What does your security audit say about you? Corporations are best served through a comprehensive, rigorous, frequent audit process. This serves several purposes as it can identify weaknesses in your infrastructure, policies and procedures, information security. It provides a due diligence to demonstrate that any potential liabilities are being monitored and addressed. It also can justify expenditures to correct any security shortcomings and finally it presents an image to employees that the company takes both security and safety seriously.
Consider this – the Tazreen Fashions Ltd. fire in Bangladesh, India on November 24, killed over 100 garment workers. It was learned afterwards that the owner was unaware of the need for emergency exits. The factory owner later stated “Nobody told me that there was no emergency exit, which could be made accessible from outside. Nobody even advised me to install one like that, apart from the existing ones. I could have done it. But nobody ever suggested that I do it.” An audit could have identified weaknesses which could have saved lives.
A well-rounded audit program looks at all aspects of a corporation from training, document flow, retention and destruction, computer passwords, the physical structure and its geographic location, security equipment, and access control are just to name a few. Here are a few factors to consider:
There are two schools of thought when it comes to lighting and security. One is to leave lights blazing to reveal any intruders. The opposing view is that it also allows intruders to inspect your security systems (alarms, motion sensors, locks, CTV cameras and their positions) as well as any valuables that may be in view. An intruder can plan his attack before ever setting foot in your facility.
The other school of thought is to leave lights off to make any preparatory surveillance difficult. Also anyone using flashlights to snoop around would be easily detectable. There is no right or wrong answer but, by considering your risks as it relates to your facility and business, that knowledge will lead to developing the right solution.
In trucking facilities, the same holds true. I always recommend that trailer doors remain closed whether they are loaded or not. This disguises where your valuables lay. Also, it protects the interior of the trailer and prevents the floor from getting wet which in turn can damage your packaging and product.
Door locks and access control readers are only one line of defense towards protecting your assets and employees. Any physical security system should have multiple layers of defense, from clearly marked “No Trespassing” signs, CCTV cameras, designated parking areas, dedicated employee entrance and egress points, sufficient locks with an up-to-date key control system, an access control system that tracks activity and limits access points, etc. Sometimes the best doors and locks can be defeated simply by someone holding a door open to an unwanted visitor.
Staff, Procedures and Information Security
Security is a process, not a product and is only as effective as the people that maintain, interact and influence its effectiveness.
Social media has become a large component of our personal lives and can not only identify us to the internet community as being an employee of a particular company, it can also open the door to social engineers that can exploit someone’s naiveté. Social engineering is the counterpoint to social media and uses social interaction in order to defeat and infiltrate your workplace. These exploits can be very effective as the use of a multi-pronged attack to gather menial information from a variety of sources in order to legitimize the main attack.
Training your staff how to maximize your security programs, identify risks and vulnerabilities and how their actions can impact the effectiveness of those programs is paramount. A security program is only as effective as its weakest link; whether that be poorly maintained or outdated equipment, failure to follow proper guidelines, a lack of training, bending the rules, etc. Something as simple as a password written on a Post-it note and stuck to a monitor to a door propped open, can fully compromise your business and the safety of your staff.
An audit must be specific to your industry with the understanding of the unique vulnerabilities and obstacles to operating your business. The best audit programs are collaborative and have the buy-in of staff at all levels.
A well designed audit program, diligently prepared and applied, helps to identify areas of concern before they happen. It also ensures a minimum acceptable standard across multiple facilities. Self-auditing is also recommended as it educates managers of the key security components and how compliant they are. The bottom line is that the security audit protects your bottom line; through due diligence, reduced liability, employee buy-in and risk mitigation.