How Do You Conduct A Security Assessment?


Adequate and assuring security is needed in every organization. There is the obvious security presence that we can visually perceive in the form of guards, frisking and scanning. However, there are other more subtle and often more effective security methods employed in most workplaces.

So, how do you conduct a security assessment?

1. Take stock of risks, physical as well as cyber in nature.

2. Devise methods to avert these risks.

3. Make sure all security devices and personnel are updated.

4. Be aware of threat perceptions.

5. Hire trustworthy agencies to provide personnel.

6. Conduct regular drills to check for readiness.

Providing employees with a safe and secure environment to work in is one of the prerequisites of an organization. The kinds of security threats an office faces depend on a lot of factors. To be able to counter them effectively while remaining productive is the need of the hour. It is worth mentioning here that ensuring a secure environment is a two-way traffic. Employees have to be participative and responsive in equal measure to be able to carry it off successfully.

Identifying the different security challenges faced by organizations

Safety and security of any organization is specific to the kind of business conducted within its premises. An educational institution will have entirely different security concerns as opposed to, say, a manufacturing unit. Still, the types of security threats faced by any organization can be broadly divided into three different categories:

– Physical security

– Cyber security

– Legal security

We go on to take a detailed look into each of these security aspects and what they entail for any organization. Only when one has a thorough understanding of the different security threats can they make adequate arrangements to address the same.

Physical security challenges

There are multiple aspects of physical securityOpens in a new tab. risks that employees and companies alike face in an organization. Providing electronic keys, name tags, biometric locks, and CCTV surveillance are some ways to counter physical security challenges. Read on to find out about different physical security threats in greater detail:

1. Fires

Any building or facility is prone to fire threats at any time. From careless employees forgetting to stub out a cigarette to a short circuit in the electrical supply or a malfunctioning electronic device, anything could trigger a fire. If you are lucky enough to own an office property that has open spaces it might be easier at times to mitigate the effects to some extent. Closed office spaces pose a larger risk of fires spreading and engulfing rooms and floors easily.

Not only does a fire outbreak endanger human life, it poses immense risk of loss of important documentation as well as untold damage to office property. This is all in addition to the loss of manpower, man hours, time and resources. An insurance claim will take care of material losses no doubt, but that will not compensate for irreparable losses in terms of manpower and resources. Installation of automatic fire detectors is a must in offices. Fire extinguishers that do not use water need to be spaced at regular intervals to avoid fires from spreading.

2. Thefts

Speaking strictly in terms of physical thefts here, there is huge loss of revenue to companies when dealing with thefts on the premises. These range from innocuous things like stationary, for example writing pads, pens, mouse pads, data, earphones, pantry items, cutlery, crockery, etc. to bigger things that can be anything at all. There have been recorded instances of people moving off with computer hardware also.

Security systems have to be in place to take care of such eventualities. Use of CCTVs, scanning and frisking people when entering and leaving the workplace, keeping an eye on employees with a previous track record, etc., are ways to counter physical lift-offs. Having biometric locks and restricting access to sensitive zones is another way to prevent physical thefts in office premises.

3. Mob violence

Industrial relations are a sensitive area to handle for big organizations that have a labour intensive profile. This happens because labour is normally large in number, much more compared to the so-called white collar workforce. And they are the ones who are doing the actual hard work. This is majorly applicable to production based companies who have to rely on their large workforce to get their production line going smoothly and efficiently. There are targets to meet and finished goods to deliver.

The problem arises when disgruntlement within the workforce in used by labour unions and other such parties to arm twist the management into acceding to demands. It is another matter altogether that these demands might or might not be justified. What bothers organizations is that this huge manpower can on rare occasions break out into provoked/unprovoked mob fury over unmet demands. The damage and physical harm that can result from such situations can get out of hand easily. It is logistically not possible to keep on standby a huge preventive unit of strongmen or use strong arm tactics all the time. This could actually work against the company and be perceived as unfriendly attitude by the workers. It is better to always have representatives of the management in constant touch with the ground and CCTVs capturing every event to be able to act decisively in case of any unfortunate occurrence.

4. Vandalism 

As in the point discussed above, sudden outbreak of mob violence among disgruntled employees can occur at times on premises. When such a large body of agitated people are expressing their displeasure over a situation, many a time they might resort to vandalism. There really is no way to intervene in such situations at that particular point in time. Nor can any company take measures to ensure loss of assets due to such occurrences. The best thing is to not let such situations occur in the first place. In case of any such occurrence, there is often immense loss to the organization. CCTVs and presence of security personnel might help in countering such situations to a small extent.

5. Electrical failures

What does not run on electricity these days? From the coffee maker in the office to the computer to the heating/air-conditioning, lighting, projectors, everything one can think of. Security camerasOpens in a new tab., fire sensors, automated doors, computers, electronic devices, all draw their energy from electrical sources. In the case of sudden failure or shutdown of power supply, the effect can be crippling for a company. This necessitates adequate power backup at all times in good working order.

6. Natural calamities

Where your office premises are physically located can add another security dimension to the scenario. What we mean here is the geographical location and how prone that area might be to natural calamities. There are some occurrences that are not predictable or not the regular pattern in a particular area. For example, consider unseasonal heavy snow or torrential rains and problems caused by the same. In other places, like those offices that are in earthquake hotspots or proximal to large water bodies like the sea, there needs to be a system in place to counter threats thereof. For instance, rising sea waters can cause untold damage to property and infrastructure. Similarly earthquakes can create havoc in the premises, not to mention possible loss of lives and property as well. Buildings have to be constructed with such possibilities in mind so that any eventuality can be countered to the best of abilities. Robust evacuation plans of personnel, property and data is of utmost importance in such cases. Securing computer systems against lightning strikes and the ill effects thereof is also essential in order to ensure continuity of operations.

7. Trespassing 

Unauthorized entry of office personnel into certain areas is another problem that poses grave security risks to an organization. Additionally there is the possibility of outsiders trespassing on your property and causing damage. At every access point, there needs to be a system of checks in order to prevent such occurrences. Digitally protected locks, physical presence of security personnel, manning entrances and exit points over CCTV along with constant monitoring are some ways to prevent trespassing. Companies with huge grounds and precious cargo lying outside, for example automobiles or shipping companies, are some that find trespassing a big challenge to their setup. A large number of security personnel are needed to man these large areas in order to keep a check on such instances. Fencing, locks, laser monitoring, and biometric cards for access to sensitive areas are ways to keep intruders out.

Cyber security challenges

Increasing dependence on computers for every facet of running a business has made life easier for corporations. There is increased automation and ease of running business. However, it also exposes systems to cyber breaches that can jeopardise operations to a crippling extent and bring disrepute to an organization. Data can be extremely sensitive when it comes to higher stakes like counties and their defence, nuclear installations, banks, nationalized institutions, e-commerce websites, and innumerable others. Unauthorized selling of data can lead to compromised customer identity, even theft of identity. Securing data is of very high priority. Here are some scenarios where cyber security can get breached:

1. Data corruption or loss 

Data is king in modern times. Everything is data. Whether it is a small startup or a multinational, lots and lots of data is being generated by everyone. This data is more precious than even the product or the idea that is being created by the company. Data is the driving force behind how the future of the company and its products will be shaped. What ought to be the marketing strategy, what is the status of competition, how is the product placed on web searches, and much more is determined by data mining. With all of this data being stored in the digital format, it is a dual-edged sword for users. While it is very easy to store and retrieve as well as classify, it can also get corrupted easily or worse, lost. This is one of the biggest challenges that companies face these days.

2. Leakage of sensitive data

It does not matter if your organization is big or small, just starting or established; you are bound to generate loads of data at any point in time. Most data is by nature private and carries a host of information about the company and its products. Storage of data in a way that does not compromise privacy is of primary importance these days. Even a few years back, this aspect of storage of data was ‘each to their own’. However, repeated leakage of sensitive data as well as volume of data to be managed has since led to cloud storage.

Additionally there are companies that manage your cloud and are responsible for safety of data as well. Investing in cloud storage and management makes sense for big corporations and sensitive institutions dealing with national defence or other equally vital matters. On a smaller scale, organizations need to ensure thorough checking of personnel with access to company data and ensure there are no devices on them to transmit confidential data.

3. Unauthorized data access

All steps must be taken to prevent unauthorized people from gaining access to confidential data. This can be done by having adequate systems in place. CCTV and physical checking as well as online activity monitoring are some ways to ensure there is no trespassing by unauthorized individuals. Setting up layers of cyber security, biometric scanners, and password management along with firewalls in cases of security breach are some methods by which one can ensure that only trusted personnel have access to data.

4. Phishing

Phishing is just one form of internet usage liability that hackers use to steal sensitive data. As companies engage in routine data protection routines and set up new ways to guard data, so do hackers come up with ingenious means to get their way. Comprehensive employee education needs to be part of a company’s strategy to guard against phishing. Sensitive company data might be stolen even through innocent appearing websites that are targeted towards this. There needs to be a series of security layers when employees access the common data bank or use the company laptop. This is because inadvertently they might be the target of a phishing attack. Continuous upgrade of security and making the shared network infallible to such attacks is the duty of the IT department of any organization.

5. Trojans/malware

Of course every computer network in an organization has effective antivirus software installed. Point is how effective this is. Trojans and malware have a way of harming systems and completely wiping off precious data in a matter of minutes before anyone even realizes what happened. Installation of the latest antivirus software that updates itself daily to fight newer and more harmful malware is an investment made towards effective cyber security. Again, employee education is a must in such cases. This is because, like their name suggests, Trojans come in the disguise of legitimate software and it takes expertise and education to be able to subvert them.

6. Usage of social media

Everyone is on social media in some form or the other these days. And most social media platforms are very intrusive. User details and other sensitive data can be teased out without the user being aware. Consents and permissions are often cloaked to yield information in a way that most people do not even realize. This is why many companies take steps to block social media usage completely within company premises. All manner of connectivity while in office is usually encouraged over company approved media. This helps to curb data leakage and data poaching to a large extent.

Legal security challenges

There are laws governing security and safety of employees and organizations alike. These are specific for countries and further refined for different organizations given the nature of their work.

– People in charge of handling legal security in organizations need to be completely conversant with labour laws of the land as well as company laws. A competent legal cell is needed to tackle any sort of lawsuits that might arise, from within the organization as well as from outside. There are different kinds of legal challenges that companies face, from patent infringement cases to insurance settlements and many more.

– An increasing focus of legal services is addressing sexual harassment offences at work. With an increasingly mixed workforce and close interaction between genders, this aspect of legal recourse is growing stronger by the day. Both genders are more and more aware of their rights. There are stringent laws regarding workplace behaviour and what constitutes infringement of privacy and accepted behaviour. Some countries are more aggressive than others in respecting gender equality as well as in enforcing such laws.

– Each employee working in an organization has entitlements allowed by the charter of the organization. They can seek recourse to legal means if they feel their rights infringed upon or violated at any point in time. Similarly the management has rights too under the same charter and rules set by the company. When amicable settlements of disputes fail, they have the option of seeking legal recourse to settle the issue.

– Infringement of copyright and patents is another area where legal security comes into the picture. Fiercely protected and coveted by companies and open to poaching by competitors, legal security is always needed. Organizations put in lot of effort and funds into research and development to come up with ideas and products. These are assets owned by the organization. They will go to any extent to protect the same.

Bigger the size of an organization the larger is the legal security cover requirement and scope for infringement. This is an aspect of security that needs careful attention and utmost readiness on part of companies. Engaging in a legal tussle takes a toll on time and precious resources while eating into productivity and diverting focus towards these issues. A competent legal cell that is well versed in handling any kind of legal fallout needs to be on board to help an organization on its way forward.

How to conduct a security assessment?

Security threat is a very real issue in the modern work environment. In fact providing safe and secure working conditions for its taskforce is something that is incumbent upon any company, irrespective of its size and scope. Read on to know details of how to conduct a security assessment:

1. Have an assessment team in place

The CEO of a company normally heads a team that looks into security threats. This drives home the importance of security for any establishment. Heads of all departments of an organization need to find a place in this team. Each will have their own take and inputs into what the vulnerabilities are. They need to put their heads together and make a report to be worked upon.

Once a comprehensive action plan is put in place, the next logical step would be to assign people and departments to take care of various forms of security issues. It is pertinent to note that the assessment team’s job does not get over with this. Security evaluation and assessment is an ongoing process that needs focused attention at regular intervals. A security threat or breach can happen at the best protected installations. All efforts must be made by the team to keep safety and security of their assets, including manpower, in order.

2. Review existing security rules

Most organizations begin their operations with some basic things in place; workplace securityOpens in a new tab. is certainly one of them. Assuming you already have security plans in place, it is needed that there is periodic review. This is necessitated by changing business scenarios as well as emergence of newer threats. The security scenario is dynamic and a company needs to be able to keep pace with this. In the unlikely scenario you do not have a security policy in place yet, NOW is the time. It is unwise and highly irresponsible for a workplace to compromise on any kind of security. There are precious human lives as well as numerous real and virtual assets at stake. Staying updated with renewed forms of security challenges is the only way to counter these. The alternative scenario is very bleak where laxity regarding security measures leads to irretrievable losses to company in terms of assets as well as reputation of the brand.

3. Evaluate threats and weaknesses

Timely and regular threat evaluation is a must to keep up with security concerns at all times. Keeping in mind past experiences of your own company as well as those of competitors helps in evaluating security threats. It might not always be possible to be objective when assessing threats to one’s organization. Alternatively it is also quite possible to be overly sensitive to perceived threats. The presence of an external agency to do the same is quite practical. Such agencies provide professional services at a price of course, but you gain valuable perspective into possible new forms of threats. Only when you are aware can you design and put in place deterrents to counter the same. Professional assessment followed by advice on upgrading security arrangements comes in handy to secure an organization on all fronts, be it physical, cyber or legal challenges.

4. Create a database of assets

Everything that a company owns, any kind of asset at all, financial, data, immovable assets, land, as well as employees, needs to be in a secure database. This is a job of primary importance for any organization. This helps in ready reference to find and locate any anomalies. At any given point in time, the assessment team can simply refer to their database when preparing reports on security. In the same way, it is much easier to present the whole picture to an outside agency in a nutshell. Evaluating and redressing security loopholes gets much more sorted when there is a database of all assets.

5. Extrapolate breach likelihood

The security team has to visualize and extrapolate any scenario in which a security breach can occur. Any kind of security threat, physical, legal or cyber can be breached. The job of the security team is to assume that whatever steps an organization puts in place, the security ring can and will be breached at some point in time. This helps in keeping the security arm on their toes and helps avoid any kind of complacence from setting in. Each kind of security concern requires different kind of action. Teams handling these concerns need to stay updated about every kind of threat assessment. They also have to best their attackers and stay a step ahead.

6. Assess impact of breach

How would a breach of security at any level impact the organization? It is a vital question to be answered when it comes to security issues for any company. Every department has its own take on security and what they are likely to lose or compromise in case of a breach. Whether it is financial, clients or loss of brand value, these take a beating in case of a breach. Assessment helps not only in tightening security but also work on backup plans so as to lessen the impact.

7. Make plans to meet contingencies

As discussed above, a thorough security assessment takes into account possible routes by which a breach can occur. The obvious next step in this is to have plans in place in the case of such an occurrence. From building firewalls for cyber security to creating backup data and updating passwords and adding layers, there are many things a company can do to handle the import of a security breach.

8. Entrust reliable agencies with your security

Whether it is physical security we are talking about or cyber threats, it is a good idea to hand over the responsibility to a professional agency. Especially in cases of cyber threats, an external reliable agency is likely to do a better job at managing security. Companies of all hues are dependent upon IT and computers to carry out their day to day work. With rampant digital presence comes the threat of digital security. An external agency that is qualified to deal with security in all its forms will do a professional job at such times.

9. Conduct mock drills to test readiness

Having the best security plans in place, but on paper, is of no use to an organization. The team in charge of security has to make sure there are mock drills from time to time in order to check readiness. Such drills also help pinpoint areas where a company is more vulnerable. These areas can then be fortified to counter any real threats.

10. Employee education

Once the security assessment team is done with its review and recommendations, a security panel can be set up to carry out the necessary tasks. It should also be remembered that security is an area that requires the cooperation of employeesOpens in a new tab. to the fullest extent to make it a success. Regular security seminars are mandatory at the workplace to ensure every person is on board regarding security requirements and knows how to contribute to it.


Check out other Topics:

CoworkingOpens in a new tab.TechnologyOpens in a new tab.StressOpens in a new tab.WellnessOpens in a new tab.SustainabilityOpens in a new tab.Workplace ProductivityOpens in a new tab.Employee ExperienceOpens in a new tab.Hot DeskingOpens in a new tab.


Related questions

Who is liable for security breaches? Even though individuals are responsible for any compromise, either wilfully or inadvertently, if this happens while in the employment of an organization, ultimately the company has to shoulder the repercussions. It is always better to be safe than sorry.

How effective are canine friends? A lot of physical security is provided by armed security personnel as well as personal bodyguards. In addition to the human component, many workplaces employ canines to help out. Friendly but effective, canines can literally sniff out trouble at specific kinds of workplaces.

Does too much security put off people? Many people are found to take personal frisking and scanning a bit too personally. This is not the right attitude. Security encompasses everyone and is not targeted at any particular individual unless a repeat offender. Being cooperative saves time and trouble for everyone.

 

Steve Todd

Steve Todd, founder of Open Sourced Workplace and is a recognized thought leader in workplace strategy and the future of work. With a passion for work from anywhere, Steve has successfully implemented transformative strategies that enhance productivity and employee satisfaction. Through Open Sourced Workplace, he fosters collaboration among HR, facilities management, technology, and real estate professionals, providing valuable insights and resources. As a speaker and contributor to various publications, Steve remains dedicated to staying at the forefront of workplace innovation, helping organizations thrive in today's dynamic work environment.

Recent Posts