Seven ways to secure your business
At this time of heightened threat level, a checklist for ensuring you have the best security measures in place:
1. Get early buy-in from the C-suite
It is vital to demonstrate, to both the C-suite (Chief officers) and the organisation, that there is a marked increase in security, with subtle but visible changes. Perhaps an increase in uniformed officers, with a more proactive stance. This instils confidence and reassurance and is a showcase of your professional and planned response.
Alongside this, keep your C-suite informed about the current threats and potential resulting incidents. It is crucial to gain their buy-in to the measures you aim to put into place, such as restricting access; you can then implement these immediately when needed. It is important to articulate the high-level message: the C-suite wants to know that security has increased, but doesn’t want the technical details.
2. Communicate with key stakeholders
Identify a central contact point or stakeholder for each part of your organisation and have a set of prepared messages to pass onto them in the event of an incident. These messages should set the tone of the response in a calm, measured way, demonstrating that the organisation is well prepared. Include immediate actions to take, useful telephone numbers and reminders of the pertinent policies and procedures. Your stakeholders can tailor and cascade these messages for their area of business, including their links with the supply chain. Ensure there is a central point for providing constant updates and be mindful of any pressure points in this flow, in particular contact centres.
3. Create cohesive partnerships with your security suppliers
Confirm that the incident response plans of those organisations that supply you with security services and products know absolutely what you expect them to do. Build this into the contract you have with them. Your approach and theirs must be seamlessly integrated.
4. Keep security staff motivated
The heightened threat level could be for a protracted period. One of the resulting challenges is maintaining motivation of security staff. There are a number of ways to help your team maintain their focus: rotate guards and refresh training; establish a more frequent reporting regime, perhaps requiring weekly rather than monthly statistics. You can use the results in the Management Information you pass onto the C-Suite: further assurance to them that you are in control.
5. Improve physical security measures
It is crucial to maintain a complete picture of the physical security measures you have in place and areas requiring improvement, together with a clear understanding of the costs to do this. Should there be an increase in the severity of the threat level, you can quickly assess the risks associated with these outstanding improvements and, where appropriate, quickly have them carried out.
6. Plan for the worst-case scenario
Consider the worst-case scenario of losing all networked or powered capability and make sure you have plans to continue. Having some simple preparations in place, such as printed plans and knowledge of where your analogue phone lines are, will enable you to respond quickly. Equally, consider how you will manage without heat and light. Ensure you review and update your plans regularly. But be conscious that people don’t always follow the rules!
7. Be ready for an incident to last
An understanding of where your pressure points are in terms of staffing is imperative. Have plans in place to pull in additional staff, with the right levels of training and experience to relieve your teams. Above all, take account of levels of specialist security or incident response staff and where they are located. Is there sufficient cover?
If you can explore the extremes of possible incident scenarios and the plans you have in place, you can go a long way to ensuring a considered response and a return to business as usual, as soon as possible.
Letitia Emeana, ASIS PSP (Physical Security Professional)
Physical Security Buildings Lead at the Lloyds Banking Group UK (at time of writing)
Board Member, Women’s Security Society