Many years ago, before 9/11 and before the limitless advancements that we have with technology today, I suspect that your views of “security” were vastly different than they are now. In those yesteryears, the word security was most closely associated with building attributes, checkpoints and personnel strategically positioned in an obvious manner – “gates, guns and guards” was the phrase most often thrown around. Today, if you mentioned those words to an employee, they’d likely look at you as if you still had a “watchclock” around your neck and they just caught you winding it up with a key fastened to a stairwell wall.
If you didn’t understand the analogy, I’ve made my point. Today, if you bring up security to someone, they are more likely to equate the word with an aspect of technology rather than something they can physically observe. Why is that? What has so fundamentally changed over the years where the concept of security is now seen as dramatically different in the eyes of our employees? By obtaining a deeper appreciation of our employee’s current perspective regarding security, it will help all of us recognize what has – and has not – changed with respect to delivering security services to the organizations we represent.
"Today, if you bring up security to someone, they are more likely to equate the word with an aspect of technology rather than something they can physically observe"
So, when thinking about security, what is an employee’s current perception or understanding of the term? Let’s attempt to answer that question by examining a hypothetical (but entirely plausible) day in the life of an employee today.
6:45AM – Wake up to the soothing sounds set by Alexa or Hey Siri while intermittently conveying the day’s weather to you along with what’s on your calendar. (In the back of your mind, you remember last night’s news story on privacy settings for these devices and make a mental note to check your own settings)
8:15AM – After an energetic workout on your high-tech exercise bike watching a live class (over your unsecured wifi router), customary morning routine and a healthy bite to eat, you depart your residence via your wifi-enabled door lock, walking by the battery-operated wifi video doorbell you installed yourself this past weekend and into your vehicle via the fob that automatically unlocks your door when in close proximity. (Which is great seeing as how you have no idea where your keys actually are)
9:00AM – Arriving at the office after successfully navigating the speed-monitoring and red-light cameras on the way, the license plate recognition camera validates your vehicle, raises the parking gate and you park. Using the biometric reader on the optical turnstile, you enter your workplace (waving to the person at the desk) and make your way to your work area. Once settled at your hoteling desk (assigned per smart phone alert) and have firmly established a network connection for your laptop and VOIP desk phone even though the VPN doesn’t seem to be working correct – maybe the company network thinks you’re in Berlin which happened last week – you’re all set to conquering the tasks at hand. (While digging around your bag in the morning, not only did you find your keys, but you also discovered the proximity card you used to use to enter the building and sigh when seeing how much you aged since the picture was taken)
10:30AM – The annual Active Shooter drill emergency message flashes across your laptop screen and you dutifully proceed to one of the designated safe havens the company has installed in the Men/ Women restrooms – with doors secured by actual locks in fact! While in there awaiting the “all clear” announcement from a Security Officer, you remember that you neglected to pre-register your visitor with the building entry desk. Resuming your day post drill, you click on the “visitor registration” tab on the company’s intranet home page and register your visitor. With the drill top of mind, you recall that the visitor system is connected to public sex offender / criminal databases to ensure “bad actors” don’t enter the building, which is comforting you suppose.
Noon – Paying for lunch is easy these days with all the cashless apps that you have access to and the interactive menu boards, causing you to wonder who still goes to the cashier anymore. Thankfully, you have already set up biometric authentication on the mobile pay app you’re using.
1:20PM – With your wifi-enabled video doorbell, you’re excited to get your first alert on your device which is showing the delivery driver dropping off the packages you ordered the night before from the latest e-commerce website. This is great you think, but are now obsessed with calling back up the video repeatedly looking out for Porch Pirates who often wander your area looking for easy packages to steal.
3:45PM – You receive an in-app push alert via your company’s safety app notifying you that there’s “police activity” along the route you typically travel home in the afternoon and you hope that it’s resolved without anyone being hurt (or disrupting traffic). News reports showing live video from the traffic cameras you passed on the way in that morning are keeping you up to speed via your local news app.
4:55PM – Quitting time and you’re quickly trying to finish up remaining emails and IMs received. Hastily clicking on a hyperlink in an e-mail from Payroll, you immediately realize that you unfortunately fell for the phishing simulation email sent out by your company trying to educate you on the risk of clicking on unknown risks. Appreciating this advice as your home computer is running much slower these days (believing you may have fallen for a spam email at home), you make a promise to yourself to do better going forward.
5:10PM –Heading out the doors, you head home – excited to be able to stream season 1 of Seinfeld via the device delivered earlier in the day, which is great because you dropped cable a long time ago.
If the above is a plausible day-in-the-life scenario of today’s employee, then security may look completely different than what more tenured employees initially found in their workplace – but that’s okay! If we consider the general Duty-of-Care concept fully embraced by many organizations, employees today are protected at work as well as ever. As technology has facilitated our ability to live, travel and work in a way where we continually feel protected, it has also embedded security in almost everything we do – how we receive information, how we move about and how we engage& transact with others in person or online. This has long been the goal for any security professional.
Today, security has moved beyond a word used to describe something exclusively in the realm of a dedicated team and is now more reflective of an overarching concept that is now fully integrated into our lives and in everything we do. To be effective, organizations would be well-served to recognize that our employees and those who we support in our organizations no longer distinguish physical or virtual security measures and look for opportunities to raise awareness that security is now, more than ever, a state of mind.