While most workplaces are generally safe environments, it’s important to be aware of (and prepared) for the worst. For a complete and comprehensive security programme, you should be training your employees on threat awareness and enforcing prevention tactics. Here are the areas that you should be covering.
The 3 areas of security threat awareness (and how to prevent them)
Although every company, employer, and workplace can face their own unique security threats, generally, these threats can be grouped into three categories. These are personnel security, physical security, and digital security.
1. Personnel Security
What many companies don’t account for in their security strategy is staff sabotage. This is crazy when you think about it as employees are the people that know your business best. If you as an employer are lax about your personnel security (e.g. issuing everyone with an access badge or key for multiple facility areas), then you are at risk of your employees taking advantage.
Common ways to control for personnel security include:
- Providing staff threat awareness training.
- Safeguarding entrances to the facility (e.g. locks, keycards, alarm systems, security guards).
- Installing CCTV.
- Designating safeguarded entrances into the facility.
- Issuing employee identification cards and access keys to only the personnel that need them.
- Prohibiting visitors from entering restricted areas of the facility.
2. Physical Security
Both employees and opportunistic criminals are a threat to any business so physical barriers are needed to deter, detect, and delay any breach of security. Physical security considerations take into account the security of the company grounds, all facilities and assets, and the property itself. If you have a solid security strategy, your personnel security measures should overlap with most of your physical security measures too.
Common ways to address physical security include:
- Implementing all the necessary security measures for deterring, detecting, and delaying crime.
- Securing valuables in lockers or other storage areas.
- Securing filing cabinets, supply closets, and stock rooms with locks.
- Implementing policies for reporting any suspicious packages or any missing or damaged company property to facility security.
- Disposing of shredded documents and recycling bins securely.
3. Digital Security
Whether a company handles sensitive data or not, a hacking or phishing attack can have devastating consequences for any business. If you have a computer, criminals can hack into HR software, obtain employees’ personal information, obtain passwords to access company accounts and much more. The damage to a business when it comes to a digital attack can be irreparable yet it is one of the areas that a lot of companies do not protect themselves against.
Common ways to control digital security include:
- Providing digital threat awareness training to staff (e.g. never insert suspicious or unknown storage devices into your computer, never click suspicious links or open unfamiliar emails/attachments, the importance of password security etc).
- Regularly making and updating strong, unique passwords that are never reused.
- Regularly updating computers and shutting them down at the end of the day to prevent remote access.
- Implementing secure storage of sensitive data (never on shared drives).
- Completely erasing storage devices before disposing of them securely.
Always remember the 3 Ds of defence
When it comes to implementing a complete security threat awareness and prevention strategy, you need to always consider the 3 Ds of defence.
Whatever threat you identify, make sure you have the necessary security measures in place to:
- Deter the threat – CCTV, motion sensors, gate access etc deter or discourage a potential threat from occurring in the first place by suggesting that a successful attack is unlikely due to strong defences.
- Detect the threat – cameras, sensors and alarm systems allow you to detect a threat, monitor it, and respond to it efficiently and effectively.
- Delay the threat – interior and exterior barriers ensure enough time for an appropriate response to be triggered and deployed so that the threat can be defused.
When you have the 3 Ds covered in each of your security measures, you can’t go far wrong.
Prevention = protection
The most effective security measures are ones that prevent an attack from occurring in the first place so when you create your security strategy, make sure that threat awareness and prevention measures are a priority.
To protect your business from personnel, physical and digital security threats, make sure to train all employees on the possible security threats and the specific policies that they should use to counteract these threats. When you combine this with the physical security measures that you have in place, you can be sure that your business and assets are secure.
What we can do for you:
RGM Security offers a wide range of security services including a free consultation where we carry out a weakness assessment of your site. If you need threat awareness training for your staff, intrusion testing to check your defences or even just advice, please don’t hesitate to contact us!
To check your security weaknesses yourself, download our handy security weakness checklist!