architecture - engineering - construction
AECinfo.com

AECinfo.com blog

Corporate Security Best Practices

October 28, 2019

In most business settings, physical security is either absent or insufficient. “Since nothing has happened,” explains T.J. McComas, a physical security specialist and founder of Bastion Security Group, “the conclusion is that the security works. But, in many cases, it isn’t that the security works, it’s just that they’ve been lucky.“

This is compounded by inherent challenges to securing a place of business. According to Total Security Solutions CEO Jim Richards, “From a physical security standpoint, it can be really challenging: Different points of entry, different doors, a lot of different people coming and going, unexpected visitors. You really need to look at the entire facility, and think in layers if you want to protect it. There’s no cookie-cutter solution here. For each situation, you need to look at all the factors, who needs to go where, and design for that unique situation.”

Good corporate security planning means embracing four core practices:

  1. Adopt an “all hazards” approach
  2. Remember that physical and cyber security overlap
  3. Prepare for an active shooter
  4. Focus on the human experience

Adopting an “All Hazards” Approach to Corporate Security

TSS has long advocated for every organization to adopt an “All-Hazards” approach to security. “You take a comprehensive look at your challenges,” Jim advises. “And we’ll help you come up with a comprehensive system for addressing them.” This is generally a four step process:

  1. Identify Hazards: What might hurt you? How likely is each of these events? How severe?
  2. Consider Your Assets: Who or what is likely to be damaged or injured? What makes each of these vulnerable?
  3. Assess Impacts: In what way(s) will each hazard harm each asset? How much will each of these harm cost?
  4. Weigh Possible Mitigations: What can you do now to minimize impacts, protect assets, or reduce hazards?

(We’ve compiled a concise All-Hazards Assessment guide with links to further resources.)

Physical Security is Cyber Security

According to T.J. McComas, physical security is the weakest link in any business’s network. “It’s always a lot easier to gain access to information from the inside than it is from the outside,” McComas explains. As such, you should consider the key role that your building’s physical security plays in assuring the security of your networks and data. (And, correspondingly, how a compromised network might undermine the security offered by your access control, alarm, camera, and other monitoring systems.)

“The easiest way to gain access to a computer system is physically,” McComas notes. “If you are physically in front of that computer, there are hundreds of things you can do in a matter of seconds—plug in a USB drive with a pre-loaded Trojan, clip a vampire tap onto a cable, plug in a hardware key logger—and that network is completely compromised.”

Thumb drives are a very popular network attack vector.

“A lot of businesses, as default, allow unrestricted USB access at all of their terminals. Most of the time that’s fine—and very convenient for workers, visitors, and so on. But if someone has a corrupted USB drive—one with a Trojan or a worm or something like that on it—then as soon as they plug that in, it’s going to infect the entire network. That can be more than enough to open up a hole in a firewall.” This allows remote hackers access to your network—which is the key first step in compromising all of your systems, from employee files and financial information to security and life safety systems.

Prepare for Active Shooter Events

American businesses face special challenges when it comes to the threat of gun violence. Although attacks targeting schools, religious congregations, and crowds tend to grab the headlines, the bulk of mass shootings in the U.S. happen at places of business. Even as violent crime has declined overall since the 1990s, the prevalence of workplace shootings has continued to increase. As of 2016, a business was 30 times more likely to contend with an armed intruder than a building fire (according to the Bureau of Labor Statistics).

In part, this is because American businesses sit at a unique nexus in American life. Most armed attacks are driven by one of four factors:

  1. Economic gain (e.g., armed robbery, mugging, etc.)
  2. Business dispute (e.g., disgruntled worker, interpersonal issues, bad business deal, etc.)
  3. Personal/domestic dispute (e.g., family abduction, domestic violence, wronged neighbor, etc.)
  4. Ideological motivation (e.g., terrorism, hate crimes, etc.)

While most organizations only have to plan around one or two of these, any of the four can give rise to an incident.

Nonetheless, recent surveys show that only about 20 percent of American businesses are amply prepared for an active shooter incident. (We’ve prepared a brief 5-minute safety topics overview to get you started with planning.)

Corporate Security Should Focus on the Human Experience

But stopping bullets isn’t the only way that a physical barrier protects people. They also offer potential psychological protection.

“You get a disgruntled customer,” Jim says, “you get a former employee saying things online, you get somebody coming in making threats or acting erratic or doing things. They don’t necessarily have to pull a gun and shoot somebody or do something to make that environment awful for the workers.” That sort of long-term, low-level stress has a known impact on worker satisfaction and retention.

“Imagine working in that environment and not feeling secure,” Jim continues. “Employee turnover, employee satisfaction, employee retention, all of those things play into the benefits of having a barrier.”

Over their decades in security, TSS has become convinced of the potent deterrent effect that comes with installing a good barrier system. As TSS senior sales consultant Bob George explains:

“I’m working with a power and light company right now. When I was there the other day, the women who work the counters were ecstatic that we were taking measurements to install a barrier system. They told me that, at the end of every month, when the bills are due, they have a line out the door. That’s fine. But there are always a few people who are there holding a final notice, a shut-off notice, and those people are irate. They take it out on these poor women who are just doing their jobs. People try to intimidate them to get an extension, or whatever. And it’s scary. But if the barrier is in place, that abuse doesn’t even start. It just gets nullified, right there.”

@TSSBulletProof #TSSBulletProof #bulletproof #corporatesecurity #security #bulletproofglass

Company: Total Security Solutions Inc

Product: Bullet Resistant Doors

Source: https://www.tssbulletproof.com/blog/corporate-security-best-practices/?utm_source=listing&utm_medium=referral&utm_campaign=aecinfo



Tags:

Bullet Resistant

Office

Security