"Security" for Your Business
It is with both pride and a certain amount trepidation that I have been asked to write a column every two weeks that outlines how security, as a necessary business requirement, can be effectively integrated into any company or business environment.
A daunting challenge I have chosen to embrace, and with a little patience and some feedback from the readers, I hope to provide some practical and useful advice along the way.
The word ‘Security’ within a business context often conjures up a varied response on what this subject entails. Dependent upon the individual’s experience, knowledge or exposure to it, this could simply be a uniformed guard at the front gate, CCTV cameras monitoring people leaving and entering the building, or the introduction of specialist software that tries to prevent hackers from accessing their systems and disrupting their business operations.
The security structure - as well as its ultimate purpose within an organisation - is very much dependent upon what the business does, and what the identified risks are.
Before a company decides on the type and function of its security structure, it first needs to understand what is trying to protect itself from.
Many organisations often skip over this critical requirement and either end up with too little/too much security or worse, the wrong structure altogether. If you are a company that is serious about rationalising every penny that is spent, this cost needs to be justified and the system employed needs to meet the anticipated threats.
The first step is to undertake a Security Risk Assessment which should comprise of two elements. The first is the Threat Analysis which will identify and define all known and perceived risks that your organisation and business operations are expected to encounter.
Examples of the risks that need to be considered include any exposure to criminal activities (internal and external), extremism and terrorism, environmental and health, political and economic stability, location of assets and proximity to others, as well as the reputation and public perception of the company and its operations.
In addition to threats, you will also need to consider the locations for the buildings and assets that are being assessed. Each location could have a different risk and threat exposure which is amplified dependent upon how geographically spread out they are.
Once all perceived risks have been identified, they need to be evaluated as part of a risk matrix that considers and evaluates the consequence and likelihood of an event taking place and the effects it would have on business operations.
The evaluation and scoring system can be kept fairly simple by using a rating of 1-3 and a clear guide for what constitutes the level of consequence.
Once all the threats have been identified and the risks evaluated, you are ready to assess what you already have in place, or if a new build, what solutions you need to put in place to be operationally effective and cost efficient.
I will save this next step for the next article…
* Le Beck CEO Anthony Tesar has extensive military and corporate/public sector experience in the Middle East, Europe, Africa, the Americas and Asia in implementing practical solutions in protecting corporate reputation, facilities, employees and senior executives, and acting as an independent security advisor/auditor. He can be reached on CEO@lebeckinternational.com