Loose lips sink ships

June 2016 Editor's Choice, Security Services & Risk Management

For years I have refused to give prospective clients the names and details of any property that I have conducted a security risk assessment on, despite their insistent requests. Additionally, it must be realised, especially those projects dealing with security risk; that parties requesting such information in lieu of a proposal may not be honest in intent and could be using false pretences to simply fish for information whether it be in person, telephonically or online.

Andre Mundell, Alwinco.
Andre Mundell, Alwinco.

The names of my clients are also not placed anywhere on my sites or in any other publication or advertising media for that matter either. Trust me, I would love to share the names of some high-profile companies and individuals that I have been honoured to work for; but alas, the reason for not sharing is that that information will indicate that the client has had a security risk assessment conducted on their property and that they may or may not have addressed or remedied all the weaknesses within their security systems; the latter in itself creating risk. It also indicates they may have had some or other security issue, otherwise they would not have been knocking on my door. As already mentioned, those giving advice about security risk or the management thereof should actually know this.

This is why confidentiality in my business is top priority and I will never deviate from that to gain a new client or contract, even if it means losing one. Furthermore, is it fair or even ethical to make use of your clients’ risk for advertising purposes in this digital age? It is like using someone else’s tragedy or loss for one’s own gain.

What they know that we don’t

I recently received information from a criminal informant that supports what I have always thought and known to be true, but which also sheds more light and a different view on the importance of confidentiality. It further explains the modus operandi of the criminal in this regard.

This informant contacts me anonymously from time to time via a private number. Sometimes he refers to an article I have published, a speech I have given, a post I have shared or to my website as he has clearly been following me for a very long time. Other times he refers to what he has seen from other security companies or he simply gives me no reason at all as to why he may divulge certain information to me. I have never met him, but I do know that he is a seasoned and very clever, prosperous criminal who has been in the crime game for a very long time.

He manages and trains various organised groups. It needs to be remembered that these types of criminals have a finger in many pies and have created a booming, thriving business where an abundance of monies are made available through the sales of stolen vehicles right though to arms trade and then some. This requires a lot of brains, street savvy, organisational skills and leadership qualities. It also means that money is not a factor and on hand for whichever endeavour he invests in.

Many misjudge the criminal and believe he is uneducated but, looking at the actual planning that goes into an attack nowadays and what this informer told me, it is clear that the ability, the will and detailed organisational skills of the criminal are still largely miscalculated. Also a lot of money is spent to turn over a good profit.

These criminals will methodically browse the web looking for companies that provide security hardware, risk management advice, security guards or even health and safety education to glean information they can use to their advantage. The reality of this is that they do not only refer to security related sites to seek the necessary knowledge, but even companies that offer different services such as cleaning, air-conditioning, IT and network related services, building maintenance, construction, catering and a myriad of other possibilities that we cannot even begin to explain in full.

Again, there are more highly intelligent criminals out there than you realise.

An example

These security companies though, which we will refer to as X, Y and Z, proudly display on their websites clients A, B and C that they have given some form of security advice or assessment (or other) to so that prospective buyers will want to make use of their services. Not only do the potential clients see this, but also so do these structured, smart gangs. They actively seek these sites out for crime opportunities and from this they can get the details of clients A, B and C.

I have actually seen one company that has foolishly posted a picture of a security official at the client’s site with the entry way and the company logo in full view in the background. And this is published on Facebook for all and sundry to see.

Usually, newcomers in these criminal groups, wanting to show that they are worthy to join the group, or those that want to get promoted in rank are delegated to target one of these security companies’ clients. They see it as a challenge and an accomplishment to hit such an establishment and prove the security world wrong.

The informer said this type of advertising literally acts like a magnet. They enjoy cleverly defeating their adversaries. The irony of this is that the criminals who list these conquests are more favourably viewed by other lawbreakers and turn a bigger profit than the security companies do by naming their client base. In fact, the security companies are not accomplishing what they aimed to achieve in the first place but are rather, unknowingly, enabling the enemy by creating a foot in the door.

Information gathering

The criminals then go back to the sites of companies X, Y and Z and gather information about the staff; from the CEO, the managers to the sales team members and about the products or services that these companies have. A quick call to a salesman from X, Y and Z as a possible new client and potential sale results in a follow-up meeting where the salesman will provide them with his / her business card and more detailed info about their products, protocol or services.

The criminals will then have t-shirts printed or button-up shirts embroidered with company logos of X, Y and Z. New business cards will be cloned with fraudulent names to match the original they have. They call or pop in at the clients A, B or C to set-up an appointment for a week or two later and tell the client that the CEO, the director, the manager, the salesman or whoever from X, Y and Z (Piet, Jan or Koos) have asked that they report on the progress and satisfaction of the client in regards to security and risk management advice received. Due to the fact that these appointments are made well in advance or in person and namedropping is used, the client hardly ever calls the actual company or first contact to confirm this.

They start chatting with the staff at the client’s company on a regular and informal basis. Drivers, security officers, cleaners, maintenance staff and others are engaged in conversation with them to gain trust. They tell these employees that as they have conducted a risk assessment or provided security management advice at their workplace that they must be careful as they will also be assessed too; and this may place their jobs in jeopardy.

Trust is created as the employees feel these guys are helping them and with this familiarity they gain more information about protocols such as opening and closing, access control or how money is handled on site. With this gentle yet lengthy approach, they are thus able to formulate a good workable plan of attack to target that company. Security companies can agree here because how many times have your clients told you after an incident that it is suspected that the criminals knew too much and were privy to inside information.

In closing, although company X, Y and Z feel they are drawing in new business, they are also attracting the criminal element. By advertising and boasting about their clients, they are actually drawing a bull’s-eye directly on their clients’ back. Where the intention was to alleviate risk or supply good risk management advice by bragging about your client base and achievements, the risk is actually being increased by creating ample opportunity for the smarter criminal. They gain far more than you can imagine.

But, then again, someone dealing with risk or who has conducted a criminal investigation would naturally know this; right?

For more information, contact Alwinco, +27 (0)62 341 3419, andre@alwinco.co.za, www.alwinco.co.za


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

FleetDomain underpins Afrirent’s value proposition
Logistics (Industry) Security Services & Risk Management
Afrirent, a 100% female black-owned fleet management company, has been relying on FleetDomain software for a number of years to help it deliver outstanding service to a growing number of clients.

Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Technology is key to securing physical and cybersecurity
Education (Industry) Security Services & Risk Management
The interpretation of security in educational institutions depends on whom you are talking to and whether their focus is on the physical security of the institution, its assets and its people, or its information and communication technology perspective.

Recession? Do not skimp on cybersecurity
Cyber Security Security Services & Risk Management
While economists are studying their crystal balls, businesses have to prepare for the worst, and preparing for a recession means cutting costs and refocusing resources; however, they must ensure they do not end up creating an enormous risk.

Top seven trends for the security industry
Hikvision South Africa Editor's Choice
Expect security systems to become even more deeply integrated and comprehensive, expanding with capabilities that are now shouldering tasks that are more intelligent, to improve efficiency in security as well as other operational functions.

AI’s take on physical security trends
Technews Publishing Editor's Choice
In Issue 1 every year, Hi-Tech Security Solutions looks at expected trends in the security industry, incorporating views from different sources. This year is no different, except we have a new contributor, ChatGPT from OpenAI.

Developing an effective CCTV control room culture
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
Organisational culture in organisations can be seen as the set of values, practices, focus, standards and behaviours, and ways of interacting with others that are accepted and subscribed to by the people who work there.