Surviving the new norm

February 2019 Editor's Choice, Integrated Solutions, Conferences & Events, Training & Education

In September 2018, the Campus Protection Society of Southern Africa (Camprosa) held its annual conference at the Spier wine farm in the Western Cape. Set in this beautiful environment, people responsible for campus security in tertiary education gathered to learn and network, dealing with the various issues security operators have faced and are facing on campuses across South Africa and further abroad.

The event was also a farewell to some of the longstanding members of the executive committee. John Tunstall announced he was retiring after many years as executive secretary for the organisation, years in which he was responsible for organising the smooth running of the conference, among other responsibilities. In addition, the then president of Camprosa, Derek Huebsch announced his retirement and that he would step down from his position at NMU in Dec 2019, although he will still be actively involved in Camprosa as he will be taking over the role of executive secretary in 2019. Ahmed (Des) Ayob from NWU will take over the role of president in Jan 2019.

The conference was once again facilitated by Ken Annandale who not only kept the conference on track, but also led a number of attendees on a fire walk. One of Annandale’s first tasks in opening the conference was to thank the attendees and speakers for taking the time to be at the conference, and also to thank this year’s sponsors who made it all possible and kept everyone well fed.

The sponsors of the conference and the various events held as part of the experience included:

• Afrisec Strategic Solutions,

• CardWorx ID Solutions,

• Chase Solutions,

• FS Systems,

• Impro Technologies,

• Omega Risk Solutions,

• Powell Tronics,

• Pro-Events Security,

• SALTO Systems,

• Securitas, and

• Stallion Security.

The 2018 conference was targeted at helping security operators come to terms with the new rules governing campus security (such as the ‘no outsourcing’ policy following the previous year’s protests), as well as other issues that were not always part of the traditional security portfolio.

With the introductions out of the way, Annandale introduced the first presentation and first international speaker, Trevor Jones.

A global security issue

Trevor Jones, was the vice chair of AUCSO (The Association of University Chief Security Officers) from 2014 to 2018, when he assumed his current role as chair. AUCSO is an organisation for security professionals working in higher and further education in the UK and Europe.

Jones started his career with HM Prison Service in 1984 and gained experience in various establishments across the UK, focusing on searching, standards, control rooms and leading ‘Tornado’ teams into riot situations. He was instrumental in developing security modules now delivered across national training colleges. Jones also drives the Emergency Management Programme and is operational lead for the ‘Prevent Strategy’.

He joined the University of Salford in 2010 and has revolutionised its security operations. By implementing a state-of-the-art control system, blue beam technology and making other changes, crime has been reduced by 92% since he started at the university – statistics which speak for themselves.

Jones started his keynote by noting that all educational institutions are faced with crime and violence and this is not something unique to South Africa. The motives and actions of people may vary, but he said campus security operators must all be prepared to deal with crime and violence on a small or large scale. The school shootings we so often hear about in the US are an example.

Unfortunate events such as these must be used as a learning platform for security operators, ensuring they have the equipment and processes to deal with unexpected events in the future. He suggested Camprosa implement a process of members carrying out security reviews for each other to allow everyone’s experience to be more broadly applied in the goal of safer campuses.

Jones believes that security leaders should be a part of the broader security sectors and as such must have access to the relevant government officials and decision makers. In addition, they need to play a decisive role in developing trust between all the role players: staff, students, government and the public.

Threat assessment and management

Following Jones, Dr Gérard Labuschagne from L&S Threat Management delivered a presentation on how using threat assessment and management (TAM) techniques in tertiary institutions is not only a good idea, but essential in the volatile world we live in. Labuschagne is a clinical psychologist, criminologist as well as an advocate, and has many years’ experience in dealing with crime and criminals, both in South Africa and abroad.

The primary message in Labuschagne’s talk was that early identification and intervention is necessary and can be achieved through TAM. They key to the situation is that organisations must have a system in place for dealing with ‘concerning behaviour’: addressing the problem and monitoring it.

Some of the requirements for an effective TAM process includes raising the awareness among staff, students and others as to what should be reported, to whom it should be reported and what will happen once it is reported. There is nothing as demotivating and dangerous as allowing people to report issues only to have them ignored until something bad happens. Naturally, there should also be 24x7 reporting mechanisms people can use, anonymously if required. These can include websites, a 24-hour number to call, mobile apps and so forth.

And while many buy into the myth that people ‘just snap’ and embark on violence or unacceptable behaviours, Labuschagne says the truth is the opposite: there are very often warning signs long before the person goes down the road of causing irreversible damage.

Real world example

He used the 2007 shooting at Virginia Tech in the US as an example. According to many, the perpetrator snapped and went on a shooting spree. The reality is there were years of warnings before the event which left 32 dead and 17 wounded. The perpetrator started at Virginia Tech in 2003 and was immediately ‘different’ and could not make friends.

In 2005 he produced some material that was distressing to students and staff. He also was known for taking pictures of female students under their desks and one professor even threatening to resign because of his behaviour. He was sent for counselling, but only went once and nobody reported that he didn’t arrive for additional (mandatory) sessions.

In November and December of the same year two female students contacted campus police to complain about him. In the subsequent investigation he threatened to kill himself and was taken for a psychological evaluation, kept for 72 hours and released as an outpatient. Nobody followed up to determine if he continued treatment.

In 2006, writing assignments he handed in further alienated him from everyone.

In February 2007 he bought a Walther P22 and called gun shops to enquire about a Glock 19, eventually purchasing one while also being seen practising ‘combat shooting’ at gun ranges. He also purchased bullets and magazines for his weapons.

In April he bought locks and chains, a knife and a bullet proof vest. On the 15th April he sent a ‘critical letter’ to the English department. On the 16th he shot two people at his residence, went to the post office at 09:00 to send off his video manifesto, and started his killing spree at 09:43.

Labuschagne said this individual showed all the signs of someone who needed help, but the educational organisation had no policy to facilitate this – such as making sure he went to the counselling sessions. He adds that 80% of these incidents are identifiable in advance and can be prevented if the right policies and processes are in place.

A workplace and a business

A university is a workplace and a business, Labuschagne noted, but unlike other businesses where the interaction with clients is often short, in the education environment the students spend a large portion of their days interacting with the university and peers – for years. The same issues that play out wherever there are people will also happen in the education environment and we must all be aware of the warning signs and have a mechanism to report them; there must also be a mechanism for the security team to gather information, assess the threat and take the necessary action and monitor the individual or situation afterwards.

Labuschagne gave other examples of less extreme situations in which a TAM programme could prevent potentially serious repercussions. The goal is to prevent staff and students from being abused, intimidated, assaulted or killed by proactively managing the situation.

The reality is that the problem is already on your campus, you just don’t know about it. Detecting problems at an early stage and intervening is far more effective than dealing with the aftermath – and security technology, guard patrols and even the police force will be of little help in situations like this since they can’t act in a traditional manner until the suspect does something. If TAM processes are done correctly, a crime can be prevented, not investigated after the fact.

This review is only a portion of the presentation Labuschagne delivered, find out more at www.threatsa.co.za

Surviving the new norm

The panel discussion at the Camprosa conference is aimed at providing some insights ‘from the coalface’ as it pertains to security on campus. This year’s panel was no different and the panellists engaged with each other and the audience on a number of issues raised, either from the stage or by attendees. The panellists in the hot seats were:

• Ms. Fundiswa Sotenjwa acting director: student support and sector liaison, Department of Higher Education for Universities,

• Professor Ahmed Bawa, CEO, Universities South Africa (USAf),

• Professor W. De Villiers, V.C., University of Stellenbosch,

• Lt Colonel Barbara Breedt, the SAPS Rondebosch Station commander, and

• Lwando Nkamisa, SRC chairperson at the University of Stellenbosch.

The panellists started proceedings by providing a short introduction and telling the audience what they believed were some of the most pertinent issues to be dealt with on campuses in the coming year. Below we summarise a few of the pertinent points raised.

Sotenjwa started by noting that the Department of Higher Education for Universities was pushing for stability reports from all universities in the coming year because of its concerns about the protests and other activities over the previous year or two. She also called for more cooperation and better relationships between all stakeholders – university security teams, SAPS, student leaders, provincial authorities etc, – to ensure that incidents of the past could be avoided and everyone could work together on a common approach to disruptions.

She echoed Labuschagne in noting a need to obtain intelligence in advance about potential disruptions, and remarked on the requirement for a common approach to addressing gender-based violence.

Bawa continued, noting that the events over the past year forced campus leaders to take notice of what was happening on the ground. He said the challenge is to create an environment where everyone trusts each other (students, staff and administrators). There is a need for increased and continuous engagement across the board – including with SAPS and other government bodies. He also told the attendees that security plays an integral role in universities, both from an individual and a group perspective, hence the need for better relationships based on trust and better communication.

Part of the relationship is to understand the challenges new students face when coming into a strange new environment and devise ways to assist them in settling in. Not everyone comes from an environment where they can easily slot into varsity life.

De Villiers said that crises happen as part of any society without social cohesion and universities need to ensure all stakeholders are ready to deal with them as they occur. Tertiary institutions are a part of society and play an important role in the future of every society, therefore, while ensuring the integrity of the academic project is vital; everyone should understand the broader societal issues in the context of their own campus.

He wants to see more proactive, constructive engagement with student leaders as well as more support for poor students. Never mind ‘fees must fall’, a topic that came up a number of times in the panel discussion was the fact that some students are not even able to feed themselves adequately while studying. Interestingly, De Villiers also noted that staff also often need support as they are often caught in the middle of protests, between the students and the administration.

Breedt admitted that when the protests first started, SAPS and most of the security mechanisms were caught unawares. She said that her teams have learnt from those mistakes and are now better prepared. There is regular communication with different entities on campus (referring specifically to UCT) and they are using a more ‘intelligence-driven approach’ in order to be more proactive.

The key, she said, was improved and continuous communication. SAPS can’t always gather intelligence on campus and campus security can’t always get information from students staying off-site, hence the benefit of closer communications.

Nkamisa also reflected the importance of open and honest communications between all parties as the shutdown had an ‘immense effect’ on students. He added that protests sometimes arise because students feel they have legitimate grievances but believe they aren’t being heard by management. He also feels there is too little attention paid to students’ mental health issues in an environment where they are often under pressure from studies, financial obligations and some are even not able to ensure they get regular meals (Bawa and De Villiers also highlighted food security as an issue that must be addressed with urgency).

Make a plan

The panel discussion broke for lunch and then resumed, with Trevor Jones replacing De Villiers and adding his insight to the discussion. He advised security teams to create a five-year plan with measurable KPIs (key performance indicators) addressing the traditional security issues (such as crime), but also the soft issues. Running a campus ‘climate survey’ can provide tremendous insights into the mindset of many on site as pertains to their view of campus life and the security operation.

He added that the attitude of policing should also change. Students want to feel safe on campus, but they also want to be involved, which is beneficial when one considers the necessity of involving everyone in TAM scenarios as highlighted by Labuschagne.

Of the various issues discussed in the second session, a few of the highlights were:

• Jones echoed the need to include more than just the campus in security operations, such as intelligence gathering, because threats that affect the university also have an impact on the people in the neighbouring areas. Including them in your communications and planning is vital, even if only to protect the reputation of the university.

• Both Sotenjwa and Bawa recognised the need for a framework to address gender violence, with Bawa adding it must be ‘determinedly’ pursued.

• Bawa was also vocal about building universities around the students as it is the institution’s responsibility to see students succeed.

• Nkamisa added that schools should be doing more to assist students in preparing for university in order to reduce the stress of change when young people arrive on campus. He also asked the leaders to create an environment where students could express their concerns and even disagree and argue with administrators in an acceptable manner.

A crime intelligence model

The second day of the conference was launched with a keynote titled ‘A Crime Intelligence Model for Protection Services at a South African University: The case of the North West University, Potchefstroom Campus’, by Ahmed Ayob (who is also the new Camprosa president).

NWU is the second largest university in South Africa with around 72 000 students situated on different campuses. Not only does campus security need to coordinate its approach across the campuses, but also into the surrounding areas for the many students living in private accommodation off campus. Ayob said he realised a few years ago that the campus protection service was totally reactive and that the operation should change to one driven by intelligence.

He therefore started changing the university’s security agenda to a more crime-intelligence based operation, which required starting with building new capacities in staff, some of which included front-line services, conflict management, negotiation skills and more. Of course, this included ensuring the protection service adhered to all the applicable laws of the country, including the Criminal Procedures Act, private security regulations such as the PSIRA Act and so on.

He then defined what Crime Intelligence (CI) is: “Crime Intelligence is based on raw information which can be about a crime, event, perpetrator, suspected person, etc. Intelligence is the enhancement of this basic information which provided additional knowledge about the activities of criminals. Intelligence provides information that is normally unknown by the investigating authorities and is intended to be used to enhance the efforts of the law enforcement investigation, it is information designed for action.” (European Police Office (EUROPOL) in Brown (2006:338)).

Ayob then identified different models of CI as they could be applied in a learning environment (or anywhere), identifying sources of CI data such as crime reports, patrol officers reports, community intelligence, electronic sources, social media and electronic surveillance.

He added that it was understood that in the move to become more intelligence led, the NWU campus protection service needed to improve its information sharing processes. This meant it needed to work closely with analysts and co-locate these functions near decision makers. It also meant collaboration with other entities, such as the police, making the case for integrated analytics and developing formal information exchange mechanisms.

His advice to other educational institutions on how to develop or improve information sharing included:

• Consciously collect feedback and respond to criticisms.

• Create an analysis users group.

• Get over the whole security issue.

• Develop technology solutions but do not fixate on them.

• Be realistic about what can be achieved in your department.

The process of moving to a CI-based approach to campus security is not a simple one, but it pays dividends. Some of the analytical processes used in the CI approach include crime pattern analysis, demographic/social trend analysis, criminal business profiles, risk analysis, target profile analysis and more.

In conclusion, he advised: “The concept of an intelligence led protection service must be communicated to all levels of the organisation. Protection officers must see that the input they make is taken into account in decisions of combat crimes at SA universities. This will allow them to take ownership of the process.”

Of course, in today’s world, social media is one of the areas from which enormous amounts of data can be gathered when it comes to CI and the next presentation focused on social media and the associated risks many are often unaware of.

Social media management

The impact of social media on our lives is clear to everyone, but not everyone is aware of the implications of using social media and the legal and other problems careless usage can cause. Jenny Reid, CEO of iFacts provided the Camprosa attendees with some insights into social media and what educational organisations should be doing to manage it more effectively.

Reid started by noting that there are over three billion social media users around the world and that we should not simply associate social media with Facebook, Twitter and the commonly known sites. In fact, she noted that any posting online should fall into the social media category as it can all have an impact on individuals and organisations.

For example, any web forum, chat app or site, blog, personal website or social media site qualifies as a threat in this context and all have been involved in criminal and civil cases in the past. People shouldn’t assume that their private conversations are private either. It’s also worth noting that even when someone posts a personal and even private comment that gets them in trouble, their employer will most likely also be dragged into the resulting drama – as we have seen in South Africa. Problems such as reputational and financial losses are common when social media blows up, with jail sentences also seen in some cases.

As the attendees knew, social media sites were popular in the ‘Fees Must Fall’ protests and riots, although many campuses missed the opportunity to pre-empt disruptions because they weren’t informed of the social media trends.

Reid suggests all campuses should have a social media monitoring and management system in place to keep an electronic ear to the online ground. This will enable organisations to become more proactive and potentially even prevent unpleasant experiences.

Moreover, she advises that a social media policy be implemented. This is not an IT or HR policy, but a new policy dedicated to educating and helping people understand what is acceptable use of social media or not. This policy and the associated training should be made available to all and cover how to avoid all the potential scenarios a stray post can cause, including for example, education on what constitutes hate speech, defamation and so on. It is also crucial that people understand that just because they think their opinions are private on social media doesn’t mean they are, once you press ‘send’ you lose all control of it.

Fraud and corruption

Steven Powell, director of forensics at ENS Africa was up next with an entertaining, yet also disturbing presentation on managing fraud and corruption risks in Africa.

Powell provided the attendees with an overview of the compliance landscape in South Africa and beyond, and also provided insight into fraud theory and the profiles of fraudsters he and his company have dealt with. He also touched on legislation and enforcement trends, as well as the importance of third-party due diligence in organisations’ compliance processes.

Internal people often find it easier to commit organisational fraud because they are comfortably settled within the organisation and know the processes and procedures, and figure out how to overcome them. Key to the decision to commit fraud is what Powell referred to as the fraud triangle which is made up of three factors, which, when they converge, often lead to fraud. The factors are:

• Pressure: An individual may find themselves under pressure to find more money to support their lifestyle, pay gambling debts, support a drug habit and so on.

• Opportunity: The person sees an opportunity in their employer’s operational or financial processes that will allow them to help themselves to company funds. They see it as an easy target and often plan to repay the money ‘when their ship comes in’.

• Rationalisation: Committing the crime is made easier when people find reasons why it’s acceptable to do it. These reasons can be anything from believing they will repay the money, thinking they are not hurting anyone, through to being worried about retrenchments or the company going bankrupt and leaving them high and dry, or seeking revenge on a boss they don’t like.

While internal people are often trusted and seen as ‘one of the family’, white-collar crime statistics reveal that more than 80% of fraud involves internal employees, most of whom have more than five years of service. Powell says many companies that fall victim to fraud rely on trust rather than controls, which can be a costly mistake. He noted that the general profile of the typical fraudster is someone older than 30 from a stable family situation with an above average education. Sadly, Powell noted that fraud is discovered by accident in over 50% of the cases.

On a more positive note, statistics show that international legislation has resulted in far more action against fraud in the past few years. The Foreign Corrupt Practices Act from the US is one of the regulations resulting in improved enforcement. However, most of these actions are outside South Africa.

The soft and hard defence

Another international speaker at the conference was Adrian Dennehy, security manager at Cardiff Metropolitan University, which is spread over three campuses with another planned. He is also the AUCSO representative for the Wales region. Dennehy delivered a presentation describing Project Griffin and its role in delivering counter-terrorism training in UK universities.

Dennehy is a former member of the British Army and retired from the military after serving for 22 years. In that time he worked in a variety of operational theatres including Northern Ireland, the Balkans, West Africa, Iraq and Afghanistan. While in the army he obtained a BA (Hons) in International Studies with the Open University and then completed his MA in Peace and Reconciliation Studies at Coventry University.

Project Griffin was designed to deal with the growing threat of terrorism in the UK. Dennehy says Griffin is not simply a SWAT-team type of approach to terrorism. It is a broad approach that, in the case of universities, tries to prevent people from being drawn into terrorism in the first place, while making preparations for dealing with attacks in the event of them occurring.

There are four pillars in this respect:

• Prevent: The first step is to prevent people from becoming terrorists in the first place and campuses in the UK are provided with many tools and methodologies for finding and keeping an eye on potential suspects. Due to the personal issues in monitoring suspected terrorists or people who are deemed to have the potential to fall for a group’s propaganda, the Prevent aspect is sensitive and needs to be handled correctly to avoid accusations of privacy invasions or targeting specific groups.

• Protect: Campuses are also given the insights to better protect their properties and people from attacks of various natures.

• Prepare: Preparing for the worst is the best way to manage the aftermath of an attack and keep the negative consequences to a minimum. This includes providing students with a mobile app in which they can report suspicious or threatening events and people.

• Pursue: This is the dangerous part of the project as it includes collaboration with authorities in removing threats from campuses and society in general.

Dennehy noted that threats don’t come from one particular area or group, but there are various extremist groups (even animal rights groups) which are involved in terrorist actions. Then there are also lone wolves who are sometimes harder to find before an attack because they are not part of a known group or action. The way to measure the risk or threat posed depends on the group or individual’s intent, matched with their capability.

Project Griffin provides a range of training courses for campuses on how to manage the terrorist threat. In the case of campuses, Dennehy says the security team has a responsibility to be as prepared as they can be in case anything happens. The approach is to be people centred to educate and make people aware without causing a panic, and then to also be equipment centric to ensure the security team has the right tools to handle any situation, such as communication systems and the mobile app mentioned above (and much more).

Private security regulations

Eddie Booysens, acting regional manager for PSIRA filled the last presentation slot at the conference. He provided attendees with an update on regulations pertaining to the private security industry, and specifically addressed the regulations regarding in-house security services – something that has become very important in the South African education arena following the protest action.

Booysens provided a concise description of the various regulations as they pertain to the campus security market and many attendees participated in the debate with real issues they face on a daily basis that they feel are not being adequately addressed. This highlighted the gap between the theory of what makes for a well-regulated market and the realities faced by operators in the trenches.

While repeating the regulations would have no value in this article, the interaction between Booysens and the attendees showed that there is still work to be done on both sides of the aisle to match the ideal scenario reflected in regulations and the real challenges of the South African education environment.

Ken Annandale closed the conference by thanking the attendees for their time, the sponsors for their efforts and making the conference possible, as well as the speakers who kept the audience focused as they imparted information the attendees could take back and apply on their campuses.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the editor’s desk: Presenting … how you were hacked
May 2019, Technews Publishing , News
“It’s all fun and games until you hit the wall.” Someone said that to me once (an American, so I don’t know if that’s a common saying in the US). At the time I thought he watched too much reality TV. These ...

Read more...
TAPA 2019 conference: A layered approach to cargo security
May 2019, Technews Publishing , Calendar of Events
26 July 2019 Emperors Palace, Gauteng TAPA members: no charge (maximum of three delegates per member company), Non-TAPA members: R1780 excl VAT. The South African chapter of the Transported Asset Protection ...

Read more...
iLegal 2019
May 2019, Technews Publishing , Calendar of Events
iLegal 2019    Johannesburg, South Africa    12 September 2019 iLegal, hosted by Dr Craig Donald and Hi-Tech Security Solutions, returns in 2019 with another full-day event covering insights and advice into ...

Read more...
Securex Preview 2019
Securex Preview 2019, Technews Publishing , Conferences & Events
Securex is upon us once again and Hi-Tech Security Solutions is here with another brief preview of what the show has to offer.

Read more...
Platforms and community lead the future
May 2019, Milestone Systems , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions
Milestone Systems took a look into the future of open platforms and the power of community at MIPS EMEA in Copenhagen in March this year.

Read more...
30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Read more...
The consequences of false alerts
May 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Craig Donald discusses the impact of false alarm rates on the utility of intelligent security technology systems.

Read more...
The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Read more...
Protecting people’s money, and their data
May 2019, Cathexis Technologies, CA Southern Africa, IDEMIA , Editor's Choice, Integrated Solutions, Financial (Industry)
The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without.

Read more...
Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

Read more...