How the private sector is preparing to respond to civil unrest in U.S.

Oct. 31, 2024
Security directors question whether risk protocols established a decade ago are adequate for today's threat environment.

Recent warnings from new media, security industry associations, and law enforcement agencies warning of the potential for civil unrest and other violence related to the upcoming US elections has building owners, school administrators, healthcare leaders, corporate executives, business owners, and board members of condo and homeowners associations questioning whether the security measures they have used for years or decades are still sufficient to protect their property in light of the changing threat environment.

In these unprecedented times, is your business prepared to deal with the changing landscape of potential crises where business owners may need to contend with increasingly volatile situations due to social unrest? As with almost all elements of an organization’s security program, an organization’s level of preparedness and mitigation for civil disturbances must be predicated on the organization’s unique risk exposure to them. A hospital, corporate office, or high-rise condominium located downtown in a major city necessarily requires a higher level of preparedness for this type of event than does a rural K-12 school district or an oil refinery on Alaska’s North Slope. 

Security is a situational discipline, and the organization must adjust the mitigation measures its security program uses to the risks that are presented by the organization’s location, business, asset types, and customer and employee demographics. These risks can vary drastically even for businesses that outwardly appear remarkably similar. Risks faced by a healthcare organization with a hospital in a bustling downtown area of a major city are vastly different than those faced by a hospital in a small town in the rural Midwest. Those faced by an upscale retirement community are very different than those of a public housing project, or those of an apartment complex located across the street from the football stadium on the campus of a major university.

Using ESRM as a Proactive Risk Mitigation Tool

An Enterprise Security Risk Management (ESRM) Framework is essential to the development of an effective and efficient security program. In ESRM we must first identify an organization’s assets, then what “threat actors” present a reasonable threat to those assets, the likelihood that these threats will impact the asset, and the impact to the organization if they do. We then develop measures to reduce either the likelihood or the impact of the threat if it occurs, and periodically reassess the effectiveness of our mitigation measures.

Security is a situational discipline, and the organization must adjust the mitigation measures its security program uses to the risks that are presented by the organization’s location, business, asset types, and customer and employee demographics.

Once the risks faced by an organization are understood, a security program is tasked with developing relevant mitigation measures or program elements to reasonably reduce the risk of these crimes occurring, the frequency at which they occur, or their impact if they do occur.

Here are a few simple things to take into consideration when considering appropriate mitigation measures for response to threats posed by civil unrest that may impact your business.

  • Is there a clear process and designation of who can make the decision to close the business and send employees home before the disturbance makes that impossible, and what factors should go into making that decision? Does your plan account for road closures, public transportation disruptions, power outages, National Guard checkpoints?
  • Does your organization engage in active open source intelligence (OSINT) monitoring? This can be as simple as monitoring social media and local news sources that can alert you to potential disturbances that may impact your operations, or can be more complex involving qualified Intelligence Analysts using sophisticated tools and filtering information from their networks of contacts in both the private and public sectors, or somewhere in between.
  • Do you have an effective emergency communications system in place that will allow you to notify staff, and for schools students, to stay home from facilities that you expect to be impacted, or if they are already at your facilities when it is safe to leave and what routes are safe for them to take to get home?
  • If only some of your locations are in areas where there is a significant risk of civil unrest, do you understand the impact on the rest of your business if they are forced to close early or cannot function for several days? Do you need redundant operations to reduce the likelihood of a disruption at one location impacting the operations of the entire company?
  • Do you have a method to quickly and securely lock your exterior doors if the situation outside becomes untenable, or do you rely on staff or a Security Officer to go around your building using a physical key to lock each door? While this may be workable in some instances, in others the number of doors or other things that your Security may be engaged in at the time may makes this impractical.
  • Do you understand how your local police will respond to a civil disturbance? Are their instructions likely to be stand down and only intervene in cases of potential loss of life allowing destruction of property to go unchecked, or will they react with force and potentially escalate and prolong the situation? While their plans may be dictated by the situation, having some idea of how they may react can inform your preparations.
  • Do you have uniformed Security Officers on your property? If so, what instructions have they been given for interacting with rioters, and are they able to differentiate between rioters who are posing a danger to your property and peaceful protestors who may be temporarily disturbing your operations as they pass through but do not pose a danger? With current levels of anti-police sentiment, a Security Officer in a “police style” uniform can unintentionally escalate a situation very easily.
  • If you do have Security personnel, what direction have they been given regarding use of force to stop property damage? Are they armed with firearms or less lethal weapons, and if so when are they allowed to engage rather than retreat?
  • Are your business’ surveillance cameras located so that you can view what is occurring on the streets outside of your establishment or campus without having to peak out a window or open a door? If so, are they appropriately protected by being placed where they are not easily reached and/or installed in a vandal resistant housing to prevent them from being destroyed or disabled?
  • If your building has glass storefront windows or doors at street level, are these constructed of laminate glass or treated with a security film to prevent them from being broken out of their frames? If not, are there options for you to alter the environment outside of the window to restrict the ability of a person to stand in a position that would allow them the leverage to swing an object with any force at the window?
  • Is the potential for civil disturbance great enough to consider installing steel security shutters or bars on the inside or outside of the window? If your municipality does not allow these, does it make sense for you to have pre-cut fire-resistant plywood on hand to board up windows quickly?
  • Does your staff know what should be done with any property outside your building in the case of a civil disturbance? Should it be left to be damaged or destroyed? If not, do you have a place where it can be moved to quickly? Does outdoor dining furniture, clothing racks, or other items owned by your business make a readily available tool for breaking windows, forcing open doors, or assaulting police officers?

Note: Thanks to Cosecure and Drew Neckar for permission to share this article. For more, click here.

Related Civil Unrest content from SIW

(Image courtesy Ruben Ramos/bigstockphoto.com)
While the vast majority of protests in and around federal buildings has been lawful, violence by anti-government and anti-authority demonstrators has ramped up significantly over the past year.
Security Executives

Civil unrest poses unprecedented threat to federal facilities

Federal officials reflect on the violence experienced at government building over the last year during annual SIA GovSummit
(Image courtesy demerzel21/bigstockphoto.com)
Last summer's outbreak of civil unrest across the country in the wake of the death of George Floyd has forced many organizations to rethink their risk mitigation strategies.
Security Executives

Corporate risk strategies shift as civil unrest rises

Control Risks’ Allison Wood discusses the impact last summer’s protest have had on the business security landscape
About the Author

Drew Neckar CPP, CHPA | Principal Consultant leading the healthcare vertical, among other areas, for the global physical and information security practice at COSECURE.

Drew Neckar CPP, CHPA has nearly thirty years’ experience in the safety and security field. He has served as the senior most security executive (CSO) for healthcare, financial services, education, and hospitality organizations and as a Regional Security Director for Mayo Clinic. He has presented on various security-related topics at regional and national conferences and has been published in multiple professional journals. Drew is board certified as a Certified Healthcare Protection Administrator (CHPA) by the International Association or Healthcare Safety and Security, a Certified CPTED Specialist by the American Crime Prevention Institute, a Certified Protection Professional (CPP) by ASIS International and serves on that organization’s Healthcare Security and School Security Councils. Drew owned and operated Security Advisors Consulting Group a full-service security consulting firm and serves as the Vice President of Operations for Security Management Services International Inc. However, when SACG joined forces with COSECURE Enterprise Risk Solutions, Drew assumed the role of Principal Consultant leading the healthcare vertical, among other areas, for the global physical and information security practice at COSECURE.