Late last year, Hi-Tech Security Solutions hosted an invitation-only breakfast event in Cape Town focused on the retail market in partnership with the Consumer Goods Council of South Africa (CGCSA). We decided to hold off on publishing the review until the March 2015 issue to include it in our annual retail feature.
The Retail Risk Breakfast Conference saw many of the retail executives from Cape Town and the surrounding areas attending to hear the latest security and risk related information about the retail industry. Once again, one of the draw cards was a presentation on the Protection of Personal Information Act (PoPI), and the impact it would have on the retail environment.
Held at the Protea Fire and Ice Hotel, the event was a great success with only standing room available. The breakfast was made possible by sponsorships from Elvey Security Technologies, VixNet, TecSec, Tyco Retail Solutions and Powell Tronics, each of whom had a tabletop display the attendees could view while they engaged with the sponsors and each other.
Retail security threats
Starting the morning’s presentations and setting the scene was the CGCSA Risk Initiative’s Dr Graham Wright. He highlighted the current reality in the retail market with respect to risk and security. His presentation was divided into three parts: the first examined the retail industry and its relevance in the national economy, he then looked at the realities of crime in this market and then at the challenges and potential solutions.
The retail industry as a whole (including wholesale, retail and motor trade markets) makes up about 14.8% of South Africa’s GDP – according to 2013 figures. The consumer goods industry alone makes up about 10.6% of the GDP and the businesses covered by the CGC Risk Initiative is just over 8% of the GDP. We are therefore dealing with a large market with significant revenues, and this is naturally a temptation for the criminally inclined.
The types of crime the industry faces include the issues we’re most familiar with, such as business robberies, truck hijacking, shoplifting and shrinkage, but also includes ATM attacks, counterfeiting, burglaries and so forth.
The sad reality is that retail crime is increasing, with Gauteng leading the way with the most robberies and the Western Cape in second place. The overall losses in 2014 (January to October figures) were over R122 million. The good news, however, is that those companies following the CGC Risk Initiative’s best practices in dealing with crime have found they are least affected.
The association’s retail anti-crime framework is working and helping to reduce crime in the various retail markets. Wright says that together, the organisations that make up the Risk Initiative have developed a systematic and systemic anti-crime approach that is delivering results. Naturally, the process is ongoing.
Wright notes the value proposition of the initiative is as follows:
• Leveraging the resources of the industry and CGCSA to deal with common crime threats and risks.
• Cost sharing, and benefiting from the existing resources and capabilities within the CGCSA.
• Effective engagement across the industry and with all stakeholders (especially the SAPS and the NPA) on critical matters, and dealing with complex issues which transcend organisational boundaries.
• Access to information on crime stats and comparisons, evidence management, linkages.
Securing the V&A Waterfront
Following the CGCSA, Deon Sloane, head of security at the V&A Waterfront delivered an insightful presentation dealing with how the Waterfront managed to secure its location to ensure it was safe for everyone to enjoy its various offerings.
The task of securing the waterfront was not an easy one. The location covers over 123 hectares (or 180 rugby fields), hosts over 450 retailers and 80 eateries, 10 hotels, offices and around 17 500 people work there every day (and it’s still growing). This means that these people need free access to the environment, yet it must be controlled. More importantly for these retailers is the need for customers to have free and unencumbered access to the facility – and approximately 23 million people visit the Waterfront each year. To add to the complexity, the Waterfront operates 24x7x365, so closing the doors at night is never an option.
In his efforts to design a workable security plan, Sloane highlights the need to form partnerships both within the organisation as well as externally. Internally the security team is in communications with retailers and business owners, as well as the Waterfront owners continually. The idea is to keep the channels of communication open, offer advice and to listen to what all the parties need.
Externally it is important to create a working relationship with the SAPS to ensure all parties work together to fight crime and to ensure any prosecutions are not hindered by overzealous ‘helpers’. Close communications and partnerships must also be formed with suppliers and the integrators and guarding company to ensure the ultimate performance of the security solution as a whole meets the needs of the Waterfront and everyone who has a stake in its success.
When designing the security plan, Sloane advises to first understand the destabilisers one must deal with. Depending on the environment, these can include:
• Stealing to survive (homeless/social economic factor).
• Financial gain (support substance abuse habits).
• Organised syndicates (high end stores/armed robberies).
• Just a 'runner' (card skimming).
• The risk as from within (staff and own security, forms part of a syndicate).
The solution Sloane and his team came up with after a thorough risk assessment includes a plan to minimise risks throughout the environment by outsourcing to a security service provider which provides the required guarding services. However, he cautions that while the service is outsourced, the responsibility and accountability is not and remains with the security team. He therefore employs a dedicated security team to manage the Waterfront security operations, supported by technology.
The goal of any security plan is to prevent risks from reaching the retail environment, a function he calls proactive deployment.
Given South Africa’s history, Sloane has also partnered with a field worker from The Haven Night Shelter to assist with helping homeless people. The programme the Waterfront participates in helps these people with their reintroduction back into society and/or relocation to be with their families.
There is naturally much more to securing the Waterfront and Sloane and his team are constantly reviewing their processes with an eye on better proactive deployment, which means a safer environment for all.
Popping retail’s bubble
Francis Cronjé followed the morning’s breakfast with an in-depth discussion in the PoPI Act and its impact on business in general and the retail industry. Cronjé is the founder and MD at franciscronje.com, and CEO at InfoSeal.
He gave a brief introduction to the act as well as the various pieces of legislation dealing with privacy. He also touched on the principles of King III and what that means to businesses. One important aspect of King III he mentioned was, “The board should ensure that all personal information is treated by the company as an important business asset and is identified.”
As far as PoPI is concerned, it has been enacted (in November 2013) and is awaiting the final commencement date and the appointment of the relevant personnel. Once it is in force, companies will have 12 months to get themselves compliant or face penalties. The act will affect how companies collect, record, process and store personal information – which includes data such as names, identity numbers, contact details and much more.
Not only does it prescribe how personal data is to be collected, it will also require someone in each company to be designated as the 'responsible person' and place limits on how information is shared and with whom. It will also be critical for companies to obtain the consent of the individual from whom they are collecting the information.
Cronjé highlighted eight core conditions PoPI will set in place and with which companies will have to comply:
• Processing limitation
• Specific purpose
• Further processing limitation
• Information quality
• Security safeguards
• Data subject participation
Interestingly for security operators and service providers, the PoPI conditions will impact physical security and the information that is captured and processes in what most people consider a normal daily function.
He then delved into some high-profile data breaches that occurred recently and the nagging question of whether retailers can use US-based cloud operators to store their data.
PoPI is far too complex to discuss in a short magazine article, or even in an hour-long presentation, but it is something retailers (and all businesses in South Africa) will need to gain an understanding of and find out how it applies to their business operations.
Xone’s Ian Downie delivered a presentation close to retailers’ hearts; it was all about cutting costs. Titled ‘Cutting Losses by Boxing Clever’, the presentation focused on how retail environments could maintain and improve their security by selecting the appropriate solutions and processes.
Downie started by talking about the effective utilisation of security staff and the importance of having a well equipped control room, operated by skilled staff. With the proper tools and training, fewer operators are required but they are able to be more effective.
He then spoke about offsite and onsite monitoring, noting the environments and tasks for which offsite monitoring is best suited. An important point made was that simply because a company opts for offsite monitoring, it does not mean the solution will be cheaper or better than onsite solutions. Effective offsite monitoring requires the same skills and tools, plus there is the added expense of communications technologies to consider.
He notes that onsite control rooms are better in the retail environment as first-tier solutions due to the complexity and volume of information and action required.
It is also critical to ensure that control rooms and operators are monitored, measured and guided continuously. This enables the company to implement a process of continual improvement, but you first need to know what is being done and how well it is working. Using modern technology, there are systems that can do amazing things without human intervention, but the operators need to know how to manage and control these systems, and how to use them effectively in the appropriate situations.
Training is also an ongoing process. The people in the control room need to know what to do in every situation and how to do it. When an event occurs, there is no time to ask a supervisor or to revert to the manual to find out the next steps.
Doing all of this and combining it with data and trend analysis will result in improved security across the board, and with measurable results.
The question of wireless jamming
VixNet’s Clinton Lemmer closed the presentations for the morning with insight into what wireless jamming is and how retailers can act to prevent this from becoming a problem in their environments. He explained that radio jamming is the (usually deliberate) transmission of radio signals that disrupt communications by decreasing the signal-to-noise ratio. This is not a new invention as it has been used for many years.
Understanding what jamming actually is, is important if retailers and others want to be able to effectively detect and counter these measures, whether it is used to break into cars or to disable store or warehouse alarms while the criminals help themselves to what is inside.
Jamming is not exclusively a criminal activity. The military and police forces use it in specific situations to control the communications in an operational area or to disrupt enemy communications. VIP protection units often use jamming to protect convoys from roadside bombs that are detonated remotely via, for example, a cellphone.
GPS jammers are also available to make vehicles untraceable. Once again this is important for VIP protection, but also for hijackers who want to escape with the goods and make sure no-one is tracking them.
Jammers are illegal in South Africa, except for the security forces and police, but these devices are easily available on the Web. Reputable dealers will refuse to sell one to South Africa because it is illegal, but there are many sites that will.
A new GPS jamming technique that may soon come into play is that of spoofing. In this scenario the criminals can spoof a fake GPS address, or broadcast real GPS coordinates that were captured at another location at another time.
Lemmer then looked at various scenarios showing how jamming can be detected or overcome in alarm, CCTV and vehicle jamming scenarios. The solutions are out there as long as users know what to look for. As in many instances in the security market, education is key.
Deon Sloane, V&A Waterfront Head Office, +27 (0)21 408 7777.
© Technews Publishing (Pty) Ltd | All Rights Reserved