7. Determine who is responsible
Irrespective of the size of an organisation, someone has to take overall responsibility for security. It might be the MD’s PA, the office manager or the FD, but the person needs to know they’re in charge. This is particularly important in the event of a fire, robbery, explosion or other emergency, as a designated person will need to manage the crisis and make sure that the necessary safety procedures are implemented correctly.
8. Educate internal stakeholders Resilience for SMEs
2. Carry out a comprehensive risk and threat assessment
Once you have a general idea of your threats, carry out a comprehensive risk and threat assessment. Undertaking an in-depth analysis of your activities and facilities will help you to identify the most appropriate security solutions.
Do you store a large number of high value items, for example, which would seriously threaten the continuity of your business if they were to be stolen?
Do you have sensitive manufacturing or IT equipment which needs to be kept secure? Are you in a multi-tenanted building?
Work out what’s the worst thing that could happen to your business and plan accordingly.
Also, be aware of what’s happening in the wider world and understand whether any events have safety implications for your organisation. For example, if you’re in the meat production industry and there are attacks on organisations in this sector, you may need to change your strategy and update policies.
3. Put together a security strategy
Once you’ve identified your threats, then put plans in place to mitigate them. You may prefer to use a security consultant to help you, but it’s perfectly possible for a small business to research the various options and create a coherent and effective security strategy. You should consider a mixture of physical security – fences, gates, doors, windows – combined with security personnel – officers and even dogs – and electronic security – cameras, sensors, alarms etc. An integrated approach is the most cost-effective and most powerful.
4. Don’t forget cyber security
Many organisations find themselves under constant barrage from hackers or phishing scams, including online systems being compromised by people purporting to be company directors extracting cash or information from employees. Hackers have even targeted building management systems and used them to access an organisation’s network. Work with your IT colleagues to devise a strategy for dealing with cyber attacks and include it in your physical security strategy. They should be completely integrated to be successful.
5. Be discerning when procuring advice and services
If you seek advice, look for professional credentials such as the Chartered Security Professional designation, and/or membership of the Security Institute, or Association of Security Consultants. Anyone can call themselves a security consultant, so ask for references and follow them up. Likewise, when looking to employ an external security service, only use companies that are designated as approved contractors by the Security Industry Authority (SIA) and make sure that their people are licensed.
6. Allocate the necessary budget
Make sure that there is money allocated to support the strategy. Some of the investment can be categorised as Capex and some as Opex, which may help mid-year expenditure. Ensure that security has a protected place in the budget in future years and always build in contingency – security needs have a way of changing quickly and you don’t want to be arguing about investment in the middle of a disaster.
© CI TY S ECUR I TY MAGAZ INE – AUTUMN 2 0 1 9 www. c i t y s e c u r i t yma g a z i n e . c om
Everyone thinks that security is someone else’s responsibility, so it’s important to educate everyone in the organisation about their personal role in keeping people and property safe. It could be as simple, but crucial, as making sure windows and doors are locked or setting the alarm. Or people may have more complex roles in the event of an emergency. Depending on your specific risks, you may want to educate people on how to identify and respond to potential dangers. This will also give them confidence in your organisation’s ability to manage threats appropriately.
9. Everyone needs good neighbours
It is surprising how many businesses don’t communicate with their neighbours. Sharing concerns and passing on information can often help prevent unwanted and antisocial activity, as well as help to combat bigger threats, so make sure that those in a particular area are aware of any incidents that might affect them. This includes liaising with the police and being aware of local crime trends.
10. Don’t file your security strategy away
Once you’ve completed your security strategy, secured the budget and introduced the new way of doing things, it can be tempting to congratulate yourself on a job well done and put the security strategy in the filing cabinet. But just as you test a fire alarm on a weekly basis, you should regularly test your security strategy. Consider using a mystery shopper to test out your security procedures and see if they can gain access to your building. Don’t warn staff or your security partner first, so you can get a realistic picture of how good your systems are. Continually review what you do and how you do it and any potential intruders or attackers will move on to softer targets.
Mike Bullock CEO
Corps Security www.corpssecurity.co.uk
| Page 2
| Page 3
| Page 4
| Page 5
| Page 6
| Page 7
| Page 8
| Page 9
| Page 10
| Page 11
| Page 12
| Page 13
| Page 14
| Page 15
| Page 16
| Page 17
| Page 18
| Page 19
| Page 20
| Page 21
| Page 22
| Page 23
| Page 24
| Page 25
| Page 26
| Page 27
| Page 28
| Page 29
| Page 30
| Page 31
| Page 32
| Page 33
| Page 34
| Page 35
| Page 36