Given the current security climate, it is important to assess where your company stands in the midst of increasing Government Security Legislation, developing terrorist threats, not only from International elements such as ISIS, Hamas, Hezbollah, Al Qaeda to name a few, but also from home grown terrorist factions. In addition there are ever-increasing workplace violence events, as well as increasing liability issues, and the ever increasing need to protect your assets whether it be loyal staff, sensitive data, costly infrastructure, inventories, or other types of assets.
The serious risk of Negligent Liability would suggest that company and facility security encompass a growing number of issues and potential situations.
- 1). What is the Credible Threat Level facing the company?
- There is a substantial cost difference between protecting against State Sponsored Terrorists and less extreme criminal acts.
- 2). What are the company’s most Critical and Important Assets?
- It is not logistically possible to protect everyone and everything, thus security resources should address, as a minimum, the most critical (important) assets without which, operations and business would cease for the company.
- 3). Are the company’s security systems and measures based on sound Design Criteria, and accepted standards and guidelines within the Security Industry?
- If not, and in the event of an incident, the company may have a problem in defending itself in any legal action, particularly from alleged negligence.
- 4). Do the employees take Safety and Security for granted?
- Security Awareness and Crisis Control training could be the difference between prevention, and certainly being able to adequately deal with the consequences of an event.
- 5). Is there a Mass Notification System in Operation?
- Are Employees Trained to Enact an Active Shooter Program, should there be such an Event? Violence in the Workplace is increasing, and an effective Instant Alert system coupled with an Active Shooter program could significantly lessen the risk and potential damage of such events.
- 6). Are Current Security Measures based on the results of a Security Vulnerability Assessment (SVA)?
- Almost all security legislation requires an SVA with good reason. An SVA will provide the answers to the questions raised in (1 – 5 above), and if done correctly, becomes the basis of a corporate security plan. Such a document can also be the basis for applying for a variety of grant funding available from State and Federal sources for security systems and measures.
- 7). Does the company Test and Evaluate its Security Measures on a Regular Basis?
- Human ingenuity and technology are constantly changing. It pays to ensure that your security is up-to-date and still effective.
- 8). What regulatory requirements do I have to comply with regarding data security?
- Examples include Sarbanes Oxley, PCI-DSS (processing credit cards), HIPAA, state identity theft prevention laws, and others.
- 9). What are the ramifications of non-compliance, or data breach?
- The company could face Fines, Loss of Reputation, Loss of Business Functions (e.g. processing credit cards), Cost of Client Reimbursement for ID theft protection, etc.
- 10). What is the company’s Information Security Status at this moment?
- Has the company carried-out Substantive Testing of Existing Policies/Procedures (or lack thereof)? Has the company conducted penetration testing, investigated social engineering, or executed a wireless technology audit, etc.?
- 11). If Tests have been conducted, has the company taken action to Improve its Position?
- Password policy, data segregation/classification, acceptable usage policies, incident response plan, disaster recovery plan, etc.
- 12). How Often does the company Monitor its Position with respect to Data Security?
- Information Technology operates within a very Real-Time Environment Environment and given the incidents of data breach that has occurred, particularly for businesses in the Western Hemisphere, constant monitoring is now a priority.
Every organization should be aware of the ever increasing threats to their operations ranging from all forms of terrorism, workplace violence, industrial sabotage, data breaches, theft, infrastructure damage, possible contamination and deliberate pollution and a host of other potential threats.
At the very least, management should be asking the twelve questions referred to above and taking action when the answers are less than desirable, or unclear. Prevention is a far more viable policy than attempting to recover from a serious security incident. It should also be noted that Negligent Liability is not to be treated lightly, but can be avoided by following one or more of the steps suggested below.
What Can Be Done at reasonable cost, to ensure that the company is adequately protected?
Wivenhoe Management Group can provide any, and all of the following:
- Vulnerability & Threat Assessments (All Methodologies)
- Security Training
- Security Oversight
- Security Commissioning
- Security Audits
- Specialist Data Security Services
- Design Engineering & Design Criteria
- Security Legislation Compliance Checks