Sunstates Blog

A Proactive Security Partner

Archive for the ‘corporate security’ tag


without comments

Image for Smart Phone Corporate Security

Mobile phones have become as important to business function as email and paper. With the incorporation of high-level software functions like Microsoft Office, the functionality of these devices has reached unprecedented levels–and so has their vulnerability to security compromise. A study by the Carnegie Mellon University revealed that 4 in 10 companies that issue mobile phones have had devices lost or stolen, many of which contain sensitive data.

In a highly publicized case in the United Kingdom, the mobile phones of celebrities and high-profile criminal victims were hacked by reporters, resulting in serious damage to criminal investigations and intrusions into the personal lives of unsuspecting people. The ongoing fallout has resulted in several prison sentences and the closure of one of Britain’s oldest newspapers, The News of the World.

Risks of mobile communication

Employees are accessing increasingly sensitive information via smart phones, which are slowly but surely replacing laptop computers for sensitive data transfer. The Carnegie Institute estimates that mobile data usage will increase twelve-fold by 2014. All this activity has attracted the hacking community and identity thieves. In 2010, threats from malware increased by an estimated 46%, which translates to 55,000 new malware threats each day. Worse still, when users sync their phones with their computers, malware can be transferred and propagated.

This situation is exacerbated by users accessing potentially sensitive data in public Wi-Fi locations, such as coffee shops, airports, bookstores or other locations providing free Internet access. These free services are designed for ease of use, not security. Educating end users is essential to helping them understand the risks involved and teaching them how to avoid having sensitive data intercepted.

Device disposal and recycling

Organizations must be proactive and thorough when disposing of smart phones, because those devices still may have sensitive data stored in them. Such devices should be destroyed at the end of their service, with consideration to having the device and memory cards ground up to make it impossible to retrieve embedded data.

Older phones are often handed down to lower levels of management/workforce as newer faster ones are requested by senior management. In these cases, data and memory cards should be erased and/or replaced.

New dangers and responsibilities

Corporate espionage can easily target such versatile, powerful devices. To prevent security compromise, many companies restrict cell phone use. Others with sensitive R&D projects require employees and visitors to log phones in. Phones should be considered real threats to security, and should be considered in any vulnerability assessment.

Issuing employees new technologies brings new responsibilities. Companies should also establish policies and procedures for how to handle, use, and recycle phones. Use of phone passwords is key, as well as implementation of features that allow devices to be wiped remotely.

The bottom line

Mobile phones present a major challenge for professionals charged with maintaining security for any size of organization. Too many phone users do not take the threat seriously and so leave themselves and the organization open to attack. The results can be compromising, at best, to catastrophic at worst.

Sunstates Security can help organizations with policy and protocol development and employee training. For more on this and other security-related information, please contact Jeff Cathcart, Director of Training and Compliance Services, at

Written by Sunstates Security

April 17th, 2012 at 3:32 pm


without comments

Today’s corporate campuses are not unlike small towns. With an average population of 5,000, modern facilities house cafeterias, vendor shops, even services like dry cleaners and coffee shops. In addition, these campuses often have extensive grounds, with thousands of people coming and going every day. This environment creates unique security challenges.

Security Challenges for Corporate Campuses

  1. Internal Violence. The greater the employee population, the greater the chance of violent acts, either against other employees, or against company property.
  2. External Violence. Disgruntled former employees sometimes seek retaliation or attempt theft. Some companies
    might be the targets of activists groups, theft, or vandalism.
  3. Unauthorized Access. With a high volume of daily traffic, facilities can quickly lose control of who is coming and going.
  4. Perimeter Control. Corporate campuses often lack a perimeter fence, which makes intrusion–both accidental and intentional–more likely.

How to Overcome Those Challenges

Sunstates Security has many years of experience meeting these security challenges. That experience has helped refine a number of best practices for large corporate campus facilities.

  • Planning is always the first step. Have teams already in place and functioning on a consistent basis.
    • A senior-management level security team to oversee security procedures, with the authority to make decisions.
    • A crisis management team to develop contingency plans and take charge when a crisis occurs.
    • An emergency response team to enact contingency plans ensures employee safety, and protect company resources.
    • Contingency plans that include crisis response, lock-down procedures, and emergency evacuation procedures, with regular drills.
  • Safety protocols for the prevention and intervention of employee violence. Such protocols include placing HR interviewers with their backs to the door of a meeting room to prevent their being cornered by a potentially violent interviewee, along with discreet security officer presence, training in the use of pepper spray, and other measures.
  • Training Security Officers in non-violent, verbal resolution of conflicts. Sunstates President Glenn Burrell says that mutual respect is the key to resolving disputes: “My experience over the years has been that 99% of the time, if you show respect and offer quality verbal resolution, you can defuse the situation. For the remaining 1%, we use training to contain the situation and call in reinforcement.”
  • Security badge awareness is critical. Encouraging personnel to challenge people who do not use proper badge entry helps prevent “piggy-backing” the social niceties that allow holding open the door for someone who might not have a badge, such as a potential intruder or a former employee who no longer has access. Communication between HR and security personnel is critical to retrieve and deactivate the badges of terminated employees. This requires the cooperation of top-level management, who should not be immune from having to use their security badges.
  • Educating employees that security is a company-wide responsibility. The workforce must understand that flow of intelligence and communication is critical. Sunstates encourages companies to build a culture of security and safety through training classes and brown-bag lunches, whereby employees learn that security is a personal responsibility.
  • Early detection of intruders when the campus lacks a fence line more vigilance is required. Security personnel must ascertain whether the intrusion is accidental or intentional, and this requires early detection, tempered by strong public relations skills.

As a final thought, President Burrell recommends vetting applicants thoroughly as a proactive way of preventing problems. Background checks, drug testing, personal and professional reference checks are excellent tools; potentially dangerous people rarely resort to violence without prior warning signs.

Logging more than a decade of experience at such facilities, Sunstates Security understands specialized security requirements for large corporate campuses. Contact Denis Kelly at for more information on how Sunstates Security can be your partner of choice.


without comments

Globally, piracy and hostage-taking have been on the upswing for several years. Al-Qaeda and its splinter groups, such as the East African terrorist organization  known as Al-Shabaab, have lost most of their primary sources of funding, as a result of U.S. and European anti-money-laundering efforts.  Forced to look elsewhere for easy sources of cash, they have turned to piracy, kidnapping and ransom. Currently, at any given time, a global average of 500 individuals are held in captivity for ranson.

The new kidnapping threat
Foreign nationals, employees of international businesses, and passengers and crew on ships at sea are all vulnerable to the risk of being victimized by these criminals. With an average of more than 100 kidnappings per month in Somali waters alone, and a typical settlement in shipping piracy of $3-4M, terrorist organizations have found their new cash cow. The average ransom demand for individuals is $1.15M, and the average settlement is $355,000 per person.

The kidnapping industry has an index of the ransom worth of any given person. The international standard starts at $600,000, regardless of the person’s wealth or social status. If the kidnappers know the identity of their captive, however, the initial figure generally starts much higher.

This new reality poses a frightening challenge for companies conducting international business, and can seem like a daunting obstacle. Many are reluctant to travel at all. Consulting with an expert familiar with this new criminal reality has become crucial. Sunstates Security President Glenn Burrell has extensive training in terrorism studies and the dynamics of hostage taking. His knowledge and connections in government and law enforcement can be a critical component in a company’s ability to evaluate risks, and develop an action plan should an employee fall prey to kidnapping.

An ounce of prevention
Sunstates and its partners can train your company to avoid some commonly overlooked risks and prime target scenarios. “Ninety percent of abductions occur at the point of arrival or departure from home or work,” he explained. “They’re the two primary vulnerabilities.”

Additionally, Burrell advises companies about the repercussions of these crimes. Even when victims are released and unharmed – 94% of kidnap victims survive their experiences, 70% after ransom is paid — victims often suffer from symptoms of post-traumatic-stress disorder, which directly affects both their personal and professional lives. This PTSD spills over to the victim’s colleagues and their family members, as well.

These tips can help global companies reduce the abduction risk of their workforce:

  • Employees should dress as locals and avoid showing wealth; for instance, driving an older car can help maintain a low profile.
  • Educate employees on local areas where they should and should not travel. Many abductees are mid- or low-level employees, not CEOs. These employees don’t realize how valuable they are. They may wander into places where they shouldn’t be.
  • Track employees with GPS chips installed on vehicles, cell phones and even clothing.

Call Sunstates Security today to learn how to protect your employees. Drawing on our international network, we can help you evaluate your current practices and provide an action plan for hostage contingencies.

Contact Sunstates Security



without comments

February 21, 2011
“A recent robbery incident at our corporate headquarters has resulted in arrests. After many interviews and a good vehicle description the suspects were identified and arrested for armed robbery. I want to personally thank employees at our corporate headquarters and our Sunstates Security Officers for their time and diligence in helping police detectives solve this case with good, detailed and accurate information.”

See more Sunstates Security client testimonials on our website.

Written by Sunstates Security

February 21st, 2011 at 2:32 pm