There is no such thing as a completely safe office environment. Unless an organisation has the need, and the resource allocation necessary, to make its offices into a secure fortress, as does the US Embassy in Bangkok, then one always runs the risk of penetration by unfriendly forces. But let’s assume that you are not at risk from rocket attacks from a distance, or a bomb dropped off from an unmanned drone. Under normal circumstances, an organisation can at least take reasonable steps to assure security for staffers and welcome visitors, as well as protecting staffers from visitors who turn out to be unwelcome guests. We asked Chuck Krueger of Ackerman Group for his suggestions, and the following are some of the salient points from his experienced advice.

Developing an overall security risk and awareness plan

Every organisation and location may have its own risks and these need to be analysed with an eye to future possible developments. Security awareness and commitment to vigilance must be developed throughout the organisation and reinforced by regular, as well as unannounced emergency drills. These may disrupt work routines, but nothing disrupts work as much as a real crisis or disaster, so it is best to accept the inconvenience as a cost of security.

The plan needs to take account of terrorism, civil disturbances, fire, floods, utility failures, and any physical violence perpetrated in-house or from outside.

Building design and security installations

Ideally, an organisation sets out with a purpose-built office or factory, but in many cases it is necessary to adapt existing premises as best one can. If purpose-built, the incoming occupant should ensure that architects, engineers and interior designers have the requisite knowledge and experience in security matters. Unfortunately, many such professionals do not have such training, in which case it is advisable to retain one’s own consultants to audit and, if necessary, adjust plans with security in mind.

Guard posts should be located at the main entrance and building entrances, with secured, defensive facilities and uninterruptable communication devices. These are the front line defenders, and need to be able to defend themselves while also preventing entry by unauthorised persons. Guards must have a clear view of surroundings, with adequate lighting and no shadowy areas. There should only be one access for visitor entry and exit and all vehicle passengers, not just drivers, should be identified. There should be separate visitor parking, far enough away from main buildings to allow a detonated bomb concealed within a vehicle to cause minimal, preferably no damage to installations.

Closed circuit TV facilities with recording facilities should cover all major areas including corridors. but normally not internal work areas, as such surveillance causes staff dissatisfaction. All visitors need to be adequately identified and given temporary passes. Visitor identification evidence should include a photograph, checked against the actual visitor. The identity card should be photographed and returned to the visitor rather than retained. The visitor should also be photographed as part of regular entry procedures. Employees should carry passes but on entry and exit should be checked by effective monitoring devices, such as scanned thumb-prints or eye recognition devices. These devices seem unduly onerous, but in a large organisation they are the only way to ensure that unwanted illegal entrants are effectively excluded.

Reception staff should be separated from visitors by natural partitions or at least reception desks. Especially in financial institutions, reception staff should be protected by bullet-proof glass windows with communication by microphone, thereby also protected from spraying devices. There should also be a concealed alarm operated by foot rather than hand so as not to be observed by a visitor. The reception area should be visible from a supervisory office, from which both reception staff and visitors can be clearly seen.

Visitors should be received in a meeting room adjoining the reception area, but if welcomed into the inner office premises, or taken on factory visits, they need to be closely supervised, and subjected to the same security requirements as staffers, such as protective clothing, safety footwear or hard helmets. Upon departure, visitors should sign out, any badge should be returned and any retained identity document should be handed back to the visitor. Any briefcase, computer, handphone or article of clothing brought onto the premises by a visitor should be taken out again. Apart from the security risk, many visitors forget their possessions and have to return again to recover forgotten personal possessions.

Internal office and factory security

Ideally, staff and workforce should remove no office property from work premises. This must be a firm rule in locations involved in highly valuable products or sensitive documentation and data. However with staff often working outside premises, it may be difficult to adopt such procedures, in which case strict rules must be introduced, specified and observed. Particular attention must be paid to computers, disks, thumb-drives and other data storage devices. However in an age of smart phone techniques, massive amounts of data or pictorial materials can be transmitted, and companies risk their own versions of “wikileaks” every day of the year.

The only solution lies in effective security checks on employees upon hiring, and continuous follow-up throughout their careers. Corporate espionage is now a sophisticated profession in itself, and “moles” can be introduced into competitors, specifically to conduct internal spying activities. While not succumbing to paranoia about espionage, many companies are unnecessarily careless about leaving sensitive documentation and data in hard or soft versions around their offices, waiting to be copied or stolen.

Secure and safety areas

In the event of emergencies, offices and factories need to provide secure areas to which personnel can retreat in case of emergencies. Such events may include not only attacks and civil disorders but also fire, floods and earthquakes. A safe area should have special protection against fire and floods, with supplies of water, preserved food, flashlights and defensive weapons. There should be first aid kits, gas masks, protected ventilation systems and emergency tool kits. There should be communications equipment to link up with internal and outside sources of assistance. An office must accommodate all staff members in the safe area. For a factory, escape facilities are most important but adequate facilities must be available in a raised area to protect all workers from at least 3 metres depth of flash floods.

Emergency contact

Key staff members should have access to information on names, addresses, contact details, relatives and next-of-kin, including overseas contacts of expatriate staffers. Information on schools attended by children of staffers, work-places of spouses, and key medical information, including health conditions, blood groups and other vital information, should be listed. A “tree contact system” should be established, so that a large number of people can be contacted immediately, along with mass emailing.

Better safe than sorry

Although safety and security systems may seem burdensome, they are always necessary, however small the organisation. Emergencies can, and always do happen. Prevention is ideal, but preparedness is an essential fall-back.

---

Christopher F. Bruton, over 46 years in Thailand, is Executive Director of Dataconsult Ltd, a local consultancy. He can be reached at chris@dataconsult.co.th. Dataconsult’s Thailand Regional Forum provides meetings, seminars and extensive documentation to update business on present and future trends in Thailand and in the Mekong Region.