I recently sat down with former Boston Police Commissioner Ed Davis to discuss today’s security challenges and his thoughts on mitigating them. No stranger to complex security matters, having guided the City of Boston through the Marathon bombing and dozens of other events, Davis emphasized that preparedness is key to keeping an organization’s people and assets safe.  Davis, now founder and CEO of Edward Davis Inc, also stressed that being prepared means integrating crisis communications into your crisis management plan.

Jill Reilly, Denterlein: In your role as Boston Police Commissioner you managed some very high-profile events – the Boston Marathon bombing and six professional sports championship celebrations, just to name a few.  Now you are applying that experience as a security consultant. What are the security challenges that organizations face?

Commissioner Davis:  What we have seen across our broad spectrum of clients, which range from large entertainment venues to universities to sporting facilities to large corporations, is very consistent. The threats may be diverse, but the concern is not.  They all ask, “How do we best protect our people and our assets?”

Reilly: Given the times in which we live, I’d suspect that many organizations are concerned with terrorism and how that might impact their operations. But what are some of the other threats that may keep the C-suite up at night?

Commissioner Davis: Of course terrorist acts are a serious concern and we work with entities on minimizing those risks.  But something else is very clear and more universal.  Whether organizations are dealing with workplace violence, computer intrusions, intellectual property theft, sexual assault, mass shootings, industrial espionage, or financial malfeasance, there is a common thread. From my experience, that common thread is the emerging insider threat. It is clear that employees, perhaps a company’s biggest asset, may also be their biggest liability.

We are working with one global corporation with safety issues in a plant in Southwest Asia. There was a violent incident committed by one employee on another.  The attacker was arrested and, it seemed, case closed. However, the employees in the plant complained about purse thefts, violence and aggressive behavior by the security staff. The cracks exposed by the violent attack, were a shock to the company’s leadership. It is critical to know your people.

Reilly: These seem like intractable problems. How do you go about addressing them?

Commissioner Davis: We have seen a gradual shift from outside attacks to the issue of the threat from within. With strategic and tailored crisis planning, training, cyber security threat assessments, policy review and development – workplace violence and other internal crises caused by an insider, can be effectively managed.

We are working with one client now that hired an individual without doing the due diligence required. The individual, while well-liked and talented in his field, committed a crime outside of the workplace. The incident, which made the newspaper, had a very detrimental impact on the organization’s reputation.  They did not think that their employees were an issue. It’s important to select a talented team that brings deep, relevant security experience to each organization’s individual needs, with a focus on practical solutions for an increasingly dangerous world.  .

Risk management assessments are a key. It is important to identify and evaluate gaps, potential risk factors and hazards specific to an organization’s day-to-day operation and provide recommendations to improve information security decisions for the elimination and/or the minimization of risk. It is equally important to evaluate and test your policies, practices and systems at regular intervals to ensure you are optimally protected.

Reilly: We often see the intersection of communications and crisis incident response.  How important do you think it is to blend a crisis response plan with a communications plan?

Commissioner Davis: We work with many of our clients on developing a customized program for crisis response. We ensure that they are prepared by emphasizing situational awareness, and providing practical steps that employees and other members of the organization’s community can use before, during and after a crisis. A critical piece of this work and protecting an organization’s reputation is crisis communications.

Reilly: When issues erupt that can impact employees, customers, the community, as well as an organization’s reputation, having a crisis communications plan in place, along with the right individuals to implement it, makes a huge difference. Prepared organizations need to develop a separate communications strategy and with it a dedicated team to assess the situation. The team can evaluate the risks, review the facts, identify the key stakeholders, and can put the organization in the position of telling their story in their own way.

Jill Reilly is a Vice President at Denterlein, a communications strategy firm headquartered in Boston, Mass. A seasoned communications strategist with a no-nonsense style, Reilly teams with her clients to enhance and protect the image and reputation of their businesses, in support of the bottom line. Her experience in crisis communications is marked by the intelligence to understand the complexities of issues business leaders face and the creativity and imagination to craft the best strategy for any given situation – particularly in matters related to litigation.

Edward F. Davis is the former police commissioner of the Boston Police Department. Nationally known for leading the City of Boston during the Boston Marathon bombing, Davis is a recognized security expert, providing analysis for media across the country. In 2014, Davis founded and serves as CEO of Edward Davis, LLC, a security and management consulting firm which works collaboratively with businesses to create customized strategies to combat any security situation.