As lawyers, we always seem to be concerned about protecting our electronic data. There are many examples of cyber-attacks in the media, some of which have compromised lawyers’ data.
In recent years, Alberta lawyers have also dealt with floods, fires and massive power outages. These events, while devastating in their own right, were not the results of malicious acts by someone intent to cause harm. Most of us are aware of the recent tragic events in Winnipeg involving an explosive package sent by a man in a divorce proceeding to the office of his wife’s counsel. The package was delivered by mail and exploded in the office, injuring the wife’s lawyer. News reports stated that explosives were also forwarded to other parties involved in the dispute.
The events in Winnipeg highlight the fact that lawyers must pay as much attention to their physical security as they do to the security of trust funds and electronic data. There is no time like the present to assess your office security and mail handling procedures. What follows are some best practices for securing your office and ensuring the safety of your staff. This is not an exhaustive list, and lawyers should seek professional advice.
No visitor should be able to enter your office without being both observed and approved. You should have an employee monitoring visitors and validating identification. Access should be limited to one monitored entrance. Staff should be encouraged to ask for additional identification, or to ask visitors or service providers to wait while their identity is checked. Staff should all have photo identification, particularly in larger organizations, and it should be worn and displayed while in the office. It should not, however, be worn outside the workplace and lost ID should be reported immediately.
Visitors should never be allowed to roam freely through your premises unescorted or unobserved. At the end of the day, the premises should be inspected to detect potential intruders who may be trying to stay beyond office hours.
An organization should have a strict key control policy. Issuance of keys should be centrally supervised and no departing employee should be allowed to keep a key. Password coded locks should be changed regularly, especially when employees leave the organization. Key card readers make key control more effective, and employees can be given different levels of access to certain areas or at different times. Exterior locks and doors should be strong and well-reinforced, and automatic closing systems on doors should be tested regularly. Interior doors and filing cabinets should also be locked.
Protective devices and alarms should be considered. You should seek assistance from law enforcement or security agencies when choosing or installing a security system. Fire detection and suppression may be subject to mandatory regulation in commercial settings. Intrusion detection and cameras should be considered, along with protective lighting which may deter criminals or intruders when the office is closed. If visitors access premises through a door which is not visible to staff, consider installing a camera and intercom to allow staff to monitor potential visitors before they enter. They can then permit only authorized individuals to access the premises. Consider cameras in parking areas as well.
Educate employees to identify potential risks, such as unauthorized visitors or strangers, or other hazards such as unattended personal items left in public areas. Develop and test a strategy to respond to a potential incident, in the event of an intruder or other unsafe situation. Local law enforcement officers are often available to provide information and advice on security issues and emergency response procedures.
Train staff to detect suspicious mail or deliveries which may contain a bomb or other dangers. The following indicators may signal that a package is unsafe:
- Foreign mail, airmail or special delivery markings
- Restrictive markings, such as “confidential” and “personal”
- Non-metered postage
- Too many stamps
- Handwritten or poorly typed address
- Incorrect title or position
- Title but no name
- Oil stains or discoloration, faded wrapping
- Smell of marzipan or machine oil
- No return address or unidentified sender
- Excessive weight or uneven weight
- Rigid, lopsided or uneven envelope
- Soft outer wrapping with hard contents, or very stiff envelope
- Protruding wires or foil;
- Excessive wrapping materials, such as tape or string
Staff should be trained to note the name and address of sender, postmark, post office codes, stamps and other markings. In some cases, it may be appropriate to make preliminary inquiries of the intended recipient or addressee to determine if they know the sender, or if they are expecting a delivery of this type or size. If the sender is unknown, determine if the addressee expecting a parcel from the parcel’s place of origin.
Stop handling the package when you determine it is suspicious. Place it on a flat surface and do not attempt to open it. Even attempting to cut open the package with a letter opener may detonate a bomb. Do not place the package in or under anything (e.g. a bucket of water). Clear the immediate area and secure the room. When in the vicinity of a suspicious object, do no use a hand-held radio or mobile phone to transmit within ten metres of it. Contact building security and police and let those authorities determine whether building evacuation is required. Be prepared to provide details of the location of the package and its description, including details such as its dimensions, colour, markings, visible features, etc.
Security agencies and law enforcement officers are sources of information and advice about safety and emergency response strategies. Other resources online include:
Written by: Nancy Carruthers, Practice Advisor