In his first blog for Infologue.com, Noah Price, Head of the G4S Academy, provides an overview of the security threats faced by many businesses in the post-pandemic world while also covering some best practices.
With the current threat to the UK from terrorism rated as ‘substantial’, meaning that an attack is likely, terrorism is one of the biggest security concerns for many. Attacks could potentially occur at any location. Preventing them is challenging, with the target usually an individual choice that cannot always be anticipated. Activist groups that could pose a threat include Extinction Rebellion, Insulate Britain and the anti-vax movement, with the likelihood of an increase in activity through Spring of 2022.
Protests against Covid vaccinations are carried out by a wide range of different groups and individuals. According to an investigation by The Times, some anti-vaxers are turning to extremist beliefs and advocating violence against healthcare workers.
The trend for people to trespass into buildings to explore, climb and post videos of their activity, poses a significant threat. Risks include physical danger to the climber on a business’s property, legal action against the building’s owners if the intruder is injured or killed, disruption to business operations, particularly if an evacuation is required and damage to property. As content is usually posted on social media, there is also the risk of reputational damage and of hostile reconnaissance being available to organised criminal gangs and terrorists.
Insider threat can take many forms. It could be:
- A ‘deliberate insider’ that obtains employment with the intent of abusing their access.
- A ‘volunteer/self-initiated insider’ who obtains employment without intent to abuse their access, but at some point, decides to do so
- An ‘exploited/recruited insider’ who obtains employment without intent to abuse their access, but at some point, are exploited or recruited by a third party to do so
- An ‘accidental insider,’ who by their actions might inadvertently leak information or provide other types of access, either because they haven’t received adequate training, or because they have been asked to undertake an action that they don’t recognise as being something they shouldn’t do.
Accidents can happen at any time, and there is also the chance that organisations could be affected by fire, flood or another natural disaster. Covid is a threat to security on many levels, from risks associated with new ways of working to potential staff shortages. The pandemic has led to significant changes in ways of working and this has made cyber security, as well as physical security, a real challenge for many organisations.
Many organisations focus on securing physical items and equipment. However, laptops, dongles, and even employee passes used remotely can be vulnerable to theft and the loss of these devices can often lead to an increased risk of data theft.
Altercations can take many forms including conflicts between employees, or issues with voyeurism or harassment from within or outside the business.
Here is a reminder of the key elements that need to be in place, in order to achieve good security to help stay ahead of the threats. With regular risk assessment and planning the foundation of good security, it’s important to consider whether the organisation’s risk assessments and plans are up to date.
Have there been any changes in the assets that need to be protected? People, property, information or reputation? Have the threats to these assets changed or evolved and are there any new or changed vulnerabilities? Does the security plan still protect the assets with appropriate integrated security solutions, or are there any weaknesses or gaps?
In the same way that businesses use penetration testing to test cyber security, physical security should be tested against various scenarios. Table-top exercises can be an excellent way to identify possible weaknesses and ensure preparedness in advance of a real incident. They should use relevant scenarios and identified threats to help test mitigation plans and training.
With threats constantly evolving, it’s more important than ever to focus on training. Organisations benefit hugely from thinking about training in a more holistic way. While security officers must receive training that is relevant to their customer’s assets, procedures and identified threats, clients can also benefit by encouraging their employees to take part in relevant security training and by involving the security team in their own in-house training.
The best security solutions will be achieved when security providers and clients work together, sharing desired outcomes, plans and information as part of an iterative process. This close collaboration can also lead to cost and time savings.
Developing and sustaining an effective security culture is a vital part of an organisation’s personnel security regime. Getting the culture right will ensure that employees are security-conscious and think about how to protect the information and assets that they have access to at work.
Good security utilises insights and shared information, while also using best practice from first responders. In addition to providing an excellent security service, security officers must be friendly, reassuring and well-trained in communication skills.
With threats constantly changing, organisations can benefit from new approaches. Adopting emerging technologies, may improve security, while also making it more efficient, welcoming and reducing costs.
Finally, security that is integrated, or planned holistically, is likely to work better, because it has been designed to ensure that there are no gaps to be exploited.
Physical security will work best when expertise, security professionals, technology and data analytics are considered together. In the same way, physical security should not be considered in isolation, as it is intertwined with personnel security and cyber security.