But it does rather focus the mind, and, as promised, this blog post is to cover the issues we had, the complacency and errors, and some of the steps we have now taken.
Posting any details of our security may be a potential risk, but apart from considering the impossibly small set of people that read my blog and are involved with criminals in the area, I am also restricting this to stuff that you can deduce yourself if you visited or cased the joint anyway.
The went away and came back with a small van or estate car, drove up to the door and broke in. It seems they brought a drain cover, the role of which is unclear. Somehow (also unknown) they forced the doors. They then quickly grabbed four iMacs, two 30" apple monitors, two iPad minis, two laptops, and took a TV off the wall (one so old we were about to throw away).
They were clearly in a hurry, but spent around 5 minutes on site. Police say they would have assumed a silent alarm. They grabbed kit and took it, breaking connectors in some cases, and dragging stuff off desks as they went. Clearly in a hurry.
What they did not take
What they did not take was a surprise. I will not list everything, for obvious reasons, but there were several high value items in the room they did not consider, and some easily disposable items such as a brand new TV in a box, two brand new monitors in boxes, even a box of expensive whisky. However, if you are going to turn over an office like ours they missed a very obvious and high value set of items - the chairs. Herman Miller chairs run to hundreds each and are routinely sold second hand with no serial numbers. But they did not bring a big van, so probably why they did not touch them. My guess is the chairs were worth the most in terms of easily movable items.
They took iMacs and iPads. As we understand it these will never be usable as they are, being locked to apple IDs. They knew to turn off the iPads, for example, to stop them being traced. The only idea here being that they can break stuff down for spares.
What we can learn from that
A really obvious thing that you just don't think of is that the value of an item to a thief is very different to the owner. We have lots of valuable stuff, valuable to us, but not something they could sell. They did not touch the boring black generic monitors or the generic linux under-desk PCs. Once assumes that (a) they knew there was lots of apple stuff, and (b) they have a means of disposal for it.
What we did wrong
To get to the office they had to breach two mag-locked doors. Now, if you have ever tried, a mag-lock is damn strong. They do not come apart and you will damage the door frame before they do. We are at a loss as to how they breached the outer door as it is pull not push, but the inner door may have been shocked by a heavy object (perhaps the drain cover).
Having just mag-locks seems silly in hindsight, but the fact you have to get passed two of them, and the alarm would sound anyway and we would know and be there in minutes, is why we did not worry too much.
Unfortunately there were issues - the outer door closer was not quite right, and could leave the door ajar (now fixed). The staff that locked up were adamant this was not the case, but it would have been easy to miss. Even so, the mag lock may be force-able with a crowbar on the door or some such, no idea.
The other big issue is that the alarm was not set. For this I blame the total stupidity of alarm systems. If something upsets them for any reason, and you try to set them, they will just not set. This is bad design, in my opinion, and annoys the crap out of me. It seems something (a previous false alarm / error) left the system in "RESET REQUIRED" state and so it did not set that day. There was no obvious way for staff to see that it was not set. This is something we have fixed!
Another annoyance is the installers for the alarm system (a proper alarm company) did not fit any of the door sensors. Every door has a reader and mag-lock and that reader will work with a door sensor. They don't fit as a matter of policy as too many support calls!
Had the sensor been fitted then I would have been alerted with a "DOOR FORCED" alarm as soon as they got through the outer door even though the alarm was not set. I would have been there with a camera and a phone calling 999, within around 2 minutes. We have had false alarms (numpty cleaners) in the past and know we can get there very quickly.
Other issues - the car park has a gate and we are meant to shut it, but it has a combination lock that is fiddly, had an obvious code, was routinely left with the code on display, and nobody bothered to lock. This was not just us, but the other units in Enterprise Court. We suspect that blocking physical access would have stopped or hindered the burglary.
So, lots of separate errors compounded the situation - they got in and took stuff and we did not even know until next morning. They could have driven a truck up to the door and spent an hour cleaning the place from top to bottom if they wanted to!
We have set up internal security cameras that are obvious and include the lobby areas. We have even put a monitor in the lobby to show the camera feed so people see themselves on screen when casing the joint.
We have put smoke cloak "security fog" labels on the doors.
We have wired every single door to have a door sensor, some with more than one. This means that even if the alarm is not set a forced door will alert staff.
We have set up new reporting systems to alert multiple staff of any alarms or issues. We have remote viewing of the security cameras so any staff alerted can see the office, see if a real break in, and call 999. Of course, I can be there in 2 minutes as well, but the cameras almost remove the need for that.
We have added additional sensors as well. We have also gone to a lot of steps to make it very very clear to staff if they have, or have not, set the alarm at the end of the day. Not going in to details, but there are several separate indicators to staff including text messages.
The fact that the deadlock engages is one of the things staff can easily see to confirm the alarm is set.
We have a new lock for the gate - one that uses up/down/left/right movements in a sequence. Once you can set, in the dark, with gloves on, and does not leave the combination on the display. Everyone in Enterprise Court is taking security more seriously now.
Once someone does get in - and that is possible as they could just break windows - we have taken further steps.
Some simple steps anyone can take, given what we now know, is Kensington locks. Everything is locked down - in one case kit is locked to a very heavy drain cover under a desk, but mostly stuff is locked to the desk. This does not stop someone taking stuff - simply having bolt cutters gets passed these, but it adds time and delay. They have very limited time to get stuff.
The other big change is a smoke cloak - this is awesome - it makes it so you can barely see your hand in front of your face, or the floor to walk safely, within around 15 seconds. It takes a good ten to fifteen minutes to start clearing even if opening all of the windows. It is around £2k, but very cool. See the video.
Something we have considered is data loss. The machines taken were very much terminals in that they did not store any data locally - they were used for email and web access to secure systems. That does not rule out cached copies on the machines holding personal data. Obviously all stored passwords were immediately changed, and the machines taken were locked to an apple-ID and wiped if they ever see the light of day. But we have ensured replacement systems (mostly linux) have encrypted file systems, just in case.
Don't wait to be robbed - think of every step: Can you deter them - visible signs of security and cameras; Can to detect them - good alarm systems; Can you prevent them getting access - good locks; Can you mitigate what they do - smoke cloak is awesome.