Security/Emergency Information

Cybersecurity is everybody’s business

Cybersecurity in the Workplace Is Everyone’s Business. Whatever your place of business – whether it’s a large or small organization, healthcare provider, academic institution or government agency – creating a culture of cybersecurity from the breakroom to the board room is essential and a shared responsibility among all employees. Spread the word by posting online safety tips on your social media platforms, including Google+, Facebook, Twitter and LinkedIn. Remember to use the official NCSAM hashtag, #CyberAware.

Over the past year multiple synagogues were hit with Ransomware demands and many Jewish-related websites were hacked and defaced. Here at JCRC, members of our board still receive pleas for cash from a deceased, former board member. His email account was hacked. It can happen to anyone. Please consider the simple tips below from our wonderful NJ partners and send an email to njccic@cyber.nj.gov to subscribe to their weekly newsletter, with important updates and information. Click here to check out the JCRC-NY’s Cybersecurity Resources for more ideas.Creating a culture of cybersecurity is critical for any organization. From new employees to leadership, effective cybersecurity requires the awareness and vigilance of every employee to keep data, customers, and capital safe and secure. The following are simple tips to help foster a culture of cybersecurity in your organization.

  • When in doubt, throw it out. If an email, attachment, or link looks suspicious, even if you know the source, it is best to delete it.
  • Back it up. Make electronic and physical backups of all important work to prevent the loss of data from malfunctions, malware, theft, viruses, and accidental deletion.
  • Guard your devices. Never leave laptops and devices unattended in a public place or unlocked when not in use.
  • Secure your accounts. Do not share usernames and passwords with anyone, and turn on stronger authentication for an added layer of security beyond a password.
  • Report anything suspicious. If you experience any unusual problems with your computer or device, or suspect an attachment or link to be malicious, immediately report it to your IT department.
Join one of our cyber intelligence analysts as she discusses how organizations can protect against the most common cyber threats and the resources available to help strengthen cyber resilience.

____________________________________

David M. Pollock
Associate Executive Director & Director, Public Policy and Jewish Security
225 West 34th Street, Suite 1607 | New York, NY 10122 | 212.983.4800×132
pollockd@jcrcny.org | http://www.jcrcny.org/security

Click here to subscribe to the JCRC-NY Security and 
Emergency Preparedness Alert list.


 


  
Posted in Cybersecurity

Updated: New white powder incidents

Download Suspicious Mail Poster in PDF format

UPDATE: According to the New York Post:

The white powdery substance discovered at the Israeli Consulate in Manhattan was inside a threatening letter to Israel’s Prime Minister Benjamin Netanyahu, police sources said Saturday. The package, which was discovered around 1:30 p.m. Friday was addressed to the consulate’s East 42nd Street and Second Avenue location. Security deemed the envelope suspicious after noting the absence of a return address, the sources said.

There was, at least, one similar incident reported on Friday and taken together, they are a reminder that organizations and leaders should be vigilant about their mail screening processes.

A​ll businesses that have mailrooms should review their handling procedures with staff. Please advise your mailroom personnel not to handle letters or packages that look suspicious (discoloration, stains, or emits an odor).Personnel should immediately leave the area and dial 911. Personnel should make sure that no one re-enters the area until the NYPD/FDNY Hazmat Unit declares it safe.

A comprehensive “Best Practices for Mail Screening and Handling” guide from DHS is available here. Check out Safe Mail Handling from DHS and find the USPS page on mail security, including suspicious mail and packages, here.

Consider the following:

  1. Larger organizations should continue to screen and x-ray their mail. The USPS best practices for mail center security can be found here. It contains an excellent chapter, “Protect Your Business from Package Bombs and Bomb Threats”.
  2. All organizations, large and small, need to examine all mail and packages, whether delivered via the post office, UPS, FedEx, other carrier or hand delivered.
  3. Whether or not your organization has a mail room, designate and train specific people to screen your organization’s mail. Make sure that they know what your screening protocols are and know what to do if they find anything suspicious.
  4. Screen your mail in a separate room. That way if you find anything suspicious, you can easily isolate it.
  5. If you believe that an envelope or package contains a hazardous substance (e.g., an unknown white powder) instruct your screener to avoid inhaling the particulates, wash his/her hands with soap and room temperature water and isolate him/her in an adjoining, designated area away from the substance and await instructions from the first responders (This will take some planning. You don’t want anyone walking past the other employees and possibly contaminating them).
  6. If you deem an item to be suspicious: 
    • Do not open it.
    • Do not shake it.
    • Do not examine or empty the contents.
    • Leave the room.
    • Close the door.
    • Alert others in the area.
    • Call 911.
    • Shut down your HVAC (heating, ventilation and cooling) systems, if possible.
    • Consider whether you want to vacate your premises.

If you have a specific question about a package mailed to you, you can contact:

USPS POSTAL INSPECTION SERVICE
PO BOX 555
NEW YORK NY 10116-0555
Phone : 877-876-2455
Posted in Mail Screening

TS Jose cone stalks Rosh Hashanah

Tropical Storm Jose has been meandering around the Atlantic and the New York area is already experiencing rough surf from the system. As you can see from the graphic, the “cone of uncertainty” encompasses our region on Rosh Hashanah. Jose could both strengthen and weaken by then and affect portions of the east coast of the United States from North Carolina northward to New England. It is too soon to determine what or where. NYCEM will continue to monitor the status and progress of TS Jose and you should pay close attention to weather forecasts over the coming days.

What should you do until then?

  • Plan. September is National Preparedness Month, so you should have an emergency plan covering four basic areas: How will I receive emergency alerts and warnings? What is my shelter plan? What is my evacuation route? What is my family/household communication plan?
  • Know your zone. New York City refined its Evacuation Zones after Sandy. Take a look at the NYC Hurricane Zone Finder and for Nassau, Suffolk and Westchester.
  • Get notified. Sign up for emergency alerts from NYC, Nassau, Suffolk and/or Westchester (temporarily unavailable).
  • Stock up. As we know from Texas and Florida, storms bring power outages and limited mobility. Build or restock your emergency preparedness kit. Include food and water sufficient for at least three days, medications, a flashlight, batteries, cash, and first aid supplies.
  • Halacha. Plan for the worst and hope for the best. The Rabbinical Council of America distributed this document, dealing with questions arising from severe weather on Shabbat and Yom Tov.

Quick tips for security guidance

Many people wonder, as the High Holidays approach: Have they taken adequate steps to protect their institutions. If you’re looking for guidance, here are some resources:

JCRC-NY materials

ADL materials

Here are some materials from our partners at the ADL.

Are you prepared? 5 steps to make your facility safer and more secure

Posted on August 30, 2017

(Click here to download a PDF of this webpage)

Organizational leaders should work to strike a balance: to offer a warm and welcoming facility, while at the same time ensuring that their members, students, staffs, clients and building are safe and secure. Leaders concerned with everybody’s safety and security should prepare to deal with emergencies, because “on the fly” reflexes might not be as effective as a pre-determined and rehearsed plan. While your “to-do” list at the beginning of the academic and program year is long, consider these tips to help you prepare for emergencies and ensure you can protect your constituencies.

1.  Control access to your facility

No unauthorized person should be allowed to enter your facility. Every person entering your facility should be screened by security (or other) staff.

  • Limit entrances and exits. Limit access to your facility to monitored entrances.
  • Don’t slow down regular users. Create a system to identify regulars (e.g., staff, members).
  • Screen irregular visitors. g., people with appointments, contractors, etc. See more at Sample Building Access Policies & Procedures.
  • Divide your building into sectors. Should people authorized to use one part of the building be able to wander into another? If you have an access control system, take advantage of its capabilities to allow specific access. Alternatively, use color-coded badges, wristbands or ID cards as a low-tech solution.

2. Plan your emergency response

Stuff happens. Emergencies are not events that you can handle on the fly. Consider having plans, procedures and designated teams empowered to make decisions during emergencies, and trained and prepared to respond to events.

  • Develop and train an emergency response team. Designate someone to be in charge during an emergency and someone else as backup. Build a support team. Have the team work together on your response plans.
  • Build a relationship with your local police.Work with your local police throughout the year and give them the opportunity to get to know your programs, your rhythms, your people and your building. Ask them for suggestions as to how to make your people safer.
  • Know what to do if you receive a threat. Get some ideas about preparing for phone, email or social media threats and evacuations and sheltering at: http://www.jcrcny.org/2017/02/to-evacuate-or-not-to-evacuate-that-is-the-question/.
  • Have an “active shooter” Do the people in your facility know what to do if a person with a gun or sharp-edged weapon shows up? Find more information at: www.jcrcny.org/activeshooter.
  • Be ready to tell people what’s happening. Don’t let your stakeholders learn about an emergency at your facility from the media. Be prepared to communicate. Have some pre-written messages: be first; be right; be credible. Consider options including hardware and web-based emergency notification systems that will simultaneously email, text and phone pre-prepared lists, dedicated social media groups or free apps such as WhatsApp or GroupMe that will send texts (including a link to your website with more info and updates). Now is the time to collect the cell numbers of your stakeholders.
  • Involve your board in the security and preparedness process.

3. Develop a routine

Security, done well, must be done daily and involve everybody.

  • Create a culture of security. Everyone should feel responsible to report suspicious activity. “If you see something, say something” should be part of your culture of security.
  • Be aware of hostile surveillance. If you see something, say something. If it is not an emergency, call the NYPD at (888) NYC-SAFE, outside NYC (866) SAFE-NYS. For more information download Indicators of Terrorist Activity from the NYPD, Guide to Detecting Surveillance of Jewish Institutions from the ADL at adl.org/security and Security Awarenessby Paul DeMatties at Global Security Risk Management,  LLC.
  • Schedule regular walkarounds. Designate an employee to complete a “walkaround” of your building and your perimeter on a daily basis, if not more often. They should be looking for suspicious objects, items blocking evacuation routes and anything else that “Just Doesn’t Look Right.”
  • Make sure you’re getting the right information. Sign up for alerts to learn when the local and/or global security threats conditions change. Sources: JCRC-NY Security Alerts at jcrcny.org/security, https://www.nypdshield.org/public/signup.aspx, emergency alerts from Notify NYC or your local emergency management office and have a weather app on your smartphone to warn you about severe weather.
  • Work with your security provider and your staff to write, “post orders”. Your guards should not merely decorate your entrance. They should know what you expect them to do daily and in emergencies.

4. Don’t forget to train

Major leaguers take batting practice before every game. True, they started batting in the Little Leagues, but drills help people to know, instinctively, what to do. Emergencies that turn to chaos become crises. People know what to do during a fire drill, because they have participated in fire drills since grade school.

Use tabletop exercises involving a wide swath of stakeholders to help you to determine policies and procedures. Once you have determined your plans and procedures, schedule evacuation and lockdown drills. And remember … once is not enough.

5. Explore your security hardware options

Your security hardware should support your security procedures. There are federal and New York State grants available for many organizations (see: www.jcrcny.org/securitygrants for more details). Consider obtaining the funding for:

  • Your main and secondary doors should lock securely and be able to withstand an attack by a determined intruder.
  • Do your windows lock securely? Reduce the risk of break-ins, vandalism and even mitigate the extent of injuries from bomb blasts by properly installing security/blast-mitigation film on your current windows or replacing them with windows with those properties built-in.
  • Access control systems. The electronic possibilities are endless: access cards, biometrics, alarms and more. Get professional advice (see JCRC-NY’s guidance on Security vendors), figure out a hardware plan that is expandable and adaptable.
  • Video monitoring. Deploy CCTV systems in various ways. First, as part of a video intercom system to identify people seeking to enter your facility. Second, to monitor secondary entrances (you can add alarms that warn you that a door was opened, alerting someone to check the monitor), and finally, to help to detect hostile surveillance.
 David Pollock and Paul DeMatteis
security@jcrcny.org | August 30, 2017