On Oct. 19, robbers pulled off a daring, midday heist at the storied Louvre in Paris, France. They made off with $102 million worth of crown jewels in a move reminiscent of a Hollywood blockbuster.
What many didn’t know at the time was that France’s court of auditors had urged the world-famous museum to hasten its planned security modernization. Noted delays in renovation and security upgrades worried the government. They realized how vulnerable the priceless jewels and works of art contained within the Louvre could be.
And they were right.
The incident laid bare the importance of modern, comprehensive facility security. The Louvre heist was a hard lesson to learn for the facility’s management team, but even if one’s business or organization isn’t as famous as the Louvre, its management can learn from the security failures that made the heist possible.
Here, we dive into security lessons every security manager should know and how they can protect their business from modern criminals.
Criminals Seize Opportunities
It was likely assumed by most people that the Louvre would have top-notch security, given the countless works of art housed within its walls. However, as we soon found out, modern security is not always seen as a priority. Many organizations, large and small, may think that what they have done for years is enough, but modern criminals are becoming more savvy, and security measures must keep pace.
At the Louvre heist, the robbers dressed as construction workers and used a truck-mounted furniture lift to gain access to the building through a balcony. They took less than eight minutes to smash through displays and grab millions in jewels, making their escape on motorbikes. While alarms did sound, the response was not rapid enough. The criminals exploited gaps in surveillance and human intervention, seizing an opportunity created by glaring weaknesses in the Louvre’s security infrastructure and the museum’s overall underinvestment in security.
Learning from the Mistakes of Others
The lessons other businesses learn from this high-profile security breach are plentiful. Businesses and organizations should task their managers with auditing security within the facility and identifying areas for improvement.
Understand that Every Access Point Is a Vulnerability
With less monitoring and easy access, the criminals dressed as construction workers knew exactly which access points to exploit at the Louvre. Security managers need to conduct regular, thorough audits of all building entry points, especially those that may be temporarily exposed during renovations.
Service entrances and construction entrances often have weaker security controls and managerial oversight. These access points need to be integrated into any active security perimeter, with camera coverage, badge access, and restricted hours.
Do Not Underestimate the Boldness of Modern Criminals
The Louvre was struck in broad daylight, and among throngs of visitors. Security managers should understand that security breaches can happen at any time—there are no “safe hours.”
Managers should deploy real-time alarm and monitoring systems covering public entrances, staff-only areas, and off-limits areas. In addition, security teams should rehearse their rapid response to any breach, differentiating their training depending on the time of day, peak visitor hours, or the availability of human security personnel.
The Speed of Response Is Crucial
The Louvre criminals completed their heist in a mere eight minutes. Criminals will always exploit the time gap between the alarm sounding and the actual response of security personnel.
Security managers need to do their best to correct failures in system integrations and response time. Managers can conduct regular drills to simulate varied scenarios, readying their security staff for quick responses.
Maintain Robust Technological Barriers for Extra Security
When it comes to technology, weak credentials can bring a facility’s entire security system to its knees. Reports state that the password for the Louvre’s security system was “LOUVRE,” an easily guessable password that is clearly not a secure choice.
Security managers need to mandate the use of complex, unique credentials for security systems, access controls, and alarms. They should also employ multi-factor authentication, monitor for unauthorized access, and conduct penetration testing across all networks connected to critical building functions.
Security Culture and Mindset Must Also Experience a Shift
Security managers need to ensure their staff understands that incidents such as heists can and do happen, even in broad daylight. All staff must be trained to identify suspicious behavior and to report what they see without hesitation.
In the case of a robbery or other security breach, staff need to understand what the immediate priorities are. The site should be secured, evidence preserved, law enforcement notified, and databases updated to reflect what was taken. Just as security responses must be robust, so must post-incident responses.
The Louvre heist demonstrated that even the most established, even famous, facilities can have major flaws in their security plans. Through a holistic, adaptive approach, security managers can learn from the mistakes made during this high-profile heist and offer comprehensive protection for everything from small businesses to priceless jewels.
Marcus Skeen is president and CEO of WGS Group, a Southern California-based boutique security firm. As a former law enforcement officer with over 25 years of global experience, he specializes in protecting high-profile sites, coordinating security operations, and mitigating sophisticated threats.