You've got a few security guards and your CCTV system is up to snuff. You've got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.
Tim Giles, a security consultant and author of 'How to Develop and Implement a Security Master Plan,' was once in charge of all IBM Security operations for the US and Canada and today advises clients about how to design a security plan that fits the risk-level and needs of their building. He provides a rundown of some common missteps organizations make when devising a plan to secure their facilities.
1. Creating post orders without advanced analysis
"Most companies don't have an inside person with facilities security expertise," said Giles. "Often the facilities manager will put together a guard services contract and contract services with a company and they really have very limited ideas about how to manage it."
Giles thinks the problem is that an outside contract company will often come into the assignment with their own post orders and place security personnel without first conducting a real analysis of the security needs of the building. And because there isn't an experienced person within the company that understands security, there is no system of checks to ensure the contract security personnel are doing what they should be doing, said Giles. (Read a first-hand account of how easy it is for criminals to get in the door of a secure building in Anatomy of a Hack) Before any contract security services firm creates post orders for a building, they should first conduct a thorough assessment of the unique needs for security in the facility.
"Buildings differ primarily because of who the tenants are," said Giles. "Security needs to evaluate who is in there and what kind of risks they bring with them. Some have a high-traffic volume of visitors. They could be controversial; some might face the possibility of problems with former or disgruntled employees. All of those things dictate what security should be doing at their posts." (See Giles's sample employee termination checklist in CSOonline's Security Tools and Templates section)
2. Placing aesthetics over security
Giles said this mistake can be made as early as when the building is designed by an architect. While ground-level lighting and hidden cameras may be more pleasing to the eye, neither are good for security. Giles said he once worked in a building where the architect had designed all the cameras to be out of sight.
"But someone seeing the camera is 50 percent of the value because it's a deterrent," noted Giles. "When people know they are on camera, they are much less likely to do something wrong."
Another common design Giles sees that makes him cringe is shrubbery that runs along walkways and sidewalks.
"Suddenly someone who wants to rob someone has a nice hiding place," he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.