Loose lips sink ships

June 2016 Editor's Choice, Security Services & Risk Management

For years I have refused to give prospective clients the names and details of any property that I have conducted a security risk assessment on, despite their insistent requests. Additionally, it must be realised, especially those projects dealing with security risk; that parties requesting such information in lieu of a proposal may not be honest in intent and could be using false pretences to simply fish for information whether it be in person, telephonically or online.

Andre Mundell, Alwinco.
Andre Mundell, Alwinco.

The names of my clients are also not placed anywhere on my sites or in any other publication or advertising media for that matter either. Trust me, I would love to share the names of some high-profile companies and individuals that I have been honoured to work for; but alas, the reason for not sharing is that that information will indicate that the client has had a security risk assessment conducted on their property and that they may or may not have addressed or remedied all the weaknesses within their security systems; the latter in itself creating risk. It also indicates they may have had some or other security issue, otherwise they would not have been knocking on my door. As already mentioned, those giving advice about security risk or the management thereof should actually know this.

This is why confidentiality in my business is top priority and I will never deviate from that to gain a new client or contract, even if it means losing one. Furthermore, is it fair or even ethical to make use of your clients’ risk for advertising purposes in this digital age? It is like using someone else’s tragedy or loss for one’s own gain.

What they know that we don’t

I recently received information from a criminal informant that supports what I have always thought and known to be true, but which also sheds more light and a different view on the importance of confidentiality. It further explains the modus operandi of the criminal in this regard.

This informant contacts me anonymously from time to time via a private number. Sometimes he refers to an article I have published, a speech I have given, a post I have shared or to my website as he has clearly been following me for a very long time. Other times he refers to what he has seen from other security companies or he simply gives me no reason at all as to why he may divulge certain information to me. I have never met him, but I do know that he is a seasoned and very clever, prosperous criminal who has been in the crime game for a very long time.

He manages and trains various organised groups. It needs to be remembered that these types of criminals have a finger in many pies and have created a booming, thriving business where an abundance of monies are made available through the sales of stolen vehicles right though to arms trade and then some. This requires a lot of brains, street savvy, organisational skills and leadership qualities. It also means that money is not a factor and on hand for whichever endeavour he invests in.

Many misjudge the criminal and believe he is uneducated but, looking at the actual planning that goes into an attack nowadays and what this informer told me, it is clear that the ability, the will and detailed organisational skills of the criminal are still largely miscalculated. Also a lot of money is spent to turn over a good profit.

These criminals will methodically browse the web looking for companies that provide security hardware, risk management advice, security guards or even health and safety education to glean information they can use to their advantage. The reality of this is that they do not only refer to security related sites to seek the necessary knowledge, but even companies that offer different services such as cleaning, air-conditioning, IT and network related services, building maintenance, construction, catering and a myriad of other possibilities that we cannot even begin to explain in full.

Again, there are more highly intelligent criminals out there than you realise.

An example

These security companies though, which we will refer to as X, Y and Z, proudly display on their websites clients A, B and C that they have given some form of security advice or assessment (or other) to so that prospective buyers will want to make use of their services. Not only do the potential clients see this, but also so do these structured, smart gangs. They actively seek these sites out for crime opportunities and from this they can get the details of clients A, B and C.

I have actually seen one company that has foolishly posted a picture of a security official at the client’s site with the entry way and the company logo in full view in the background. And this is published on Facebook for all and sundry to see.

Usually, newcomers in these criminal groups, wanting to show that they are worthy to join the group, or those that want to get promoted in rank are delegated to target one of these security companies’ clients. They see it as a challenge and an accomplishment to hit such an establishment and prove the security world wrong.

The informer said this type of advertising literally acts like a magnet. They enjoy cleverly defeating their adversaries. The irony of this is that the criminals who list these conquests are more favourably viewed by other lawbreakers and turn a bigger profit than the security companies do by naming their client base. In fact, the security companies are not accomplishing what they aimed to achieve in the first place but are rather, unknowingly, enabling the enemy by creating a foot in the door.

Information gathering

The criminals then go back to the sites of companies X, Y and Z and gather information about the staff; from the CEO, the managers to the sales team members and about the products or services that these companies have. A quick call to a salesman from X, Y and Z as a possible new client and potential sale results in a follow-up meeting where the salesman will provide them with his / her business card and more detailed info about their products, protocol or services.

The criminals will then have t-shirts printed or button-up shirts embroidered with company logos of X, Y and Z. New business cards will be cloned with fraudulent names to match the original they have. They call or pop in at the clients A, B or C to set-up an appointment for a week or two later and tell the client that the CEO, the director, the manager, the salesman or whoever from X, Y and Z (Piet, Jan or Koos) have asked that they report on the progress and satisfaction of the client in regards to security and risk management advice received. Due to the fact that these appointments are made well in advance or in person and namedropping is used, the client hardly ever calls the actual company or first contact to confirm this.

They start chatting with the staff at the client’s company on a regular and informal basis. Drivers, security officers, cleaners, maintenance staff and others are engaged in conversation with them to gain trust. They tell these employees that as they have conducted a risk assessment or provided security management advice at their workplace that they must be careful as they will also be assessed too; and this may place their jobs in jeopardy.

Trust is created as the employees feel these guys are helping them and with this familiarity they gain more information about protocols such as opening and closing, access control or how money is handled on site. With this gentle yet lengthy approach, they are thus able to formulate a good workable plan of attack to target that company. Security companies can agree here because how many times have your clients told you after an incident that it is suspected that the criminals knew too much and were privy to inside information.

In closing, although company X, Y and Z feel they are drawing in new business, they are also attracting the criminal element. By advertising and boasting about their clients, they are actually drawing a bull’s-eye directly on their clients’ back. Where the intention was to alleviate risk or supply good risk management advice by bragging about your client base and achievements, the risk is actually being increased by creating ample opportunity for the smarter criminal. They gain far more than you can imagine.

But, then again, someone dealing with risk or who has conducted a criminal investigation would naturally know this; right?

For more information, contact Alwinco, +27 (0)62 341 3419, andre@alwinco.co.za, www.alwinco.co.za


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

IRMSA launches Risk Report for 2020
Issue 2 2020 , Editor's Choice
The Institute of Risk Management South Africa (IRMSA) has launched its sixth annual risk report, the IRMSA Risk Report SOUTH AFRICA RISKS 2020.

Why is CCTV failing?
Issue 2 2020, Leaderware , Editor's Choice
It seems that a lot of the CCTV systems out there are largely for show, or to retrieve information afterwards.

Leaders in risk and security - To succeed in security: keep learning
Issue 2 2020 , Editor's Choice
Adriaan Bosch studied agriculture, became a sniper in the British Army, then entered the private security industry in South Africa and hasn’t looked back.

Redefining retail and the supply chain
Issue 2 2020 , Editor's Choice
Adriaan Bosch offers Hi-Tech Security Solutions readers eight trends that will redefine retail and supply chain security in 2020 and beyond.

The importance of effective SLAs
Issue 2 2020, Technews Publishing, ISF SFP , Editor's Choice
A successful security installation that delivers over the long term requires ongoing maintenance and a reliable service provider.

Education reduces cyber risks
Issue 2 2020 , Editor's Choice
Henk Olivier says the first step for small- and medium-sized businesses in their defence against cyber-attacks is education.

The impact of the COVID-19 virus on security
Issue 2 2020, Leaderware , Editor's Choice
The social and personal implications of the COVID-19 Corona virus has already had a devastating impact on countries, social institutions, communities, businesses and individuals.

Securex postponed to August 2020 due to COVID-19
Issue 2 2020 , Editor's Choice, News, Conferences & Events
Specialised Exhibitions has opted to reschedule its Securex South Africa, A-OSH Expo and Facilities Management Expo trade shows to 18 to 20 August 2020.

Axis gives a brighter future to children
Issue 1 2020, Axis Communications SA , Editor's Choice
Fully networked camera solution provides visibility and accountability, letting orphanage focus on what’s important – its children.

SFP Security & Fire becomes ISF SFP
Issue 1 2020, ISF SFP , Editor's Choice
SFP Security & Fire was sold to ISF in 2019, becoming ISF SFP and attaining Level-1 BEE status.