Security measures for companies, organizations and institutions are generally divided into components that comprise the bigger picture. An initial risk assessment addresses the Physical, the Technological and the Organizational aspects related to your protection. Let’s briefly expand on each component:
To provide the proper recommendations and oversee the implementations of everything needed to create a comprehensive security plan for your company, a true professional consultant will look at the bigger, holistic view. Whereas some security ‘experts’ will push the purchase and installation of excessive and expensive tech devices that create the appearance of blockbuster movie-style security, often this is unnecessary and accomplishes two things –
The security market is currently dominated by a large number of ‘advisers’ who are dressed up in ‘consultant’ clothes. A substantial amount of resources might unnecessarily be designated to enhance security measures by incorporating items that – in the big picture – are not appropriate to spend on, or even to be much concerned with. The true consultancy perspective, however, does not revolve around product pushing, and is not out to sell additional hardware or more security guards. To really help the client, a professional, experienced consultant will not neglect a strong focus on the organizational component—which has the greatest potential to increase the efficiency of your security—and, compared to the tech component, is much less inexpensive to improve. Technical purchases, installations and implementation can be the most costly additions to a company’s security expenditure, and have to be kept in a wise and diligent perspective. This is what separates a real collaborative security consultation from one misguidedly designed to scratch the surface of a real comprehensive overview, monetizing from ill-advised upgrades recommended by security ‘salespeople’. The results from doing it right can be substantial!
Each evaluation should be unique, and start with the desire to really hear the client’s perception of their security needs and their own overview of the past, present and future. Security consultants should not have a standard pre-determined goal of ‘selling’ a client an X, Y & Z mix of the newest, most glittery tech items, and supporting that potential sale with conversations about keeping up with the Jones’, the competitors, or living on the cutting-edge. All this can be meaningless, and disconnected with reality. Adding tech and guards can actually be a detriment to security. The best approach is quite different. The security specialist needs to listen to you. An initial bond of trust has to be established, and a new collaborative sharing of information is crucial. The desire is to develop and maintain a very smart organization with great security measures that don’t get in the way of each other when they interact. There should be no generic check list or ‘scamming’ leading up to an order or product push, and all areas of interest to the client should be addressed. There should always be an authentic interest in what a company is saying. True consultants are NOT salespersons with pre-determinations, but instead are open-minded and curious to attain the complete picture and subsequently make all the right recommendations. A long term relationship is best, especially one with both trust and honesty. If the organization is doing a solid job maintaining their security, then so much constant interaction should not be necessary; it all revolves around the client needs.
Why this? Why that? Why anything? That ongoing question needs to be answered for every security item already implemented, and any that may be proposed to add. Every security measure, every regulation – everything. For instance, if there is currently a 16 person security detail involved in physical security, the question that should be asked is: Why 16? Why not 14, why not 34? WHAT is the reasoning behind it, and WHY was this implemented in such a way? This is not to tear down or ruin what is currently in place, it is solely to help. During the initial risk assessment, it may not be the appropriate time to input every area with final decisions. If after a few hours the company asks, “So what do you think about our security?” – the best answer will most likely still be, “We don’t know quite yet!” More information and deeper research should be behind every evaluation and recommendation. If a multitude of cameras have been installed, the question that needs to be addressed is, “What was the evaluation and thought behind this?” Where a supplier may push for such installations, and try to tell you what is missing, in a true consultant-level risk analysis we might instead identify that there is no prevailing real risk at a particular point of entry, and the big picture evaluation will ascertain that it was done without a wise overview and not advisable to continue. Not every structure needs to resemble Fort Knox. Security should be interwoven into the brand and how the brand seeks to interact with the public. The key is to identify what you really need. Recommendations are often on a functional level. There are always choices. If resources are not available for a Mission Impossible type laser tripping warning device, there might very well be an alternative solution by administering professional grade training to a limited amount of individuals employed, and create the perfect blend of Organizational, Physical and Technological components to ensure the desired high-level security.Tweet