sgsECURE

@Workplaces
Guide for Hotels

R E C E P T I O N

A Collective Partnership
Introduction
Today, terrorism poses a real and rising threat to our way of life. A single attack at
a hotel, tourist attraction or busy public location has the potential to cause great
devastation, not just to individual lives and businesses, but also to our long-term
stability and prosperity.

We must act today to minimise the impact of terror or cyber attacks by

ensuring that businesses can prevent, respond and recover from such attacks if
they happen.

We launched the SGSecure Guide for Workplaces in 2017 to equip organisations

ZLWK JHQHUDO SUHSDUDWRU\ PHDVXUHV WR NLFNVWDUW WKHLU H΍RUWV DJDLQVW WHUURULVP
7RSURYLGHPRUHLQGXVWU\VSHFLȴFJXLGHOLQHVDQGGHHSHQSUHSDUHGQHVVZHKDYH
developed the SGSecure Guide for Hotels. The guide is the result of research and
consultations with partner agencies, domain experts and industry players such as
\RXUVHOI:LWKLQLW\RXZLOOȴQGDQVZHUVWRTXHVWLRQVVXFKDV

• How big a risk does your hotel face from terror attacks?
• What actions can you take today to protect property, data and lives?
• What should be the course of action to take when a crisis strikes?
• How can you create a business continuity plan to respond to and recover
from an attack?

We have also included training tools and resources to help you equip your
colleagues and stakeholders. You may wish to refer to the online version of this
guide at www.mom.gov.sg/sgsecure for latest updates that may have taken
place after this publication went to print.

We look forward to your continued commitment to prepare your workforce,

protect your workplace and partner your community against terror and
cyber threats.
Contents
1 SGSecure & You: Terror and Cyber Threats to the Hotel Industry 2
1.1 Terrorism, Cybercrime and the Hotel Industry 4
1.2 The Threat of Terror and Cyber Attacks 6
1.3 Key Roles & Responsibilities 8

2 Prevention: Before Crises Strike 10

2.1 Simple Steps That All Hotels Can Take 12
2.2 Preparing Your Workforce 14
2.3 Protecting Your Workplace 22
2.4 Partnering Your Community 34

3 Responding to Threats: Measures and Immediate Actions 40

to Handle Crises
3.1 Innovative Practices from Local Hotels 42
3.2 Responding in the Event of a Terror or Cyber Attack 48

4 Recovery: Planning for the Aftermath of Crises 52

 5HFRYHU\(΍RUWVRI+RWHOV 54

5 Resources & Recommendations 56

5.1 Tips for Identifying Terror Threats 58
5.2 Online Resources 66
5.3 Useful Contacts 70
2
 3

1 SGSecure
& You
Terror and Cyber Threats
to the Hotel Industry
4

1.1 Terrorism, Cybercrime

and the Hotel Industry
Today, there are over 400 hotels in Singapore. They range from hostels and
economy hotels to upscale boutique establishments, luxury resorts and
international chains. The threat and impact that terror and cyber attacks pose to
WKHPPD\GL΍HUEDVHGRQIDFWRUVOLNHWKHLUVL]HVORFDWLRQVDQGFOLHQWHOH

Regardless of ideology or method, all terror attacks share the same goal of drawing
attention to their cause. Many terrorist groups now have an online presence,
connecting supporters and coordinating large-scale attacks on hotels, malls, and
other similar locations.

Cyber attacks have also been on the rise, and are concerning as they can disrupt
business operations. In 2018 alone, such incidents – which primarily took the
form of email scams and data breaches – cost businesses in Singapore millions
of dollars.

What makes hotels attractive targets?

6RPHKRWHOVKDYHDODUJHFRQVWDQWȵRZRISHRSOH
Attacks involving international tourists may draw global media attention
Attacking hotels can impact the local economy by reducing tourism
ΖWLVUHODWLYHO\HDV\WRFRQGXFWUHFRQQDLVVDQFHȴQGȵRRUSODQVDQGphotographs
of many hotels
+RWHOVKROGDKRVWRIYDOXDEOHSHUVRQDODQGȴQDQFLDOGDWDRIWKHLUJXHVWV
such as payment card details and passport information
 5

Terrorism and cybercrime risks faced by

Larger or luxury hotels
Terrorists may target prominent individuals or events
Attacking an internationally recognised chain may gain more media attention

Smaller or economy hotels

Terrorists may use them as a base to avoid surveillance and plan attacks
They may be viewed as having less stringent security compared to larger
hotels or embassies, and be targeted as a result

Hotels of all sizes may be targets

$WWKH6UL/DQND(DVWHUERPELQJVERPEVZHQWR΍DWWKHEUHDNIDVWEX΍HWVRI
OX[XU\KRWHOV2QHDWWDFNHUIDLOHGWRVHWR΍KLVYHVWDWDQRWKHUOX[XU\KRWHODQGODWHU
detonated it at a neighbouring guest house instead.

Hotels can be attractive targets for cyber criminals as well, given the large volume of
ȴQDQFLDOWUDQVDFWLRQVDQGJXHVWGDWDFROOHFWHGΖQDQLQWHUQDWLRQDOKRWHOJURXS
revealed that hackers had gained unauthorised access to millions of guest records
worldwide in a breach of its reservations database. Cyber attacks can also severely
impact hotel operations. In 2017, a ransomware attack disabled the electronic lock
system in a family-run Austrian hotel and prevented the issuance of new key cards.

As such, all hotels face an on-going challenge to enhance security without

FRPSURPLVLQJ KRVSLWDOLW\ 7KURXJK WKLV JXLGH ZH KRSH \RX ZLOO ȴQG UHOHYDQW WLSV
to strike that balance, and work towards staying united and resilient in the face of
attacks, or in their aftermath.

Using this guide

Review all the proposed guidelines, and implement or adapt them according
to your needs
Use the training tools and digital resources to update your employees’
knowledge and upgrade their skills
6

1.2 The Threat of Terror

and Cyber Attacks
Terror Attacks
The impact of terrorism has been felt around the world, and no country, including
our own, has been spared. Globally, terror attacks have increased by more than 16
WLPHVLQWKHODVW\HDUV:LWKΖQGRQHVLDVX΍HULQJLWVGHDGOLHVWΖ6Ζ6OLQNHGDWWDFNV
in May 2018, and the possibility of groups such as Jemaah Islamiyah and Al-Qaeda
regrouping in the region, the threat Singapore faces remains high.

Possible consequences of a terror attack include:

Loss of lives amongst Dramatic drop in

your employees and tourism and hotel
guests occupancy

Disruptions to your Damage to your

supply chains hotel’s image and
reputation

Falling revenue as guests avoid hotels that are not

properly secured

Terror Attacks on Regional Hotels

Over the past decades, terrorists in the region have targeted a number of hotels.
Attacks on popular tourist sites such as the Bali bombings in 2005 and Bangkok
ERPELQJVLQFRXOGUHGXFHWRXULVPDQGD΍HFWWKHKRWHOEXVLQHVV

2003 2008 2009 2011

Car bomb outside Two budget Two luxury chain Nail bomb found
a luxury hotel kills hotels bombed, hotels bombed, near a budget hotel;
12 and injures 150. wounding 3. (Iligan killing 7. (Jakarta, Abu Sayyaf Group
(Jakarta, Indonesia) City, Philippines) Indonesia) suspected. (Isabela
City, Philippines)
 7

Cyber Attacks
Regardless of whether hotels use their own in-house systems, or depend on third-
party software and cloud-based systems to conduct daily operations, they can still
EHVXVFHSWLEOHWRF\EHUWKUHDWV:KLOHWKHUHDUHPDQ\EHQHȴWVWRGLJLWDODGRSWLRQLW
also presents security challenges.

In the past 5 years alone, several well-known international hotel chains have been
targeted by attackers and hit through vulnerabilities in their Point of Sale (POS)
V\VWHPV %H\RQG ORVLQJ WKH WUXVW RI JXHVWV DQG KDYLQJ WKHLU UHSXWDWLRQV D΍HFWHG
WKH\DOVRIDFHGPLOOLRQVRIGROODUVLQȴQHV

3RVVLEOHH΍HFWVRIDF\EHUDWWDFNLQFOXGH

Disruption to business operations like processing payments

Compromised booking systems, check-in systems, and

POS systems

7KHIWRIGDWDPRQH\RUFRQȴGHQWLDOLQIRUPDWLRQ

Financial losses from event cancellation, liabilities and

compensation to guests
KPI

2011 2018 2019

Guest house bombed International hotel group Several sites,
during a wedding, lost 5.2 million guests’ including 3 luxury
killing 3 and wounding records due to breach of hotels, bombed,
27. (Zamboanga City, its reservations’ database. killing over 250.
Philippines) (worldwide) (Colombo, Sri Lanka)
8

1.3 Key Roles &

Responsibilities
0RVWKRWHOVKDYHVLPLODUUROHVWKDWQHHGWREHȴOOHG:KLOHDODUJHUKRWHOPD\
dedicate an entire department to one area, smaller hotels typically have a
VLQJOHLQGLYLGXDOȴOOLQJPXOWLSOHUROHV

But regardless of the scope of their responsibilities, every individual plays an

important part in working together with other departments to create a safe,
secure environment for other employees and guests.

In the following section, recommended preventive measures have been

grouped according to the following roles, to enable hotels to identify
applicable learning points.
 9

Senior Management Security Personnel

Responsible for making business May consist of hotel employees,
decisions for the hotel. external contractors, or a mix of both.
They oversee overall safety policy and
ȏ &KLHI([HFXWLYH2ɝFHU site security.
• General Manager
• Hotel Owner • Security Director/Manager
• Security Team
• Company Emergency Response Team
(CERT)

Non-Security Operations Hotel Administration

Most likely to interact directly with Generally supervisors and administrators
JXHVWV 7KH\ PD\ ȴOO UROHV UDQJLQJ who may be responsible for hiring
from receiving guests to cleaning, employees or watching over their
and maintenance. training and duties.

• Reception and Front Desk • Human Resource Department

• F&B Department • IT Department
• Housekeeping Department • Finance Department
• Engineering Team • Marketing & Sales Department
• Revenue Management

The list is not exhaustive and may vary across hotels.

10
 11

2 Prevention
Before Crises Strike
$WHUURUDWWDFNFDQSURGXFHZLGHVSUHDGH΍HFWV1RWRQO\ZLOOLW
result in loss of lives, it can also disrupt hotel businesses, leading
to job losses and a negative impact on the economy.

To cushion such impacts, it is important that hotels put in place

comprehensive preventive measures to stop attacks from taking
place, and lessen the damage caused should one occur.

There are a wide range of actions that hotels of various types

DQGVL]HVFDQHPSOR\WRWKLVHQG7KLVVHFWLRQZLOOIRFXVRQWKH
IROORZLQJWKUHHGL΍HUHQWDUHDV

1. Preparing Your Workforce

2. Protecting Your Workplace
3. Partnering Your Community
12

2.1 Simple Steps That

All Hotels Can Take
As part of the SGSecure@Workplaces programme, hotels can appoint and register
SGSecure reps, utilise digital resources on the MOM website, and download the
SGSecure Mobile App to stay updated on terrorism-related news, advisories and
LQLWLDWLYHV(YHU\KRWHOUHJDUGOHVVRIVL]HLVHQFRXUDJHGWRWDNHWKHVHVWHSV

Appoint and register an SGSecure rep

The SGSecure rep should champion SGSecure in peacetime, and be the point of
contact between your hotel and authorities during crises. You may register an
6*6HFXUHUHSEHORZDQGȴQGRXWPRUHDERXWWKHLUUROHVDQGUHVSRQVLELOLWLHV

Scan QR code
to register your
SGSecure rep

Encourage employees to access and utilise

MOM SGSecure@Workplaces educational resources
Access M20EXOOHWLQVYLGHRVEULHȴQJVOLGHVOHVVRQSODQVEURFKXUHVSRVWHUV
templates, case studies and guides from the MOM SGSecure@Workplaces website.
Share these self-help tools with employees and colleagues to prepare the workforce,
protect the workplace and partner the community.

Scan QR code to access

SGSecure@Workplaces
digital resources

Encourage employees to download the SGSecure Mobile App

The app will allow you to receive important alerts in the event of a major emergency,
make 999 calls or alert the Police via SMS.
13
14

2.2 Preparing
Your Workforce
A prepared workforce consists of vigilant, alert and capable employees who can
act on signs of terrorism as soon as they appear. By establishing good practices
in hiring, training, and day-to-day operations, hotels can equip employees with the
tools and knowledge they need to identify and address possible threats.

Policies and Procedures

Match Your Manpower Needs

Watch out for the symbols below to see how you can adapt a policy
WRVXLW\RXUKRWHO

Solutions that require few people to implement

6ROXWLRQVWKDWKRWHOVZLWKPRUHVL]HDEOHWHDPV
may consider

Senior Management

Appointing Key Personnel

Appoint dedicated individual(s) to coordinate and oversee the
planning and implementation of security-related activities
Appointed individual(s) should receive the necessary training
to deal with security incidents before arrival of the Police
During a security incident, all employees should know that they
must take instructions from the appointed individual(s) before
the Police arrive

Hotels with less manpower, or that lack a dedicated

security unit, may appoint an individual such as
their SGSecure rep, Senior HR Manager or General
Manager to take on such duties

Larger hotels with bigger teams may dedicate an

Interdepartmental Stakeholder Group to this area
 15

General Procedures
The hotel owner should be responsible for the Emergency
Response Plan (ERP)
The ERP should be updated and reviewed regularly,
and employees should be familiarised with its contents
Regular testing, table top and emergency exercise should
 EHFRQGXFWHGWRYDOLGDWHLWVH΍HFWLYHQHVV

Security Personnel

Manpower Deployment
 )RUJHQHUDOSUHSDUHGQHVVHQVXUHWKDWDVXɝFLHQWQXPEHURI
personnel are always on duty or on call
Ensure that personnel are familiar with the hotel’s security
and emergency plans
  )RUPXODWHDVHDUFKSODQWRJXLGHVHDUFKH΍RUWVGXULQJDFULVLV
Appoint someone who is familiar with the hotel layout to be
in charge of the search team
Organise a Company Emergency Response Team (CERT)
  ZKLFKZLOOEHWKHȴUVWOLQHRIUHVSRQVHLQWKHHYHQWRIDFULVLV

3HU 6&') JXLGHOLQHV WKH PLQLPXP FRQȴJXUDWLRQ

IRU DQ H΍HFWLYH &(57 LV D 6LWH 0DLQ &RQWUROOHU
a Site Incident Controller, and four Emergency
Response Team Members (these individuals should
undergo mandatory CERT training and at least
IRXUPHPEHUVPXVWEHȴUVWDLGWUDLQHG

General Procedures
Establish standard operating procedures for various types of
terror and cyber attacks
Consider involving local authorities or external auditors when
conducting a drill or tabletop exercise so that gaps can be
addressed to strengthen your hotel’s security practices

You can start by focusing on the more common

forms of attacks, especially those that small and
economy hotels are more vulnerable to

Consider having a more comprehensive set of

procedures and tailoring them to your hotel’s guest
SURȴOHVORFDWLRQDQGRWKHUIDFWRUV
16

Planning process:
Consult third-party professionals when evaluating the hotel
security plans
Stay updated on the national terrorism threat assesment
UHOHDVHGE\WKH0LQLVWU\RI+RPH$΍DLUVDQGWDLORUVHFXULW\
plans accordingly

Provide security personnel with the following:

Easy access to guides or resources about your hotel’s
procedures to handle terror or cyber attacks
Regular practices and drills on what to do in an emergency
Knowledge on how to handle suspicious individuals

Handling Third-Party Contractors

Brief them on the hotel security and emergency plans
Ensure they are familiar with and have access to the emergency
or key contacts
Provide them with access to the reporting channel for
suspicious activities
Have a system in place for screening your contractors’ access
rights to the hotel premises where appropriate

Non-Security Operations

General Procedures
Brief employees on procedures to handle lost employee passes
and room keys
Learn to spot common tell-tale signs of terrorist activity
(see page 58)
Stay alert to suspicious items or behaviour when cleaning rooms
or working onsite
 17

Hotel Administration

Appointing Key Personnel

 (VWDEOLVK DQ RQJURXQG VHFXULW\ WHDP VWD΍HG E\ H[SHULHQFHG
and meticulous individuals
The security team can consist of in-house security, contract
security, or a combination of both.
Employers may consider the following factors to identify
and hire suitable individuals:
Compatibility with your hotel’s corporate culture
Familiarity with operations
Duration of hire (for contract employees)
Pre-existing knowledge, skills or specialised training

Tip

There are SkillsFuture and WSQ training courses available

to upgrade the skills of your employees (see page 68)

Appoint a well-trained employee or a team to oversee

information and cyber security

If you are managing your own hotel’s cyber security,

you can tap on subsidised SkillsFuture courses
to upgrade your IT and cybersecurity skills and
knowledge

For larger organisations, experienced IT managers

should be hired to maintain and operate IT
infrastructure, as well as implement security
policies

General Procedures
Hiring new employees:
Check and verify the details they provide on their CV
or resume
Incorporate physical security and cybersecurity training
into employee orientation or on-boarding programmes
18

Training current employees:

Conduct regular checks on security personnel and
HPSOR\HHVZLWKDFFHVVWRFRQȴGHQWLDOLQIRUPDWLRQ
Develop structured training programmes to address
VSHFLȴF VLWXDWLRQV WKDW GL΍HUHQW VHJPHQWV RI HPSOR\HHV
may encounter
Instil security awareness in employees through regular
refresher courses, and enforce attendance by maintaining
records
Use subsidy and support schemes to cover training course
fees and absentee payroll for Singaporean employees

ΖI \RXU KRWHO TXDOLȴHV DV DQ 60( \RX PD\ DOVR
be eligible for enhanced training subsidies for
SkillsFuture Singapore courses (see page 68)

Safeguarding Your Business

Establish Crisis Communication Channels for hotel personnel,
hotel guests, and third parties to report suspicious events
For employees:
• Use mobile messaging applications to create group-based
communication and reporting channels
• Create a call and contact directory of stakeholders (e.g. key
employees, hotel partners, etc.) to notify in an emergency
For hotel guests:
• Consider creating an emergency hotline for guests
to contact in the event of a crisis
Provide key personnel with two-way communication devices
and training to facilitate crisis communication

Day-to-Day Operations
7KH H΍HFWLYHQHVV RI \RXU KRWHO VHFXULW\ UHVWV RQ WKH DELOLWLHV DZDUHQHVV DQG
knowledge of the people enforcing it. Constantly reminding employees of correct
procedures and staying alert to suspicious behaviour can go a long way in guarding
against terror or cyber attacks.

Security Personnel

Handling Third-Party Contractors

Familiarise employees with authorised third parties
Verify the identity of unfamiliar or suspicious individuals
Have a location to detain and question suspicious individuals
 19

Non-Security Operations

General Procedures
Put up relevant posters at areas where employees commonly
gather (e.g. employee cafeteria of rest areas)
Test employees regularly on possible signs of terrorism (see
page 58)
Conduct drills with Security Personnel on how to act in a crisis

Hotel Administration

General Procedures
Remind all employees, regardless of role, to immediately contact
emergency or key security personnel on spotting suspicious
items, activities or behaviour of guests, or weaknesses or lapses
in site security
Remind all employees to watch for signs of possible
radicalisation in colleagues and employees (see page 59)

Cyber Security Practices

If there are no dedicated cybersecurity employees, hotels
 VKRXOG SDUWQHU RU VXEVFULEH WR D FHUWLȴHG PDQDJHG VHFXULW\
service provider to monitor and respond to cyber incidents and
secure computers and networks
Ensure employees with access to sensitive information
practise good cyber hygiene and data protection habits,
 VXFKDV
Shredding unwanted documents with FRQȴGHQWLDOGDWD
Strengthening password security and monitoring of IT assets
Installing software to detect and prevent unauthorised access
Being able to recognise and report phishing or scam emails
Making use of multi-factor authentication for login systems
 20

Illustrated Summary:
Preparing Your Workforce

Non-Security Operations
• Regular checks on employees’
knowledge of crisis management
and emergency procedures can be
conducted with reference to ERP*
• Put up relevant posters at
employees’ common areas
• Learn to spot common tell-tale
signs of terrorist activity
• Stay alert to suspicious items or
behaviour when cleaning rooms

Security Personnel
• Ensure there are enough people on
duty or on call
• Have a location to securely detain and
question suspicious individuals
• Brief all third-parties on hotel evacuation
and crisis management plans

*
Emergency Response Plan
 21

Senior Management
• Assign a person or team to plan
and organise security operations
• Regularly review and update ERP*

Hotel Administration
• Consider incorporating security training into the employee
orientation programme
• Ensure employee with access to sensitive data practise
good cyber hygiene and data protection habits
• Provide key employees with two-way communication devices
22

2.3 Protecting
Your Workplace
A terror attack at a poorly protected workplace could result in injuries and loss of
lives of employees. A cyber attack could result in sabotaged IT systems, disrupted
supply networks and business operations. Hotels can also incur costs from
UHEXLOGLQJLQVXUDQFHSD\RXWVORZHUHGSURȴWVWKHORVVRILQYHVWRUFRQȴGHQFH
and dropping employee morale.

These impacts may be prevented or minimised by enhancing workplace security

LQWKHIROORZLQJZD\V

Deter
Implement measures that make potential attackers see your
KRWHODVWRRGLɝFXOWULVN\RUGDQJHURXVWRVWULNH

Delay
Put physical and system barriers to slow the progress
of an attack on your hotel, allowing security and IT teams
to respond and mitigate harm.

Detect
Find and address signs of terrorism or cyber crime as early
as possible, lowering the harm or threat they pose.

Deny
Safeguard employees and guests by ensuring that only
authorised persons can access important information
or areas.
 23

Challenges Hotels May Face

• Balancing guests’ convenience and comfort against added security procedures
• Costs of installing physical deterrents or implementing new technology
ȏ 5HWDLQLQJWKHFKDUDFWHURIROGEXLOGLQJVZKLOHUHWURȴWWLQJWKHPWREHPRUHVHFXUH
• Finding appropriate individuals to implement and monitor security upgrades

You may use the following guidelines to identify actions that suit your hotel’s security
needs and risk levels.

Policies and Procedures

Though short-term costs may be incurred, planning your hotel’s crisis response
is critical to safeguarding the business’ long-term interests. Reviewing your plans
regularly also ensures that any new gaps in security can be patched before they are
exploited. By improving your hotel’s ability to spot unusual activity, you can better
deny terrorists and cyber criminals access to your premises, systems and data.

Senior Management

Manpower Deployment
Enrol employees in the Corporate First Responder (CFR)
Scheme, which gives them a Cordon Pass to enter restricted
 VLWHV DQG DVVLVW ZLWK UHFRYHU\ H΍RUWV LI DQ DWWDFN RFFXUV
(see page 70)
Standby a pool of professional counsellors who can be
 FRQWDFWHG WR SURYLGH SV\FKRORJLFDO ȴUVW DLG IRU JXHVWV
and employees
Safeguarding Your Business
Formulate business continuity plans on how your hotel would
recover from a terror or cyber attack
After any incidents, review the activity log to identify loopholes
and areas for improvement, and then revise your existing
plans accordingly
Register for the Workplace Safety and Health Council’s
bizSAFE programme to improve your hotel’s safety, health
and security capabilities

Scan QR code to sign

up for a complimentary
EL]6$)(/HYHOZRUNVKRS
24

Security Personnel

Safeguarding Your Business

Prepare copies of up-to-date contingency plans, ground
 OD\RXW ȵRRU SODQV DQG ORFDWLRQV RI H[LW SRLQWV (+$ &&79
 $(' ȴUH KRVHV DQG PHDQV RI FRPPXQLFDWLRQ HJ ZDONLH
talkies), and provide these to senior management or
authorities in the event of a crisis
Keep these documents and information securely, yet readily
accessible to authorised personnel only

General Procedures
Create and maintain an incident activity log, with an employee
assigned to update it as events occur
 'HYHORS D SURFHGXUH WR FRQWURO KRZ R΍VLWH SHUVRQQHO PD\
gain access to restricted areas, both during regular operations
and during a crisis

Non-Security Operations

General Procedures
When handling lost room keys, verify the identity of any
individuals requesting new or extra keys
During peacetime, create open channels of communication
with hotel administration and senior management to ensure
everyone is updated promptly
During a crisis, help to ensure all guests are accounted
for and kept aware of any developments that may occur
 25

Hotel Administration

Safeguarding Your Business

Create templates for public communications during a crisis
to prevent miscommunication
Work with Senior Management to develop plans to stabilise
the situation in the immediate aftermath of crises
Develop post-crisis marketing and publicity plans to aid
in business and revenue recovery

General Procedures
When employees have resigned or are terminated,
review their access rights (e.g. employee passes, biometric
information, keys and passcodes) to prevent them from
obtaining sensitive information or entering secure areas
Create procedures to handle loss of any form of security pass
(including both physical keys and digital passwords)

Incident Activity Log

26

Day-to-Day Operations
Ultimately, the people who work in your hotel are the ones who will ensure
it is safe and secure. It is important that every employee – from non-security
operations to senior management – keeps a look out for suspicious activities or
individuals on a daily basis. This is critical in detecting terrorist activity or signs of
cyber terrorism before it escalates to a crisis.

Security Personnel

Manpower Deployment
6WDWLRQ HPSOR\HHV RU VHFXULW\ RɝFHUV DW UHVWULFWHG DFFHVV
areas and ensure they are able to identify persons and vehicles
permitted to enter
If manpower constraints do not allow you to
VWDWLRQ VHFXULW\ RɝFHUV \RX FRXOG HQFRXUDJH DOO
employees to look out for unfamiliar persons or
utilise technology substitutes, such as CCTVs, to
monitor for intrusions and cover more ground
General Procedures
Look out for vehicles parked for a prolonged period of time,
and question vehicle owners about their presence
Enforce strict access control measures by only allowing those
with employee badges and passes or authorisation letters
(for third parties) to enter restricted or employee-only areas
Conduct regular, but unannounced patrols and inspections at
vulnerable areas, or engage a vulnerability or penetration
testing service
 27

Non-Security Operations

General Procedures
Stay alert to possible signs of terrorist activities when
performing tasks like accepting deliveries, cleaning and
interacting closely with guests (see page 58)
Maintain records on holders of all keys, and restrict access
to master keys
 &KHFN DQG FRQȴUP WKH LGHQWLW\ RI WKLUGSDUWLHV DQG JXHVWV
by ensuring the legitimacy of documents they provide,
particularly if they are requesting room keys or information
Log down and promptly report any suspicious incidents to
security personnel
Some types of people an attacker or criminal may
impersonate:

Auditors or Third-party Maintenance Delivery

government contractors or employees drivers
officials event organisers

Hotel Administration

General Procedures
Adopt the measures from Cyber Security Agency of
Singapore (CSA)’s Be Safe Online Handbook (see page 66)
Know what your cyber assets are
Allow only authorised software to work
Patch and update software in a timely manner
Be selective when granting admin account privileges
Detect breaches promptly
Control access via multi-factor authentication
Encrypt your critical information assets
28

Physical Infrastructure and Security Systems

Upgrading physical and security systems may have high upfront costs. However,
these play a big part in deterring would-be attackers, delaying their attacks or
GHQ\LQJWKHLUH΍RUWVWRKDUP\RXUKRWHORUJXHVWV

Senior Management

Work with Security and IT Personnel (for cyber security) to

evaluate whether the current security expenses matches
your hotel’s needs and priorities

Security Personnel

Emergency Evacuations
Establish lockdown procedures in preparation for an
emergency lockdown
Display emergency exit maps and important contacts in all
guest rooms
Ensure that evacuation plans can accommodate guests or
employees with special needs
Ensure all public, communal, and external spaces are clean and
well lit, and keep the evacuation pathway clear of obstructions
Emergency Sites and Assembly Areas (AAs)
For non-terror incidents
Identify at least two alternative AAs
Display clear directions to these areas
During terror incidents
As AAs are vulnerable to secondary attacks, building occupants
should not assemble or be ushered to them
You may account for employee safety virtually via online
platforms or mobile messaging applications
The SGSecure Contingency Planning Checklist for Building
Owners contains additional resources such as guidelines to
prepare the lockdown decision matrix for your hotel’s
contingency plan, and help for building owners to plan for
contingencies such as terror attacks

Scan the QR code

to download
the checklist
 29

Emergency Storage/Shelters
Allocate a readily accessible area for storage of emergency
equipment and supplies
Regularly inspect and replace faulty items, and ensure that the
area is well-protected
Designate shelter-in-place locations to protect guests and
employees from external attacks

Exterior Areas
Review security measures based on Guidelines for Enhancing
Building Security in Singapore (GEBSS) (see page 66)
Evaluate the ease of intrusion at the hotel perimeters and
install perimeter barriers if needed
Install barriers to keep vehicles a safe distance away from the
hotel entrance and gathering areas
Employ a speed control system to control approaching vehicles
at the hotel entrance and other vulnerable areas of the proper
 'HȴQH WKH KRWHO SHULPHWHU DQG LGHQWLI\ DOO SRVVLEOH H[LWV
and entrances
Display signage to identify access points for guests, vehicles,
and pedestrians
 (QVXUHWKDWXQXVHGDFFHVVSRLQWVDUHVHDOHGR΍RUORFNHGDQG
monitored for intrusion
30

Interior Areas
Install panic buttons at vulnerable areas in the hotel
 (PSOR\DQWLVKDWWHUȴOPJOD]LQJSURWHFWLRQRUODPLQDWHGJODVV
 WRPLQLPLVHLQMXULHVFDXVHGE\ȵ\LQJJODVVSLHFHV
Install a Public Address (PA) system to aid in the mass
dissemination of information and announcements during
an emergency
Adopt layered security by designing layered access points
to critical areas
Install access control devices at restricted areas, and maintain
records of all access
Use video surveillance where appropriate, and review footage
of suspicious activities
Systems to Install
InstDOO LQWUXVLRQ GHWHFWRUV PRWLRQ GHWHFWRUV ȴUH DQG VPRNH
alarms where appropriate
Have a procedure in place for reacting to triggered alarms
or detectors and exercise it regularly

Non-Security Operations

Interior Areas
Conduct regular checks on all locks and access control devices
to ensure they are functioning as expected
If non-electronic keys are used, the serial number should be
recorded in a log when guests check in or out of the hotel
In the event of missing keys, replace your locks promptly

10
31
 32

Illustrated Summary:
Protecting Your Workplace
Security Personnel
• Ensure all employees are
familiar with ERPs* and
evacuation plans, and instruct
them to avoid Assembly Areas
during terror incidents Staff
• Establish lockdown procedures Only
and secure emergency storage
or shelters
• Create guidelines to act on
the presence of suspicious
vehicles, people or items
• Review security measures based
on Guidelines for Enhancing
Building Security in Singapore
(GEBSS) (see page 66)

Non-Security Operations
• Apply procedures to verify guests’
identities if keys are lost
• Stay alert to possible signs of terror
related activity
• During a crisis, help to ensure all guests
are accounted for and kept aware of
any developments that may occur

*
Emergency Response Plan
 33

Senior Management
• Create business continuity and
communications plans for terror
and cyber attacks
• Regularly evaluate and upgrade security
measures in exterior and interior areas
• Enrol employees in Corporate First
Responder (CFR) Scheme

Hotel Administration
• Adopt the measures in
CSA’s Be Safe Online
Handbook
• Monitor employee access
rights and promptly remove
those of resigned or
terminated employees
• Work with Senior Management
to develop plans to stabilise
the situation in the immediate
aftermath of crises
• Develop post-crisis marketing
and publicity plans to aid in
business and revenue recovery
34

2.4 Partnering
Your Community
Terror attacks aim to destroy the trust that binds us together, driving colleagues,
stakeholders, organisations and communities apart, reducing our ability to
function as a society. Every hotel relies on a community to support on-going
operations, so it is essential to form and maintain strong bonds by strengthening
internal and external communication channels. By improving the coordination
DQGȵRZRILQIRUPDWLRQSHRSOHPD\UHVSRQGPRUHTXLFNO\DQGGHFLVLYHO\GXULQJ
a crisis, minimising unrest and disorder.

Engaging External Stakeholders

Suppliers

Non-Security Operations

Identify alternative suppliers for food and beverages and

amenities and ensure that you have channels of communication
with them

Guests & General Public

Senior Management

Develop written mutual-aid agreements with neighbouring

 KRWHOVWRSURYLGHD΍HFWHGJXHVWVZLWKDFFRPPRGDWLRQDIWHU
a crisis
Develop an information-sharing community to alert one
another on incidents or detected threats so everyone can
watch out for similar attacks
 35

Hotel Administration

General Communications
Alert employees and stakeholders on where to go for accurate
and up-to-date information during and after crises
Work with non-security operations to create, maintain and
regularly update a contacts list of contractors, suppliers and
business partners who can support business operations during
a crisis
Emergency Communications
Create and maintain an authoritative source of hotel
information and provide constant updates on the crisis
 VLWXDWLRQ WKURXJK \RXU KRWHOȇV RɝFLDO VRFLDO PHGLD FKDQQHOV
and website
 $SSRLQWDVSRNHVSHUVRQWRPDQDJHPHGLDUHODWLRQVH΍HFWLYHO\
and consider supporting them by registering them for crisis
communications courses
Engage the telecommunication providers in Singapore to
develop restoration procedures in the event of a disruption to
communication services

Third-Party Security Experts

Security Personnel

Establish and maintain your own channels of communications

to share information with both the authorities and fellow
security leaders
Join the Safety and Security Watch Group (SSWG) within
 \RXUQHLJKERXUKRRGVRWKDW\RXFDQ
Network with neighbouring buildings and the police to
assess local threats
Pool knowledge and resources, and learn about safety and
security best practices
Share tips with other hotels on how to strengthen building
infrastructure against potential terror attacks
36

Engaging Your Employees

Senior Management

 :RUN ZLWK 6HFXULW\ 3HUVRQQHO WR WHVW UHȴQH DQG LPSURYH

security plans
Organise engagement activities to promote a vibrant and
united company culture (e.g. small-group seminars or
workshops on hospitality trends, virtual group-bonding
activities)
Implement grievance handling procedures to allow aggrieved
workers to seek help

Security Personnel

Emergency Communications
Set up a Crisis Command Centre to control, monitor and
coordinate your hotel’s response to a crisis
Set up a Crisis Response Team (CRT) ZLWKSHRSOHIURPGL΍HUHQW
departments
6KRXOG\RXGHVLJQDWHWKH&(57DVWKH&57SURYLGHEULHȴQJ
and training on their expanded roles
You may use the template on the SGSecure@Workplaces
website to do so

Scan QR code to
visit the SGSecure@
Workplaces website

Non-Security Operations

Befriend and support one another, and proactively join and

organise ground-up initiatives like meals after work to build
team spirit and cohesion
Consider having a department-based platform to directly
communicate with, or raise security concerns to higher
management
 37

Hotel Administration

General Communications
Where permissible, organise face to face or virtual team-
building activities to encourage and motivate employees
(e.g. themed online meetings where employees can participate
actively)

If large-scale activities like Dinner and Dance events

or employee retreats disrupt your daily operations,
consider implementing regular, small-scale initiatives
(e.g. suppers after work, birthday celebrations, etc.)

Communicate regularly with your employees through informal

face-to-face engagements or other feedback channels
 &UHDWH RSSRUWXQLWLHV ZKHUH HPSOR\HHV IURP GL΍HUHQW
departments can interact with one another, share updates on
terror, cyber trends and news and discuss security issues which
your hotel faces
Emergency Communications
To pre-empt questions and concerns that may arise in response
to the crisis, try to draft FAQs and replies in advance to ensure
that you can give a timely response during a crisis (e.g. employees
may ask if they should report to work, and hotel guests may ask
for refunds for booking cancellations)
 38

Illustrated Summary:
Partnering Your Community

Security Personnel
• Work with senior
New management to test, refine
Security
ecurity and improve security plans
Plan
• Join the SSWG* to network
with neighbouring
buildings, pool resources
and learn about safety and
security best practices
• Set up a Crisis Command
Centre with a dedicated
CRT#

Non-Security Operations
• Create and participate in activities to
befriend and support one another
• Get to know employees in other job
areas like security or administration
• Identify alternative suppliers for the
hotel’s F&B and amenity needs
• Consider having a department
based platform to directly
communicate with, or raise security
concerns to higher management

* #
Safety and Security Watch Group Crisis Response Team
 39

Hotel Administration
• Prepare a list of key contacts
(e.g. contractors, suppliers and
business partners) to support post-
crisis operations
• Establish procedures to restore
communications in crises for both
employees and hotel guests
• Establish an official online presence
to disseminate information and
correct rumours
• Communicate regularly with
employees and act promptly on
feedback

Senior Management
• Work with neighbouring
hotels to room guests
affected by crises
• Promote a vibrant, united
company culture
• Implement grievance
handling procedures
40
 41

3 Responding
to Threats
Measures and Immediate Actions
to Handle Crises
The following section showcases innovative measures used by local
hotels to address terror threats. Given the unique aspects and
circumstances of each hotel, many of these have been developed to
DGGUHVVVSHFLȴFDVSHFWVRIWKHKRWHOVȇFLUFXPVWDQFHVHJEXLOGLQJ
architecture or manpower).

It also contains information on the impact of terror and cyber attacks

and how hotels can respond swiftly and decisively if hit by one.
42

3.1 Innovative Practices

from Local Hotels
The resources and recommendations in this guide are intended to be guidelines
that you can pull from as you create your own hotel’s security policy. There is no
single best practice or routine to follow – instead, hotels are advised to adapt from
the guide to suit their circumstances.

The hotels below have found creative ways to balance between enhancing security,
satisfying guests’ needs, and maintaining a hospitable image.

How a midscale hotel bordering the city hides security features in

plain sight

Hotel Statistics

202 120
Rooms Full-time Employees

What They Practise

Crime Prevention through Environmental Design (CPED)

 43

Their Challenges

A clear glass exterior allowed people to look into the hotel at

night and observe employee movements, security patrols,
locations of VIPs and guests, and even security passcodes
Vehicles could potentially ram through the building’s exterior
from the driveway, but installing large barriers to prevent this
ZRXOGKDYHD΍HFWHGWKHKRWHOȇVRYHUDOODHVWKHWLFV

Their Measures

Installing wind-down curtains: The curtains can be lowered

at night or during events, preventing external parties from
viewing and observing events inside
Hiding bROODUGVLQVLGHODUJHȵRZHUSRWVDORQJWKHGULYHZD\
This provides a concealed physical barrier that can slow down
speeding vehicles, even as the hotel is looking into other
creative ways to further enhance building security with the
installation of ramps or humps
44

How a centrally located midscale hotel enhances security with technology

Hotel Statistics

420 240 20
Rooms Full-time Part-time
Employees Employees

What They Practise

Utilising technology to enhance security

Their Challenges

In the event of an emergency, the hotel will need to alert

guests, mobilise security personnel, and get employees to
UHSRUWLQVDIHO\DOODWRQFHZKLFKZRXOGUHTXLUHDODUJHH΍RUW
to coordinate
Gathering people at assembly areas could create an opportunity
for terrorists to launch secondary attacks, resulting in more
damage and possible loss of lives
The hotel wanted its security personnel to be able to cover more
ground and respond faster during emergencies, but without
LQFXUULQJVLJQLȴFDQWPDQSRZHUFRVWV
 45

Their Measures

Equipping every guest room with a mobile device that

provides free international calls: In the event of a terror
DWWDFNKRWHOPDQDJHPHQWFDQVHQGRXWPDVVQRWLȴFDWLRQVWR
guests on ground areas to avoid
Providing security personnel with Segway personal
transportation devices: Gives security personnel greater
JURXQGFRYHUDJHDQGKLJKHUHɝFLHQF\FRPSDUHGWRGRLQJȵRRU
patrols on foot
Connecting critical CRT members’ phones to security
personnel’s walkie-talkies: Allows all parties to stay
connected even when they are not physically present
Developing an in-house mobile app for employees:
Enables employees to remotely report their safety statuses
during a crisis, thereby eliminating the need for an
assembly area
46

How a centrally located luxury hotel prepares its employees

Hotel Statistics

792 980 1000+

Rooms Full-time Part-time
Employees Employees

What They Practise

Providing employees with anti-terror tools and knowledge

Their Challenges

It was easy for employees with a regular routine to simply

go through the motions of security preparedness, without
internalising the things they have learnt
Translating the theory of what employees learnt to real-life
VLWXDWLRQVFRXOGEHGLɝFXOWDVHPSOR\HHVWHQGWRSDQLFDQG
forget important protocols during crises
Pre-established procedures may also have loopholes that
QHHGWREHLGHQWLȴHGWRHQVXUHWKDWFULVLVPDQDJHPHQWUXQV
smoothly in the event of a real attack
 47

Their Measures

Creating an emergency hotline: Employees and guests can

use the hotline to report any suspicious activities they spot,
and each employee also has a card with the hotline printed on,
together with the slogan ‘See Something, Say Something’
Conducting regular simulation drills:
Employees are tested on their reactions during the drills,
before security personnel identify gaps in how situations
are handled
Learning points are then consolidated and shared with
employees involved so that they know the right courses of
action to adopt in future
7KHVLPXODWLRQVLQFOXGHVLWXDWLRQVVXFKDV
An employee pretending to be drowning in the pool
A housekeeping employee pretending to be locked inside
a room (using dry ice to create a scenario of smoke from
 ȴUHFRPLQJWKURXJKWKHJDSLQWKHGRRU
LeaYLQJDQXQDWWHQGHGVXVSLFLRXVEDJDWGL΍HUHQWDUHDV
of the hotel
48

3.2 Responding in the Event

of a Terror or Cyber Attack
Terror Attacks
In the event of a terror attack, knowing how to respond swiftly and decisively amidst
WKHFKDRVFDQPDNHWKHGL΍HUHQFHEHWZHHQOLIHDQGGHDWK

Response measures that anyone can undertake in the event of a

terror attack:

If at the site of an attack, Run, Hide, and Tell immediately

Perform Improvised First Aid Skills (IFAS), or Press, Tie and Tell, to stop the
bleeding of casualties
Cooperate with appointed hotel employees and security personnel as they
evacuate employees and hotel guests
Instruct employees and hotel guests to run as far as possible from the site
of attack
Find remote ways to check on the safety of employees (e.g. update on safety
status via group chats)
Provide the police and authorities with any relevant information to facilitate
investigations
Avoid circulating internal information, photos, or videos via social media,
as doing so may create unnecessary panic and misinformation
 49

Security personnel, in particular, play a crucial role in coordinating the response

protocols with other departments, and e nsuring everyone is familiar with their
roles in a crisis. You may refer to pages 12 and 66 for online resources to share
with employees.

Security Personnel

Ensure that the Fire Command Centre is secured and readily

accessible by required parties
Activate your hotel’s ERP
Utilise pre-existing communications channels such as alarms
or the PA system to alert employees and hotel guests
Hand over copies of the hotel’s key information to authorities
if needed (see page 24)
Activate building lockdown procedures to protect occupants
who are in close proximity to an immediate threat
Consider conducting a security sweep of assembly areas
to ensure that there are no risks of secondary attacks present
Alert neighbouring buildings of the attack, if possible
50

Cyber Attacks
Your hotel may use digital and cloud services to facilitate operations, such as online
booking systems, loyalty programmes, cashless POS systems and more. You can
prevent these from being exploited through implementing strong cyber security
measures and establishing a response plan to handle cyber attacks.

Cyber Attack Facts

Overview of the Cyber Threat Landscape

Cybercrime continues to be on the rise in Singapore, with 9,430 cases
reported in 2019 (up 51.7% from the the 6,215 cases reported in 2018)
47,500 phishing URLs with a Singapore-link were detected in 2019
From 2018 to 2019, organisations in Singapore that were hit by cyber
attacks came from all industries, including hotels

Scan QR code to
read more

What Form Can Cyber Attacks Take?

7KHPDMRULW\RIF\EHUWKUHDWVLQ6LQJDSRUHWRRNWKHIROORZLQJIRUPV
Ransomware
$W\SHRIPDOZDUHWKDWFXWVR΍DFFHVVWRWKHYLFWLPȇVȴOHVV\VWHPVRU
devices until a ransom is paid. Ransomware can spread through emails
with malicious attachments or links, where unsuspecting users open
these attachments or links.

Phishing
This refers to emails or messages that appear to come from a reputable
source, such as banks. The goal of such emails is to obtain security
credentials or personal data from users. For example, attackers could
use spoofed email accounts to impersonate a hotel’s CEO, business
partner or known contact of the victim to request data from him or her.

Web application attacks

This is when attackers use methods like SQL injections or Cross-Site
Scripting to gain access to applications such as cloud servers and
business databases.
 51

If a data breach happens, your IT departments or managers in charge of the area

should act as soon as possible to alleviate damaging consequences and limit
ȴQDQFLDORUGDWDORVVHV

Hotel Administration

Identify how the attack occurred

Payment systems and cloud-based storage of guests’ data
(e.g. from loyalty programmes) are common points of attack
Determine the extent of the compromise
For businesses that own e-commerce platforms,
  WKH SHUVRQDOO\ LGHQWLȴDEOH LQIRUPDWLRQ DQG SD\PHQW
details of customers may be targeted
 3HUIRUPDVHFXULW\FKHFNRQDOOD΍HFWHGV\VWHPV
Report the incident to the relevant authority or organisation
Lodge a police report
Report the cyber incident to the Singapore Computer
Emergency Response Team (SingCERT)
Notify the Personal Data Protection Commission if there is
a data breach

6FDQ45FRGHWRȴOOLQWKH
SingCERT’s Cyber Incident
Reporting Form

Scan the QR code to see

when and how you can
report a breach

BrRDGFDVW UHOHYDQW LQIRUPDWLRQ WR D΍HFWHG FXVWRPHUV

colleagues or tenants
Address their concerns about how the incident occurred
and inform them of the measures that have been taken
to resolve the issue and/or the steps taken to safeguard
their data
4 Recovery
Planning for the Aftermath of Crises
54

4.1 Recovery Efforts

of Hotels
Terror attacks may leave devastating consequences, damage infrastructure and
create tensions between social groups. Emotional distress may grow amongst
employees even if they were not direct victims of an attack. Including strategies
WRPLWLJDWHVXFKQHJDWLYHH΍HFWVLQ\RXUUHFRYHU\SODQHQVXUHVWKDW\RXUKRWHOȇV
operations can swiftly return to normalcy.

This section will explain how you can stay in touch with your stakeholders and
suppliers during times of emergency. You will also learn how you can provide
psychological support to employees and hotel guests.

Senior Management

Supporting Your Employees

ArrDQJH IRU 3V\FKRORJLFDO )LUVW $LG DQG VXSSRUW IRU D΍HFWHG
employees

Security Personnel

Enhancing Overall Security

Activate pre-established business continuity plans
Take note of gaps in existing contingency plans and adopt
measures to enhance hotel security
Download contingency planning and protective security
advisories from SPF website (see page 70)
Refer to authoritative sources of information, such as the
SGSecure mobile app, or the hotel’s social media channels
DQGRɝFLDOZHEVLWHIRUXSGDWHVDQGLQIRUPDWLRQRQSRVVLEOH
security measures to implement
 55

Non-Security Operations and Hotel Administration

Continuing Business Operations

Activate pre-established business continuity plans, which can
include measures such as hotel room and banquet room
booking promotions to draw guests back
Contact contractors or suppliers to assist in continued
operations and infrastructure recovery
Send out SRVLWLYH PHVVDJHV WKURXJK LQȵXHQFHUV SXEOLF
ȴJXUHVDQGWKHPHGLDWRUHVWRUHWKHLPDJHRI6LQJDSRUHDVD
tourist destination
Consider targeting new market segments that may be more
UHVLOLHQW WR FULVHV RU R΍HULQJ DOWHUQDWLYHV WR WUDGLWLRQDO
overnight stays (e.g. promoting your hotel to local guests, or
R΍HULQJZRUNIURPKRWHOSDFNDJHV
ΖQVWHDGRIGRZQVL]LQJFRQVLGHUUHWUDLQLQJHPSOR\HHVWR
ȴOO GL΍HUHQW UROHV IRU EHWWHU VHUYLFH UHFRYHU\ DIWHU WKH FULVLV
has passed

Hotel Administration

Supporting Your Employees

Take a strong stance towards discrimination at the
workplace, and ensure the Human Resources department
addresses the cases promptly
You may also disseminate circulars to promote unity and
cohesion among employees
Contact the Singapore Red Cross Society for Psychological First
Aid courses (see page 69)
 3URYLGH SRVWFULVLV VXSSRUW IRU D΍HFWHG HPSOR\HHV DQG
refer them to professionals, if necessary
Seek out counselling centres to support traumatised
  IURQWOLQH HPSOR\HHV ZKR H[SHULHQFHG WKH DWWDFN ȴUVWKDQG
and may require professional counselling (see page 72)
56
 57

5 Resources &
Recommendations
58

5.1 Tips for Identifying

Terror Threats
There’s no single feature that will identify an individual as a terrorist, or evident
signs that a place is about to be attacked. However, many terrorists follow similar
patterns when planning or preparing to attack a site.

How might a terrorist threaten your hotel’s security?

Terrorists’ Goals Actions Taken

• Taking photos of restricted areas, security

personnel, security cameras, etc.
• Asking about how many people will be around
 DWGL΍HUHQWWLPHVZKDW\RXUVHFXULW\VWUHQJWKLV
Collect information which areas are restricted, etc.
to plan an attack

• Pretending to be lost and attempting to open

locked doors or enter secured areas
ȏ 6HWWLQJ R΍ ȴUH RU VHFXULW\ DODUPV WR OHDUQ KRZ
long authorities take to respond
• Saying they have lost their room key and need
Test your a replacement, without providing any ID
building’s security

• Leaving a booked hotel room vacant, and using

it as an address for packages and supplies to be
delivered to
• Meeting with supporters and holding discussions
Raise funds and in a hotel room
get supplies

• Leaving behind a bag or small object and watching

how long it takes before it is noticed, reported or
picked up by security
• Sending in people to walk around the premises
Prepare to attack, and planning out routes to take when conducting
or carry out an attack an attack
 59

What are some ways that a terrorist may act?

Someone planning or carrying out a terror attack may exhibit some of the
following signs – but so could people who may be unwell or simply nervous about
travelling. Conversely, terrorists may also conduct themselves calmly and not
display any physical indicators. The best way to stay safe is to immediately report
suspicious activities or individuals, and for security personal to promptly follow up
by investigating. While it is not possible to be conclusive, your employees should
be encouraged to watch out for people who display physical cues (such as some of
the ones listed below) and report them to security personnel.
Physical Cues of Anxiety

Sweating Not making Licking lips Looking very

profusely eye contact frequently nervous

Appearing Clutching bag Holding Trembling and

strained constantly dangling wires touching face
repeatedly
Spotting Radicalisation Among Employees
Terror threats can come from within our organisations. All employees should know
how to identify signs of radicalisation in their colleagues, and have appropriate
channels to report anything suspicious that they see.

Possible Signs

Below are some possible signs to look out for, and the list is not
exhaustive. These include:
Avid reading of radical materials
Spreading and reposting terrorism-related pictures, videos and posts online
Expressing support for terror groups
Stating intentions to commit terrorist violence, or encouraging others to do so

ΖQWKHQH[WVHFWLRQ\RXZLOOȴQGPRUHFRPSUHKHQVLYHWLSVWRLGHQWLI\WHUURU
threats grouped according to key hotel roles.
60

Tips for Identifying

Terror Threats
4
• Frontdesk
• Hotel Lobby
• Concierge Department
Employees working in public areas, such as
the concierge and reception, mailroom and
F&B areas should be on the alert for
suspicious behaviour from guests and visitors.
Security personnel and maintenance employees
also have a responsibility to react promptly by
investigating any possible security breaches.

Attempting to hide their

identity or not giving personal
details when checking in

Parcels or packages which

seem odd (no address,
2 strange
5 sizes)

Using cash for big purchases,

or a credit card which does
not match their name
 61

Loitering around the

lobby without being
able to give a good
reason
3

Employees working in public areas,

such as the concierge and reception,
mailroom and F&B areas should be
on the alert for suspicious behaviour
from guests and visitors. Security
personnel and maintenance employees
also have a responsibility to react
promptly by investigating any possible
Investigating hotel
security breaches.
entrances and exits,
or trying to enter
employee-only
Attempts to Concealareas
Identity:
1 Attempting to hide their identity
or not giving personal details
when checking in
2 Using cash for big purchases,
or a credit card which does not
match their name

Testing Hotel Security Measures:

3 Investigating hotel entrances
and exits, or trying to enter
employee-only areas
4 Loitering around the lobby
Strongly refusing without being able to give
help to carry or a good reason
move heavy luggage
7
Suspicious Bags & Behaviour:
5 Parcels or packages which seem
odd (no address, strange sizes)
Baggage left unattended
6 Baggage in
or abandoned leftout
unattended
of
or places
the way abandoned in out of the
way places
7 Strongly refusing help to carry
6 or move heavy luggage
62

Tips for Identifying

Terror Threats
• Housekeeping
Department
Employees in Housekeeping should
always be looking out for signs of
suspicious behaviour or activities.
These include actions like refusing to
have their room cleaned, occupying
their room for long periods of time, or
meeting with unauthorised visitors.

Detailed notes or maps of places

which tourists may avoid
(e.g. factories or housing estates)

Excessive amounts of baggage

for a room with few guests

Weapons, ammunition, or materials

to make a bomb-like screws, nails or
ball bearings

Electronic components, electrical tape,

batteries and wires
 63

Fire alarms or smoke detectors being

tampered with (i.e. removed or disabled)

Burn marks or odd discolorations on

furniture that were not previously present

Strange chemical odours,

like cleaning solvents, fuel,
almonds or marzipan

Parcels with excessive use of

adhesive tape, boxes and
receipts for chemicals
64

Tips for Identifying

Terror Threats
• Carpark Valet
• Transportation Service Employees
Hotel security personnel and employees
overseeing the hotel perimeter should
monitor the behaviour of guests, suppliers
and third-party contractors. On a regular
basis, they should check their purpose of
visit and ensure that vehicles are not left
unattended for unusually long times.

Driver not willing to state

the contents in his/her
vehicle or reason for visiting

Abandoning a vehicle abruptly

near the hotel building
 65

Blankets or tarps
covering large items Person repeatedly driving
around the hotel, or driving
by on different occasions

Cargo that gives off unusual

or chemical smells

Strange liquids leaking

from the passenger
areas or the trunk
Sunken boots on
the bottom of an
over-weight vehicle
66

5.2 Online Resources

This section of the guide contains information on resources, training courses,
grants and fee subsidies which you may tap on to better prepare your hotel
security personnel and non-security employees for a crisis. To download them,
scan the QR codes.

Resources and Guides

SGSecure Guide CSA’s Be Safe Online

for Hotels Handbook
The essentials to help
companies enhance cyber
defence capabilities

SGSecure Guide for Workplaces

The guide is a starting point for every workplace, containing
measures, checklists and strategies to raise preparedness
levels at workplaces

Conducting Table-Top Exercises (A Guide for Facilitators)

The TTX Guide was jointly produced by SPF and MOM to
DOORZDOOZRUNSODFHVUHJDUGOHVVRIVL]HWRFRQGXFWD77;

Guidelines for Enhancing Building Security in Singapore

(GEBSS) and Video Surveillance Standards (VSS) for buildings
Provides good security practices and considerations to help
building owners incorporate pragmatic security solutions into
their building’s security plans

Educational Resources
Utilise MOM bulletins, Utilise other SGSecure
case studies, e-learning UHVRXUFHVYLGHRV
modules, brochures, contingency planning
videos, posters, checklists, posters, and
templates, and other apps
materials, to prepare
your workforce, protect
your workplace and
partner your community
 67

Mobile Apps to Download

SGSecure Mobile App DARE – Learn CPR

Posters to Display

In the Event of a In the Event of a After an Attack Look Out for

Terrorist Attack Terrorist Attack Anything S.I.A.U.
(Part 1) (Part 2)

Download the latest SGSecure advisory posters

(available in four main languages)

Download the 6 Essentials To

Be Safe Online infographic
(QR code under CSA’s Be Safe
Online Handbook on Page 66)
68

Training & Grants

Grants or Course Fee Subsidies to Train & Prepare Your Employees

Several subsidy schemes are available for Employers and Individuals* who are
Singaporeans (may vary based on age and years of career experience).

SkillsFuture Singapore and Workforce Singapore

Scan the QR code

to visit the website

Examples of schemes for Self-Sponsored or Employer-Sponsored Training:

• SkillsFuture Credit
• SkillsFuture Study Awards
• SkillsFuture Fellowships
• Mid-career Enhanced Subsidy

Employer Funding and Assistance Schemes

Scan the QR code

to visit the website

*
7RȴQGRXWWKHTXDOLI\LQJFULWHULDDQGSHUFHQWDJHRIIHHVXEVLGLHVUHIHUWRWKHRɝFLDOZHEVLWHIRU
UHJXODUXSGDWHV

Security Personnel and Non-Security Operations

SkillsFuture Framework
This is a range of courses that have been designed
to sensitise non-security employees or upgrade the skills of
security employees. These courses address gaps in particular
 DUHDVVXFKDVUHFRJQLVLQJWHUURULVWWKUHDWV
Skills Framework for Security

Scan the QR code

to visit the website
 69

Skills Framework for Hotel and Accommodation Services

Under Workplace Safety and Security Management category,
HDFKRIWKHIROORZLQJWRSLFVVXLWGL΍HUHQWOHYHOVRISURȴFLHQF\
• Crisis Management
• Threat Observation Course
• Workplace Safety and Healthy Performance Management

Scan the QR code

to visit the website

6LQJDSRUH:RUNIRUFH6NLOOV4XDOLȴFDWLRQ:64
This is a national credential system that trains, develops
DQG FHUWLȴHV VNLOOV DQG FRPSHWHQFLHV ZKLFK DUH YDOLGDWHG E\
employers, unions and professional bodies.

Scan the QR code

to visit the website

Non-Security Operations

Training on Emergency Response Skills

Sign up your employees for the courses below to sensitise
them to the importance of SGSecure and equip them with
life-saving skills.

SCDF: Community Singapore St John Singapore:

Emergency Red Cross Society: &HUWLȴFDWLRQ
Preparedness &HUWLȴFDWLRQ&RXUVHV Courses
Programme &RYHUVȴUVWDLG &RYHUVEDVLFDQG
/HDUQDERXWEDVLFȴUH SV\FKRORJLFDOȴUVWDLG RFFXSDWLRQDOȴUVWDLG
ȴJKWLQJ&35$('DQG DQGWKH)LUVW
EDVLFȴUVWDLG 5HVSRQGHU3URJUDPPH

www.scdf.gov.sg www.redcross.sg www.stjohn.org.sg

1800-286-5555 6664 0500 6298 0300

scdf_csc@scdf.gov.sg academy@redcross.sg ȴUVWDLG#VWMRKQRUJVJ

70

5.3 Useful Contacts

This section of the guide contains contact details of authorities and agencies which
you may access or reach out to, to better prepare your employees pre-crisis and
support your employees post-crisis.

Pre-Crisis Support

Enhance the General Safety of Your Hotel

0LQLVWU\RI+RPH$΍DLUV
For general information on SGSecure and to access e-learning materials,
visit: www.sgsecure.sg

Ministry of Manpower
To register SGSecure reps, and learn how to implement SGSecure at your
hotel workplace, visit: www.mom.gov.sg/sgsecure
Tel: 6438 5122
Email: sgsecure_workplaces@mom.gov.sg

Singapore Police Force

Find out about the Safety and Security Watch Group, Corporate First
Responder Scheme, and get useful resources on contingency planning
and response

Scan QR code
for more information

To register as a member of Safety and Security Watch Group (SSWG),

Email: spf_sswg@spf.gov.sg
 71

Protect Your Business Operations

Singapore Business Federation
Sign up for Crisis Communication, Business Continuity Planning and relevant
courses: www.sbf.org.sg

Singapore National Employers Federation

Prepare your workforce through events organised by SNEF:
www.snef.org.sg | 6290 7696 | advisory@snef.org.sg

Cyber Security Agency of Singapore

Access complimentary cyber security training tools and know about
cybersecurity threats: www.csa.gov.sg/gosafeonline
For incident reporting: 6323 5052 | singcert@csa.gov.sg

Centre for Protective Security (CPS)

CPS has a security enhancement programme (TOPSIS) where security communities
engage non-security communities to be situationally aware and to report on
suspicious activities, so as to raise the level of security vigilance of a premise.

To get assistance on how your hotel can implement a security enhancement

programme, email: SPF_CPS@spf.gov.sg

Workplace Safety and Health Council

For programmes, resources and training materials to make your workplace a
safer and healthier one: www.wshc.sg
Keep your business safe, healthy and secure:ZZZZVKFVJEL]VDIH

Emergency Contacts
Singapore Police Force
Hotline: 999
SMS: 71999

Singapore Civil Defence Force

Hotline: 995
72

Post-Crisis Support

Provide Psychological First Aid and Support

HealthHub
Helplines and Psychological Aid:ZZZKHDOWKKXEVJD]VXSSRUWJURXSVDQG
others/20/call-on-these-when-you-need-help

Institute of Mental Health (IMH)

24 Hour Hotline for Mental Health Crises: 6389 2222

Samaritans of Singapore (SOS)

24 Hour Hotline for Suicide Prevention: 1800 221 4444

Singapore Counselling Centre

Corporate Grief Counselling: www.scc.sg/e/corporate-grief-counselling
Employee Assistance Programme: www.scc.sg/e/employee-assistance-programme
Tel: 6339 5411

Counselling and Care Centre

Website: www.counsel.org.sg
Tel: 6536 6366
Email: info@counsel.org.sg

Care Corner (Mandarin) Singapore

Website: www.carecorner.org.sg
Tel: 1800 3535 800

SINDA
Website: www.sinda.org.sg
Tel: 1800 295 3333

Contact for Employee Support

National Trades Union Congress (NTUC)
Industrial Relations Department: www.ntuc.org.sg
Tel: 6213 8008
Email: ntucird@ntuc.org.sg
73
 © SGSECURE@WORKPLACES
MINISTRY OF MANPOWER
2021

Website: www.mom.gov.sg/sgsecure
Email: sgsecure_workplaces@mom.gov.sg