10 minute read
SAFETY & SECURITY
Protect Your Employees, Customers and Business
Keeping your guests, employees and business safe is more challenging than ever. Mass shootings are on the rise, as are natural disasters such as forest fires and floods. Drug use and crime has soared in many communities, and new threats are coming over the internet in droves. But there’s some hope. There are several proactive steps you can take to help protect your people, property, and data from harm. The association continually seeks out industry expertise from partners, local and national organizations, and agencies who are well versed in how to prepare for and/or address these types of issues in order to help mitigate the impacts on your business.
Advertisement
One of the major challenges facing businesses right now comes not at a storefront or in a lobby, but over the internet. Cybersecurity is a real threat — and Rob Hoover, VP of business development for Fournier Group’s Hospitality Insurance Program, cautions business owners not to think they’re too small for a bad actor to target. Companies of all sizes are increasingly becoming the victim of email scams, websites takeovers, personal information theft and other cybercrimes.
Right now, one of the biggest threats is business email compromise, and it can take several forms. Hackers will sometimes email a company’s bookkeeper in the name of an employee and ask to have their payroll direct deposit routed to a different account. Businesses involved in real estate transactions or remodels may receive emails that purportedly come from a bank employee and offer wire transfer information, except the bank details route to an illicit account. Hoover recently had a client who paid $100,000 intended for restaurant equipment to a cybercriminal.
To avoid getting caught in scams like these, “the easiest thing is to pick up the phone when anything changes and verify that person really sent the email and asked for the change,” said Hoover. Also, “anytime somebody says, ‘this is urgent, you have to pay right now,’ that should be a red flag. Just pause and make sure the request is legitimate.”
It's critical to train employees not to click on links or open email attachments unless they’re certain they know who they’re from. “That’s also a way for potential scammers to link into your system,” Hoover said. Even if nothing happens immediately, bad actors may lurk for months before releasing ransomware or other bugs. Even if scammers breach seemingly innocuous systems because computers are linked through networks, they can very easily gain access to financial and other information.
Employees should also be required to create strong passwords, said Theresa Masse, Oregon’s cybersecurity state coordinator with the federal Cybersecurity and Infrastructure Security Agency (CISA). “Use a unique password only you know. Don’t use PASSWORD or 123456. Use passwords with 11 or more characters and get creative with them,” she recommended.
Along with having cyber best practices in place, Masse recommends businesses have a cyber incident response plan and exercise it yearly, so every employee understands their respective role. CISA has a free online tool to help with this, as well as a variety of other resources to help businesses become cyber resilient. The agency can also develop and present free cybersecurity exercises for industries.
Hoover advises individuals to be careful what information they share through social media and other online sources. “Don’t put the answers to common verification questions, such as your mother’s maiden name, online,” he said. It’s also best to avoid social media quizzes that claim to help you get to know your friends better; they’re often designed to elicit information that’s useful to hackers.
Another proactive measure hospitality companies can take is setting up multifactor authentication on their systems. “Multifactor authentication is quickly becoming a must for any type of cyber liability protection,” Hoover said, because it is so effective against hackers. Good firewalls to keep out attacks add another layer of protection to information systems.
Masse recommends that businesses ensure software is up to date, which will also keep security fixes updated, and back up systems and data regularly in case it gets stolen. If the company uses cloud services, the agency has best practices for implementing strong safety controls. It also offers free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
All these safeguards really do make a difference. Hoover has a hospitality client who recently came very close to having a major data breach. That client upgraded their firewall, implemented multifactor authentication, and separated the public Wi-Fi from the office Wi-Fi, another industry best practice. “In December, he told me his firewall was blocking an average of 60,000 to 70,000 penetrations a week,” he said.
Firms that have credit card or other data stolen must comply with state law in notifying customers. Carrying cyberinsurance can aid with the cost of doing so. It can also pay for a public relations firm to help with fallout if needed, and cover some expenses designed to upgrade systems and avoid similar incidents in the future. But preventing such an attack is always better. “Don’t underestimate the risk, and don’t be blindsided by an event,” said Hoover. “Take proactive measures for your business.”
As heartbreaking mass shootings continue to happen around the country, businesses are tasked with the difficult job of training front workers on how to respond to a potential mass casualty event. Tom Wilder, Oregon’s protective security advisor with CISA, likes to begin any active shooter training with a reminder that even though businesses that are open to the public seem more susceptible to entry by someone with malicious intent, these are still rare occurrences.
“Being informed is a crucial first step in helping prevent a tragedy,” said Wilder. “It starts with understanding the signs of someone in distress. Recognize behaviors that could be paths to violence, including hostile speech, violent drawings and writings, threats to fellow employees, and overreactions to workplace changes.”
Next, focus on what to do in an active shooter situation. Professionals typically advise “run, hide, fight” as a strategy. If there is an accessible escape path, attempt to leave the facility. Have an escape route in mind and help others run to safety.
When leaving the building isn’t possible, find a secure location to hide. Make sure that location is out of the shooter’s view, provides some protection against bullets (such as a door) and not limit options for future movement. If there is no way to escape danger, try and disarm the shooter, Wilder said. Acting aggressively toward the person, throwing objects at them, or yelling to distract them may save others’ lives even if you can’t save your own.
While these situations are usually very unpredictable in nature and can evolve extremely quickly, CISA does offer several active shooter resources and training online to help provide some awareness and preparation tactics; see details in the sidebar.
Safety and Security Resources
CYBERSECURITY
• Cybersecurity Training & Exercises (CISA): CISA.gov/cybersecurity-training-exercises
• Cyber Hygiene Services: bit.ly/CISAhygiene
• Defend Against Attackers Targeting Cloud Services: bit.ly/CISAcloud
ACTIVE SHOOTER AND DE-ESCALATION TRAINING
• Active Shooter Preparedness (CISA): bit.ly/CISAast
• De-escalation Series Materials: bit.ly/CISAde-escalate
NATURAL DISASTER PREPARATION
• American Red Cross Training & Certifications: Redcross.org
• Always Ready: Natural Disasters (NRA): bit.ly/NRAalwaysready
• Hazards Preparedness for Businesses (OEM): bit.ly/OEMbizprep
• Prepare Your Workers: 2 Weeks Ready (OEM): bit.ly/2wksready
• Preparedness Checklist for Businesses (OEM): bit.ly/OEMprepcheck
OTHER RESOURCES
• Downtown Portland Clean & Safe: 503.388.3888 | Downtownportland.org
• No Room for Trafficking: AHLAFoundation.org/human-trafficking
• Human Trafficking Prevention Training: AAHOA.com/resources/human-trafficking
Natural disasters are also on the rise and are something businesses must prepare for. Oregon is prone to a number of natural disasters, including wildfires, flooding, landslides, even windstorms and other types of low-pressure systems, said Sonya McCormick, public private partnership program manager for the Oregon Department of Emergency Management (OEM). These types of disasters can bring about anything from property to supply chain disruptions and even loss of life.
To begin preparing, McCormick recommends reviewing the free checklist on the OEM website. At four pages, it is very comprehensive and helps owners think through a range of issues. If you suddenly can’t buy inventory from your typical vendors, where else might you purchase critical goods? Where can you find backup workers if your employees suddenly can’t make it to work? Do you have all of your necessary files backed up in a place where you can access them if you can’t get to your office?
McCormick also hopes businesses will help employees prepare themselves and their families for a disaster. “If something happens, we’re family first,” she pointed out. “We have to take care of our families in order to report to work.”
Oregon’s 2 Weeks Ready program guides people through preparing an emergency plan and kit in case they lack access to food, water, and other necessities for up to two weeks. It also contains details about preparing a “go bag” to grab if you know a disaster is coming. The bag should include a change of clothes, medication, food and water, and other things to sustain you until you can find help. It’s smart to have one at work, one in the car and one at home.
Knowledge is power, especially in an emergency. Make sure your cell phone has emergency alerts enabled and know the evacuation routes in your neighborhood and community. Put an evacuation plan in place and practice with your employees and neighbors. McCormick also encourages business owners to get familiar with OEM’s program, which exists to help private-sector partners navigate supply chain and other challenges during a natural disaster.
To further help businesses prepare for emergencies, including mass casualty events, OEM recently launched an online Private Sector Preparedness, Response and Recovery monthly seminar series on mass casualty impact and recovery. The series runs from March through November. Each session lasts 90 minutes and is recorded. More information about the webinars is available on the OEM website. For anyone looking to take further steps toward preparing their business, they can reach out to Sonya McCornick at Sonya.mccormick@oem.oregon.gov or call her at 503.378.8223.
Portland has faced numerous safety challenges in the past few years. A policy allowing homeless camping on sidewalks and other public areas, plus the prolific drug problem, have led to crime and property damage for many hotels and restaurants.
One of the ways the city has sought to address those issues is by contracting with enhanced service districts such as Downtown Portland Clean and Safe, a nonprofit organization dedicated to providing enhanced public safety, janitorial, retail, and economic development to the core of downtown Portland. The group contracts public safety coordinators who are certified security guards and can respond 24/7 to a range of non-emergency situations, from a person sleeping in a doorway to an individual shouting on a street corner.
Executive Director Mark Wells refers to the program as a mix of security and social services. “We’re not the police,” he emphasized. “We can make contact, talk to people, and offer services. If they don’t want to talk to us, we disengage.” If the situation turns into a police matter, they can quickly and directly reach police officers and request a response. Security personnel are available 24 hours a day and also do things like walk people to their car after work if they’re worried about their safety.
Downtown Portland Clean and Safe’s other focus is a janitorial program managed in collaboration with the housing and social services organization Central City Concern. The program provides enhanced cleaning and sanitation, takes on community-building projects like putting up holiday lights in downtown and functions as job training through Central City Concern’s Clean Start program for people who were experiencing homelessness, formerly incarcerated or are in different stages of recovery.
Wells gives a few examples of how the program makes an impact. When hotels have people coming into town to examine their facilities — for example, when the NCAA came to Portland to determine whether it would host the annual basketball tournament in town — Portland Downtown Clean and Safe’s janitorial crew made sure the area around those hotels was as clean as possible. Organizers for the Portland Lunar Parade were very worried about safety, especially in the face of recent attacks on Asian Americans.
Downtown Portland Clean and Safe helped the organization develop a safety plan, contacted campers and others to ask them to move away from the parade route, and provided support staff during the gathering.
Downtown Portland Clean and Safe’s newest initiative is the Community Health Outreach Worker (CHOW) program, managed in partnership with the nonprofit Helping Hands Reentry Outreach Centers. Two full-time community street outreach workers will be able “to do the work we’ve been doing organically and really put those efforts on steroids by working on mental health and homeless,” he said. “Once we can find a place for someone to go, our CHOW worker will be their case manager, drive them where they need to go, sit with them through intake and do whatever they need to have the best chance of success in getting off the street.”
Portland business owners have been through a really tough three years, Wells acknowledged, but he’s optimistic that things are beginning to turn around. “I’ve seen more momentum and hope since November than I’ve seen in the past two years I’ve been at this job,” he said. “We still have a lot of huge challenges, but I’ve never seen the level of private sector and city collaboration as high as it is now.”
Now, Wells said, it’s time to begin changing the narrative about the area. “I’ve been politely challenging people — if you haven’t been downtown in two years, come downtown and see what it’s like. People still have tough questions about what’s happening, but people are asking those questions because they want to come downtown.” As individuals return to in-person work, which many businesses are pushing for, that will further change the dynamics of the area and start to bring people back to restaurants and other businesses as well.
Not every city has the ability to create an enhanced service district such as this one, but it provides a concrete illustration that planning and community are critical to the safety of your business. Gather the resources you have available and get going on a plan to help you avoid potential threats and disasters when you can and be prepared to deal with problems when they are unavoidable.
SOPHIA BENNETT
