If a company hasn’t had a serious security incident for some time, C-suite executives often become complacent and may wonder if all the security systems, regulations and jobs already in place are necessary. But complacency isn’t a good reason to cut the security budget, especially in a recession when crime often increases.
“A recession puts economic pressure on everyone,” says Bill Sako, chairman of the board at Sako & Associates, a security consulting firm. “All forms of crime rise at all levels as people respond to that pressure.”
With increased financial pressure comes increased likelihood of employees committing crimes like theft and embezzlement against a company, even if the employee never thought of committing a crime during better economic times, says Paul Benne, senior security specialist with Syska Hennessy Group. “When people’s salaries are reduced or spouses are laid off, opportunities for crime become more attractive,” he says.
To avoid an upswing in security incidents, facility executives should take stock of potential threats to their facilities. Evaluating current security procedures will reveal areas where security might need to be increased to protect the company’s assets, including facilities, proprietary data and employees.
Convincing the C-suite that a recession is not a good time to cut the security budget is not easy. The mindset may be “we’ll deal with an incident when it happens,” says Sean Ahrens, project manager, security consulting and design services for Schirmer Engineering, an Aon Global company. But that thinking could leave the organization open to huge liability issues.
“Are they willing to tolerate knowing that if something bad does happen, it may lead to an investigation and it will be revealed that the security program had been cut back?” says Geoff Craighead, vice president of high rise and real estate services with Securitas and member of the ASIS board of directors.
To convince the C-suite that cutting the security budget is not a good idea, and in fact, increasing security during a recession might be the best strategy, facility executives need to speak the lingo that the C-suite wants to hear, says Ahrens. Just like other budget items, many security system upgrades and staff salaries can be put in terms of ROI and payback periods.
To determine what types of security measures are best for a facility, do a risk assessment. Look at the threats to and vulnerabilities of a facility, along with their consequences and probability of occurring, says Benne. Look at the history of incidents in the facility as well as the surrounding area.
Once the risks to a facility have been analyzed, there are best practices that facility executives may need to implement in order to have the most secure facility possible. Here are some of the most common areas of security that should be addressed.
Access Control. Even if an organization feels that something as high-tech as fingerprint scanners is not necessary, facilities still using keys as their primary form of access control should re-evaluate their systems. With a programmable, card-based system, if one card is lost, security simply needs to deactivate that card to ensure that unwanted guests cannot gain access to the facility. If, however, a key is lost, re-keying can be costly.
Electronic access control systems are necessary, but there is no replacement for someone who physically controls — or oversees — main access to a building. Craighead recommends security staff control access at the main entrance, especially in facilities where the lobby area is open to the public.
Parking Lots. The most important security feature in a parking structure is ample lighting. Ahrens even goes so far as to suggest “friendly” lighting, such as metal halide, that does not appear yellow or dim like sodium-vapor lamps. Dim lighting may make occupants feel unsafe and encourage would-be criminals to target one parking structure over another.
A simple, often low-cost program to implement is a security escort for anyone who requests one to their vehicle. Many facilities are willing to offer escorts for occupants’ piece of mind — especially women’s, says Craighead.
Data Protection. In this day and age, an organization’s data and intellectual property are often the most important aspects of the business. Countless dollars are going into research and development and procuring clients. “Cyber crime is growing significantly,” says Sako. “The loss of intellectual property could represent the loss of market position or the business itself.”
To safeguard data from employees who have been laid off and may be looking for a way to strike back at the company, give every employee a personal file folder on their computer to use only for personal items, says Benne. Personal data and files always get mixed in with company data on computers, and if they’re laid off, people will ask to use their computer to get that data back, potentially leaving proprietary information vulnerable. With separate folders, personal information can easily be removed without allowing access to sensitive information.
But it’s not just recently laid-off employees who may be disgruntled enough to steal trade secrets. Ahrens recommends looking into computer programs that track data with very stringent controls, recording who touched files, when, where they were moved, and if they were altered.
Occupant Education. Facility occupants need to know how to respond to an emergency or potential threat. Facility and security staff should set up classes for new hires that focus on what to do in case of a security emergency, not just in case of fire, says Benne. At some point, every facility will encounter an emergency, whereas not all may encounter a fire, he says.
In addition to classes, many organizations are now using online information sites with videos, tutorials and FAQs for their building and links to other Web sites such as the Department of Homeland Security, says Craighead. Occupants can use the site as a refresher course to their initial training.
Sako recommends fostering an attitude that security is everyone’s business. “More often than not, people who observe irregular behavior do not report it because they aren’t sure how or who to report it to,” he says. “Ongoing training and newsletters go a long way in making people aware of how to identify irregular activity and what to do about it.” 
ASIS 2009
|
