Insider Insights: How to Balance Security with Business Company Culture

2018-12-14T00:30:48+00:00 December 14th, 2018|Blog, Risk|

The difficulty with physical security is always about how to implement the best security countermeasures without getting in the way of the corporate culture. How do you make your customers, partners and employees feel comfortable in your building while also keeping them safe?

You don’t want to impede the normal flow of operations. Most people will accept a certain level of inconvenience, as long as it isn’t more onerous than the value that your company provides. If security crosses that threshold, you’ll start losing business.

You want your employees and visitors to be happy, but you don’t want the bad guys to know what security systems are in place. So how do you implement the necessary security countermeasures while making your corporate environment appear not to have them?

As you evaluate your physical security program, ask three questions. Consider these the three legs of the stool in your approach to your company’s physical risk and security.

Further reading: Can Security Improvements Harm Customer Experience?

How Is Leadership Shaping Corporate Culture?

All corporate culture starts at the top. If your CEO cares more about security and the safety of their employees, visitors and clients, it will show throughout the entire organization. The same is true of security. You absolutely must have leaders at the top level who believe in the importance of security.

If you take the perspective that the safety of everyone in the organization is Priority Number One, you’ll see a couple of impacts on the way people approach work. First, employees at every level will feel safe and cared for, which has numerous benefits for the company as a whole.

Secondly, people throughout the organization will adopt the same mentality and incorporate security best practices in their work lives. For example, you may see a decrease in piggy-backing through controlled access entryways. It may be polite to hold the door for someone, but it’s also a great way to compromise your building’s restricted access.

Corporate leadership has the influence to reshape cultural values so that good manners means keeping each other safe.

What’s Our Minimum Security Baseline?

No one likes going through TSA security at the airport, but most of us understand it. We willingly submit to long lines, bag checks and body scans, because 9/11 taught us why airport security is critical. Likewise, you would expect to go through several levels of security screenings if you were to enter a nuclear power plant or a high-level government facility.

But place that kind of security in an office building or a hotel and you’ll quickly discover that your customers and employees won’t stand for it. Isn’t security important in offices and hotels? Absolutely. But they don’t represent the same level of critical infrastructure that airports and nuclear reactors have.

As you evaluate your approach to security, consider the kind of critical infrastructure your facilities represent. Are they a prime target for attack? What would the fallout be at the local, state or national level? The more critical your facilities are, the more inconvenient your security can be.

What Is Our Corporate Environment Like?

Some facilities are at a high critical infrastructure level, but a core part of their purpose is to be welcoming or nurturing. Schools and hospitals are excellent examples. These facilities need to protect their students and patients, but they exist to be nurturing and welcoming places. Freedom of movement and easy access are central to their missions. Even though they may be critical infrastructures, the TSA approach to security won’t work here. Instead, you need to find aesthetically designed security methods—technologies that boost security but support your company’s workflow and enhance aesthetics.

For example, passive scanners can be hidden in a kiosk or behind a wall. Visitors are being scanned for weapons without their knowledge, with negligible impact on the environment. Bollards can be designed as benches or sculptures.

Handpicked related content: Don’t Stop at the Door—Keep Employees Safe Outside of Work

I joke about this, but I’m a fan of moats. Imagine the beautiful security you could create with an aesthetically designed water feature that interrupts the public access to a headquarters. It creates a standoff distance that limits access and prevents certain kinds of attacks. In fact, NFL quarterback Tom Brady built a house that features a gorgeous moat as a part of his security footprint.

The whole principle of CPTED (Crime Prevention Through Environmental Design) is based on the idea of using environmentally pleasing elements to provide security. It doesn’t appear as if you’re using security measures, and it makes the environment more appealing.

Putting the Pieces Together

Here’s an example of all three legs of the stool coming together. Years ago, I was contracted by a pharmaceutical company. They had a research facility that did animal testing onsite, which meant they were a possible target for animal rights activists (Critical Infrastructure). The campus was open (Corporate Environment), which raised concerns about keeping the actual buildings safe. One of the top priorities was ensuring that only people with legitimate access could get in.

While I was there, the director of security implemented a new all-badge policy. Every employee had to wear their badge whenever they were in the building.

This was a change in corporate culture, and it impacted employee norms and behaviors. But the inconvenience was minimal and it was appropriate for the critical infrastructure. A small minority of employees expressed frustration, but corporate leadership made the changes a priority, and the culture of the workplace quickly adapted.

Here’s a challenge for you this week: evaluate your physical security methods in light of these three considerations. How well are your efforts aligned to your leadership culture, your critical infrastructure and your corporate environment? What’s working well, and what needs to change?

Got a question about physical security and risk? Send it in and we’ll answer it in a future article!

Subscribe to the Blog

  • This field is for validation purposes and should be left unchanged.
Daniel Young
Daniel Young is the Founder and CIO at Circadian Risk Inc. He was a Regional Bioterrorism Coordinator, Security Account Manager, and has been a security and risk expert for over 10 years.