back to office staff to send out an invoice? Invoicing software that is accessible in the field allows staff to invoice and accept payment while onsite, speeding up the process so you get paid on time.
FOR A SUCCESSFUL SECURITY BUSINESS, IT CAN BE EASY TO THINK WHAT HAS ALWAYS WORKED WILL CONTINUE TO WORK. However, as time and technology move on, it will become clear that this is not the case – especially when it comes to invoicing. These days, the best way to ensure you’re getting paid on time is by ensuring you have all your information in one place. This can be achieved with a comprehensive operations management software solution, which offers invoicing, job management, payment functionalities and so much more. simPRO is such a solution. It features invoicing software and powerful integrations with payment providers and popular accounting packages, like Square and Xero. 20% DISCOUNT And best of all? As an active ASIAL member, you may be eligible for 20% off the initial investment costs of simPRO!* To learn more about simPRO and this exclusive offer, head to simprogroup.com/asial *Terms and conditions do apply, please see website for more details.
SEC URI T Y I N SI DER | JUN E 2 02 0 7
INDUST RY NE W S
OCCUPATIONAL VIOLENCE, AGGRESSION AND DUTY OF CARE IN AUSTRALIA The Australia Security Research Centre (ASRC) has published a report into workplace and occupational violence (OVA) in Australia. The report is one tool that can be used to address the observed gap in managing the issues associated with OVA. The research team investigated prevention and preparation, response, and recovery with regards to OVA and its impact on mental health across six main industry sectors in Australia. The six main sectors investigated: f Private security industry f Retail and customer service f Liquor and hospitality f Banking and financial services f Healthcare and aged care services f Education and training The report found that over 90 per cent of respondents had experienced aggression or violence in their workplace, with over 36 per cent reporting they experienced it at least five times per year. For a more detailed article on the report turn to page 14, alternatively you can download a free copy of the report on the ASIAL website.
ASIAL BOARD ELECTIONS ASIAL Board elections are scheduled to be held in 2020, with all positions up for election. The Australian Electoral Commission has advised the Association that unfortunately, due to the effects of the coronavirus, delivery of the election may be delayed. The Association will notify members of any changes to the election timetable.
2020 SECURITY EXHIBITION & CONFERENCE IN MELBOURNE CANCELLED Due to the coronavirus pandemic, the 35th annual Security Exhibition & Conference has been cancelled. The event will next be held at the International Convention Centre, Sydney from 21 – 23 July 2021. To find out more turn to page 27.
8 SEC UR IT Y IN S IDE R | JU NE 2020
IN DUS T RY NE WS
2020 Australian Security Industry Awards
Awards for Excellence Nominations for the 2020 #SecurityAwards are now open. An ASIAL initiative, the Australian Security Industry Awards for Excellence, now in their 25th year will be held in conjunction with the Outstanding Security Performance Awards and the Australian Security Medals Awards. Winners will be announced in Sydney on the 22nd October 2020. Please note, nominations for the awards close on the 24th August 2020.
2020 AUSTRALIAN SECURITY INDUSTRY AWARDS FOR EXCELLENCE
2020 OUTSTANDING SECURITY PERFORMANCE AWARDS
f Gender Diversity
f Outstanding In-house Security Manager/ Director
f Indigenous Employment
f Outstanding Contract Security Manager/ Director
f Individual Achievement – Technical Security
f Outstanding Security Team
f Integrated Security Solution
f Outstanding Guarding Company
– Under $100,000
f Outstanding Security Consultant
– Over $100,000
f Outstanding Security Training Initiative
f Electronic Security Installation – Under $100,000
f Outstanding Partnership f Outstanding Female Security Professional
– Over $100,000 f Product of the Year – Alarm – Access Control – CCTV Camera – CCTV IP System/ Solution – Physical Security (i.e. bollard, gate, barrier, lock) f Security Equipment Manufacturer/ Distributor New category
ASIAL.COM.AU
AUSTRALIAN SECURITY MEDALS FOUNDATION f Australian Security Medal of Valour f Australian Security Medal f Save a Life – St John Ambulance Award
#SECURITYAWARDS
SEC URI T Y I N SI DER | JUN E 2 02 0 9
INDUST RY NE W S
IN THE NEWS FEATURED PUBLICATIONS ASIAL has featured in a range of media publications over recent months, including The Age, Sydney Morning Herald, WA Today, Brisbane Times and Australian. The combined potential reach of these articles was approximately almost 27 million. ASIAL has also contributed articles to Property Manager Australia magazine, The Bursar magazine, Facilities Perspective magazine, BuildIT magazine, The Australian Local Government magazine, Go55 magazine and GovLink magazine.
COMBINED TOTAL READERSHIP OF ASIAL ARTICLES
27M
THE ASSOCIATION’S SOCIAL MEDIA CHANNELS CONTINUE TO GROW
+59%
+7%
+7% 2019
2018
2019
2018
2019
2018
THE ASIAL WEBSITE GENERATES BETWEEN:
7,000-9,000 users per month 8,500-11,000 sessions per month 25,000 – 34,000 page views per month
10 SEC U R IT Y IN S IDE R | JU NE 2020
CYBER INSURED v s NO INSURANCE ONGOING PREMIUM, LESS RISK
NO ONGOING COST, HIGH RISK
A cyber attack can occur simply by someone clicking a link or attachment in an email, posing as a company you trust. Combined with a good cyber response plan – insurance can provide extra support.
Not having insurance can save a SME $10,000 to $15,000 over 5 years. But ask yourself, in the event of an attack will you have funds to cover costs like detection, recovery and lost revenue due to interruption?
63
#1 Cybercrime is the number 1 economic crime in Australia
Data breach notifications made in the first 3 months of new laws
$2.1m The maximum fine per breach
52%
SMES ARE NOT IMMUNE 2 out of 5 cyber attacks are on small business
Over half your data breach costs can come from internal causes like human error and IT or process failure – not just external hackers.
THE STAKES ARE HIGH
60%
COST $1Bn ANNUAL
DATA IS AN ASSET
$276,323
Small businesses go out of business in the first 6 months of a cyber attack
Cyber attacks in Australia alone cost businesses a huge amount every year
If it is valuable to you, a clever hacker can hold it hostage. This includes payment systems, client data etc.
The average cost of a cyber attack. 53% of this is detection and recovery.
COVER TO HELP WHEN YOU NEED IT MOST $1M
$1M
$1,570*
Turnover
Cover
Typical premium
BUSINESS INTERRUPTION IS REAL & EXPENSIVE 60% DAYS DAYS
Small businesses go out of business 6 months after an attack
Average time to resolve an attack
To resolve an attack if it was a malicious insider – employee/contractor
* Contact your Aon broker for a personalised quote
By having a good cyber response plan and cyber insurance, you can receive expert support when your business is most vulnerable, with minimal interruption, react quickly and get back to being operational at the earliest.
You have a choice – you could decide to take the risk. Remember to ask yourself, in the event of a cyber incident do you have the resources and funds to recover? Consider if you can rebuild or continue without your intellectual property.
At Aon, we take a fresh approach to insurance broking and risk advice. We draw on our local, national and global knowledge and industry expertise, and invest time getting to know you and your business. We understand your unique risks and work with you to deliver the best combination of service, advice and cover for your business. Want to know what cyber cover could look like for your business? Contact an Aon cyber specialist for a no-obligation quote today! Michael Pham Client Manager Michael.pham@aon.com t +61 2 9253 7326
aon.com.au/smecyber AFF0992C 0519
SEC URI T Y I N SI DER | JUN E 2 02 0 11
I NDUST RY NE W S
TO THE THOUSANDS OF SECURITY PROFESSIONALS DOING A GREAT JOB DURING THESE CHALLENGING TIMES The important role security performs 24/7 and its ability to respond quickly to changing market demand is highlighted by the industry’s response to the COVID-19 crisis. As the following examples illustrate, the industry has stepped up to meet demand by offering temperature screening services, enforcing social distancing, guarding returned overseas travellers quarantined in hotels and managing crowds at supermarkets, DIY stores, Centrelink offices and servicing electronic security systems. Across Australia there are thousands of security companies and personnel playing a critical role in keeping things going. Here are just a few examples.
12 SEC UR IT Y IN S IDE R | JU NE 2020
QUEENSLAND SECURITY PROTECTION The team at Queensland Security Protection providing 24/7 security at the Youfoodz factory which makes healthy meals for around 150,000 customers across Australia. The Security Entry Point located at the main entrance of the factory requires all vehicles, employees and visitors to sign in before they can enter the site and pass through a screening point which includes the security team checking and recording their temperature. Those who don’t satisfy the screening criteria are turned away. The Queensland Security Protection team are equipped with Personal Protection Equipment (mask, gloves in different size, hand wash soap, sanitiser).
IN DUS T RY NE WS
FORCEFIELD SECURITY Security technicians from Forcefield Security working hard to secure the Illawarra, replacing an old concept panel with a new Integriti panel and cleaning up the old wiring.
LINEWATCH In response to demand, ASIAL member Linewatch have deployed specially trained guards to assist Melbourne businesses in dealing with the COVID-19 crisis. Among the tailored services provided include checking the temperatures of incoming clients and customers, assisting retail centres with crowd and behaviour control, social distancing measures and loss prevention. The company has implemented their own protocols to ensure they send healthy guards to client premises. As a growing number of businesses vacate their premises with staff working from home, the company has also seen an increase in demand for around the clock asset protection.
UNIFIED PROTECTION GROUP
PGC SECURITY
Protecting essential services Nick Neageli of Unified Protective Group writing a security report after his patrol for one of the company’s essential services clients. The company continues to look after their needs 24/7 as they do their part in the youth mental health space.
It was all smiles as Carol and Joh Paynter (PGC Security) ensure everyone gets their fair share at Coles Lavington.
SEC URI T Y I N SI DER | JUN E 2 02 0 13
SEC URIT Y F E AT URE
OCCUPATIONAL VIOLENCE AGGRESSION AND DUTY OF CARE IN AUSTRALIA By Dr Gavriel Schneider, Dr Paul Johnston and Mr Joe Saunders
14 SEC UR IT Y IN S IDE R | JU NE 2020
S E C URIT Y FE ATU RE
From September 2019 until February 2020, a team of researchers from the Australian Security Research Centre undertook Australia’s largest ever multi-sector study into occupational violence and aggression (OVA). This project was strongly supported by ASIAL, the Institute of Strategic Risk Management (Australia/New Zealand Chapter) and Risk 2 Solution. The stated goal of this study was to analyse the extent of the problem, perceptions about the problem, and create a best-practise guideline for the management and prevention of OVA issues.
The hope of the research team was to create a tool that can be used to address the observed gap in managing the issues associated with OVA. The team, consisting of Dr Gav Schneider, Dr Paul Johnson, and Joe Saunders, investigated prevention and preparation, response, and recovery with regard to OVA and its impact on mental health across six main industry sectors in Australia. The sectors chosen were f retail and customer service, f liquor and hospitality, f the private security industry, f banking and financial services, f healthcare and aged care services, and f education and training. Every effort was made to apply solid academic rigour to the study, whilst ensuring the output at the end was both digestible and practical for the intended end users – risk managers, supervisors, and service delivery personnel tasked with addressing the identified risk of violence in and relating to their workplace. In order to gain a robust view, research was undertaken utilising a multitiered approach that incorporated
f an online survey, f literature review and f interviews with leading practitioners in the field – some conducted specifically for the project, and some extracted from Joe Saunders’ Managing Violence Podcast. Upon reflection of these three streams of data, six main areas for consideration were identified and proposed as potential areas of action. These were: 1. Work Systems, 2. Work Related Exposure, 3. Emotional and Physical Impacts, 4. Prevention and Preparation, 5. Control Measures, and 6. Incident/Post Incident Management.
1. WORK SYSTEMS Findings of note included: f 76% of survey respondents indicated they at least occasionally work isolated from other staff support f Approximately 25% of respondents indicated they feel safe at work less than half the time. This seemed to correlate with perception of
how supportive their colleagues were when confronted with aggression – with those that felt supported with adequate back up feeling safer in general at work. f Violence and aggression is accepted as either “normal” or a “regular part of the job” by more than half of the respondents. 45% of respondents indicated that it would be reasonable to expect one or more incidents of violence per year in their duties. f Only 22% of respondents thought their organisation’s reporting and follow up procedures were highly effective. f Experts interviewed for this research all agree that layered, well-designed systems of work are important for managing the risk of occupational violence. The key takeaway for responsible parties in this regard is that much can be done to minimize exposure and maximise feelings of safety through adequate design of staffing and work systems. Addressing issues of training, preparedness, team culture and faith in the organisation’s commitment and competence at following up on Continues over page >
SEC URI T Y I N SI DER | JUN E 2 02 0 15
SEC URIT Y F E AT URE
an incident of violence appear to be the low-hanging fruit when it comes to maximising the effectiveness of work systems. The researchers all agreed that the most worrying observation of this area of the study was the large percentage of personnel who accepted being threatened or assaulted as a normal part of their job. This was especially evident within the security industry. While this may be a historical norm, employers must ensure this attitude is not encouraged else risk falling to the wrong side of occupational health and safety law.
2. WORK RELATED EXPOSURE Findings of note included: f Over 90% of respondents had experienced aggression or violence in their workplace, with over 36% reporting they experience it at least five times per year. f Approximately 75% of the aggression reported by respondents was perpetrated by customers, students, or bystanders. f As OVA can manifest at work, in personal time and online a Whole of Person Model that incorporates the best mitigatory and management approaches needs to be developed that address the issue in all three spheres. The sheer volume of exposure reported by survey participants, while perhaps not startling due to the optin nature of the online survey, was certainly humbling. With more than a third of survey respondents across industries indicated they had been exposed to violence or aggression more than five times per year, there is a clearly demonstrable duty of care on behalf of employers to provide training, education and safer systems of work to address this known risk. Perhaps most importantly, it must be acknowledged that the workplace violence and aggression does not always originate in the workplace and the effects of aggression in the workplace can have long lasting 16 SEC U R IT Y IN S IDE R | JU NE 2020
effects in an employee’s personal life as well. This is detailed in the next section.
90% of respondents had experienced aggression or violence in their workplace,
36% reporting they experience it at least five times per year
75% of the aggression reported by respondents was perpetrated by customers, students, or bystanders
76% noted an emotional/ psychological injury.
3. EMOTIONAL/ PSYCHOLOGICAL AND PHYSICAL IMPACTS Findings of note included: f While only 32% of respondents reported a physical injury as a result of violence or aggression in the workplace, more than 76% noted an emotional / psychological injury. f Experts noted these impacts manifest in trackable outcomes including poor morale, absenteeism and decreased staff output. f Over 41% of respondents indicated they required time off work as a result of the experienced violence and aggression. f Issues around community and domestic violence ‘spill-over’ into the world of OVA and vice versa. While we are quick to assess severity of incidents by lost-time or physical injury occurring, the impact of emotional and psychological injury cannot be overstated. The observed and verified impact on morale, service delivery and general mental well-being must be factored into risk assessment and treatments of occupational violence and aggression. Further, incidents that originate in an employee’s personal life (such as domestic violence) may become workplace issues either due to the aggressor physically causing incidents in the workplace, or the overall stress of the home situation impacting upon the employee’s performance at work.
4. PREVENTION AND PREPARATION Findings of note included:
41% of respondents indicated they required time off work
f 68% of respondents did not believe their organisation provided adequate preventative measures to protect them from violence and aggression f 54% of respondents reported having received no training in the management of violence or aggression. f Level of training alone does not seem to impact the individual’s
S E C URIT Y FE ATU RE
confidence in the organisation’s overall preparedness to manage situations of violence and aggression, but rather a layered approach is necessary. f More than 85% of respondents indicated they would like to receive more training in verbal de-escalation skills, while 80% would value general security and safety awareness training. f Most systems tend to focus on resilience and response instead of presilience (prevention and preparation). It was notable from survey responses as well as expert interviews that a lack of training – in particular the ability to prevent and manage conflict whilst still verbal – was a key area for concern. Employees noted that whilst some (security industry mostly) had done basic defensive tactics or self-defence training at some point, or escape/hide/tell workplace violence training, very few had received detailed training in conflict resolution. This was identified as a core skill for any employee in a customer-facing role.
5. CONTROL MEASURES Findings of note included: f Most existing controls are reactive in nature, such as CCTV or duress buttons. f More than 25% of respondents indicated they were not aware of any controls in place to keep them safe from violence or aggression. Most notable in this section was the over-reliance on reactive controls such as monitoring systems, with many expressing no understanding of what would happen should they activate a duress button or if an incident was occurring in an area covered by CCTV. It was observed that these controls do very little to make the individual safer, unless included as part of a multi-layered systems of controls beginning with prevention.
6. INCIDENT/POST-INCIDENT MANAGEMENT Findings of note included: f 41% of respondents indicated that their organisation’s post-incident management was poor or very poor. f Many response processes do not cover the entire spectrum of risk and are inherently biased or even negligent in application Doubt has been cast over how effectively post-incident management procedures are implemented, with most respondents indicating that “business as usual” resumes very quick after an incident which is desirable from a resilience perspective but potentially detrimental if after action and physical and mental recovery requirements are not taken into account. While most attention seems to be placed in the “during” phase of an incident, and more proactive organisations putting measures into the “before” phase, the “after” phase still appears to be the most neglected across all sectors studied.
SUMMARY OF KEY FINDINGS Our analysis identified four main areas that appeared to collectively form the foundation of workplace and occupational violence management. These were quality standards of perception, awareness, reporting and management practices. The issue of “perception” in particular was identified as playing a central role. This is significant in terms of risk assessments, acknowledging and increasing awareness, and enabling an improved quality and quantity of reporting to occur, so that better risk management can indeed be established. Key Learnings and Takeaways from the Research: f OVA is a larger area of risk than many organisations acknowledge f Organisations with public and/or customer facing staff should deem OVA a strategic risk with the appropriate risk-based methodology supporting its treatment; f A duty of care exists for employers who place staff in situations where they may be exposed to OVA while performing their duties; f Most current responses are reactive in nature and rely on the perceived resilience of staff i.e. there is comparatively very little done in the way of Presilience and proactive approaches; f An integrated mitigatory approach that incorporates actions in the 6 cluster areas above is critical for effective management of OVA risk; f The issue of perception was considered as being worthy of particular focus in undertaking OVA management as it underpins many of the other aspects; f It was noted that domestic and communitybased violence ‘spill over’ into the workplace creating greater challenges in managing the risk; f The impact of OVA incidents on staff mental health is far larger than that of physical harm therefore the management of OVA and staff mental health should be closely aligned; and f There is a requirement for a ‘shared responsibility’ approach to tackle this challenge across all stakeholders. At an organisational level this issue transcends traditional silos such as HR, safety, security and business continuity teams. They must all work together to tackle the problem. Dr Schneider, Dr Johnston and Mr Saunders are seeking to expand upon this research in the near future and would welcome any feedback or suggestions in doing so.
SEC URI T Y I N SI DER | JUN E 2 02 0 17
SEC URIT Y F E AT URE
By Daniella Traino, Managing Director, Pinecone Technology Strategies and Tony Vizza, Director of Cyber Security Advocacy, APAC, (ISC)2
The COVID-19 pandemic has seen many countries around the world, including Australia, experience stress and confusion at unprecedented levels, both at the organisational and human levels. While health authorities have implemented containment strategies to flatten the curve of potentially devastating health effects, cyber security incident responders have been able to relate from a threat management perspective, as organisations have raced to implement new ways of doing business to support their people, their customers and their partners. Business continuity has seen a massive uptick in remote working in order for the organisation to continue to function. For many, digital technologies are no longer an option but a key success factor in transitioning their workforce, managing changes in customer demand and simply surviving. The economic impact of COVID-19 is yet to be fully understood, but organisations are already adjusting their workforce for the immediate changes in demand for goods and services. Organisations are rewriting their strategic plans to prepare for revenue declines, tight cost management and the ultimate question - how do we remain viable in this new world? The latter question raises other organisational and human challenges: should Australia’s Prime Minister Scott Morrison be on point with his prediction that restrictions are highly likely to remain in place for at least 6 months, with international travel bans lasting even longer. This scale-up of technologies, policies and
Business continuity has seen a massive uptick in remote working in order for the organisation to continue to function.
the new reality of ‘remote working’ has seen many organisations unprepared and facing several challenges. These include limited technology consumables (for example, due to an overseasbased supply chain), use of personal devices for business and information handling, software licensing and deployment and configuration of remote services (including VPN and multi-factor authentication).
WHAT DOES THE THREAT ENVIRONMENT LOOK LIKE? While these challenges cannot be underestimated, it should be noted that cyber criminals and other malicious actors never waste a crisis situation to gain access to sensitive information, systems and funds. These miscreants are keenly aware of our challenges, seeing opportunities for further exploitation. Globally, cyber security intelligence has warned that these malicious actors are attempting to take advantage of the uncertainty and flexible working arrangements that many organisations are implementing. Remote working tools such as Zoom Video Conferencing and Microsoft Teams, are but a few recent examples of malicious actors identifying vulnerabilities in our digital tools to undermine our security and privacy. Worldwide, social engineering (phishing) attacks and scams and malicious software
CYBER CONSID IN A COVID-19 18 SEC UR IT Y IN S IDE R | JU NE 2020
S E C URIT Y FE ATU RE
(ransomware) exploiting COVID-19 and our insatiable human interest for information on this topic are on the rise. The Australian Cyber Security Centre (ACSC) has reported thousands of COVID-19 related websites registered in the space of a few weeks, with many being illegitimate. While the cyber threat environment has been a hotbed of activity for some time alongside technological advancements and innovations, the activity has been heightened in recent months. Cyber security intelligence reports indicate this will continue. The ACSC also reported 45 cybercrime and cyber security incidents from individuals and businesses in a two week period in March 2020, all related to COVID-19. Malicious actors are using email and other messaging platforms (e.g. SMS) to impersonate reputable organisations (for example, government and health agencies), to lure recipients into visiting websites that host viruses or malware designed to steal their personal/ financial information. To increase the appearance of legitimacy, these phishing messages are sent from addresses that closely resemble the official organisations or entities, often adopting the official message format and including well-known branding and logos. In parallel, cyber Continues over page >
DERATIONS 9 WORLD
SEC URIT Y F E AT URE
criminals are attempting to sell COVID-19 themed tools (such as COVID-19 trackers) with malicious software that downloads to steal financial information. Cyber criminals are also engaging in workingfrom-home and employment scams. These involve inviting people to support a “COVID-19/ Coronavirus Relief Fund” or to complete a survey using a Microsoft Word or Sharepoint document. These scams follow the path of the pandemic; as each nation grapples with the health of its citizens and service shutdowns, the malicious actors craft and target their multi-language scams accordingly. Individuals who are caught up in this scam unwittingly become money-mules for cybercrime syndicates, transferring proceeds of crime into untraceable crypto-currency. As organisations have increased their use of remote services and cloud-services (SaaS), malicious actors have been observed to target credentials for these services, leveraging misconfigured remote desktop protocols (RDP), stepping up brute force attack techniques (traditionally seen with web services such as credential stuffing, SQL Injection and crosssite scripting techniques against web & mobile applications). Organisations supporting personal electronic devices are another risk vector for consideration as these techniques are easily transferable to devices not under your traditional control. As staff work in flexible arrangements, they increasingly rely on phone communications and home offices with shared facilities. Malicious actors will likely conduct malicious operations attempting to mimic official business communications - voice phishing or “vishing” and robocall scams, as well as technical support scams. So far, initial targets were observed by U.S. cyber security vendor Crowdstrike, targeting transportation and travel industries significantly impacted by the outbreak. How sensitive information is accessed, destroyed and handled in such ‘home office’ environments raises many challenges for Technical Support and Cyber Security teams, while managing the risks of data loss and confidentiality, and data leakage for both corporate and personal assets. Many of these ‘home office’ environments were not designed with cyber security in mind, nor with foreseeable extended work arrangements. Managing the inherent risks of digital innovation and technologies, even in uncertain times, is an enduring challenge for all businesses regardless of their industry and size. It is therefore critical to maintain vigilance and a continuous focus on cyber hygiene and cyber resilience.
A ZERO TRUST APPROACH TO CYBER SECURITY Perhaps, most interestingly, the COVID-19 pandemic itself can provide some clues as to how to manage these cyber threats. The behavioural 2 0 SEC U R IT Y IN S IDE R | JU NE 2020
It is therefore critical to maintain vigilance and a continuous focus on cyber hygiene and cyber resilience.
changes that have ensued to prevent the spread of the virus – social distancing, washing hands, self isolation and wearing face masks – are equally relevant to managing the risks in a virtual and technological environment. The basis of a mature information security strategy is what's referred to as a zero trust model1. The premise is simple. Start by assuming that the organisation's technology infrastructure is already compromised and design your strategy and approach to information management, with this in mind. That is, verify anything and everything trying to connect to your information and systems before granting access. This design principle is fundamental given the porous nature of an organisation’s technology network, the global supply chain, and the significant use of cloud services and personal devices. In practice, a zero trust model implies that an organisation is operating on the basis that the entirety of the information in its servers, its network and consumed in the Cloud, is able to be accessed from anywhere and by anyone. The organisation then works backwards to protect that information, starting with its standard operating environment, designing policies, procedures and configurations that serve to protect the organisation should one or a number of systems be compromised. This may include (but are certainly not limited to): full disk encryption on all mobile devices; sandboxing of company data on employees personal devices; remote device erasure for lost or stolen devices; strong passwords and passphrases; multi-factor authentication for any remote access; and point to point encryption for data in motion. Some organisations lack dedicated, qualified cyber security specialists to help design, implement and monitor a zero trust approach to cyber security so it's prudent to engage specialist providers. The (ISC)² 2019 Cybersecurity Workforce Study found that globally, there were over four million unfilled cybersecurity positions, a significant increase from the prior year. There is a clear need for certified and qualified frontline IT professionals to help organisations develop their zero trust cybersecurity strategy. By adopting a zero trust approach, organisation’s can better ensure the effectiveness of strategies and measures to protect its most valuable assets - information and people.
QUESTIONS TO CONSIDER WHEN DEVELOPING CYBER SECURITY CONTINGENCIES When determining a strategy to manage the numerous challenges introduced into the operating environment due to COVID-19, the following as a minimum, should be considered: f Know your Data and Revise Your Access Models. Focus on the information in your organisation's possession. Understand what is sensitive and critical; where is it stored, backed up and available; how is it made
S E C URIT Y FE ATU RE
available and by whom. Devise policies based on a need to know basis; ensure access to resources and data is verified at each step. Where available, enable Multifactor authentication for remote access and related services (e.g. email). If personal devices are supported, ensure mobile device managers give you control over what resources are accessed and stored. In these situations you should be able to securely erase all traces of this sensitive data on the personal device (only where your data resides) in the event of a compromise or asset loss. f Continually educate & train your people and customers. Staff responsible for your organisation's cyber security should be trained, skilled and certified in their craft. All staff should be taught how to adopt basic hygiene practices for both the home office and remote working. This includes why and how to keep information confidential; how to keep assets secure; how to identify malicious / suspicious activity and where to go for help. Consider educating your staff on how to set up a secure home network (for example, changing default passwords on routers, updating firmware and setting up secure Wi-Fi). These same considerations may be just as important for your customers and key business partners too. f Monitoring & response. Does your organisation know who has access to your data and what is happening across your environment? Can you identify and remediate cyber related vulnerabilities before they are exploited? Do you have an incident response team with a playbook? Do you have a business continuity and disaster recovery plan? Do you have BYOD (personal device) policies and procedures? What does your cyber security governance and compliance look like? These questions and more are vital for any organisation operating in today's world. They are especially critical now, as the pace of digital
About the Authors
The Australian Cyber Security Centre (ACSC) has reported thousands of COVID-19 related websites registered in the space of a few weeks, with many being illegitimate. While the cyber threat environment has been a hotbed of activity for some time alongside technological advancements and innovations, the activity has been heightened in recent months.
transformation due to the COVID-19 pandemic has resulted in a huge shift in an organisations “business as usual” approach, with an increasingly fertile cyber threat environment.
IN CONCLUSION COVID-19 has seen the world change profoundly in the last few months. If health containment strategies continue for a while longer, the changes will be even more pronounced. Analysts and pundits are claiming that the commercial reality for organisations will never be the same as what it was before the pandemic. Challenges also bring opportunities in cyber security as well. While daunting for many organisations to consider right now, those that are fully embracing the digitisation and workforce changes that COVID-19 has accelerated and those that can measure, categorise and manage the new or heightened cyber security risks that this digitisation brings, will not just survive but will thrive.
Daniella Traino Daniella Traino is the Managing Director for Pinecone Technology Strategies, a niche technology advisory with a focus on strategic cyber security services (interim CISO for high-tech & mid sized enterprises) and high-tech commercialisation. Formerly a Chief Information Security Officer (CISO) for a number of industries, and Director & Business Leader (Cyber Security) with CSIRO’s Data61, she is a member of the Research Advisory Committee for the Internet Commerce Security Laboratory (ICSL) – a cyber security research unit of Federation University Australia, Startup Editor (AI, Cyber Security) for IdeaSpies (innovation sharing platform), and a judge for Fintech Australia in several categories. Daniella was nominated as 2019 Security Champion, by the AWSN & CSO IDG Women in Security Awards and a member of the three-time National iAwards winning team (cyber innovation).
Tony Vizza Tony Vizza is the Director of Cyber Security Advocacy, APAC, (ISC)2. (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org. Tony is also a Board member and director of the Australian Information Security Association (AISA) and Cyber Security Ambassador with NSW Government’s Cyber Security Network Node.
1.The National Institute of Standards & Technology (US NIST) have issued a draft standard for further guidance on designing for Zero Trust (SP 800-207)
SEC URI T Y I N SI DER | JUN E 2 02 0 2 1
It’s Australian. It’s super. And it’s yours.
As Australia’s biggest super fund, 2.2 million Australians trust us with their hard-earned money. And they do their bit too by taking small simple actions, so together we can make a big difference to their future.
Investment returns are not guaranteed. This may be general financial advice which doesn’t consider your personal objectives, situation or needs. Before deciding on AustralianSuper read the Product Disclosure Statement available at australiansuper.com/pds. AustralianSuper Pty Ltd ABN 94 006 457 987, AFSL 233788, Trustee of AustralianSuper ABN 65 714 394 898.
A035 08/19
We could make a big difference to yours too. Let’s get started at australiansuper.com
A DV ERTO RIAL
THE GENDER SUPER GAP How gender inequality affects superannuation The gender pay gap in Australia is a serious concern. With traditionally more time out of the workforce than men, women have a harder time building their superannuation and the impact needs to be recognised. By shining a light on the issues, AustralianSuper hopes to contribute to a better retirement outcome for women. In a report that looks at the stories of 40 women and their super, AustralianSuper has looked to uncover how gender inequality to date has affected women as they approach retirement, and in retirement. At almost 53, and with little superannuation Magda* can’t even contemplate the idea of retirement. ‘They’ll carry me out on a stretcher when I’m probably 93 and die at my desk,’ she says. It’s a flippant comment, but the harsh reality is many women like Magda are not financially ready for retirement and are vulnerable to financial instability or even poverty in retirement. This is due to several factors, including time out of the workplace to care for children or when a relationship has ended in divorce. Magda is one of 40 women to share her story as part of the Future Face of Poverty is Female report commissioned by AustralianSuper to investigate the gender gap in superannuation. The report found that women retire with 42% less super than men. In real terms, if a man retires with $270,710, a woman gets just $157,050. The research concluded Australia’s retirement system doesn’t recognise and reward the unpaid caring work that women do – leaving them vulnerable to poverty in old age. But it’s a complex issue. A series of structural inadequacies, and varied dynamics over the course of a woman’s life can lead to superannuation poverty. Some reasons include: • The gender pay gap. On average, women earn $241.50 a week less than men. • Research shows women are more likely to take time off to care for children, elderly parents or family members with special needs. Superannuation isn’t a mandatory part of paid parental leave or carers payments. • Almost half of women work part-time and many chose lower paid work to prioritise their caring responsibilities. • Part-time workers who earn less than $450 a month don’t get paid superannuation. This is a particular disadvantage to women who may work multiple jobs. • Unpaid caring makes women particularly vulnerable if there is an unexpected life event like divorce or the death of a partner. • Women live 4 to 5 years longer than men with less retirement savings.
TO READ THE FULL ARTICLE PLEASE VISIT australiansuper.com/superannuation/superannuation-articles.
TAKING ACTIONS FOR A BETTER FUTURE While women are at a disadvantage when it comes to their retirement savings, there are steps they can take to catch up when you can. A Women in Super guide developed by AustralianSuper has a range of tools, information and simple steps you can take to help boost your super balance. Learn more at australiansuper.com/ women.
*Magda is a pseudonym. Her real name is not used in the Future Face of Poverty report to protect her privacy. Sponsored by AustralianSuper Pty Ltd ABN 94 006 457 987, AFSL 233788, Trustee of AustralianSuper ABN 65 714 394 898. This information may be general financial advice which doesn’t take into account your personal objectives, situation or needs. Before making a decision about AustralianSuper, you should think about your financial requirements and refer to the relevant Product Disclosure Statement, available at australiansuper.com/ pds or by calling 1300 300 273.
SEC URI T Y I N SI DER | JUN E 2 02 0 2 3
SEC URIT Y F E AT URE
The coronavirus pandemic has resulted in massive social and economic upheaval across all states and territories. With supply chains in many industry sectors experiencing supply chain disruption, it has also exposed Australia’s heavy reliance on overseas based manufacturing. Without wanting to make light of the current difficult situation many individuals and businesses across Australia are facing, Ness is seeing that the call, even demand by some, for more Australian manufacturing is gaining traction.
OUT OF ADVERSITY COMES OPPORTUNITY
24 SEC U R IT Y IN S IDE R | JU NE 2020
S E C URIT Y FE ATU RE
From humble beginnings in Seven Hills, NSW to a state-of-the art manufacturing facility not far from the original workshop, the story of the Circosta brothers at Ness Corporation is all about Aussie know-how and hard work. Ness are better known within the Australian Security as a leading manufacturer and distributor, initially Alarm panels, expanding into a full range of products and solutions. What many don’t know is that Ness is the oldest and last standing mainstream manufacturer in the Industry employing around 130 staff and operating five Branches around Australia. Even less people know that Ness has an experienced engineering team, is a leader in the Medi Alarm area, and contract manufacturer for many other leading companies in the area of mining, communications and automation. This growth was no accident and has only been achieved by Ness’ quality, flexibility and understanding of all facets of the manufacturing
process. At the core has been Ness management’s belief that two key features make it unique in the contract manufacturing business; Ness has its own Research and Development department whose expertise is proven by the development of numerous award-winning products and Ness’ own distribution network. f This means that Ness fully understands what it takes to get a product to market, from concept to sale, as it too contends with the day-to-day design, production and distribution dilemmas. Ness passes its experience and tools onto its customers in many ways. Notable examples are the implementation of design rules to maximize yields and field reliability, and a prototyping service utilizing Ness’ in-house 3D Printer.
Ness is the oldest and last standing mainstream manufacturer in the Industry employing around 130 staff and operating five Branches around Australia.
Continues over page >
SEC URI T Y I N SI DER | JUN E 2 02 0 2 5
SEC URIT Y F E AT URE
Today, the list of designed and owned products that are locally made by Ness is extensive. Well known among them is the ‘Installer’s choice’ as it’s known, the Ness D8 and D16 control panels in PSTN and cellular models. Others include the Navigator touch screen keypad and various LCD keypads. Ness also makes its own wireless security devices including spreadspectrum two way wireless, and much of the M1 series automation controller boards and M1 parts for their partners in the USA. The company also makes their own PIRs, including the unique LUX with nightlight, Quantum PIR series and being wireless specialists, a range of wireless PIRs. A large portion of the company’s production line is devoted to the successful Smartlink medical alert division, yes in case you didn’t know it that’s Ness too. Other products made in-house are iCentral System One intercom systems, Mezzo automation controller, and the APCS division’s line-up of industrial signal conditioning devices. Outside of Ness products, demand
2 6 SEC U R IT Y IN S IDE R | JU NE 2020
NESS LUX PIR. Uniquely, a wireless or hardwired PIR with a motion activated night-light built-in.
for the company’s sub contracted manufacturing capability is anticipated to see a resurgence as more and more companies anxious to return to a safe and reliable Australian owned and based manufacturer continue to grow. This is most significant in the medical sector. Within the Security sector, Ness aren’t looking for any favours. However, it is becoming increasingly apparent that many old and new customers are now starting to fully appreciate the value the importance of a trusted safe pair of hands and the need to support Australian manufacturing. Larry Circosta who heads National Sales for Ness doesn’t want to use adversity as a means of growth but does welcome the opportunity to keep Australian based manufacturing alive and well, employing local people. Have no doubt, Australia will need it.
IS T HR IN HE RE T A E E OG W T
AUSTRALIA’S SECURITY COMMUNITY MEETING PLACE. For over three decades the Security Exhibition & Conference has been the most established and respected trade event for the industry in Australia. In these unprecedented times, the Security Exhibition & Conference will no longer take place on 22-24 July 2020. The cancellation is unfortunately unavoidable, but that doesn’t mean we’re not continuing to bring the industry together.
AN INDUSTRY HUB More than just an exhibition, Security produces a host of year-round communications through digital channels - bringing together the full spectrum of manufacturers, distributors, security professionals and end users who look to Security for connections, networking and updates.
REGULAR INDUSTRY NEWSLETTER
20,000 + STRONG ONLINE COMMUNITY
REGULAR PRODUCT & INDUSTRY UPDATES
250,000 + WEBSITE READERS ANNUALLY
BESPOKE DIGITAL COMMUNICATIONS
KEEP IN TOUCH:
Contact the team If you have initiatives, insights, products or industry support you would like to share, get in touch with the team: Melissa Clendinen Event Manager 03 9261 4662 mclendinen@divcom.net.au
Leanne Dawson Client Manager 03 9261 4560 ldawson@divcom.net.au
Lead Industry Partner
SEC URIT Y F E AT URE
What have we learned so far from the COVID-19 Crisis? By Chris Delaney*
Whilst there are encouraging signs that the pandemic is starting to come under some semblance of control, the economic fallout and disruption to business activity may not be so quickly resolved. There will not be a ‘back to normal’. To deal with this crisis we have had to change almost everything we do all at once and almost overnight. How we work, interact with customers, socialise, and manage our lives, families and health. So, what have we learned from this? What have you learned? As ASIAL’s Industrial Relations Advisor, in 20+ years with ASIAL, I can honestly say that I have never experienced anything like this and I am sure most of our members would say the same. The speed at which changes have been necessary and the dramatic effect on our people, our clients and our businesses is unparalleled. Unlike a recession when work declines over a period of time and we learn to plan, adjust and adapt, this has been a process of immediate shutdown in many business sectors. Decisions have been made on the run and often as a reaction to rapidly changing events, including Government edicts. Most directives of government or authorities have been completely outside of the control of the employer or the employee. Members have had questions that have no standard answers. We, all of us, especially employers, employees and unions, have had to be collaborative, cooperative and flexible. Often having to come to grips with the concept that everyone will have to share the pain if we are all going to survive in the long term. Some have been willing, others have been more concerned with their individual problems
2 8 SEC UR IT Y IN S IDE R | JU NE 2020
and, unfortunately, unable to consider the other’s needs. And we have all had to adapt to the almost daily announcements of Government both State and Federal. Based on a lot of the questions ASIAL has received, it has become clear to me that few businesses were equipped with the basic policies to enable them to survive even minor disruptions, let alone the COVID-19 crisis.
S E C URIT Y FE ATU RE
In times of stress and uncertainty even the minor issues can turn into major rifts between employees and employers. Positive, consistent and clear communication underpinned by well-drafted policies and procedures can provide the right platform for commencing discussions on the more complex and worrying issues facing the workplace. In the last 20 years or so I have provided advice to many ASIAL members and most of those will be aware of my mantra when it comes to ensuring there are records of what has been done, what directives have been given and what agreements have been reached in the workplace.
Take the employer that allowed an employee to work from home, without a work from home policy. The employee had young children and his partner worked away from the home. When it was discovered that the employee was only doing about 10 hours work a week, he told the employer that he needed to care for the children and really couldn’t offer 38 hours from home. Something he failed to disclose when he asked if he could work from home. He requested to be paid carer’s leave for the time not worked. A working from Continues over page >
Rule 1 is document everything, Rule 2 is document everything and rule 3 is don’t forget rules 1 and 2. This may sound a little flippant, however one of the many important lessons to come out of the COVID-19 crisis is the realisation that many businesses had few or no policies or standard operating procedures (SOP’s) to deal with day to day operations let alone crisis management or business continuity plan.
SEC URI T Y I N SI DER | JUNE 2 02 0 2 9
SEC URIT Y F E AT URE
home policy discussed with the employee prior to commencing to work from home may have exposed the issues affecting his availability to work full time and allowed both the employer and the employee to make the appropriate arrangements and more importantly maintain trust. Or the business whose technician of 5 years who was often late for work, whose performance and absenteeism had been poor, but not one of the many face to face discussions had been documented. The same employee who had a minor injury on a client’s building site refused a drug and alcohol test. This had happened before – but was not recorded. To make matters even more difficult there was no Drug and Alcohol Policy to guide them. Or perhaps it was the Sales Representative who had a company vehicle. Without a clear policy in place, when it came to taking annual leave there was nothing to stop the employee driving the vehicle from Melbourne to the Gold Coast on a road trip, and - of course - charging the petrol up to the employer. The employment contract did not deal with this and there was no vehicle policy in place. And yes, the employee ended up stuck on the Gold Coast with a 14-day isolation period as well as the significant petrol bill for the employer. Or finally the employee who insisted on taking a pre-paid overseas holiday knowing that on his return he would have to undergo a 14-day quarantine and would not be available to return to work. COVID-19 has thrown businesses into turmoil and highlighted many scenarios that would require well-drafted policies to clarify how work should be performed in certain circumstances. Maybe we could not have envisaged a policy to cover every subtle twist that has occurred, but not having the basic policies and procedures in place to deal with day-to-day situations causes confusion and may reduce an employer’s opportunity to deal with “breaches” if and when they occur. Many employers that did not have policies on taking leave, working from home and work health and safety for example were confused about what they could or could not do, what were their rights and responsibilities with employees and how these may have been impacted by the COVID-19 crisis. Clearly not all policies would have been adequate to deal with every situation that came up, but having policies in place would have provided a good base to
Based on a lot of the questions ASIAL has received, it has become clear to me that few businesses were equipped with the basic policies to enable them to survive even minor disruptions, let alone the COVID-19 crisis.
start from. Concise written Policies and SOP’s indicating the employer’s expectation on an issue or activity allows the business (and its employees) at least some certainty in dealing with day-to-day events. If policies require variation to account for changes in laws, client demands or other circumstances, employers should exercise the discretion to make the necessary changes and communicate these to their employees. It is much easier to vary a policy than to start from scratch – particularly when you are trying to deal with multiple issues under pressure. Communicating the detail of a policy, how it is to be implemented and any changes is essential. An employer may be required to prove that the employee(s) knew of the policy and understood what the implications may be if the policy is not observed. There are some core policies that are essential in order to be compliant. Others will be specific to your business and the culture you want to create. Standard operating procedures will detail, in particular, how work should be performed in a range of situations and on individual client contracts. Policies should be simple and easily understood and flexible enough to meet any new situations as they arise. COVID-19 has confirmed the necessity to not only be prepared for problems but to be responsive to changed circumstances as quickly as possible. ASIAL is here to help members with day-today enquiries and provide resources to assist security business to be successful. FIND OUT MORE If you have any workplace enquiry contact ASIAL’s workplace Relations Advisor at ir@asial.com.au or contact ASIAL on 02 8425 4300
About the Author: Chris Delaney Chris Delaney is a highly regarded employee relations professional with over 40 years’ experience in industrial relations and human resources. He has held senior executive industrial relations positions with Nestle and BHP.
Note: The information provided above is for convenient reference only. ASIAL and Chris Delaney & Associates Pty Ltd provide this information on the basis that it is not intended to be relied upon in any cases, as the circumstances in each matter are specific. Accordingly, we provide this information for general reference only, but we advise you to take no action without prior reference to a workplace relations specialist.
30 SEC U R IT Y IN S IDE R | JU NE 2020
S WMS
SAFE WORKPLACE MANAGEMENT The Workplace Health & Safety Act 2011 places significant obligations on business operators to demonstrate active participation of Workplace, Health and Safety prevention. Failure to do so can attract fines of up to: f $3 million per breach of a corporation; f $600,000 per breach for an officer; f $300,000 per breach for an individual and f up to five years’ imprisonment. The ASIAL Safe Workplace Management system is an online workplace health and safety tool tailored to the security industry, to manage your work, health and safety requirements. Processes are available in the system to identify, evaluate and control hazards and risks within the work environment. Among the system’s features include: f Different access levels and dashboard views with individual login details for employees and contractors; f Escalation workflow notifications sent to multiple recipients and ability to raise actions immediately; f Employee training and licence registers including expiry dates notifications;
f Coverage for all sectors via one account (this covers the members who provide both electronics and manpower); f Incident reporting and risk assessment with automatic risk calculation; f A clear audit trail for all forms and version control for document management; f An App for employees to complete forms on the go; (coming soon) f Enhanced reporting that can combine information from multiple forms e.g. Hazards and incidents to show high level view; The ASIAL uploaded Safe Workplace Management System f GPS location tagging for images to incident WHS system, designed and tailored to the Austra forms (coming soon)
SAFE WORKPLACE MANAGEMENT SYSTEM
All of the above is available at annual subscription fee of $395 (including GST). Subscribers also have access to the ASIAL SWM System Logo to promote their compliance with WHS requirements. TO SUBSCRIBE Go to www.asial.com.au or contact us on 1300 127 425 for more information.
ASIAL WHS ELEARNING COURSES Work Health and Safety is a core business activity in any workplace. Effective work health and safety management practices are consistent with good business outcomes. To achieve this requires an organisation and its workers to be proactive in making workplaces safer. It is also important to ensure that the necessary expertise exists to make this happen. ASIAL’s eLearning platform includes a comprehensive selection of online workplace health and safety courses. These include: f Advanced Health and Safety f Alcohol and other Drugs in the Workplace f Armed Robbery Survival Skills f Asbestos Awareness f Confined Space Entry f Construction Safety Orientation
f f f f f f f f f f f f f f f f f f f
Contractor Management Driver Safety Electrical Safety Emergency Procedures Ergonomics Fatigue Management Fire Safety First Aid Refresher Hazard Identification Health and Safety Representatives Hearing Conservation Hot Work Incident Investigation Injury Management Manual Tasks Mental Health and Safety for Managers NEW Office Safety Personal Protective Equipment Return to Work Programs (NSW)
f Safe Work Planning (SWMSs and JSAs) f Spill Prevention and Control f Stress Management f Warden Instruction f WHS Awareness f WHS for Managers f WHS Risk Management f Work / Life Balance f Working Alone Safely f Working at Heights f Working near Services f Working Outdoors f Workplace Inspections TO FIND OUT MORE GO TO https://www.asial. To view the full ASIAL eLearning course directory and further information on each course, visit asial.com.au/careers/elearning. Special discounts are available for group bookings of 10 or more.
SEC URI T Y I N SI DER | JUN E 2 02 0 31
WELCOME TO OUR NEW MEMBERS ASIAL welcomes the following members who have recently joined the Association. CORPORATE MEMBERS Aussie Professional Security Pty Ltd
NSW
Global Services Australia Pty Ltd
VIC
Intech Surveillance & Security Pty Ltd
NSW
Keatronics Australasia Pty Ltd
VIC
New Nationwide Security Pty Ltd
NSW
Premier Protection Services (Australia) Pty Ltd
NSW
RD Force Pty Ltd
QLD
Reliable Security Protection Pty Ltd
NSW
Robek Pty Ltd
QLD
Quorum Security Systems Pty Ltd
NSW
Safeguard Corporate Services Pty Ltd
VIC
Scott Stuart Myles t/a Independent Consultancy Services
NSW
SAI Security Group Pty Ltd
St Moses The Black Pty Ltd t/a St Moses Security
NSW
Total Security Group Australia Pty Ltd
VIC
Valley Protective Services Pty Ltd t/a Valley Protective Services
NSW
Walsh Security Services Pty Ltd
VIC
QLD
IMEMBERS UPGRADING TO FULL CORPORATE
PROVISIONAL CORPORATE MEMBERS 5 Stars Security Services Pty Ltd
QLD
Accenture Australia Pty Limited
VIC
AUS Electrical Data And Communications Pty Ltd
QLD
Black Lion Security Operation Pty Ltd
VIC
C&H Security Services Pty Ltd
QLD
Cablewise Electrical Services Pty Ltd
VIC
Cash in Transit Solutions Pty Ltd
Australian Compliant Central Security Services Pty Ltd t/a ACC Security
VIC
Bilby Security Pty Ltd
QLD
Business Growth Analytics Pty Ltd t/a Green Door Vetting and Security
QLD
D. Willis Electrical Pty. Ltd. T/A JWL Security
VIC
Davlin Security Australia Pty Ltd
NSW
Frontier Networks Pty Ltd
QLD
SA
Constant Security Services Pty Ltd
NSW
ICorp Security Services Pty Ltd
VIC
Point Break QLD Pty Ltd t/a ESP Security Group
QLD
Rescue Force Security AUST Pty Ltd
VIC
Securemate Pty Ltd
VIC
S-Security Group Pty Ltd
VIC
Superb Property Personal Parking & Security Services Pty Ltd
VIC
GAP Aus Pty Ltd
VIC
HBH Security Services Pty Ltd
VIC
NDIVIDUAL PROFESSIONAL RECOGNITION MEMBERS
Invincible Solutions Pty Ltd
VIC
J.L Bashford & S.C Madden t/a Mildura CCTV & Data
VIC
Michael Heimdall Associate Fellow ASIAL Professional Program
(AFASIAL)
Kurt Schulte-Schrepping Associate Fellow ASIAL Professional Program
(AFASIAL)
Jamie Richard Peters t/a Top End Security
NT
Los Tres Ninos Pty Ltd t/a Integrated Security Solutions
QLD
2020 Australian Security Industry Awards CALL FOR NOMINATIONS ASIAL.COM.AU
#SECURITYAWARDS
Nominations close Awards Night 2020
24 Aug 2020 22 Oct 2020 ORGANISED BY
2020
32 SEC UR IT Y IN S IDE R | JU NE 2020
RECOGNITION PROGRAM The ASIAL member recognition program acknowledges longstanding members. CATEGORIES INCLUDE: PLATINUM – 25 YEARS +
|
GOLD – 16 – 24 YEARS
|
SILVER – 11 – 15 years
|
BRONZE – 6 – 10 years
We would like to congratulate the members to have recently achieved the following recognition levels: BRONZE Adrian John Turner AIG Security Pty Ltd
QLD VIC
Campisi Electrical Services Pty Limited
NSW
Fantal Pty Ltd
NSW
Risk Protect Security Services Pty Ltd
WA
Scott Geoffrey McNamara t/a SGM Electronic Security
VIC
Secure-Tech (QLD) Pty Limited t/a Dedicated Monitoring Centre Security Assessment Services & Associates Pty Ltd t/a SASAA Security Toll Remote Logistics Pty Ltd
QLD VIC QLD
SILVER Archers Enterprise Australia Pty Ltd t/a Digital Surveillance Solutions Charter Security Group Pty Ltd Claybrook Pty Ltd t/a Urban Protective Services
VIC VIC NSW
Community Security Group (VIC) Limited
VIC
Corsec Services Pty Ltd
VIC
D.A Ghezzi & K.J Ghezzi t/a Limestone Coast Security Darren Cohen t/a DMC Security
SA NSW
Pirzada Hafeezurrahman t/a Gold Strike Protective Services
VIC
Plover Security Services
VIC
Sewlex Maufacturing Pty Ltd t/a Security4Transit
VIC
Tymbaki Pty Ltd t/a M S Security Firm Video Alarm Technologies Pty Ltd
VIC QLD
Will Williamsky t/a Williamsky Investigations
QLD
ZIF Services Pty Ltd t/a ZIF Services
NSW
GOLD
Axess Control Systems Pty Ltd
NSW
Brunjev Pty Ltd
NSW
CTI Security Services Pty Ltd t/a ARM Security Guardian Gecko Pty Ltd International Bodyguard Services Pty Ltd J & M Costa Enterprises Pty Ltd Jonnex Pty Ltd
WA SA VIC NSW VIC
Kobe Pty Ltd
QLD
M Laurent & P A Laurent
NSW
Mekina Technologies Pty Ltd
TAS
Optic Security Pty Ltd
NSW
Portcullis Australia Pty Ltd t/a Portcullis Perimeter Security
NSW
Security 1 Pty Ltd
ACT
Southbank Locksmiths and Security Service Pty Ltd t/a Southbank Locksmiths Key Alarm and Security Service
QLD
Techniche Security & Surveillance Pty Ltd
NSW
The Lofts Family Trust t/as Allcare Monitoring Services
WA
The Smart Security Company Pty Ltd
WA
PLATINUM Clarke Security Pty Ltd
SA
Cornick Pty Ltd t/a Rhino Electronic Security
NSW
Gallagher Security Pty Limited
QLD
SEC URI T Y I N SI DER | JUN E 2 02 0 33
ASIAL GRADED SECURITY MONITORING CENTRES* CURRENT AS AT: 8TH APRIL 2020
COMPANY
STATE
CERTIFICATE NO.
GRADE
GRADING EXPIRY DATE
ADT Security
NSW
521
A1
11 Apr 2021
ADT Security (Data Centre)
NSW
520
A1
11 Apr 2021
ARM Security Systems
WA
517
A1
27 Mar 2021
ART Security
VIC
508
A1
30 Sept 2020
Back2Base
QLD
509
A1
27 Sept 2020
BENS Wholesale Monitoring
NSW
512A
A1
19 Nov 2020
Central Monitoring Services
NSW
519
A1
06 Apr 2021
Chubb Monitoring Centres
NSW
534
A1
09 Mar 2022
Coastcom Security
VIC
536
A2
24 Mar 2022
Energize Australia
VIC
503A
C2
19 Aug 2020
Executive Security Solutions (Monitoring)
VIC
507
A1
15 Aug 2020
Glad Security Pty Ltd
NSW
516
A2
25 Jan 2021
Golden Electronics
TAS
510
A1
16 Oct 2020
GRID Security
NSW
511
A1
15 Nov 2020
Instant Security
QLD
530
A1
14 Nov 2021
Linfox Armaguard
VIC
506
A1
14 Aug 2020
Mekina Technologies
TAS
532
A1
16 Dec 2021
Paul-Tec (Australia)
NSW
524
A1
01 Aug 2021
Protection Pacific Security
VIC
505
C2
01 Aug 2020
RAA Security Services
SA
518
A1
14 Feb 2021
SA Security Monitoring
SA
535
A1
03 Feb 2022
Sapio – West Ryde
NSW
504A
A1 Suspended (1)
30 May 2020
Sapio - Hamilton
NSW
525
A1
30 May 2020
Secom Australia
NSW
531
A1
14 Dec 2021
Sectrol Security
VIC
527
B2
25 Aug 2021
Securemonitoring
VIC
529
A1
23 Nov 2021
Security 1
ACT
515
A1
14 Feb 2021
Security Alarm Monitoring Service
SA
502
A1
18 Jun 2020
Security Control Room
VIC
526
A1
18 Aug 2021
SMC Australia
QLD
533
A1
10 Feb 2022
Spectus
WA
523
A1
04 May 2021
Staysafe (SA) Pty Ltd
SA
513B
A1
03 Dec 2020
Staysafe (SA) Pty Ltd
VIC
514A
A1
01 Dec 2020
(1) Due to COVID-19. Some operators outside centre but within centre’s secured premises. Min two staff together. No impact on response times. The ASIAL Graded monitoring centres above have been inspected and graded for compliance with the applicable Australian Standard: AS 2201.2–2004. PLEASE NOTE: ASIAL takes no responsibility for companies which MAY change the nature of their operations subsequent to Grading.
ASIAL CERTIFIED REDUNDANT MONITORING CENTRES List current as at 8 April 2020 CORE CENTRE
GRADE
CERTIFICATE
REDUNDANT LEVEL
EXPIRES
Chubb Monitoring Centres, Macquarie Park NSW
A1
R3
R1A
28 Nov 20
Security Monitoring Centres Australia, Salisbury QLD
A1
R4
R1A
28 Nov 20
These Centres have been certified as Redundant Monitoring Centres in accordance with the current versions of the ASIAL documents: ‘Redundant Centres – Background’ and ‘Redundant Centres – Requirements and Testing’.
34 SEC U R IT Y IN S IDE R | JU NE 2020
I NDUST RY NE W S
ASIAL’s Security Insider Podcast Series The ASIAL Security Insider Podcast series explores some of the issues and challenges facing the security industry.
EPISODE CYBER 18
EPISODE CYBER 19
EPISODE CYBER 20
Security in a Pandemic
Managing Risk in a Pandemic
With travel restrictions, limits on the number of people allowed at gatherings, social unrest in supermarkets and so on, it is easy to forget or overlook the potential cyber security implications of a pandemic. In this podcast with Julian Talbot we discuss the security ramifications of the Coronavirus by exploring the potential cyber security impacts of COVID-19.
In this podcast, Julian Talbot, best known for his work in Risk Management and author of the Security Management Body of Knowledge, discusses how to deal with a Pandemic like Coronavirus. What are the major challenges for security companies? What sorts of challenges might those companies be called on to deal with and how can those companies best manage the risks associated with operating in this type of environment?
Occupational Violence, Aggression and Duty of Care in Security In this episode we speak with Joe Saunders about the recently released Australian Security Research Centre (ASRC) report into Occupational Violence, Aggression and Duty of Care in Australia. The report, funded and supported by the Australian Security Industry Association Limited (ASIAL) examines six main industries, including private security, to gain a better understanding how to address and manage current gaps in process and procedures around the management of occupational violence and aggression in the workplace.
EPISODE CYBER 21
EPISODE CYBER 22
EPISODE CYBER 23
What are your Industrial Relations obligations during the COVID-19 Pandemic?
How to Communicate Effectively in a Crisis
Working From Home: How To Maximise Your Productivity
In this episode Crisis Communication expert Tony Jaques, discusses how business can maintain effective communication with clients and staff during a crisis such as the COVID-19 Pandemic.
In this episode we speak with Jodi Oakman, Associate Professor and head of the Centre for Ergonomics and Human Factors at La Trobe University. Dr Oakman discusses some of the typical challenges most people encounter when transitioning to a work from home arrangement and how to avoid the most common mistakes people make to be as productive as possible.
In this episode we speak with Chris Delaney, ASIAL Industrial Relations Advisor about employer obligations during the current Coronavirus Pandemic. Chris answers questions around what can be done if there is a lockdown, obligations around paying staff unable or unwilling to work, how we might keep essential services running and much, much more.
Visit www.asial.com.au/asialpodcasts Subscribe on
Apple Podcasts
SEC URI T Y I N SI DER | JUNE 2 02 0 35
ADVICE AND SUPPORT WHEN YOU NEED IT MOST
EXPERT WEBINARS
TOPICAL PODCASTS
TIMELY UPDATES
PROFESSIONAL ADVICE & SUPPORT
ASIAL – your trusted partner asial.com.au | 1300 127 425
