Like it or not, in today’s world, it’s not just the security staff who are responsible for ensuring a safe and secure environment within an organization. The reality is that security is everyone’s job. Therefore, the safety and security of an organization relies heavily on employees’ vigilance, combined with having technologies in place to provide situational awareness and enable people to easily report anything out of the ordinary.
In the past, willingness to take an active role in the security process and the lack of usable tools for those who wanted to report to management were major stumbling blocks to putting good security practices in place. However, these two limiting factors are changing fairly rapidly in the “if you see something, say something” reality of our daily lives.
Unfortunate events, such as last year’s Boston Marathon bombing, have brought the importance of more widespread participation in security and risk mitigation into our collective consciousness. It exists in both our personal and professional lives, and for businesses, it has taken security from the guard shack to the C-suite – and every level in-between – which is a very good thing.
For some time, one of the main reasons for people’s hesitation to participate in their organization’s security has been fear of retribution from co-workers and/or supervisors, or the public-relations damage to a brand or company that can come from exposing a risk. In our current environment, those fears have largely been minimized to the point where today, those who speak up are often praised for taking action and being good citizens of both the organization and society in general.
Increased awareness and willingness to participate have had positive impacts on safety and security, but there is still work to be done. Unfortunately, no matter how willing an organization and its employees are to embrace a top-to-bottom approach to security, without reporting tools that are easy-to-use, the kind of communication necessary to transform theory and willingness into action just won’t happen.
The good news is that a wealth of systems, processes and tools have emerged in the last five years to make it very easy to relay information to management for review and action. Security portals, for example, offer a variety of reporting options, visibility for upcoming events, BOLOs (be on the lookout) and other tools that make it possible for every member of the corporate community to interact with security and investigations.
Education. Now that these major hurdles – employee participation and adequate tools – have been addressed in recent years, the final vital ingredient for creating and fostering a collaborative environment is education. Most people within the corporate community may understand that security’s main function is to protect rather than police, but this message must be continually and regularly reinforced. On the technology side, any software tools used for security should be demonstrated – multiple times, if necessary – to overcome any intimidation on the part of personnel and ensure the highest possible adoption and usage rates among the corporate community.
Internet of Things. Additionally, the once-predictable flow of information within organizations is also undergoing change thanks to the phenomenon known as the Internet of Things (IOT). Sensors embedded in everyday objects (refrigerators, roads, lighting fixtures and more) are linked through wired and wireless networks and can generate large amounts of data with no human intervention required. For example, security personnel can gather information from sensors in doors, building automation systems, and systems that combine video with other technology and sensor data to provide decision-makers with greater real-time situational awareness.
Social media. Networks and platforms, like Twitter, also serve as potential vehicles for reporting and alerting, so it’s important that security personnel not only consider but embrace them. Consumers and customers increasingly use and rely on these channels to communicate directly with brands and companies. More likely than not, an organization’s personnel may have that same level of comfort with these platforms as well.
The human element. With all the technology available, it’s important to remember the importance of the human element in security. We’ve long understood that there’s both power and safety in numbers, and security may be the one area where this is most true. When people work together to create a more secure environment, everyone benefits. The combination of proper education and training in situational awareness and the tools and resources needed to address risk and incidents, security management can build a highly effective security awareness program that will benefit the enterprise at all levels.
The larger the pool of information organizations can collect and analyze from a wide variety of sources creates an environment of heightened security within an organization.
It’s said that information is power, and perhaps nowhere is that more true than in the security realm. Therefore, the more available tools there are to integrate into a security strategy, the better.