For years,
Independent security risk consultants – I have consistently declined to disclose the names or details of any properties where I’ve conducted a security risk assessment, despite frequent client requests. In fields that deal with security risks, such anonymity is particularly crucial. Those requesting such information, even under the guise of a proposal, may not always be acting in good faith and could be attempting to gather insights under false pretenses, whether in person, over the phone, or online.
We recently conducted an independent security risk assessment for a business in Pietermaritzburg, where we identified risks that are often overlooked in standard assessments. Our independent approach enabled us to recommend practical measures to protect students, staff, and the school’s facilities while strengthening overall security.
If you would like to learn more about our assessments or have specific topics you would like us to address, please email your suggestions to andre@alwinco.co.za. We will create and publish articles on our website tailored to your interests.
I also do not display my clients’ names on any of my websites or in other media.
Although it might be appealing to share the names of high-profile clients I’ve had the privilege to work with, revealing such information would suggest that these clients have undergone a security risk assessment, implying that certain security risks may have been identified—and possibly remain unresolved. This disclosure alone could expose them to further risk. It could also imply that they encountered security issues initially, which led them to seek my services. As anyone experienced in security risk and management should know, discretion is a fundamental principle.
This commitment to confidentiality is a top priority in my work, and I will not compromise it to secure new clients or contracts—even at the cost of losing one. In fact, in today’s digital age, it would be neither fair nor ethical to use clients’ vulnerabilities for promotional purposes. Leveraging others’ challenges for personal gain is simply wrong.
Inside Information: Criminal Insights
Recently, an informant confirmed a long-standing belief of mine about the critical importance of confidentiality. This informant, an anonymous contact who reaches out from time to time, sometimes references articles, speeches, or posts of mine, demonstrating that he has followed my work for years. Though I have never met him, I know he is an experienced, shrewd criminal who has managed organized crime groups for a long time.
He revealed that these criminal networks have become sophisticated businesses, generating significant profits through a variety of illegal trades.
The notion that criminals are uneducated is misleading; the complex planning and strategy required to carry out modern attacks demand intelligence, organizational skills, and resources. Some criminals even browse websites of security companies, risk management advisors, and other service providers to find exploitable information. Their reach extends beyond security services; they also study sites of companies in unrelated fields like cleaning, HVAC, IT, and construction to gather information that could give them an advantage.
Case studies: Using Security Advertising as a Targeting Tool
Some security companies, for instance, openly display their clients’ names on their websites to attract new business. While this practice may appeal to prospective clients, it also attracts organized criminal groups that actively search for this information. These criminals can identify these companies’ clients and see them as prime targets. I’ve even seen a company post a picture on social media showing a security officer at a client’s site with the entryway and company logo in full view—essentially providing a roadmap for potential attacks.
In such criminal groups, newcomers or those seeking higher ranks may be assigned to target clients of security companies as a challenge. As one informant shared, this kind of marketing can be like a magnet for criminals. Ironically, criminals who exploit these client lists may achieve greater recognition in their circles than security companies do with their own advertisements.
Information Gathering: A Carefully Planned Process
Criminals systematically gather details from the websites of companies like X, Y, and Z, noting key personnel and services offered. They may then pose as potential clients, setting up meetings to extract further information. With this data, they often produce counterfeit company uniforms and business cards, which they use to approach clients and gain additional trust. The criminals may even build rapport with the client’s staff, subtly gathering information about protocols, access points, and other security details. Through a gradual, strategic approach, they form a comprehensive plan to exploit the targeted company’s vulnerabilities. Many clients report that, after an incident, it appeared as though the perpetrators had inside knowledge—a direct result of this systematic approach.
Conclusion
Though companies like X, Y, and Z believe that advertising their client base will bring in new business, they unwittingly attract criminal attention. Rather than mitigating security risks, they create opportunities for sophisticated criminals. Those in risk management or with investigative experience would understand that disclosing client information increases exposure to risk rather than reducing it.
By André Mundell, Alwinco, # mitigating security risks # Independent security risk consultants
Newsletter subscription
Should you wish to learn more about our services offered or want more information on security risk assessments, please send us an email or kindly visit our website security meetings and subscribe to our Newsletter.
For more information, contact Alwinco at +27 (0)62 341 3419, andre@alwinco.co.za, or visit www.alwinco.co.za
We do security risk assessments for customers in Arcadia, Bloemfontein, Bluff, Pretoria, Observatory, and Gauteng, like Braamfontein, JHB CBD, Kempton Park, etc. These assessments apply to homes, businesses, industrial estates, farms, and other types of property.
Read more: