How should organizations handle threats from external individuals differently from employee threats?

• A. Coordinate with security and possibly law enforcement for external threats; apply policy for reporting and safety; ensure confidentiality and alternative arrangements for customers.
• B. Treat all threats the same and escalate only within HR.
• C. Ignore threats from external individuals unless violence occurs.
• D. Notify the public immediately without a plan.

Answer: (A)

Threats from external individuals require a security-centered response that involves security personnel and, when appropriate, law enforcement, following established reporting and safety policies. The emphasis is on rapid risk assessment, protecting people and assets, and maintaining confidentiality while arranging safe alternatives or accommodations for customers who might be affected. This approach recognizes the distinct risk dynamics of external threats and the need for coordinated security and legal response, along with preserving trust and service continuity.

Internal staff threats, in contrast, are typically handled through HR processes—investigations, due process, and remedial actions that address behavior while safeguarding employees’ privacy. Approaches that ignore security involvement, delay reporting, or publicly disclose details without a plan fail to meet safety, legal, and operational needs.