Business security reviews are essential now more than ever
The past few months have seen a stream of devastating terror attacks taking place around the world.
Never has there been a more important time for businesses of all sizes to review their security strategies.
While recent events have proved to emphasise just how important security measures are in the protection of our society, it is essential that effective security is always employed.
Ongoing process
Businesses should not just be reviewing their security strategies, policies and plans in light of terrorist attacks, they should be doing it all the time. Very few businesses will actually be the direct target of a terrorist attack; it is more the overspill of an attack that businesses should be prepared for – such as having to evacuate the building in response to a threat or nearby attack. However, in light of the direct targeting against Charlie Hebdo, businesses must now consider whether they could face direct action from terrorists or other action groups.
At the heart of any business’s security and its resilience to threats is the risk register. This is a key risk management tool that helps a business identify the day-to-day risks that it faces and the best ways to counteract them.
As a business, it is absolutely essential to know what you’re protecting yourself against. Today, we are not just threatened by large scale terror attacks, but also ‘lone actor’ or self-radicalised assailants who may not even be directly related to terrorist organisations but possibly suffer from mental health problems. In fact, businesses face threats to business continuity that can arise in any number of ways, whether it be a planned attack, bomb threat or even a flood or power outage within the building. France is currently being targeted by a massive and unprecedented wave of Cyber Attacks against Government, large corporations, smaller businesses, schools and workers unions, which appear to be linked to recent events. It is vital that all organisations take a converged approach to their planning and ensure that all elements of the business work together on this. As such, businesses must have contingency plans in place that detail how they would react to such threats – whether it be locking down the building completely, evacuation or even internal evacuation.
Many businesses can take a mundane approach to developing these plans; however, proper planning will have a more beneficial impact if a threat does occur.
Contingency plans
When it comes to developing contingency plans, recognising the impact of a threat is much more important than identifying the motivation behind an attack. After all, it is the impact of an attack that will cause the most damage to the business. Businesses must start thinking on a broader scale, asking the vital questions like: “What drives my business?”, “What can I cope without?” and “What is essential for my business to survive?”
An attack may result in evacuation of a facility and could result in staff having no access to their office for a considerable amount of time. Businesses should consider whether or not they have adequate IT facilities for staff to manage their work and securely access data from home if necessary. Multi-site businesses should prioritise the key roles in their business and ensure that those people are able to continue to work sufficiently off site; if this is achieved, it will be much easier for a business to work back towards normality following an incident.
Simply having plans in place is not enough; businesses should routinely check and exercise their plans in order to ensure the relevance fits the purpose. It is the smallest details that can make the biggest difference, such as ensuring that all staff contact details are regularly checked and updated where necessary. Staff should also take on key roles within the contingency plans; this does not necessarily have to be a senior member, in fact it is more beneficial if roles are assigned to those who are regularly at the office, not those who are less available. It is essential to assign deputies to each key role, ensuring that someone will always be on site or available who efficiently knows the plans and will be able to react accordingly.
Outsider knowledge
It can be difficult for a business to adequately identify its risk register on its own; as such, outsider knowledge provided by professional security consultants can be invaluable. Security consultancies provide independent professional support to ensure that measures required by clients correspond to both existing and emerging threats, whilst complementing a business’s environment and operation.
Working closely with the business, consultants help design a holistic security strategy that complements the business’s operation in order to address the protection of people, building, assets, and ultimately, reputations. Security consultants can also act as project manager, overseeing the implementation of security controls and ensuring that all the necessary procedures are carried out. If a business does choose to employ the services of a specialist security business, it is absolutely essential that they choose a reputable company that meets the relevant standards for its product or service.
In light of increased threat levels, both in the UK and internationally, today it is increasingly important to implement a security review.
Mike O’Neill
Chairman of the British Security Industry Association’s Specialist Services Section