ProtectUK publication date
A strong security culture helps to mitigate security risks, including vehicle as a weapon attacks, by promoting compliance with security measures, awareness and vigilance.

What is a security culture?

A security culture is a set of values, shared by everyone in an organisation, that determines how people are expected to think about and approach security.

The benefits of an effective security culture are:

  • a workforce that is more likely to be engaged with, and take responsibility for, security issues
  • increased compliance with protective security measures, such as those set out in this guidance
  • reduced risk of insider incidents
  • awareness of the most relevant security threats
  • employees are more likely to think and act in a security-conscious manner

You can read more about Security Culture on the NPSA website

Security behaviours in your organisation

A strong security culture will promote positive security behaviours across your workforce.

Using the National Protective Security Authority's (NPSA) 5Es Framework, an organisation can embed and sustain security behaviours within their workforce.

The 5Es Framework is:

  • Educate
  • Enable
  • Shape the Environment
  • Encourage the Action
  • Evaluate the Impact

You can access the NPSA's ‘Embedding Security Behaviours: using the 5Es Framework’ downloadable PDF document online for guidance on how to implement the 5Es within your organisation.

​​​​​​​Vigilance and reporting suspicious behaviour

In an emergency, you should always call the police on 999. 

Security awareness, vigilance and reporting suspicious behaviour increases the likelihood that people with hostile intentions will be detected or deterred.

Procedures for reporting any unusual behaviour to supervisors and police should be developed and briefed to all staff.

Action Counters Terrorism

We recommend reporting any concerns via the National Counter Terrorism Policing (NCTPHQ) Action Counters Terrorism (ACT) campaign: ‘If you’ve seen or heard something that could suggest a terrorist threat to the UK do not ignore it, report it’.

You can report suspicious activity to the police by calling confidentially on 0800 789 321 or make a report in confidence on the Action Counters Terrorism webpage.

The public already contribute intelligence to around a third of the most serious terrorism investigations. Staff should be reassured that they need not be concerned about wasting police time or getting someone into trouble.

Due to the nature of security operations you may not hear back from the Police, this does not mean they have ignored you concerns.

Vigilance 

Vigilance can be promoted further by putting systems in place for recording site security patrols, and monitoring and checking visitors and vehicles.

Identification passes should be issued to your staff and visitors and worn at all times. All staff should be encouraged to challenge anyone on your premises who is not wearing a pass.

Company security plan

The Process

A security plan is the cornerstone of a secure goods vehicle operation that sets the basis for strong security behaviours, culture and security practice.

A company security plan should cover at least the following steps, themes and elements:

  1. Allocate security responsibilities to a staff member who has appropriate authority to make security-related decisions and implement them
  2. Assess risks posed by your vehicle operations. Involve key business partners including customers, shippers, freight forwarders, carriers, security service providers, and insurance experts in the risk assessment, if possible. Define and understand the security risks in vehicle operations including the ‘insider threat’
  3. Identify possible solutions that will prevent one of your vehicles being used in an attack, while considering options, for example, that all vehicles should be locked when not in use. Security plans and procedures should be updated regularly. Collect feedback from drivers and consider the drivers’ needs and wishes in day-to-day vehicle security management. When implementing decisions ensure employees have been consulted. Undertake regular reviews to monitor results and progress
  4. Altogether, when designing security plans, managers should consider the five-step model illustrated above which guides them through the most important aspects and themes of goods vehicle security management

 

Countering the insider threat with pre-employment checks

Insider threat

An insider is a person who exploits, or has the intention to exploit, their legitimate access to an organisation’s assets for unauthorised purposes.

Insiders with access to your processes and assets can be a source of threat. An insider could be a full time or part-time employee, a contractor or even a business partner. They could deliberately join your organisation to gain access to your organisation’s assets to mount an attack, or they may be triggered to act at some point during their employment.

Organisations should provide a trusted resource for staff to report security concerns or suspicions, either anonymously or otherwise, this is a positive way of nurturing a security culture within an organisation.

Remember: Deter - Detect - Deny

Robust pre-employment checks for all employees can help mitigate the insider threat by:

  • deterring applicants who may wish to harm your organisation from applying for employment
  • detecting individuals with an intent to harm your organisation at the recruitment/application phase
  • and denying employment to individuals intending to harm your organisation, and deny employment in roles for which the applicant is unsuitable

Security screening of employees

Consideration should be given to using British Standard 7858 (or equivalent) for security screening of employees.

This standard involves conducting basic identity, financial, employment and criminal records checks. We recommend that the following additional steps are taken when employing drivers:

  • check a driver’s references and previous employment history (minimum of five years)
  • speak to previous employers
  • inform applicants that false details on application forms may lead to dismissal
  • check driving licences are valid and look for endorsements before you employ someone, and then at six-monthly intervals afterwards. Drivers should tell you of any changes to their licence
  • check if the applicant has any prosecutions pending or is waiting for sentencing by a court
  • for agency drivers, ensure that the agency has carried out all of these checks including criminal records checks
  • and use only reputable recruitment agencies that are affiliated with a recognised UK trade organisation

 

Download this page in PDF
Keywords
Security Culture
Vehicle as a Weapon
Risk
Protective Security
Attack
NPSA
Business
Threat
Vigilance
Action Counters Terrorism
Deter Threats
Screening