Assessing your business security program
By Gamal Newry
Mar 20, 2013 - 8:51:43 PM
It is interesting as I visit various business in the Bahamas how so many of them take security measures for granted, and do not fully utilize the natural preventative mechanisms already in place. Thus in many instances initiatives are overlooked, repeated and just plain silly. What's even worse is when they are asked about what they have done, there seems to be no method to their strategy. Certainly the intention is good; however the approach is disjointed and wasteful financially. I have decided not to mention some of these failures as I do not want to put lives and other assets at unnecessary risk.
Certainly business owners and leaders need help, and in to many instances it comes from security service providers who are only concerned about making the extra buck. Here is a quick easy method to conducting a security crime risk assessment for your business. The intent of this list is to help you, especially persons who have been given the security ’hat’ as a part of their regular duties, to fine tune and improve upon current efforts.
So here is my 11 step guide assessing your security robust
1. Business Type - the service you offer puts you at greater risk to a particular type loss event, thus a commercial banks security priorities will differ from than that of an investment bank. Retail concerns vary from those of the wholesaler.
2. Inventory Type – Similar what are you selling, items that can be pushed into a shoplifter pocket or services that can be gained via identity theft or the use of other fraudulent methods. If the assets are intellectual how do you protect it?
3.Location – Critical to the success and failure of many business, however if you have not taken into account negative components of your demographic base then you are exposed to a variety of potential risk factors
4. Access - how easy is it to get to your assets (staff / inventory / information / reputation). Attention must be given to external and internal design controls, which allow trusted and appropriate entry and exit.
5. Emergency Response Plan - As a result of ‘Murphy’s Law’ in the first instance have a plan on how to prepare, respond and recover from events that are typical to your industry and location.
6. Insurance – Notwithstanding of the potential for wide scope and negative impact of ‘Murphy’s Law’ you will need this in varying forms and fashion.
7. Employee - some may argue that this group should be at the top of the list, as statistics from a wide cross section of industry and professions suggest that this group cause the greatest loss for companies.
8. Customer – Not far behind is this group, know who they are, as in too many instances their intention is not good.
9. Awareness and Education - the simple 'shoplifters will be prosecuted' or 'business is being monitored by surveillance cameras' will not stop everyone but will eliminate a percentage of potential threats. Essentially people need to know what type of behavior is expected from them and what penalties exist for their non-compliance.
10. Continuous Review – The approach must be dynamic and fluid, adjust adapt, be flexible as necessary and within reason
11. Security Plan – As simple as a document outlining the above categories, detailing your awareness and mitigation of issues identified.
Fundamental to understanding this list is recognizing the comprehensiveness security and the fact that every business invest in security in one way or another. This investment speaks to the commercial entities commitment to protecting its assets people, information, property and reputation from damage or loss. What it entails is that the end result is actual and positively impacts operations. When speaking with managers and business leader's there are clearly disjoints as the level of understanding about security. ‘Security’ is the preventing of loss or protection of assets from loss, be it harm or theft. This definition opens the mind to an entirely different perspective. So many persons are stuck in recovery of loss component of security, which is a reactive or after the event approach. Essentially the loss has occurred which indicates your security systems have failed. The reduction and removal of loss events is true and successful security.
I hope this list help in your development and management of a real, resilient and robust security program.
Gamal Newry is the president of Preventative Measures, loss prevention and asset protection training and consulting company, specializing in policy and procedure development, business security reviews and audits, and emergency and crisis management. Comments can be sent to PO Box N-3154 Nassau, Bahamas, or e-mail
firstname.lastname@example.org or visit us at
© Copyright 2013 by thebahamasweekly.com -