In a world where headlines of active shooters at workplaces spread like wildfire on social and mainstream media, the role of physical security teams has never been more complex and more vital. Complicating our jobs are not only new and old threats, but the challenge of managing these threats when they can be shared in real time, hampering our ability to manage a situation, keep it confidential and most of all – our workforce safe.
And while physical security breaches often make headlines, most people tend to pay more attention to cyber security and the fear of data theft. In companies that have distinct physical and cybersecurity teams, we know that the best security programs function collaboratively, taking a holistic approach to protect organizations. While we can never eradicate threats, we can and should make every effort to ensure a safe work environment for employees, intellectual property and the corporate reputation.
As a 22-year veteran of the FBI and a 14-year employee in corporate security, I have spent years managing security for government and corporations. I have taken the key learnings from my career to create a physical security checklist for organizations of all sizes to ensure they are doing the very best to keep teams safe and property secure.
Take Your Company’s Pulse
First and foremost, companies need to establish a baseline of physical security processes. While this may seem basic, I have walked into situations where organizations do not have a complete understanding of their physical security resources and most of all-- their threats. The goal of an assessment is to identify credible threats, identify vulnerable areas, assess the potential consequences and prioritize the risks.
"Training is a key aspect to create a knowledgeable and alert work force to keep assets, areas and people secure"
The results of the risk assessment are then documented, along with recommendations to remedy any gaps. The assessment should be done on a regular basis, as new treats, equipment, buildings and employees make the existing assessment outdated in short order. The key to an assessment is reviewing with teams the following:
• Threat and Vulnerability
• Site and Facility Security
• Facility Operating Procedures
• Physical Security Systems
• Electronic Security Systems
• Security Policies and Procedures
• Company Security Culture and Practices
We traditionally think of assessments as an audit of only facilities, security systems and teams. But what about employees? What are their concerns? With those headlines of workplace violence comes fear for many team members. How do we understand what their concerns are in order to ensure that we are not only listening to them, but addressing what matters most to our colleagues? Make sure that any assessment includes a yearly pulse of employees’ concerns because they also play a vital role in workplace security.
Establish a Security Culture
Physical security experts talk a lot about barriers to reduce threats. However, first and foremost, we need to create a culture in organisations that view security as not only critical, but recognizes that each person plays a critical role in helping to keep our environment secure. The most important part of physical security are the people we protect and deterring people who could cause them harm. In the wake of a rise in disgruntled employees taking out their anger in work environments, many employees have come forward in our company seeking out best practices and asking for updated training.
Training is a key aspect to create a knowledgeable and alert workforce to keep assets, areas and people secure. This can be accomplished by raising awareness and creating best practices that all employees follow and creating a culture where security is prioritized. Even simple steps can have a big impact. One practice that is easy to implement is establishing a clean desk policy. Personal belongings such as wallets and mobile phones as well as company documents left on desks create an easy opportunity for property theft, so having a policy that suggests securing items when teams leave their work areas can be an effective deterrent to theft.
The best way to deter someone who shouldn’t be in your building is to focus on stopping them from entering in the first place. This seems simple, but can be very difficult to manage. I work in a culture where people are very polite and friendly, which makes for an incredibly pleasant work environment. However, holding a door open for someone so they don’t have to use a badge, breaks an essential element of building protection. Whether the person is a visitor or a senior executive, they should follow protocol of swiping their badge to enter for maximum protection.
Whether it is an industrial or residential building, it is paramount that ID and badge requirements are enforced. These two protocols are extremely effective when it comes to controlling access.
When someone new enters the building, ensure personal IDs are checked and have a robust Visitor Management Program for both planned and unscheduled visitors. It’s also important to make sure visitors aren’t left alone in sensitive areas and have their badges removed by an employee when they're leaving the building to prevent cloning or copying.
It is imperative that we test our processes for effectiveness before a real crisis arises. Conduct field exercises including scenarios where you try to gain access to your own facilities. You can also practice tabletop drills and run teams through a variety of scenarios, including natural disasters.
These tests are vital to identify potential gaps in procedures, protocols and employee practices. Even the best planning can sometimes fall apart when a crisis arises. Engage senior management and people from a variety of departments in these drills to underscore physical security’s importance to an organization. Part of a drill should include leaked information and the handling of the communications side of a potential disaster. How do you communicate with global team members, family members, external stakeholders, etc.? How do you respond to live video postings from employees or media? All of these scenarios involve the careful coordination of cross-functional teams working collaboratively to address incidents and emergencies.
It Won’t Happen Here
How many times have you heard this from senior management and colleagues? Anyone involved in the security of an organization knows that bad things can happen. It is our job to make sure that our plans and processes are in place, and to regularly educate our employees why physical security is critical to an organization now more than ever. Our role is to help people understand that the best way to help protect our companies, our people and our reputation is to identify and prioritize potential risks to our organizations and then develop plans, policies, procedures and best practices to mitigate the risks. This comprehensive approach to security requires awareness and engagement from all employees. A security-centric culture is definitely an all-inclusive team effort!