In this blog, we introduce the four foundational elements of protection for high net worth individuals and families: Physical security, Technology, People and Procedures.
Our goal is to provide an overview of these four main elements, not an exhaustive description of each. Rather, we hope to point to how the various components of protective security are interrelated, and that by better understanding how these components work with and impact each other, families will be better able to achieve the kind of protective security that best fits their lifestyle preferences.
The four protective pillars provide a stable protective platform – as long as they are integrated in a balanced way.
Effective security depends on striking the optimal balance between people, procedures and technology and physical security. Compartmentalization and over-reliance on one element – to the detriment of another – creates imbalance and the potential for protective failure.
In our experience, technology is what people rely on most, with little consideration for the other three legs of a balanced platform. Standard alarm systems, for example, can be a general deterrent against less experienced burglars, and they do little to hinder a determined hostile. Similarly, a sophisticated alarm system that is not supported by well-trained personnel employing proven operating procedures is also of questionable value. Even if the alarm does go off, if emergency response takes 10 minutes or more, an intruder could gain entrance, commit his crime, and be off again. Likewise, high-definition CCTV cameras might capture excellent images of masked intruders, but such videos do not mitigate the risk of intrusion if no one is watching the monitor and prepared to react and intervene.
Careful coordination of all four elements, on the other hand, enables security that is both effective and in alignment with how family members want to live their lives.
Technology and physical security
Technology alerts us to a security issue or helps with follow up investigations. Physical security creates time and distance between a hostile and the family, and limits the damage caused should an attack occur. The two have separate purposes and are used differently. They also require different skill sets, people and procedures.
Homes are different than corporate campuses. We want them to be secure without feeling like fortresses or, even worse, prisons. Most families thus refuse technological and physical security commonly used in office and factory buildings. Barbed wire fences, turnstiles, metal detectors and biometric devices might be fine if that’s what security requires at work – but not at home. Such trappings of corporate security are nothing most families want to expose their children, friends or neighbors to.
Below, we’ll take a quick look at the three layers of physical security and some of the most commonly used technology to protect each level. Our goal here is not to recommend who should have what kind of physical security. This can only be done case-by-case and based on a good RTVA. Rather, we hope to provide an overview of the most common technological building blocks and how they are integrated in layers of physical security.
The perimeter around the property:
Barriers around the property such as fences and walls; could also be natural landscape features
Access control to the property such as gates, driveways and bollards
Lights that illuminate critical areas
Intrusion detection sensors, including photoelectric, ultrasonic, infrared, etc., that alert the presence of people around the property’s perimeter
Closed circuit TV (CCTV) with smart analytic software that provides live and taped feeds of perimeter areas
The shell of the house:
Barriers to the outside such as walls, windows and doors – all of which can be standard design or “hardened” to provide enhanced protection from break-ins or ballistics
Access control in the form of robust locks for windows and doors or bars on windows
Lights
Intrusion detection sensors, including photoelectric, ultrasonic, infrared, etc., that alert the presence of people around the house
Closed circuit TV (CCTV) with smart analytic software that provides live and taped feeds of perimeter areas
The cell within the house – rooms and other interior spaces:
Barriers between areas of the house such as secure doors
Safe rooms with reinforced doors and walls, communication equipment to call for help, first aid, etc.
Intrusion detection sensors, including photoelectric, ultrasonic, infrared, etc., that alert the presence of people within the house
Closed circuit TV (CCTV) that provide live and taped feeds of the house’s interior areas
Backup power: Much of the technology used for protection depends on electricity to function. Backup power is a must in case of power outages due to natural causes or perpetrated by hostiles.
The interplay between technology, the three layers of physical security and personal preferences
When families and their specialist security partners appreciate the relationships and interdependencies between architecture, technology and physical security they are more likely to design solutions that maximize security and minimize hassles. Aesthetic and lifestyle preferences should play a key role here, too.
This starts with understanding the interdependencies and overlaps between technology and the three levels of physical security outlined above: perimeter, shell and cell. All three are critical to security, and any of the three can be designed to be more or less “hard” depending on the strength of the other two. The overlaps between the three layers can strengthen overall security; conversely, gaps between the layers – at points where they meet and interact – can prove to be a security system’s weakest points.
A residence which is secure by design is precisely that. Security by design often reduces the need for security staff, saves a lot of money in the medium and long terms – and is usually much more aesthetically pleasing.
If a home’s boundaries are completely impregnable, for example, then its shell needn’t be. An unassailable property perimeter might work fine if you’re defending a military base but would not be appropriate in a suburban neighborhood. Even the White House, arguably one of the best protected residences on the planet, guards it perimeter with a fence that has been scaled many times by intruders. The U.S. government obviously has the means to erect a barrier that would stop anyone in his tracks; but aesthetic, historical and cultural values dictate a less imposing impediment so the Secret Service depends on additional protective means in the form of technology, other physical security measures, trained people and proven procedures.
When designers and specialist security partners work closely together early in the design process they create solutions better suited to the family’s aesthetic and lifestyle preferences. For example, walls and lighting can appear as attractive architectural expressions rather than unsightly afterthoughts. Families that like to greet guests at the door rather than through a CCTV system can install glass doors (highly secure and bullet-proof – without looking it) so they can see who’s knocking without exposing themselves to risk.
The human element of protective security: People
The most important factor in effective security is people, period. Security would be simple if you could just buy some tech gear, program it according to a smart algorithm and let it run, but security depends on people, with all our brilliant advantages and frustrating drawbacks included.
When protective security succeeds in foiling an attack by a determined hostile it’s because people did the right things in the right way at the right time. Conversely, responsibility for failures is ultimately always assigned to one or more persons – not to a failed piece of tech or a faulty procedural playbook. It’s always up to people to spec and test the tech; whether teams develop and follow effective preventative and emergency procedures also depends on people.
Family offices should consider the importance of people in a least three ways when it comes to protective security.
1. Make sure the people responsible for organizing protective security have relevant, proven experience and expertise
Evaluating the expertise of specialists in a domain that is not your own can be difficult if not impossible. Protective security is definitely such a domain for most high net worth individuals and families. So how can family offices find the people they will entrust with planning and implementing personal security?
In our experience there are two main methods, each at its own end of the spectrum, and lots of variations in between. We’ll let you decide which one works best for you.
The “I got a guy” method: Let’s be honest – this is how a lot of things get done everywhere. You have a leaky sink and you go through your internal Rolodex until you recall your neighbor’s cousin is a plumber and he’s the first one you call. Or maybe your Rolodex comes up blank so you call your neighbor and ask for a tip. Why?
First, because it’s quick and easy. Second, because you may have met him before and he seemed like a decent guy. Third, he might cut you a deal, or will at least be unlikely to cheat you because he’s connected to your network.
That’s all great, but there’s not much due diligence or best-practice procurement procedure about it. Maybe there doesn’t need to be, either, for a leaky sink, but when it comes to security, the “guy” might be an ex-law enforcement officer, military veteran, government employee or executive protection agent. They might have all kinds of security experience, but no specific expertise working with families in residential or close protection.
Solicit trusted opinions, research the market, benchmark and get some bids: At the other end of the spectrum lies another approach. This, too, entails reaching out to others for counsel. Instead of taking the first and best opinions, it starts with some benchmarking questions.
Who are the specialist partners that provide security services to comparable organizations or family offices? How do they organize security? Whom do the people you trust recommend?
Once you’ve boiled down the universe of possible partners to a handful then it’s time to request some proposals. We’ll dig into this process in a later blog and provide some tips on how to distinguish between those who take a risk-based approach to protective security and those who apply simpler methods.
2. Demand transparent and reliable recruitment procedures for all security staff
In a system that is only as strong as its weakest link, its vitally important to hire trustworthy people with the right credentials. Here, two issues arise.
Competencies, training and qualifications: The folks you found in the previous step – the experienced experts who will help you organize your protective security program – will be the ones to help you determine program staffing requirements.
Actual qualifications and competencies will depend on what kind of program and staff you require. We will dig into the details of this in a later blog, but family offices should demand full transparency into how staff vetting takes place and understand the importance of relevant training.
It is tempting to be impressed by security agents who boast advanced proficiency in everything from martial arts to underwater knife-fighting. The most important training for security team members concerns preventative, day-to-day activities and procedures for risks that are probable and critical.
If we have procedures for responding to a fire, for example, do agents have the training to use the extinguishers on property, to when to use them and when to leave things to the local fire department?
The idea of continually improving the team’s training level, and everyone being trained in everything, is good, but this only makes sense after everyone intimately understands the procedures they need to know to prevent and react to possible emergencies.
Trust: You need trustworthy men and women on the security team, but how do you know whom to trust? At the outset, thorough vetting and background checks are the minimum. Psychological tests and polygraphs can also be used depending on need and jurisdiction.
As programs continue to evolve, ongoing background checks are often a good idea. You want to know if a current staff member has stepped out of agreed bounds while not on the job – for example if a security driver has any new traffic violations.
3. Require ongoing quality assurance and improvement programs for key people
It’s the responsibility of security teams to make sure nothing happens to the principal. Fortunately, nothing usually happens.
Does this mean the security team is doing a good job following predefined procedures or are they just lucky? Are procedures and skills up to date and stress-tested? Are team members calmly competent or inexcusably complacent? How can you ever know?
Quality assurance programs are the only way managers have a chance to evaluate team preparedness. Such programs include SOP reviews, announced and unannounced audits, red teaming and stakeholder feedback. Ongoing training is also an important component of team readiness. Some skills are perishable and need to be refreshed on a regular basis if they are to be relied upon.
Reliable procedures bind people and physical deterrents together
The fourth protective pillar concerns procedures: the protocols, processes and established ways of doing things that bind together skilled people and effective physical deterrents to provide consistently effective security. Procedures are divided into two categories:
Routine procedures are the day-to-day preventative activities the team conducts to identify a potential offender as early and as far from the family as possible. These procedures should be designed to negate critical and probable threats, and should not hinder the family’s daily activities or the home’s normal comings and goings.
Emergency or crisis procedures are designed to stop an imminent or occurring hostile act at the earliest possible stage and as far as possible from the family. When called for, these procedures take priority over routine procedures, containing threats and limiting damage as quickly and decisively as possible.
All security teams should develop and maintain sets of standard operating procedures (SOPs) and key performance indicators (KPIs) for routine and emergency processes. While we expect that all business people will be familiar with the concepts, we will below highlight some of the reasons that clear, actionable SOPs and KPIs are so critical to security work.
Focus and accountability: It’s no surprise that people perform best when they know what is expected of them. What is startling is that so many employees are in doubt. A recent Gallup survey found that only half of worldwide respondents strongly agreed that they knew what was expected of them at work.
There is no room for such doubts on security teams. Everyone must know exactly what he or she should be doing – along with when things are to be done, how they should be done and where they need to happen. You want security people who can think, but you don’t want them getting creative with SOPs unless these are under review – never on a daily basis.
Reduced learning curve: Good SOPs make it easier for security team members to learn their jobs. We don’t ask residential agents to learn every aspect of residential security on day one. We train them to be 100% effective at the specific tasks they are assigned – and follow the associated SOPs closely. It’s thus possible to get agents up to speed quickly so that they can perform their part of the overall security reliably and consistently – and then learn how to perform other parts.
Substitutability and continuity: Good SOPs ensure continuity since everyone can rely on everyone else to do as prescribed and expected. This is absolutely critical in security work, where a weak link in the protective chain can lead not just to lower productivity, but to mission failure. SOPs also enhance substitutability so that team members can take on a variety of different roles.
Quality control, audits and performance reviews: Finally, it’s important to remember that SOPs and KPIs can be used to prescribe as well as evaluate performance. Prescriptively, they stipulate what is to be done. For evaluation purposes the same SOPs and KPIs can be used to assess the health of the protective program overall, understand how individual team members are performing, check whether our own processes are effective, and where not, fix them.
Quality control and auditing aim to identify where people and procedures require improvement. It’s not so much a question of “finding the bad apple” as it is a preventative measure to expose gaps in our own processes, including recruitment, training, procedures, suitability of equipment, use of equipment, integrity, etc. Quality control and auditing must be followed up with corrective action to ensure that lessons learned are implemented, thus ensuring a constantly improving state of readiness.
Comments