4 New Year’s Resolutions for Security Directors
As we start the New Year, most of us have personal and professional goals to which we aspire. For security professionals, we recommend the following resolutions to help make 2018 a successful, uneventful one for your organization.
1. Update and test the business continuity plan (BCP). Beyond the dangers of a national emergency, every organization needs a current, robust plan to recover from a crisis. In recent years, companies across the country have experienced disruption from weather emergencies. Advances in cloud computing and increasingly remote workforces are two developments that can have a dramatic impact on a BCP. The breakneck pace at which technology continues to transform business practices makes annual review and testing of BCPs more important than ever. Today, the plan should include procedures that apprise organizations of employees’ whereabouts—particularly when key personnel are traveling. Putting a plan on paper is not enough; companies need to conduct a tabletop exercise and drill at least annually.
2. Establish (or enhance) an active shooter policy. Every company should have at least a basic policy that is communicated to employees. The U.S. Department of Homeland Safety publishes a guide that organizations can use as a starting point. In reviewing the active shooter policy, security directors need to keep in mind that the threat has increased. More shooters are forgoing handguns in favor of assault weapons. By the time police arrive, the assault is typically over. Contingency plans should include safe rooms where employees can retreat. In addition, organizations need clear guidelines regarding who closes and locks the door and when. Similar to BCPs, active shooter plans should also be tested annually with a combination of tabletop and live drills.
3. Ensure vendor compliance with internal screening standards. Many organizations have strict background screening standards for their employees but don’t extend those requirements to vendors that provide contract or temporary personnel. As some companies have learned through repeated incidents and infractions, external partners may perform minimum screening to fulfill a vague contractual obligation. Outline the basic requirements for vendor background screenings in the security policy. At a minimum, service agreements should include this specific language. Preferably, the host organization should identify a trusted third party to ensure consistent screening standards for all on-site personnel.
4. Perform penetration testing at key locations. While security protocols may appear iron-clad on paper, most are surprisingly easy to overcome. Resolve this year to put access control to the test: inspect perimeter fencing, check for blind spots in CCTV monitoring. Internal personnel can conduct preliminary testing, but organizations should consider contracting a qualified third party for unbiased reporting. Testing should focus on vulnerable entry points, testing the physical, human and technological aspects of the security program.
For information on how Sunstates Security can help your organization implement these resolutions, call 866-710-2019 or email us.