Purpose:
Assess security at work or at home. Planning, improving and checking security in offices and homes.
Security at the organisation’s headquarters or offices and in staff members’ homes is of fundamental importance to human rights defenders’ work. We will therefore go into some depth about how the security of an office or home can be analysed and improved. (For the sake of simplicity we will just refer to “offices” from now on, although the information below also applies to home security).
Our aims in improving security can be summarised in three words: Prevent unauthorised access. In rare cases it is also necessary to protect an office against a possible attack (against bombing, for example).
This brings us to the first general consideration - the vulnerabilities of an office. These serve to increase risk, depending on the threat you are facing. For example, if you are at risk of someone stealing equipment or information, you must remove your vulnerabilities accordingly. A night alarm is of little use if nobody is going to come and check what has happened. On the other hand, if there is a violent break-in in daylight, reinforced railings on the door or alarms won’t be very useful. In short, take measures according to the threats you face and the context you are working in.
However, it is important to find a balance between putting appropriate security measures in place and giving outsiders the impression that something is being “hidden” or “guarded”, because this can in itself put you at risk. In office security you often have to choose between keeping a low profile or taking more obvious measures if need be.
If somebody wants to gain entry without your knowledge, they won’t choose the most difficult point of entry to do it. Remember that the easiest way of gaining access to an office and observing what goes on inside is sometimes simply to knock on the door and go inside.
Factors to consider when setting up an office are: The neighbourhood; whether the building is associated with any particular people or activities from the past; accessibility on public and private transport; risk of accidents; how suitable the building is for putting the necessary security measures in place, etc. (Also see Location evaluation risk below.)
It is useful to review which security measures are being taken by others in the neighbourhood. If there are many, this may be a sign of an unsafe area, for example, in respect of common crime. It is also important to talk to people in the area about the local security situation. In any case, make sure security measures can be taken without attracting undue attention. It is also useful to get to know local people as they can pass on information regarding anything suspicious going on in the neighbourhood.
It is also important to check out who is your landlord. How is their reputation? Could they be susceptible to pressure from the authorities? Will they be comfortable with you putting security measures in place?
The choice of office must take account of who needs to come to the office. An office where victims come to seek legal advice will have different requirements to an office which is primarily a place for staff to work. It is important to take account of how easy it is to get to by public transport, will it result in unsafe journeys between the area where staff live, those where most work activities take place, etc. The surrounding areas must be evaluated, especially in order to avoid having to travel through unsafe areas.
Once the location has been selected, it is important to do periodical evaluations of aspects of the location which can vary, for example, if an ‘undesirable element’ moves into the neighbourhood.
Checklist for choosing a good office location:
You now know that the primary purpose of office security is denying unauthorised people access. One or several people could enter to steal, acquire information, plant something which can later be used against you, such as drugs or weapons, threaten you, etc. Every case is different, but the aim remains the same: Avoid it.
Access to a building is controlled through physical barriers (fences, doors, gates), through technical measures (such as alarms with lighting) and visitor admission procedures. Every barrier and procedure is a filter through which anyone who wishes to gain access to the office must pass. Ideally, these filters should be combined to form several layers of protection, capable of preventing different types of unauthorised entry.
Barriers serve to physically block the entry of unauthorised visitors. How useful physical barriers are depends on their solidity and ability to cover all vulnerable gaps in the walls.
Your office can have physical barriers in three areas:
1. The external perimeter: Fences, walls or similar, beyond a garden or courtyard;
2. The perimeter of the building or premises.;
3. The internal perimeter: Barriers which can be created within an office to protect one or several rooms. This is particularly useful in offices with many visitors passing through, as it allows for a separate public area and a more private one which can be protected with additional barriers.
The external perimeter
The office should be surrounded by a clear external perimeter, possibly with high or low fences, preferably solid and high to make access more difficult. Railings or see-through wire mesh will make the organisation’s work more visible, and it is therefore better to have brick walls or similar.
The perimeter of the building or premises
This includes walls, doors, windows and ceiling or roof. If the walls are solid, all the openings and the roof will also be solid. Doors and windows must have adequate locks and be reinforced with grills, preferably with both horizontal and vertical bars well embedded into the wall. If there is a roof, it should offer good protection - not just a simple sheet of zinc or a layer of tiles. If the roof cannot be reinforced, block all possible access to the roof from the ground or neighbouring buildings.
In a location with a risk of armed attack, it is important to establish secure areas within the office (see Chapter 11 on security in areas of armed conflict).
The internal perimeter
The same applies here as to the building or premises. It is very useful to have an area with additional security inside the office, and this is usually very easy to arrange. Even a safety deposit box can be considered an internal security perimeter.
A note on keys
Technical measures strengthen physical barriers or procedures for admitting visitors, such as spy holes, intercoms and video cameras (see below). This is because technical measures are only useful when they are activated to deter intruders. In order to work, a technical measure must provoke a particular reaction, for example, attracting attention from neighbours, the police or a private security firm. If this does not happen, and the intruder knows that it won’t, such measures are of little use and will be reduced to preventing petty theft or recording the people who enter.
An alarm can activate a warning sound inside the office; a security light; a general, loud tone, bell or noise; or a signal in an external security centre. An audio alarm is useful for attracting attention but can be counter-productive in conflict situations or if you don’t expect local residents or others to react to it. A careful choice must be made between an audio and light alarm (a fixed powerful light, and an intermittent red light). The latter can be enough to deter an intruder, because it suggests that something else will happen following initial detection.
Alarms should be installed at access points (courtyards, doors and windows, and vulnerable premises such as rooms containing sensitive information). The most straightforward alarms are motion sensors, which activate a light, emit a noise or activate a camera when they detect movement.
Alarms should:
Video cameras
Video cameras can help improve admission procedures or record people who enter the office. However, the recording must be made from a point which is beyond the reach of an intruder. Otherwise intruders can break open the camera and destroy the tape.
You may need to consider whether cameras will intimidate people you want to come and visit you such as victims or witnesses, or whether they will be seen as a valuable commodity which will attract thieves. It is good practice to post a warning notice if you are using a camera (the right to privacy is also a human right).
Private security companies
This area requires great care. In many countries, private security firms are staffed by ex-security force members. There are documented cases of such people being involved in surveillance of, and attacks on, human rights defenders. It therefore makes sense not to trust security companies if you have reason to fear surveillance or attacks by security forces. If a security company has access to your offices, they could plant microphones or allow other people in.
If you feel you need to use a security company you should ensure that you have a clear agreement about what their personnel are allowed to do, and not allowed to do on your behalf, and which parts of the building they can access. Of course, you also must be able to monitor that these agreements are fulfilled.
For example:
It is better if you can agree (and if possible screen) which specific staff will be working for you, but this is rarely possible.
If the security guards carry weapons it is important for a human rights organization to have a clear understanding about what their rules are for using them. But it is even more important to outweigh the potential benefits of using weapons against their drawbacks. Hand guns are not a deterrence against attackers with higher fire capacity (as it is usually the case), but if attackers know that there are carriers of short guns within your premises, the may decide to break in ready to open fire, to protect themselves during the attack. In other words, some armed capacity (small arms) will probably lead attackers to open use of arms with higher fire capacity. At this point it is worth asking yourself, if you need guards with sub-machine guns, do you have the minimum socio-political space in which to carry out your work?
Physical barriers must be accompanied by an admission procedure “filter”. Such procedures determine when, how and who gains access to any part of the office. Access to sensitive areas, such as keys, information and money, must be restricted.
The easiest way to gain entry to an office where human rights defenders work is to knock on the door and go inside. Many people do this every day. In order to reconcile the open character of a human rights office with the need to control who wants to visit you and why, you need appropriate admission procedures.
In general, people have a particular reason to want to enter or knock on your door. They often want to ask a question or to deliver something, without necessarily asking permission first. Let’s examine this case by case:
Someone calls and asks for permission to enter
You should then follow three simple steps:
1. Ask why the person wishes to enter. If s/he wants to see somebody in the office, consult the latter. If that person is not present, ask the visitor to return at another time or to wait somewhere outside the restricted office area. It is important to use spyholes, cameras or entry phones to avoid having to open or approach a door, especially if you want to refuse someone entry or are facing violent or forced entry. It is therefore good to have a waiting area which is physically separate from the office’s internal entrance. If an easily accessible public area is essential, ensure that there are physical barriers blocking access to restricted parts of the office.
Someone could request entry in order to check or repair the water or electricity supply or carry out other maintenance work. S/he could also claim to be a media representative, a state official, etc. Always confirm their identity with the company or organisation they claim to be representing before allowing them entry. Remember that neither a uniform nor an identity card are guarantees of proper and secure identification, especially in a medium or high risk situation.
2. Decide whether or not to allow access. Once your visitor’s reason for entering has been established, you’ll need to decide whether or not to allow them in. Just because someone states a reason for entering isn’t a good enough reason to let them in. If you are not sure what their errand is, don’t allow access.
3. Supervise visitors until they leave. Once a visitor has entered the office, make sure that someone is supervising them at all times until they leave. It is useful to have a separate area to meet with visitors, away from the restricted areas.
A record should be kept of every visitor with name, organization, purpose of visit, who they met with, when arrived, when left. This can be particularly useful when reviewing what went wrong after a security incident.
Someone arrives or calls asking questions
Regardless of what a caller or visitor might say, you should under no circumstances tell them the location of a colleague or other people nearby, nor give them any personal information. If s/he is insistent, offer to leave a message, ask them to come or call back later or make an appointment with the person they wish to see.
People can often show up mistakenly, asking if so-and-so lives there or if something is for sale, etc. Some also want to sell things, and beggars can come looking for help. If you deny these people access and information, you will avoid any security risk.
Someone wants to deliver an object or package
The risk you run with a package or object is that the contents could compromise or hurt you, especially in case of a package or letter bomb. No matter how innocent it may look, do not touch or handle a package until you have taken these three simple steps:
1. Check if the intended recipient is expecting the package. It is not enough that the recipient knows the sender, because the sender’s identity could easily be faked. If the intended recipient is not expecting a package, s/he must check that the supposed sender has actually sent them something. If the package is simply addressed to your office, check who sent it. Wait and discuss the issue before making a final decision.
2. Decide whether or not to accept the package or letter. If you can't establish who sent the package, or if this will take time, the best option is not to accept it, especially in a medium or high risk environment. You can always ask for it to be delivered later, or collect it at the post office.
3. Keep track of the package inside the office. Make sure you know where in the office the package is, at all times until the recipient accepts it.
During functions or parties
In these circumstances, the rule is simple: Do not let anyone whom you don’t know first hand enter. Only people who are known to trusted colleagues should enter, and only when that colleague is present and can identify their guest. If a person shows up saying they know someone in the office who isn’t there, don’t let them in.
Keeping records of phone calls and visitors
It may also be useful to keep a record of phone calls and phone numbers and – keeping record of people that visit the organization (in some organizations, new visitors are requested to present an identity document and the organization registers the number of the document)
Working extra-hours at the office
There should be procedures for staff working extra-hours. Members of an organization intending to work extra-hours late at night should report by certain hours with another designated member, take special care when leaving the premises, etc.
Checklist: Identifying weak points in admission procedures
Checklist: Access to keys
All staff members have a responsibility to take action against anyone who is not properly observing the admission procedures. They should also make a note in the security incidents book of any movements by suspicious people or vehicles. The same applies to any object placed outside the building, in order to rule out the potential risk of a bomb. If you suspect a bomb, don’t ignore it, don’t touch it, and do contact the police.
When moving offices, or if keys have been lost or stolen, it is essential to change all the locks in the entrance area, at the very least.
Regular supervision or inspection of office security is very important, because security situations and procedures vary over time, for example, because equipment deteriorates or if there is a high staff turnover. It is also important to achieve some sense of staff ownership of the office security rules.
The person responsible for security must carry out at least one review of office security every six months. With the help of the list below this can take as little as one or two hours. The person in charge of security must ensure that staff feedback is sought before the final report is written, and then present the security report to the organisation in order for the necessary decisions to be made and for action to be taken. The report should then be kept on file until the next security review.
Checklist: Office Security Review
Review of:
Carried out by:
Date:
1. Emergency contacts:
2. Technical and physical barriers (external, internal and interior):
3. Visitor admission procedures and “filters”:
4. Security in case of accidents:
5. Responsibility and training: