The mass shooting at Robb Elementary School in Uvalde, Texas in May showed us once again that active shootings are — despite security precautions — still a huge risk for schools. Despite this, not all schools believe they can be a target.
We recently got a message from a school. When asked about active shooters, the school’s position was “we don’t have that type of risk.” Yes, they do. If the last several years have taught us anything, it’s that every school is at risk of a mass shooting. In fact, every organization is at risk of a mass shooting. However, we live in a culture where the idea of a shooting is so frightening that people don’t want to think about it.
Ignoring the risk of an active shooter, however, is dangerous, as is complacency. Both can give an organization a false sense of security that can open the door for an attack.
Accept that the threat is possible
The first, and most important thing an organization can do when it comes to an active shooter is to accept that your organization is a potential target. No matter what your organization does — even if you are a school — there is someone who wants to do you harm.
This is about more than the technology you might use to secure your site. You might have metal detectors at the front door, school resource officers, regular lockdown drills, and plenty of training. If you don’t believe your organization could actually be targeted by an active shooter, however, your staff may become complacent.
Take the example of the CIA. In 2010, when the CIA was trying to catch Osama bin Laden, they were able to make contact with bin Laden’s doctor, and brought him onto their base. Because they didn’t want to scare the man away, they didn’t follow their regular protocols, and he was not searched for bombs. The informant later detonated a bomb during his debriefing, killing seven.
How secure is your organization? Talk to us now about assessing your security.
The need for a culture of risk
After high-profile attacks, often organizations are approached by salespeople or consultants who promise that a security risk can be solved with a product or service. While, yes, you do need technology and training to mitigate risk, those things are useless without a proactive culture of risk in your organization.
Security countermeasures only work when you and your employees use it; if your organization has invested in access control but your staff holds the door open for anyone who asks to come in, they’re opening you up to risk because they don’t believe a threat is possible.
It’s important to build a culture in your company, organization, or school that acknowledges the likelihood of risk. This doesn’t mean that your organization should be paranoid or that your workers should be afraid; it simply means the need to have situational awareness of potential threats and using the security measures you have.
To learn more about building a proactive culture of risk at work, read our white paper.