David Allison, CEO of BSIA member Octaga Security Services Ltd, discusses the importance of security awareness in today’s world.
It still amazes me that with the global terrorist risks that society faces and the increasing lengths that saboteurs and individuals with malicious intent go to, to disrupt, damage or bring disrepute to companies and organisations, that security awareness is not always given proper consideration. It is therefore even more imperative in light of recent global events, to ensure that awareness and appreciation of quality physical and technical security services are at the top of everyone’s agenda.
A multi-million / billion pound company will spend vast amounts on adding cosmetic value to their work environment whilst paying less consideration to the fundamentals such as securing their assets – which, if compromised – would have potentially devastating consequences.
A recent penetration test was conducted within a company and although access control was quite stringent, the staff would quite happily open the door to their core officers and to someone with a clipboard on their possession, who looked of some importance, without first verifying their identity and right of access to the building. Out of the total number of staff in the building (104), only two people portrayed any knowledge of security awareness or having completed any relevant training.
Another example of an organisation’s shortsightedness with regards to security is when they employed the services of a Facility Management Company to take over all of their services, which included security. The company was making a significant saving by doing this; however, for the facility company to make a profit, they had to cut their own costs, which in turn, impacted on the quality of service provided overall. They then also had to ask all of their existing suppliers to re-tender for the same contracts. This process lost some very key partners in the scale of the services provided, of which security was one of them.
On completion of a security risk audit, the observations were so damaging but very realistic, that a scenario was put forward to the Global Heads of Security. Through relatively simple methods, the company could have been put out of business for six to eight months, costing them millions of pounds in lost revenue. The second whammy was when I told them the real loss was going to be to their reputation and the withdrawal of their products from the shelves around the world! The loss of reputation could have proved irreparable.
Where they saved money on the facility company, they were left wide open to compromise and any savings gained would be insignificant to the losses. One might say a company needs to show savings but it shouldn’t be to the detriment of the organisation itself. The last example was a company that actually turns over billions in profit.
To summarise, heads of organisations that are driven by profits must begin to proritise considerations and the consequences of cutting costs. Companies also need to appreciate how a soft and hard breach of a security compromise could impact their assets, profits and overall reputation.