Security: Hit or Miss?

A couple of years ago, at an unnamed food processing facility in a Midwestern city, I entered through a propped open exterior door and, without benefit of any escort or identification, I strolled through the facility’s raw material storage areas, mixing room, control room, executive offices and finished product storage without being stopped or questioned by even one employee. I then left by the same route. Although this was done with the client’s approval, I could have been an irate ex-employee or a person dedicated to doing harm such as contamination. This plant had a comprehensive physical security program and yet their advanced electronic access control system was easily rendered useless by careless and unconcerned employees. More often than not, security programs miss the mark and are far from being strategic and synergistic systems that truly prevent and protect. Many firms believe that a guard at the gate, a card reader at the door and a camera on the dock will do the job. Security is perceived as a non-productive expense and even as a necessary evil. Security budgets are minimal until the significant loss is discovered, and then over-reaction and over-spending becomes the rule. So, what comprises a practical and effective security program? How much do we need to spend on security? How much security is enough? Where have we missed? I would like to discuss several concepts that are often neglected in security planning, keeping in mind that each facility’s culture, neighborhood, history, layout, functions, budgets and values vary greatly.

Assessing Risk

A security assessment or survey, conducted by in-house or contract staff, can identify your site’s particular threats, risks and vulnerabilities and should evaluate and recommend enhanced and new security countermeasures. It is critical to periodically stand back and look at your operation through different eyes- the eyes of one who wishes to do harm. That is easier said than done, and it is difficult to see the forest for the trees when you work in a facility every day. One approach that has evolved since the terrorist attacks is a powerful tool in eliciting involvement, understanding and buy-in by all relevant staff and departments. This is a team-based assessment in which a group of appropriate staff (e.g. security, safety, EHS, human resources, IT, operations, facilities management, shipping and receiving, warehousing, transportation, etc.) gather to work through steps that extract their perspective and hopefully arrive at relative consensus. Such steps may include identifying critical assets and likely targets, potential threats and methods of attack or compromise, consequences, potential adversaries, attractiveness to compromise, and an evaluation of existing and planned physical and procedural countermeasures. Keep in mind that security ideally is a proactive and preventive discipline driven largely by deterrence, or making yourself less attractive as a target and reducing opportunities to do harm. It is much less costly and disruptive to prevent a loss from occurring than having to deal with the aftermath of a loss incident. Security should be a strategic and synergistic system in which all security measures, whether physical or procedural, complement and reinforce each other. All too often firms “throw” security measure such as cameras or guards at a problem without standing back and considering how the loss or threat can truly and cost effectively be mitigated. Security should not be a stand-alone function, but should complement and reinforce existing safety, environmental management, emergency planning and human resources processes. Security should be a careful balance between control and protection and productivity, flow, morale, safety and convenience. A security program that is perceived as unduly disruptive and inconvenient will often be resisted and even undermined. In addition to the often discussed counter-terrorism planning and contamination prevention, don’t forget other potential security-related losses and threats such as sabotage, arson, theft and pilferage, vandalism, trespassing, workplace violence, activist disruption, etc. The early stages of theft and workplace violence, for example, will often escalate into more serious events if not addressed.