Pub. 9 2020 Issue 1

The CommunityBanker 14 T he point of conducting an annual security review is simple: keeping the business physically and digitally secure. Security reviews are not limited to just your business: your business has vendors and those vendors represent a security risk, too. However, the essential task is to be prepared for any attack that might occur, whether it involves an active shooter, basic theft or cybersecurity. By making the security review an an- nual one, you make it more likely that you will be able to keep the procedure current and effective. An annual review also allows you to take a step back and see where you could be doing things better going forward. In addition to the annual view, plan additional reviews after you make any major changes dur- ing the year that could affect security, such as architectural changes to the building or changes to the parking area. Defining what needs to occur during a security review is important because it helps you to be more thorough. It also helps you define the size of the task. That matters because protecting your business, like housework or yard work, is truly a never-ending job. You will never be completely done, but if you define what it means to be done in the short term, that’s achievable. Getting buy-in about the annual security review is im- portant so that people cooperate fully with it. They need to understands the risks to the business if the review or reviews don’t take place, especially in terms of the potential financial impact and any regulatory issues. They should also be conscious of whether a security problem could affect the company’s reputation. The following best practices will give you a place to start as you create a custom strategy for your business. • If you want employees and customers to feel safe, you need to create a plan that includes any buildings you have and the parking area around the buildings. Also, safety should be a shared responsibility that involves everyone, not just security personnel. For example, if employees are working at night and you are concerned about safety when they leave for the day, you could make a rule that they need to be escorted to their car, either by another employee who is also leaving or by a security guard. • Do put multiple security measures into place. Possibili- ties include the following: ○ Controlling access to a building or parts of a building ○ Drones ○ Lights where needed ○ Mirrors in strategic places ○ Motion sensors ○ Remote security monitoring ○ Security guards • Surveillance cameras, including ones with microphones and speakers • Decide major issues in advance. It’s always easier to prevent a mess than it is to clean it up. Just as put- ting mats at the entrance to your business cuts down on the dirt that people can track in, the right security decisions will prevent some security issues from becoming problems. Think about the conduct allowed at your place of business. Do you allow people to bring in guns? Are some entrances and exits restricted except during emergencies? After you make decisions, communicate them to employees, customers, and visitors by post- ing clear signs. Also, train employees when they are hired and at least once a year after that. Include security information in any training manuals you might give to employees. Make sure employees know what they are supposed to do if they see something that looks suspicious or wrong. • Not all threats come from outside the business. If an employee is behaving oddly, is making threats or is ha- rassing other employees, encourage people to notice that and to report it to someone specific, such as a member of the security team. Malcolm Gladwell’s book Talking to Strangers discusses the fact that people generally assume everything is fine until it is obvious that everything is not fine; he also points out that suspecting everything and everyone creates more problems than it prevents. There’s a balance to be found here. Help everyone find that bal - ance. Normalize the idea of getting help when needed, and insist on high levels of civility and communication within the company. • Sometimes employees put companies at risk without meaning to by signing up for free services. Decide whether that’s an acceptable risk and make it possible for employees to go through a more acceptable process in order to gain access to needed services. Also, vendors F E A T U R E Conducting an Annual Security Review By Benjamin (BJ) Weight, Security Services, Inc.