Most companies and organizations have a receptionist at their front desk or main building lobby. Duties of the receptionist typically include greeting visitors, answering the telephones, and the handling of incoming mail. At some companies, the receptionist may perform other duties such as filing, the scheduling of conference rooms, managing employee schedules and other clerical functions.

In addition to their other duties, receptionists also play a critical role in the building’s overall security program. Receptionists are often given the task of signing in visitors, issuing visitor badges, controlling access in and out of the building, and observing suspicious activity. This is particularly true at buildings where no security officers are provided and the receptionist serves as the first (and sometimes only) line of defense against unwanted guests and intruders.

Because of the crucial role that they play in security, it is important that tools be given to receptionists to allow them to effectively perform their security duties. Here are some suggestions:

• The receptionist’s security responsibilities should be formally defined and included in the receptionist’s job description. When both a receptionist and a security officer are assigned to work in the lobby, the specific roles and responsibilities of each should be clearly defined.
• People who are assigned to be a receptionist should have the personality and aptitude necessary to perform this job. Receptionists should have a cheerful and outgoing personality, enjoy working with people, and have the ability to deal with conflict when necessary. Many people who are excellent at doing other types of clerical work may be unqualified to work as a receptionist or be uncomfortable when performing this role.
• Receptionists should receive formal security training that includes guidelines for spotting suspicious behavior and techniques to verbally de-escalate potentially dangerous situations.
• The building lobby should be designed in such a way that the receptionist is not the only thing that stands in the way of an intruder entering the building. A well-designed lobby can greatly increase the effectiveness of the receptionist and greatly improve building security. (See Designing Lobbies for Good Security).
• The receptionist’s primary job should be to greet visitors. If the volume of visitor traffic is relatively low, the receptionist can be assigned other duties, but these duties should be of a type that can be stopped immediately when a visitor arrives. Duties assigned to the receptionist should not require the receptionist to leave the lobby area.
• It is common practice for the receptionist to also serve as a telephone operator and to answer the organization’s main telephone line. We discourage this practice because the telephone operator role can be a time consuming job during certain periods of the day, and because the receptionist cannot immediately stop talking on the phone when a visitor arrives. We also think that it is unwise to give everyone sitting in the lobby the opportunity to overhear incoming telephone calls.
• Good visitor control procedures should be established and communicated to all employees. To automate the visitor sign-in process, consider the use of an electronic visitor management system. (See Introduction to Electronic Visitor Management Systems).
• We highly recommend that all incoming deliveries and packages be received at the mailroom or shipping/receiving department, not at the receptionist’s desk. If this is not possible, receptionists should receive training on the spotting and handling of suspicious packages, and a separate storage area for packages should be provided near the receptionist’s desk.
• The receptionist’s desk should include a panic alarm system that allows help to be summoned quickly in the event of an emergency. (See Introduction to Panic Alarms).

If you have questions, or need more information about the role of the receptionist in security, please Contact Us

Upon discovery of a crime, it is essential that the crime scene remain undisturbed so that important evidence is preserved for investigators. Often times, well-intentioned security officers and employees inadvertently destroy the integrity of the crime scene and make it difficult or impossible for a scientific investigation to be conducted.

The following is suggested:

1. The police should be immediately notified upon the discovery of an apparent crime.
2. Security officers and other employees should assume that criminals might still be on the premises until it has been conclusively proven otherwise.
3. The first security officer arriving at the scene should approach it slowly and methodically. The officer should note (preferably in writing) the exact time that the incident was discovered and gather as many details as possible about what was observed. Some things that should be noted include: odors, position of doors and objects in the room, lighting conditions, unusual or out-of-place objects, and people who were in or near the crime scene when it was discovered.
4. The security officer should disturb things as little as possible except as necessary to render aid to the injured or to prevent further damage. Special attention should be paid to the floor since this is one of the best sources of physical evidence and one of the most easily contaminated.
5. As few security officers as possible should enter the crime scene. Once an initial determination is made that a crime has been committed, security officers should back off and wait for the police.
6. The crime scene should be immediately secured and no one should be allowed to enter the area until law enforcement personnel arrive. Understandably, there will be great curiosity on the part of other security officers, management, and other employees, but is essential that the scene be kept pristine until investigators arrive.
7. A written log of anyone who enters the crime scene should be kept. The log should include the person’s name, address, and telephone number and a brief description of when they entered and left the crime scene and what areas they may have disturbed. This log should include the names of people who originally discovered the crime, as well as any responding emergency personnel.
8. Advise anyone who may want to enter the crime scene that, by doing so, they may be subjecting themselves to requests from investigators to gather their fingerprints, hair samples, blood samples, clothing, shoes and other evidence.
9. The names, addresses, and telephone numbers of any witnesses to the crime should also be gathered. Isolate witnesses from each other and other persons until the police arrive.
10. Once the immediate crime scene has been secured, other areas of interest (surrounding corridors, walkways, likely entry points, etc.) should also be cordoned off to the extent possible until investigators arrive.
11. Eating, drinking, or smoking should never be allowed at a crime scene.
12. Security personnel should not attempt to access recorded images on video tapes or in digital video recording systems until specifically directed to by the police. In no case should ongoing recording be stopped once the crime has been discovered.

Security incident reporting systems are used to keep track of thefts, losses, and other types of security events that occur at an organization. Keeping an accurate record of security incidents is an essential part of any good security management program. You can’t manage what you don’t track.

A good security incident reporting system allows trends, such as the increase in a certain type of crime, to be quickly identified. This allows security resources to be allocated to where they are needed most. A good security incident reporting system can also tell you if security improvements that you have implemented are working well or if additional fine-tuning is needed.

The following are some tips for implementing a good security incident reporting system for your organization:

• Security incidents of all types should be reported and tracked. This should not only include serious events such as major thefts and assaults, but also less serious events such as graffiti and minor vandalism.
• The theft or destruction of personal property owned by employees that occurs in the workplace should also be tracked. This could include something as minor as the theft of an employee’s lunch or vandalism to an employee’s car in the company parking lot.
• A convenient method of reporting security incidents should be provided. This can be through the use of a written form, or through the use of an on-line form on the company’s internal web site. Whatever system is used should be accessible to all employees, not just to supervisors and managers.
• Employees should be trained on how to report security incidents during new employee orientation and during security awareness training sessions. Employees should be frequently reminded of the reporting process and encouraged to report all incidents, no matter how slight.
• All security incidents reported by an employee should be followed-up on by the security manager or other person who manages security for the company. Incidents requiring further investigation should be followed-up on immediately. In addition, a second follow-up should be made approximately thirty days later to provide an update to the employee on what action has been taken by the organization in response to the security incident (even if no positive result was achieved).
• A summary of all security incidents should be compiled and published on a quarterly or semi-annual basis. This document should list security incidents by type and the total dollar value of the losses. This summary should be distributed to all members of the senior management team.
• Most contract security companies have a reporting system that is used by their security officers to report security incidents. In most cases, copies of these reports are made available to the client. While these reports can be a source of useful information, they should not be considered a substitute for the company’s own internal incident reporting system as described above.

Most companies make special efforts to keep certain types of information secret. This information can include customer lists, financial records, employee and payroll records, product development plans, and many other types of confidential information.

Methods used to protect confidential information can include high-security file cabinets, card reader systems used to control access into sensitive areas, and encrypted fax machines used to send and receive confidential information.

Despite these precautions, the employees of many companies continue to throw sensitive information into trash or recycle bins. If you don’t think this is a problem at your company, make random inspections of your outgoing trash – I guarantee you that you will be surprised!

Periodic inspections of trash bins will usually show that much confidential information is routinely disposed of in an improper manner. Documents routinely found during trash inspections usually include:

• Copies of customer invoices, packing lists, and order confirmations. This information can be used to create a list of your customers and the prices that they are paying for your products.
• Copies of purchase orders. These documents can provide information concerning the suppliers that you are using and the prices that you are paying for raw materials.
• Employee and payroll records. These documents may provide a listing of employee names and information concerning salary and benefits.
• Printed copies of e-mail correspondence. This information can be especially damaging because e-mail messages are frequently composed in a casual and sometimes careless manner. (Comments sent via e-mail have been used as damaging exhibits in many recent lawsuits.)
• Copies of marketing and product development plans.
• Financial records. While formal financial statements are usually treated confidentially, many types of “back-up” documentation, including sales reports, accounts receivable reports, and accounts payable reports are frequently found in trash bins.

It is important to understand that while the information found in your trash bin on any one day may not be significant, the cumulative information gathered over a period of time can be extremely damaging. For example, finding a copy of a few invoices in the trash wouldn’t provide your competitor with a complete list of your customers, but having several months worth of your invoices probably would.

What steps can be taken to prevent sensitive information from being thrown into the trash? Silva Consultants suggests the following:

1. Conduct periodic inspections of your outgoing trash and recycle bins. This provides a method to accurately track just how much confidential information at your company is being improperly disposed of.
2. Provide awareness training for all employees concerning the proper handling and disposal of confidential information. This must be an ongoing effort – employees will always resort to doing what is the least trouble for them.
3. Provide shredders to allow for the destruction of confidential information. Shredders should be conveniently located near where confidential documents will be disposed of. If employees must travel a long distance to shred a document, they will probably throw it into the trash instead. Investing in the purchase of a few extra shredders can greatly improve the chances that sensitive documents will be shredded.
4. Make sure that the shredders that you are using are suitable for the job. Shredders can cost as little as $40 – or can cost $3,000 or more. Differences between shredders include the capacity that they can handle (rated in number of sheets and/or feet per minute), size of documents (letter-sized or wide enough to handle computer printouts), duty-cycle (operate continuously or require “cool-down” period between shreds), ability to handle staples/paper clips, and size of shred. Lower security (less expensive) shredders usually provide a “straight-cut” shred. Higher-security shredders usually provide a “cross-cut” shred that makes it much much more difficult to reconstruct a shredded document.
5. For best security, consider the use of a “DOD Specification” shredder. This type of shredder meets USA government specifications for destruction of confidential, secret, top secret, cryptographic and COMSEC materials. This shredder reduces even the most sensitive material into ultra-secure 1/32″ x 1/2″ bits.
6. If you have a large volume of documents that must be shredded, you may wish to consider the use of a “document destruction” service. Providers of this service operate trucks that are equipped with high-volume shredders. On a periodic basis (usually weekly), these trucks will come to your facility and gather confidential documents for shredding. In most cases, documents will be shredded at your premises and then the waste paper will be hauled away by the document destruction service. One word of caution: the use of this service requires that containers be provided on-site to store documents for shredding. If these containers are not properly secured, they pose a real security weakness, as they are a spot where a large quantity of confidential information can be gathered with a minimum of effort. (At one location we surveyed, the client stored documents to be shredded in open cardboard boxes which were labeled “sensitive information to be shredded”. Needless to say, we recommended to the client that a better method be used to store sensitive information.)
7. Watch out for information thrown in “recycle bins.” Many employees, in a desire to be environmentally conscious, will place confidential information into a recycle container. Recycled paper may be handled by a number of brokers before it is eventually made into new paper. Sometimes, recycled paper is sent to foreign countries for processing. Because of this, any document placed into a recycle bin should be considered as released to the public.
8. Make sure that all shredded material is recycled. Let employees know that shredding material is the best way to assure that it will be recycled properly.

We recently conducted a security assessment at an electronics manufacturing company. This company uses microprocessors, memory modules, and many other high-value electronic components in their production process. The company had many good security procedures in place, including a package inspection procedure where employees leaving the facility were required to have their purses, briefcases, and lunch boxes inspected by a security officer as they exited the building.

Interestingly, we found a major weakness in this companies security procedures: employees could easily mail a package containing high-value merchandise out of the facility!

As a convenience, the company’s mail room could be used as a “post office” by employees. An employee desiring to send a personal package could simply drop it by the company mail room. The package would be weighed by a mail room person, and the employee would be charged the appropriate postage. This service was reportedly used heavily by employees, particularly during the holiday season. While convenient for employees, this procedure created a real potential for losses, since the packages were sealed and addressed prior to being accepted by the mail room. An employee intent on theft could easily fill a box with expensive electronic components, seal the box, and then mail it to himself or a friend. Since the mail room did not keep a record of personal shipments, it would be impossible to trace this type of theft.

How are outgoing shipments by employees handled at your company? Would you be vulnerable to this type of theft?

Here are a few suggestions concerning the control of outgoing shipments:

• The security manager should meet with the manager responsible for the mail room or shipping/receiving department. Review existing procedures to identify any potential security weaknesses.
• Discourage the use of the company’s mail room for personal shipments.
• If personal shipments are permitted, require that a mail room person inspect and seal the package prior to shipment. Keep a log of all personal shipments that includes the name of the employee who shipped the package, the mailing address of the recipient, and a brief description of the contents of the package.
• Provide good physical security at the mail room. Make it difficult for a non-mail room employee to place a package (with or without postage) in the outgoing mail bin.
• Make mail room employees aware of the potential for unauthorized outgoing shipments.
• Have mail room employees be on the lookout for suspicious outgoing packages (mailed to an unknown addressee, mailed to a personal address, non-standard shipping labels, etc.)
• Have mail room employees be alert for what appear to be inappropriate outgoing shipments (for example, the Human Resources department would not normally be making an outgoing shipment of electronic components.)