Maybe you’ve heard the saying, “human resource professionals wear multiple hats”. This phrase could not be truer today.
The world of an HR expert is constantly changing and evolving. Though HR executives are still strategic partners and change agents for the company, due to continuous workplace violence events they remain focused more than ever on employee safety and awareness. As HR specialists delve into the world of security, they are increasingly reaching out to their proprietary security partner for assistance.
As an HR professional, I find myself not only relying on security managers/consultants for general employee safety and security issues, but also security risks involving senior executives. I partnered with my colleague, John Leavey, Executive Director of Operations, on this blog to share with you my foremost security concerns from an HR perspective combined with key considerations and best practices from a security standpoint. Below is our list of the top 5 security concerns facing the HR community.
Concern #1: Senior Management Exits
How many times has an HR manager faced a sudden senior executive departure? This could be the result of a company decision to release the executive or perhaps they resigned unexpectedly. Either way, it is a scenario that is sensitive and requires assistance from the organization’s security representative as well.
Many companies have processes in place with regards to what to do if an executive resigns – notify senior management, Director of Security, Director of IT Security, etc. But what do we do next? What additional security steps should we take? Consider this checklist:
- Have you removed access to company facilities and interior locations?
- Have you obtained any electronic devices assigned to him/her?
- Have you disabled remote IT access capabilities?
- Is the individual an administrator for any online accounts or stand-alone systems? If so, have you taken away their access?
- Have you reviewed a full history report on all their file and document uploads within the last 30 days?
- Have you reviewed a full history report on their badge access, with attention to timing and locations, within the last 30 days?
The latter two bullets are useful in determining any unusual or unscrupulous activity by the executive prior to their giving notice. Companies need to be cautious and ensure no proprietary information was uploaded or removed physically during this period.
On the flip side, if the company decides to let a senior executive go, preparation should be made with the security department before the employee is notified. This is a very sensitive and highly confidential matter; therefore, it is recommended that the security representative be brought into the loop early to properly prepare a threat assessment. Through the security team’s partnership with HR, they can gain a better understanding of behavioral triggers for the executive and mitigate them early. Additionally, they can assist with standard tasks such as turning off building access and remote IT access as well as inconspicuously being in the area during the termination meeting. Once the executive is terminated, the senior security representative can assist in verifying the executive is out of the building to help ensure they depart the premises. Don’t let the “walk of shame” happen…proper planning can help to avoid the humiliation to shame to rage continuum. Keep in mind that the executive’s personal items can be boxed up discreetly after hours and mailed to the employee. Think this through, you have time for this.
Concern #2: Hiring of a New Senior Executive
Though the company and its HR staff believes they have found the right candidate, it is prudent to perform a proper background and due diligence investigation on the prospective candidate. We are talking about someone that you are providing the keys to the “kingdom”, so it is prudent to dig a bit deeper into an individual’s background. Play it safe. Your security partner can provide the necessary level of background screening and can do it discreetly. They can conduct a full criminal background in addition to searching for bankruptcies, financial issues, credit checks, and prior litigation. Look for any type of employment the candidate has had in the past, including consulting and self-employment. Check civil history, employment lengths/gaps, residences and verify all education, certifications, and employment. Finally, look for all social media activities, blogs, personal websites, organizational involvement, controversial activities, and interests. Don’t forget to also check conflicts of interest. Again, play it safe. It is worth it.
Concern #3: Protecting the Executive at Work and Home
In addition to the general employee population, every company should be concerned about the safety and security of their CEO and other key leadership personnel. Just think about it, in today’s tumultuous world, all individuals of high-net-worth, visibility or stature can become easy targets for those seeking notoriety or financial gain. Doesn’t it make more sense for HR managers to work closely with their security staff to help ensure the executive’s safety? Consider outsourcing to a third-party security consultant to assess their risk while thinking about the elements that impact the vulnerability of the executive. The consultant can analyze many of the factors that contribute to creating an environment that may mitigate the executive’s risk and thus determine the need for and size of an executive protection program. The recommendations will normally not dictate the need for close protection agents being assigned to an executive 24-hours a day, but create a program that incorporates all elements of protection based on current risks. A sample program should include various elements of administrative, physical, operational, and information security. Each of these elements build upon each other to create an atmosphere that is designed to afford protection in concentric circles.
Concern #4: Creating an Actionable Workplace Violence Program and Onboarding the Team
Organizational responsibility to mitigate the risk of workplace violence has taken a high priority in recent years. For most companies, the perception of these programs is the prevention of violence initiated by a former employee. However, by definition (provided by the U.S. Department of Labor), violence in the workplace can originate from both in and outside the organization.
The creation of an actionable workplace violence program is not only a suggested practice but one that is highly recommended. An employer’s failure to protect its employees cannot only impact company profit and reputation, but also greatly influence recruitment and retention if employees don’t feel safe. If an incident does occur, the long-term damage to the culture of the organization is, in some cases, insurmountable.
A wise HR professional knows that being proactive versus reactive is the best course to take with violence in the workplace and coordinating with the security department should be one of their first actions. Consider these measures:
- Establish a multi-disciplinary planning team to create a holistic workplace violence program that mirrors the American Society for Industrial Security (ASIS) and the Society for Human Resource Management (SHRM) workplace violence standards, including policies, procedures, and trainings that support assessment and management of the propensity for violence of each person of concern.
- Engage with threat assessment professionals either on retainer or on-call as professional consultants. Partnering with an expert in this field allows HR and/or senior management to consult as soon as a situation starts to develop. Establishing this type of relationship means they are already aware of the company, its culture and leadership approach.
- Change the mental approach of management to focus more on teaming towards prevention of violence through assessment and management rather than relying on reactive approaches such as increased uniformed security.
- Determine protocol for tracking trigger events for those persons that departed the company as potentially high-risk terminations. It’s important to develop an understanding that just because someone has left the company’s premises, doesn’t mean they are gone, as reported repeatedly in the headlines.
- Establish a protective intelligence program that facilitates the collection of all communications of concern impacting executive safety. Simple considerations such as identifying a person of interest in a distant city may seem irrelevant to the company’s headquarters unless your CEO travels to the same city as the person of concern. A properly designed protective intelligence program which focuses on internal intelligence, as well as social media and online/open source data, will function as the eyes and ears of any security program. It will also enhance overall organizational security and early recognition of problems.
Concern #5: Protecting Intellectual Property
Products and information are unique to their individual market and therefore should be properly protected as they are paramount to the success of the company. HR should work with the security team and senior leadership to help ensure safeguards surrounding the protection of intellectual property are put into place and adhered to. Relying entirely upon non-disclosure documents and non-compete agreements provide a false sense of security. Institutions must not only utilize these documents, but also conduct appropriate training on them so that employees are clear of the intent of the documents and able to ask questions. Lastly, an insider threat program is essential in today’s global market to safeguard proprietary secrets.
Kateryna Bender is the Chief Administrative Officer for AT-RISK International in which she oversees HR and financial business for the company. Ms. Bender is a member of the Society for Human Resources Management (SHRM). She currently serves as President-Elect for the Northern Virginia SHRM (NOVA SHRM) chapter.
John Leavey is the Executive Director of Operations for AT-RISK International. In this role, he directs all investigations, assessments, protective services, and specialized client requests. He has more than 30 years of security experience in the government and private sectors. Mr. Leavey served as Chief Security Officer for a global manufacturing firm and directed security operations in over 130 countries for a Fortune 50 organization.