Home>Security>Cyber Crime>Thick as thieves?
Home>Security>Policing>Thick as thieves?
Home>Security>Terrorism>Thick as thieves?

Thick as thieves?

15 April 2017

Superintendent Kyle Gordon explores the changing face of criminality and highlights the major emerging threats that face the Police.

THE WORLD is changing and so are the threats we face on a daily basis. When I say we, I don’t mean just the Police but the general public and businesses across the United Kingdom as well. Over recent decades, workplaces have modernised beyond belief, and technology now plays a key role in day-to-day operations, which means criminals have had to move with the times, too. The rapid pace at which technology continues to grow means you can be an expert on the risks to your business now but quickly fall victim to a new emerging threat. 

I grew up in Northern Ireland, and we were well aware of the threats of car bombings, or terror-related violence. But these are not things that the rest of the UK has been used to and why it was so shocking last year when the Government felt the need to release a video to warn people how to act in the event of a shooting in their workplace.

Did you ever think, when growing up, that we’d live in a society in which such instruction was necessary? The video, which has been used as part of training by more than 100,000 businesses, urges people to run and hide in the event of a shooting and gives tips on how to do so as safely as possible. It was issued because the threat level of a terrorist attack in the UK has been raised to ‘severe’ by the Government, which means it’s considered highly likely that an attack will take place imminently. At present, the Police and intelligence services are arresting, on average, one person a day who is believed to be involved with a terrorist plot. That is truly terrifying.

Fleeing gunmen

The video, which can be viewed at www.youtube.com/watch?v=4jxOXbpTmnk, explains that you can never cater for every eventuality in the event of a firearms attack, but having an evacuation policy for staff in the event of an attack is essential. If you hear gunfire, you should attempt to evacuate as soon as possible, because remaining in the building will only put you at greater risk. 

Once you’ve heard gunfire the first thing you should do is consider your exit route and try to assess if it’s possible to gather at the agreed exit point outside your building. You should only try to escape if it doesn’t place you at greater risk of being in the line of fire. If you can try to evacuate, then you must act quickly and quietly so you are not seen by the perpetrator(s). Do not make any attempt to take your belongings, as it will only slow you down. As soon as you’ve identified a safe exit route run towards it and insist that others follow you, but do not let them slow you down. 

It may be safer for you to remain where you are temporarily if the attacker is nearby, and only try to flee when the gunman moves away. If you do have to stay put, try to find a hiding place as quickly and quietly as you can. Remember to consider your exit and escape routes; try to avoid dead ends and bottle necks so you don’t become trapped. The best place to hide from gunfire will have a substantial physical barrier between you and the attacker, so try to find somewhere with reinforced walls. If you can, lock the door and then move away from it in case the gunman tries to break it down, or shoot through it. 

When you are hiding you need to remain calm and be as quiet as possible. Do not forget to switch your mobile phone to silent and turn off vibrate so it does not give away your hiding place. Under no circumstances should you shout for help, or make any noise that could give away your location. 

Helping the Police

If you’re able to evacuate, get as far away from the danger area as possible. Try to stop others from entering the danger area, but only if this won’t put you in danger. At this point, you should call the Police and tell them clearly your location and that of the attacker(s). Try to provide an accurate description of the attackers, which includes information on their clothing and weapons. You will also need to provide any information about casualties and building access. Tell the operator any other information you think will be important for the Police to be aware of before they attend the scene.

When armed police arrive, their first task is to deal with the immediate threat, and this may take a long time. Police may be unable to distinguish you from attackers and, as a result, they may treat you firmly. It’s essential that you do everything they tell you to do. When they confront you, make sure you don’t make any sudden movements or gestures that may be perceived as a threat. Keep your hands visible at all times, so it’s clear you are unarmed. The Police may ask you for information about the building, the attackers, casualties, and if there are any hostages. Only once it’s safe will you be evacuated by the officers. 

Firearm and terrorist attacks are very rare but having a plan for these events will help keep you safe and could save your life. To sum up the three key instructions from the Government: run, hide and tell.

Simulating attacks 

Project ARGUS is an initiative developed by the National Counter Terrorism Security Office (NaCTSO) and delivered by Counter Terrorism Security Advisers (CTSAs) throughout the UK. It is a three-hour multimedia simulation that poses questions and dilemmas for participants working in syndicates. It aims to raise awareness of the threat from terrorism, providing practical advice on preventing, handling and recovering from an attack. It’s ideal for managers in areas such as facilities, security, reception and those responsible for creating and maintaining response plans.

I attended a recent session at a football stadium in Glasgow, which simulated a terrorist attack that involved multiple heavily-armed gunmen. The scenario suggested that the stadium was full with fans, and the security teams used a fire-evacuation policy as the template to follow for an evacuation during gunfire. I can’t stress strongly enough that any written procedure for evacuation during a fire is not suitable to be used as an evacuation plan during a terrorist attack. I can’t tell you how many people ‘died’ in first 30 minutes of this simulated exercise. 

The huge number of lessons learnt from the scenario highlighted, among other things, the importance of determining a safe place to congregate inside the stadium during an attack. People were being moved into places that were obvious secondary points for an attack. Among the many dead in this scenario were the key decision-makers for an evacuation. Terrorism is a completely different evacuation situation from fire, and these exercises are essential in educating people that a one-size-fits-all evacuation plan is not practical. 

In the scenario I witnessed, the gunmen were armed with munitions that are not easy to get into the UK, but terrorists are resourceful and it’s only right that we plan for every scenario. Thankfully, major terrorist attacks are not common in our country but we must not rest on our laurels. In Northern Ireland, you get car-bomb or mortar-attack warnings alongside the usual fire-alarm briefing at any event or seminar you attend. This is not something we do in the UK as a whole, and we should consider doing so as soon as possible. When you attend an event or a seminar for work, have you ever been told how and where to evacuate during a terrorist attack? The answer will almost certainly be no, which means you and the other guests are completely unaware of how to act if the situation arises.

Business continuity planning 

It is reported that more than 80% of the businesses affected by the bombing in Manchester in 1996 did not recover. As a result, businesses closed and people lost their jobs. Business continuity is not just about pulling together a bunch of plans, it’s about protecting lives and livelihoods. So I ask you: when was the last time you revisited your business continuity plan?

In 2015, I joined the British Transport Police and, on first sight of our business continuity plan, I realised it wasn’t fit for purpose. I then spent more than two months re-writing the plan, and I’d urge you to give your plan equally close inspection. You need to ask these key questions about your own working environment:

  • Do you back up your data/assets at the end of each working day? 
  • Are those assets accessible at more than one location? 
  • What security is in place to protect them?

Retrofitting security solutions will always be more expensive than incorporating them in advance. So, if you’re moving to a new premises, you need to consider all the security threats fully and incorporate them into your business continuity plan.


Cybercrime is now classed as a Tier 1 threat in the UK and, according to the most recent crime figures, it has increased by 288%. Those same government statistics also show that traditional retail crime has decreased by 12%, which means you’re now more likely to be a victim of online crime than a robbery. Even outside of the business world cybercrime is more likely to occur than any crime involving physical violence. For every 1000 business premises in the UK, an average of 204 have been victims of some sort of cybercrime. 

There are various different types of cybercrime but one of the newest forms is spear-phishing, which is when a finance department receives an email from someone pretending to be a company director. These emails are made to look like they’ve come straight from the director and usually ask for a fake invoice to be paid. Criminals are finding it easier to pull off these scams by looking at executives’ online profiles and using that information to impersonate them. 

Online threats can also come from your own staff, and that’s why it’s essential to change former employees’ passwords, reclaim their company IT equipment and access cards, and block their remote access to your servers. Many companies have fallen victim to former staff stealing or deleting key data after they left the company. 

As an employer, you also have a duty of care to staff to protect them from becoming victims of cybercrime. It’s becoming increasingly common for organised-crime bosses to fund webcam blackmail schemes. This is when a person pays to engage in online sex and they are secretly being filmed by their own webcam. They are then blackmailed into paying money, or granting access to confidential information to prevent the video being made public. Occurrences of these shame crimes doubled in 2016, with 864 incidents reported to the Police. But the question is: just how many people fell victim and didn’t report the crime out of embarrassment? 

I spoke to a friend of mine in the National Crime Agency recently and he revealed that four suicides had been linked to cases of online blackmail. That’s four families that have suffered a tragic loss due to criminals. This reinforces why employers have a duty of care to protect their employees. You need to have robust security in place and train your staff to alert you if they have any concerns. Not having a plan in place may not just be catastrophic for the business but also put your employees’ safety at risk.

Superintendent Kyle Gordon is head of operations for C Division at the British Transport Police.