It can be flattering when the local or national news media contact the director of security at his or her facility for help on an article about the latest security trends, equipment, or policies. But security practitioners must be careful about how much information they discuss.
These stories are often driven by recent events, and the reporter will want to know, in detail, what the firm is doing to keep employees, customers, information, and assets safe. It can be tempting to talk about the latest technologies, alarms, and camera equipment or how, when, and where the facility deploys security guards to provide protection. What seems like a routine conversation with a media person is actually going out to a larger audience, some of who might even be crooks on the hunt for more information about the protection strategies and the vulnerabilities of a building or organization they are targeting.
A reporter for a southern California business newspaper contacted the owner of a popular and busy retail store to talk about how much business the store was doing during the busy holiday season. The owner gave the reporter actual sales data—how much the store took in every day in cash and credit card purchases. This daily figure was extrapolated in the article into the actual weekly and monthly figures, along with an estimate for the projected yearly sales total. All totaled, it was a tidy amount, just over $3 million dollars. This information was about a store in a strip mall near a major freeway. This was enough for armed robbers (who read newspapers, too) to start targeting the business on a frequent and frightening basis. What started as a point of pride for the shop owner—“Look how much money we’re making!”—turned the business into a prime robbery target, both inside the store and for the employees who made daily bank deposits, before the store hired a daily armored car service.
It’s hard for even savvy security professionals not to spill some beans when faced with the often-flattering request for information and a chance to demonstrate subject matter expertise. But just as it was said in World War II that “loose lips sink ships,” the desire to provide information to the media must be measured by the impact or, more accurately, the harm a few words or figures can betray. Security professionals have a duty to remind themselves and the public-facing representatives of their organizations who are designated to speak to the media not to say anything specific about the security in use.
The security director should be part of the discussion and review of any press releases, placed articles, editorials, or interviews coming from the organization that has any security-related content. “Facts and figures” statements tossed out like: “Our security system is so sophisticated it only takes one guard per 8-hour shift to operate it,” or “Our cash revenues have never been higher” can turn the business into a new target by people or groups who never considered it as one before.
When in doubt, choose to be vague, especially with any facility or personnel security information that reveals too much. “We’ve got a thorough approach to protecting our inventory” sounds much better than “We’ve got a lot of expensive stuff in our warehouse.”
The old adage “all publicity is good publicity” has its exceptions. Better for people—honest or otherwise—to read about the security procedures at your firm and have to make assumptions about what it all means than to know too much detail.