Best Practices for Internal Threat Teams During a Crisis

The recent violence in Israel is a stark reminder of how quickly the security environment can change—often without warning—and raises the risk for a company’s safety of personnel, facilities, and operations. The war in Ukraine continues and other threats loom, which can overwhelm your threat monitoring teams or operations center. Security and intelligence teams can use best practices to keep their focus on what matters to their company and overall risk without getting bogged down by too much data and query results. Intelligence analysts need to be focused, diligent, disciplined, and forward-thinking during crisis events.

1. Be focused on answering your company’s intelligence questions. Not every news event has an impact on your operations and some impacts may be secondary. It is crucial during times of crisis that analysts stay focused and know the threats, vulnerabilities, and risks that are important to their company. Analysts and their managers should be analyzing what impact, if any, global events will have on the company’s risk profile.
2. Be diligent about what information and data meets threshold by informing your risk ratings. It can be tempting to want to provide daily situational reports that summarize the news. Crisis events create an influx of data and queries, but not every piece of data is useful, timely, or has an impact.
3. Be disciplined on what is included in written products for your customers—internal or external. The news cycle during crisis events provides detailed information on every aspect of the event, most of which has little value to further understanding your company’s risk profile. Finished products, whether travel alerts, internal memo, or emails to C-suite members, should only include data that is relevant and supports analytical statements.
4. Be forward thinking and look past the 24-hour news cycle. Crisis events require threat, security, and intelligence analysts to assess risks within a short period, but long-term impact to a company’s risk profile is equally important. Analysts should anticipate which indicators are likely to impact the company’s risk profile in the short, medium, and long term. Strategic analysis is equally as important as threat analysis during crisis events. Excellent analysis looks for tomorrow’s threats amidst today’s crises.

Security and intelligence teams may have limited personnel to tackle the extra work during a crisis event or the company may not have an internal team in place. Security managers should look to:

• Leverage all company resources to provide actionable and timely information on the company’s risk profile.
• Have personnel in other countries that can provide different, new sources and language capabilities.
• Build a network of associates or vendors that can provide insight into a crisis event.

You will need analytical support to help frame the crisis and its impact on your company. If you don’t have adequate coverage today, a cadre of analysts trained by former IC analysts can provide the extra coverage you need during times of crisis without having to hire for a short-term need.Red 5 Security’s Managed Services has intelligence analysts that can supplement your existing threat and security teams.  To learn more, please contact us.