ATM Physical Attacks on the Rise


There continues to be an increase in physical security attacks of ATMs in multiple locations across the United States.  In these types of attacks, a large vehicle with a hook-and-chain assembly attached is used to rip the safe door from the terminal. Attackers place a hook or hooks connected to the chain into the safe door openings of front-loading terminals where the horizontal transport or depository module extends through the safe’s door. They then use the vehicle attached to the chain to pull the safe’s door from the unit. Terminals with this configuration placed in a way that makes them more easily accessible by a vehicle are more likely to be targeted.

Criminals have successfully attacked drive-up, front-loading terminals configured with horizontal cash transports or depository modules that extend through the safe door.   Typically, the attacks occur in 5 minutes or less.

To enhance security regarding this threat, consider the following:

Deter the Attack

Complete physical security crime risk assessments pre-installation to determine crime risk, verify appropriate machine type and the best location for placement.  Conduct regular physical security crime risk assessments to evaluate, respond to and mitigate changes in risk throughout the life cycle of the ATM.

Install new ATMs in areas of high visibility.

Ensure lighting at and surrounding new and existing ATMs is compliant with local/state regulations and internal lighting standards.

Specifically, regarding hook and chain attacks, consider replacing terminals in high-risk areas with a new depository and cash-over-keyboard model to prevent the possibility of attaching a hook to the safe’s door.

Delay the Attack

Implement safe door reinforcement (aka blocker) kits for terminals at risk. These hook and chain protective kits add reinforcement to the safe door’s cash dispenser and depository slots and minimize gaps to block hook or chain access points.

Financial institutions and independent deployers should install ATMs in areas with an orientation that prevents runway access for vehicles. Reducing runway access prevents the vehicle from creating enough speed to weaken or remove the safe door.  In addition, consider using bollards, obstacles, or other physical barriers to minimize open areas in proximity of the ATM that would give a vehicle the space needed to enter, rapidly pull away from, and repeatedly attempt hook and chain attacks. Protection especially applies to any open space perpendicular to the front of the ATM.

Consider higher grade safes that additionally delay attackers and decrease the likelihood of a successful attack.

Implement bollard barriers that cover the safe door to minimize the effectiveness of this attack.

Detect the Attack

Implement measures to detect these attacks based on sensors, alarm systems, video surveillance and their connection to a 24/7 security monitoring center or SOC.

Respond to the Attack

If an attacker does gain access to the cash cassettes inside the safe, the use of ink staining solutions will deface the cash.

Install GPS trackers to alert authorities and aid in the recovery of stolen funds if the attack is successful.

Engage with GMR 410’s Security Experts

Our Security Experts have decades of experience in ATM security.  Contact us to schedule a free initial consultation to help identify solutions for protecting your ATMs.

Essentials for Family Hurricane Preparedness: Building Your Disaster Supply Kit

Hurricane season is unpredictable. If you wait until there is a named storm, you may not have time to search for the supplies you need or shop for them. Planning is even more important pre-storm, as it may be more difficult to secure supplies, lodging and food. Now is the time to look ahead and start planning for the possibility of a large storm making landfall near you.

Here are some of the essentials to have on hand in your disaster supply kit for hurricane season:

  1. Medications – Keep a list of medications that you and your loved ones take, along with at least a week’s supply of your regular medications and medical supplies. If you regularly take insulin or another medication that requires refrigeration, make sure to keep a small cooler that you can easily fill with ice. Also, be sure to include a list of instructions, doctors’ orders, and dosage recommendations in case you need assistance communicating with others. In the case of a prolonged evacuation, patients with chronic conditions treated by high risk-controlled substances are advised to carry a pharmacy print out and letter from their doctor when seeking refills out of state. Additionally, if you find yourself feeling ill or having a question about a chronic illness, make sure you can connect digitally with your provider.
  2. Batteries – Stock up on extra batteries for everyday items like hearing aids, radios, and flashlights. Another must-have is a portable phone charger to ensure you have enough battery life to reach family, friends, medical providers, or coworkers if necessary.
  3. First Aid Kit – Stock (or restock) your first aid kit. Make sure to include ace bandages, Band-Aids, thermometer, aspirin, and antiseptic swabs.
  4. Food – For each family member, pack a three-day supply of non-perishable foods like peanut butter, protein bars, canned goods, meal replacement shakes and cheese crackers.  Be sure to include plenty of infant formula and diapers if you have an infant.
  5. Water – Have at least a three-day supply of clean, drinkable water per person in your household. Estimate one gallon of water per person per day for drinking and sanitation.
  6. Waterproof Container – Store all your essentials needed for an evacuation in a waterproof container, preferably one that is insulated.
  7. Other Items – Make sure you have a battery-powered radio and a NOAA Weather Radio with tone alert.  Other items to consider include:
    • A whistle to signal for help
    • PPE such as masks, gloves, face shields, and hand sanitizer
    • A tent or plastic sheeting and duct tape to shelter-in-place
    • A wrench or pliers to turn off utilities
    • Baby wipes, garbage bags and plastic ties
    • Emergency reference materials, such as a first aid book
    • Rain gear
    • Paper cups, plates, and plastic utensils
    • CASH
    • Compass
    • Matches, in a waterproof container
    • Disinfectant

It is important to assemble your kit well in advance of an emergency.  You may need to evacuate at a moment’s notice and just take the essentials with you.

Also, families should develop a Communication Plan.  In addition to having your mobile phone and a back-up battery, talk with family or friends ahead of time to develop a plan. Designate a place to meet in the event you are unable to make contact via phone or text messaging.

By taking the necessary steps now, you can be better prepared for anything that might happen during hurricane season.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

ABOUT GMR 410, LLC

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Civil Unrest Preparedness Quick Guide

Civil Unrest Preparedness

Advanced preparedness can help reduce risk


Preparing for any type of crisis or emergency is a shared responsibility within an organization.  Advanced preparedness efforts can help reduce risks. Our Security Experts have outlined some of the steps to consider taking when such events require organizations to modify plans on the fly and when emergencies develop.

PREPARE

Assess Operations Security
1. Survey and remove loose items from the surrounding area that can be used as projectiles 1. Notify of closing or changes in work schedules 1. Prepare for additional security presence
2. Remove all trash cans, construction cones and other debris 2. Adjust janitorial cleaning schedule

 

2. Prepare for early dismissal and evacuation
3. Wet landscaping to deter fires 3. Update local, state and federal law enforcement points of contact 3. Prepare to shelter in place
4. Document locations of all cameras and ensure they are in working condition 4. Update social media accounts 4. Prepare to provide facilities and shelter to police and other first responders, if requested
5. Stock plywood and plexiglass to prevent damage to windows 5. Update internal and tenant communications lists 5. Plan and identify a site for remote operations
6. Ensure fire extinguishers are in working condition and readily available 6. Update emergency vendor contacts
7. Determine closure and evacuation guidelines
8. Identify alternative transportation

 

RESPOND

Assess Operations Security
1. Monitor local and social media 1. Operations Team, Security, Staff and Neighboring Property Managers 1. Notify police of activity at the site
2. Activate local, state and federal law enforcement contacts to ensure timely receipt of intelligence 2. Share detailed information internally within team 2. Use caution disseminating information;  Facts only
3. Monitor response posture of similarly situated businesses, facilities or organizations 3. Stay in continuous contact with neighboring property and security managers 3. Coordinate with adjacent properties for phased evacuation in area
4. Ensure leadership and chain of command visibility 4. Plan to assist neighboring properties, especially if adjoining 4. Coordinate with first responders in area to anticipate and assist with vehicular and pedestrian traffic
5. Participate in Joint Emergency Operations Center (EOC) 5. Refer to company policy regarding communicating with the media 5. Coordinate with any garage management for orderly and expeditious egress
6. Use communication technology networks for group email, texts and calls
7. Utilize external networks if cellular is overloaded (Twitter, etc.)
8. Direct inquiries to monitor local, social media, etc.

 

RECOVER

Assess Operations Evaluate
1. Damages 1. Set up remote operations center if necessary 1. Security procedures
2. Reopening, based on area safety concerns, state of emergency status 2. Communicate status internally and externally 2. Lessons learned
3. Develop timeline for any required repairs and clean-up 3. Participate in local police “hot wash”
4. Open for business 4. Coordinate internal after-action review

 

The potential steps outlined above are examples for consideration for firms thinking about their own plans. Please contact 410 for preparedness planning tailored for your organization.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

ABOUT GMR 410, LLC

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Robust Solutions for an Evolving Threat Landscape

Are you prepared for the myriad of ever changing threats to your facilities?


Your corporate threat landscape requires a holistic, flexible and rigorous approach to identifying, reducing and managing risks. Threats of violence, the global health crisis, geopolitical issues, financial concerns and threats to reputation are ever evolving risks organizations face daily, no matter their size.

GMR 410, LLC helps clients understand and respond to employee, operational and facility safety, security and risk challenges. Our experts help clients make confident risk management decisions to improve their security operations and better prepare for emergency situations and evolving threats. As Trusted Advisors, we offer an extensive array of tailored solutions to promote safe operations while maximizing efficiency and value.

We are proactive and client oriented, building relationships to serve our clients, and providing Trusted Solutions to meet needs. Getting proactively in front of risk is the key to deterrence, and the ability to anticipate through solid fundamental experience is what we offer. Our priority is always to provide clients with exceptional risk mitigation strategies without compromise.

Ready to Support Clients Across North America
Our experts focus on providing service with integrity and uphold strong internal quality standards. Below are examples of our services:

Consulting Services
Anti-Skimming Inspection Program
Business Continuity
Executive Protection
Policy & Procedure Review or Development
Pre and Post Transaction Due Diligence
RFP Content Development
Risk Assessments
Security Program Gap Analysis or Development
Security Reviews
TSCM Program Development

Operational Security Services
Active Aggressor Policy Program
Authorized to Carry Weapons Policy & Program
Physical Security Penetration Testing
Security Equipment Inventory Audit with Testing
Security Equipment Post Installation Audit and Due Diligence
Security Officer Quality Assurance Testing Program
Violence-Free Workplace

Security Protection Design
Integrated Security System Design
R&D Assistance and Support
Security Planning using CPTED, Concentric Circles of Protection & Integrated Design Philosophies
Security Project Management
Security Standards Gap Analysis, Review or Development
Security System Procurement and Installation Project Management

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

GMR 410 Publishes White Paper on ATM Crime

GMR 410 has published a white paper on ATM crime. Written by Mary Gates, Vice President of Security, this publication provides readers a description of the different types of ATM related crime, along with regulations and tactics to mitigate incidents.


“Throughout my career in bank security,” says Gates, “I found state and local regulations, types of ATM vulnerabilities and mitigation techniques, to be ever evolving and scattered across a multitude of sources and sites. With this white paper, I aimed to summarize and consolidate information in plain language so security professionals and independent ATM operators can spend less time searching the internet and other resources and more time planning their asset protection strategy.”

This white paper will help personnel:

  • Better understand the different types of ATM crime
  • Make decisions to impact ATM related criminal activity
  • Reduce liability

More from Gates:  “Security decisions impact every aspect of your business. Becoming more informed, analyzing the security needs of your individual locations, categorizing locations based on their risk, implementing enhanced security strategies where appropriate, and working towards compliance with your ATM lighting program marry together to build a safety blueprint to help protect your customers, assets and brand reputation.”

You can download the white paper by going to https://www.gmrsecurity.com/articles-resources/.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

The End of 3G

RAISING AWARENESS:  Are you ready for the end of 3G?

What does the end of 3G wireless technology mean for your organization? Any devices currently using 3G will go dark at the end of 2020 or early 2022[1].  If you have Alarm Systems, ATMs, Cash Recyclers, Smart Safes, or similar equipment running on 3G, have you enacted a plan to upgrade to 4G before this occurs?


 

GENERAL INFORMATION

The time to sunset 3G-supported technology has come. Businesses failing to do so risk disruption. By transitioning to a current generation technology, such as 4G LTE (Long Term Evolution) or 5G, organizations create opportunities for better customer experiences and increased efficiency. The right transition strategy can help a business put into place solutions to improve operations, help drive faster business decisions, improve customer service and more. Failure to fully migrate will cause disruptions in mission-critical functions which can ultimately affect operations, customer experience, and brand reputation. It is urgent that, if they have not done so, organizations begin now to help ensure business continuity.

IMPLEMENT A THOUGHTFUL ACTION PLAN

Each business will need to develop and implement a comprehensive action plan to ensure it is “business as usual” when the migration occurs. This includes choosing the right solutions using strategies driven by wireless, IoT and global needs.

1. Start with a thorough audit.

To be successful, organizations need to understand where and how their existing devices are being utilized, and plan and identify sunset dates for their current technology. Further, there must be an understanding of downstream reactions that could occur when legacy systems are altered. The audit addresses uncertainty, identifies true needs, and allows the business to begin consideration for solutions and associated budgets.

2. Plan for the right technology solution.

If an organization has been operating on 3G devices/modems for an extended period, it is important to consider the effects the enhanced technology could have on operations. Understand how the new technology can change procedures and operations. Identify the appropriate solutions, process, and procedures for network and personnel optimization.

3. Plan the transition strategy.

Identify internal and external resources to deploy your solutions, whether you need IoT expertise, app development, logistics planning, installation, or ongoing support, as examples. Consider requirements, resources, sunset timing, and opportunities as you plan and map your strategy.

[1] Contact your carrier for specific details on the sunset date of your 3G modem.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

 

 

Banks: Protect Your Branches

PROTECT YOUR BRANCHES:

Safeguard your customers and staff by identifying risks and taking action

Banks and other financial institutions are faced with the critical challenge of ensuring the protection of their people, assets and information. Security officers should utilize an ongoing assessment program to monitor and respond to changing risks and threats.

Known as a risk assessment program, the methodology used can be both facilities-based and incident-driven, considering all known sources of influencing information for the identification of risks as well as the examination of severity, frequency and operational impact.

Areas of examination should include, but may not be limited to, crime statistics, site incident history, neighborhood factors, nearby competitor security features, regulatory requirements and property issues. All identified risks are examined and mitigated individually with documentation maintained in department databases and reassessments driven by changes in the environment.

It is important to note the risk assessment differs from a security review. A security review assesses how effectively your bank’s security policies and procedures are being implemented, uncovers where security gaps exist and helps identify issues driving non-compliance with the security program. The risk assessment will identify your most critical resources and the weaknesses that can be exploited along with the likelihood of occurrence.

Approaches to the risk assessment process

Within the security industry there are quantitative and qualitative approaches to risk assessment and mitigation.

  • The quantitative approach involves scoring risk factors via a point system that ranks facilities by their overall score in order of risk concern.
  • The qualitative approach involves a similar analysis process but without the scoring and, instead, a focus on the identification of specific risks and the implementation of successful mitigation techniques without consideration for any arbitrary scoring or ranking against other sites.

Some banks have taken an approach that it is most important to focus on solutions and, accordingly, use a customized, qualitative process that analyzes facilities individually and incorporates the occurrence of incidents initially and one at a time.

Mitigate risk through a comprehensive evaluation of threats, risk and vulnerabilities

From insider threats to external forces, it is important for security professionals to remain vigilant in their understanding of the risks, threats and vulnerabilities in and to their organizations.

The methodology begins with the identification of the business to be conducted at the facility and its associated risks, analyzing the seriousness and frequency of those risks and then identifying and implementing the best mitigation options.

This is known as a facilities-based process. Risk for facilities is assessed in two parts: a pre-construction review and an ongoing, steady-state program. In pre-construction, it is assumed that certain base-level security protections will be implemented for the given business type under review. As an example, all branches of your bank, regardless of risk profile, will receive alarms, vaults and lobby video surveillance systems.

On an ongoing basis, the steady-state process requires that a current assessment for each facility be maintained on file with updates completed according to a defined process and as dictated by the frequency of major incidents.

For simplicity, updates are required during steady state when indicators point to a possible change in the level of risk or a change in the assets and people exposed. This can include the occurrence of a major event, a change in business function, knowledge that nearby criminal activity has increased or that property changes have taken place, including modifications to building design or equipment (such as the addition of an ATM).

Employing an incident-based process methodology involves the consideration given to the need to reassess the risk to facilities and to analyze the risk to individual staff following any major incident. This is done to confirm whether major events (i.e., an armed bank robbery) will or will not, on their own, dictate changes in protection packages.

These risk assessments can trigger short-term or temporary solutions to protection packages or point toward the need to reassess general safety and possibly redesign facility protections. Security staff are required to consider the need for reassessment during their post-incident review and to implement such assessments or reassessments as deemed necessary.

From insider threats to external forces, it is important for security professionals to remain vigilant in their understanding of the risks, threats and vulnerabilities in and to their organizations.

What are the differences between threats, risks and vulnerabilities?

You may be thinking, “I thought threats and risk are the same. What do you mean when you talk about vulnerabilities?” Threats, risks, and vulnerability are not interchangeable terms. Rather, they are the essential ingredients of an accurate risk analysis. In their simplicity,

Threats:

  • Need to be identified
  • Generally, cannot be controlled

Risks:

  • Can be mitigated
  • Can be managed to lower vulnerability or impact on the business

Vulnerabilities:

  • Can be treated
  • Weaknesses should be identified
  • Proactive measures should be implemented to correct identified vulnerabilities

What steps can I follow to assess the risks to my branches?

Once you decide to implement a risk assessment program at your bank, you should outline the steps of the risk assessment process you will follow, detailing how the careful evaluation of the business purpose, threats, risks and potential solutions come together to provide for the safety of individuals and the protection of assets and information. At a minimum, follow these eight steps to get started:

1. Identify the exposure in order to identify the areas of risk.

The starting point to consider when examining risk is the type of business being conducted at the site under review. By identifying the business type, the staff, assets and information at risk are more clearly identified. And those exposures must be clearly in mind when considering the likelihood and severity of potential attacks.

For example, a facility that handles cash takes on risks associated with that function, such as the risk of robbery, which other facility types may not experience. The risk to staff and the potential loss of assets are clearly seen when the assessment process begins with a look at the business type. This step is an efficiency in the review process that helps focus the reviewer on the most likely risks as opposed to a lengthy general review of all risks.

2. Identify the threats associated with the facility type.

Once the business type has been identified, then the review can be focused on the most likely risks associated with that business type and the corresponding exposures. Examples of threats for branches could include robbery, bomb threats, violence in the workplace, information loss, etc.

3. Examine the likelihood and severity of attack.

Reference internal and external indicators: crime statistics, neighborhood conditions, incident history, incident trends, security’s knowledge, consideration for what protection strategies other financial institutions are using, etc. By researching all possible sources of information, the degree of risk — both its likelihood and severity — can be gauged by the reviewer. All these factors drive whether the exposures are under significant risk of attack.

4. Evaluate the adequacy of the existing protection package.

Once the risks to the exposed people/assets/information are identified, the reviewer must consider whether the degree of risk (likelihood and severity of attack) warrants adjustment to the current protection package. This requires that each risk be examined one at a time to evaluate whether existing protection will provide an adequate safeguard. If the protection level is adequate, then no further action is necessary, and the assessment can be concluded. If any gaps or weaknesses are identified, then solutions and an action plan must be developed.

5. Identify appropriate solutions to gaps in the protection package.

Enhancements, upgrades, etc. may be required to further harden the branch. However, solutions must be appropriate to the risk and effective in mitigating the frequency and severity of the risk.

As an example, installing bullet-resistant glass at the teller line is not an appropriate solution to address a noted increase in risk associated with customer theft after-hours at the ATM. Instead, the installation of video surveillance cameras and security lighting enhancements or repairing broken fixtures is likely a more appropriate solution.

6. Once you have identified the solution and developed pricing, confirm the mitigation plan with the impacted business unit(s).

It is not uncommon to present a risk mitigation plan only to learn the site has been identified for a relocation project, remodel or is being closed. Therefore, it is important to take the time to inquire as to any business drivers that might require a modification of the solution or place the entire plan on hold, either temporarily or permanently. Safety is the priority, but a good corporate security business partner can always find an interim solution for sites in a state of transition.

7. With agreement on the decision to move forward and an implementation plan at hand, initiate and follow through on the application of the solution.

Work with vendors, project managers, etc. to drive the projects to completion.

8. It is important the installed solution is tested and validated as functional and beneficial for the intended result post-installation and in the real workplace environment.

The risk assessment should not be a one-time review. The world continues to evolve, as does your organization. Risk analysis is complex, and the threats are always there. Security measures, processes or procedures put in place three years ago may not address the threats and risks your organization faces today.

Understanding the magnitude of the consequence associated with those threats and risks, their likelihood to occur and the possible effects on your bank are the primary components to managing security risk at your bank.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial services, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

Hurricane Season Readiness

There have been 26 separate billion-dollar severe storms in the United States since 2017. With hurricane season upon us, it is incumbent everyone is prepared to respond to a hurricane weather emergency.


In our last blog post, we discussed tornado readiness. In this entry, we turn our attention to hurricanes. This information is designed to help you prepare for a hurricane’s impact on your organization, employees and community by highlighting the tasks you should complete before, during and after a storm. When the National Oceanic and Atmospheric Administration’s (NOAA) National Hurricane Center issues a watch or warning, use the time available to begin taking appropriate steps.

 

KNOW THE TERMS

From Penn State University’s Department of Meteorology and Atmospheric Science:

Tropical Depression:  An organized system of clouds and thunderstorms with a defined surface circulation and maximum sustained winds of 38 mph or less. Sustained winds are defined as 1-minute average wind measures at about 33 ft. above the surface.

Tropical Storm:  An organized system of strong thunderstorms with a defined surface circulation and maximum sustained winds of 39 to 73 mph.

Hurricane: An intense tropical weather system of strong thunderstorms with a well-defined surface circulation and maximum sustained winds of 74 mph or higher.

Hurricane or Tropical Storm Watch:  Hurricane or tropical storm conditions are possible in the specified area of the watch, usually within 48 hours. Individuals inside the Watch area should monitor updates from NOAA and local radio/television.

Hurricane or Tropical Storm Warning:  Hurricane or tropical storm conditions are expected in the specified area of the warning, usually within 36 hours of the onset of tropical storm force winds. Complete storm preparations and immediately leave the threatened area if directed by local officials.

Extreme Wind Warning:  Extreme sustained winds of a major hurricane (115 mph or greater), usually associated with the eyewall, are expected to begin within an hour.  Take immediate shelter in the interior portion of a well-built structure.

Short Term Watches and Warnings:  These warnings provide detailed information about specific hurricane threats such as flash floods and tornadoes.

Storm Surge: A dome of water pushed onshore by hurricane and tropical storm winds. Storm surges can reach 25 ft. high and be 50+ miles wide.  Storm surge is the greatest threat to life and property along coastal areas.

Storm Tide: A combination of a storm surge and the normal tide.

BEFORE THE HURRICANE

  • Contact your security vendors and other appropriate suppliers or contractors and place them on alert status.
  • Stay up-to-date on progress of the storm via radio, TV or NOAA. Ensure mobile device setting allow wireless emergency alerts.
  • Identify safe evacuation routes as well as alternative routes.
  • Review your shelter-in-place plan, making sure your disaster kit is fully stocked and fresh batteries and supplies are included.
  • Ensure your emergency communication plan is up-to-date and begin advance notifications. Verify contact information for all employees, suppliers and clients as appropriate.
  • Test your backup communications plan in the event of evacuation or office closure(s).
  • Back up all data. If your backup site is within the area that may be affected by the storm, consider backing up to a secondary location or the cloud.
  • Protect and secure vital records and critical business documents. Ensure they are accessible from anywhere.
  • Ensure remote access and verify a team is in place to manage updates to the company website and internal intranet during and after the storm.
  • Turn off and unplug all non-critical devices such as server monitors or workstations and other non-essential electrical equipment. Make sure any equipment is raised above potential flood levels or removed from threatened sites.
  • Check the integrity of your uninterruptible power supply (UPS). Move the UPS to the highest level possible above the floor.
  • Alert any third-party partners and suppliers about your relocation plan in the event the storm renders your location inaccessible.
  • Ensure appropriate personnel have their re-entry credentials from local law enforcement or other local government officials.
  • Obtain cash to allow for purchases in the event of extended power loss.
  • Validate any gaps in insurance coverage have been remediated.
  • Close appropriate offices in advance to allow personnel an opportunity to evacuate, if needed.
  • Inspect and make necessary repairs to drains, gutters and flashing.
  • Strap or anchor to the roof deck support assembly all roof-mounted equipment such as HVAC units and exhaust vents.
  • Install shutters or plywood over windows and glass doors.
  • Remove loose debris.
  • Anchor or relocate all non-essential exterior equipment to an indoor location, if possible.
  • Secure storage of flammable liquid drums or move them to a sheltered area. Never move flammable agents into main facility areas.

IMMEDIATELY FOLLOWING THE HURRICANE

  • Keep listening to radio, TV and NOAA updates to ensure the storm and all threats have passed.
  • Wait until the area is declared safe before entering to secure the site and survey damage. Call in key personnel and deploy your security vendors to triage systems and initiate repairs based on priority and ability to reach locations. Ensure safety protocols are in place before repairs begin; control smoking and monitor for open flame sources. Require contractors to share responsibility for fire-safe conditions before and during repairs.
  • Remain observant for safety hazards:  live wires, leaking gas, flammable liquids, poisonous gas and damage to foundations.
  • Clear roofs and gutters, removing all debris to prevent drainage problems.
  • Cover broken windows and torn roof coverings immediately.
  • Obtain 24-hour security and generators, if needed.
  • Separate and secure damaged goods for insurance purposes.
  • Continue to communicate with employees and customers through all stages of recovery.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial services, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or manmade disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency situation.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.

Planning and Preparing for Tornadoes

Tornadoes are some of the most dangerous and destructive storms on Earth. They develop almost without warning, leaving little time to react.

Unlike other natural disasters that typically occur in a specific geographic region, tornadoes have been documented in every state. In advance of a storm, taking precautions, such as developing an emergency plan, can help you stay safe if a tornado occurs in your area. Here is some general information to begin preparing and protecting your business, assets, and people.

GENERAL INFORMATION

Also known as twisters or cyclones, tornadoes are violent, rotating columns of air that extend from the base of a thunderstorm to the earth’s surface. According to NOAA:

  • Movement can range from almost stationary to more than 60 mph. A typical tornado travels at around 10-20 mph.
  • Detailed statistics regarding the time a tornado is on the ground are not available; however, the average is estimated at about 5 minutes.
  • There is no specific temperature at which tornadoes form. Rather, it is the relationship between the surface temperature and the temperature higher in the atmosphere.

Tornadoes have been observed on every continent except for Antarctica, with the majority – about 1200 annually – occurring in the United States, especially in a region commonly called “Tornado Alley.” First used in 1952, the term was used as the title of a study on severe weather in parts of Oklahoma and Texas by USAF meteorologists Ernest Fawbush and Robert Miller. “Tornado Alley” is a term mostly used by the media to describe a region or area with a high frequency of tornadoes. The National Weather Service and NOAA have not given an official definition to the term nor have they specified a particular area as “Tornado Alley,” The U.S. tornado threat shifts from the Southeast in the cooler months toward the southern and central Plains in May and June, and the northern Plains in Midwest during early Summer. It is important to note tornadoes can occur and have been reported in all 50 states.

The peak tornado season for the southern Plains (ex. Texas, Oklahoma, Kansas) is May to early June. On the Gulf Coast, it is earlier in the Spring. In the northern Plains and upper Midwest (North and South Dakota, Nebraska, Iowa, Minnesota) peak season is June and July.

HOW TORNADOES FORM

Before thunderstorms develop, winds change direction and increase in speed with altitude. This creates an invisible, horizontal spinning effect in the lower atmosphere.

Rising air within the thunderstorm updraft tilts the rotating air from horizontal to vertical. An area of rotation now extends through much of the storm. Most tornadoes form within this area of strong rotation.

KNOW THE TERMS

Air Pressure:  Also known as barometric pressure, this is the weight of a column of air that extends from the surface (ground or water) to the top of the atmosphere. A tornado has very low air pressure.

Funnel Cloud:  A rotating column of wind that has not touched the ground. Funnel clouds are called tornadoes when they reach the ground.

Gustnado:  A whirl of dust or debris at or near the ground with no condensation funnel which forms along the gust front of a storm.

Hail:  Frozen precipitation (ice) that forms in mid-latitude thunderstorms.

Jet Stream:  A powerful but narrow stream of wind that is in the upper troposphere.

Landspout:  The term for a weak tornado that looks like a waterspout.

Multi-Vortex Tornado:  A tornado that has two or more sub-vortices that circle the center of a larger tornado.

Supercell:  A dangerous type of thunderstorm that has a rotating updraft. These types of thunderstorms can last for hours and produce large hail, flooding, lighting, strong winds and tornadoes.

Tornado:  A violent, funnel-shaped rotating column of air that has contact with the earth’s surface and is extended from a thunderstorm base. 

Tornado Outbreak:  The occurrence of multiple tornadoes spawned by the same synoptic scale weather system. 

Tornado Warning: A tornado warning is issued when an actual tornado funnel has been sighted or detected by weather radar.

Tornado Watch: A tornado watch is issued when the weather conditions in a specific area or region are favorable for the development of a tornado.

Waterspout:  A tornado that occurs over a body of water.

BEFORE A TORNADO

"Dodge City KS Tornado 3" by fireboat895 is licensed under CC BY 2.0

“Dodge City KS Tornado 3” by fireboat895 is licensed under CC BY 2.0

  • Test your business continuity and disaster recovery plan specific to a tornado event and gather key stakeholder and first responder feedback.
  • Plan how you will re-route phone calls. Consider the possibility you may not have cellular service in the event of a widespread blackout.
  • Review your shelter-in-place plan, making sure your disaster kit is fully stocked and fresh batteries and supplies are included.
  • Back up all data daily. If your backup site is within the area that may be affected by the storm, consider backing up to a secondary location or the cloud.
  • Protect and secure vital records and critical business documents.
  • Know the difference between a tornado watch and a tornado warning.
  • Have medical supplies on hand.
  • Ensure all mobile device settings allow emergency alerts.
  • During an actual event with the potential for tornadoes:
    • Stay up to date on the progress of the storm via radio, TV or NOAA. Verify you can follow weather updates if there is a power loss.
    • Monitor for dark, greenish sky, large hail, low-lying clouds (particularly if rotating), and a loud roar (like a freight train).

DURING A TORNADO

  • Follow the instructions given by local emergency management officials.
  • If you are inside, stay away from windows and seek cover in a basement. If you do not have a basement, go to the lowest floor of the building and seek shelter in a small center room (such as a bathroom or closet), under a stairwell or in an interior hallway with no windows.
  • If you are caught in the middle of a tornado while in your car, shelter in place.
  • Keep employees informed via an emergency notification and incident management system.

FOLLOWING A TORNADO

  • Account for all employees. Address staff injuries; call 911 for those needing urgent medical attention.
  • Keep listening to radio, TV, and NOAA updates to ensure the storm and all threats have passed.
  • Continuously refer to the business continuity and disaster recovery plan to help determine appropriate steps for triage, recovery and continuing business operations.
  • Wait until the area is declared safe before entering to secure the site and survey damage. Call in key personnel and deploy your security vendors to triage systems and initiate repairs based on priority and ability to reach locations. Ensure safety protocols are in place before repairs begin; control smoking and monitor for open flame sources. Require contractors to share responsibility for fire-safe conditions before and during repairs.
  • Remain observant for safety hazards:  live wires, leaking gas, flammable liquids, poisonous gas and damage to foundations.
  • Remove all debris. Cover broken windows and torn roof coverings immediately.
  • Obtain 24-hour security and generators, if needed, depending upon the extent of damage.
  • Separate and secure damaged goods for insurance purposes.
  • Continue to communicate with employees and customers through all stages of recovery.
  • Review your plan to determine what worked and what areas needed improvement.

Our security consultants have decades of experience advising regional and global clients across numerous industries including automotive, construction, energy, financial, real estate and more. GMR 410’s services help create a safe environment with thorough threat assessments, policy and procedure review and development, and security audits. Unfortunately – and often without warning – a crisis occurs. Such events may include natural or man made disasters or criminal activities. Tap into GMR 410’s experience to ensure that you and your teams are prepared to respond to any crisis management or emergency.

Mary Gates is a vice-president of GMR 410, LLC, a risk-solution security consulting firm and wholly owned subsidiary of GMR Protection Resources Inc. Learn more at www.gmr410.com.