 Security
Awareness Training for Employees
One of the most cost effective
security countermeasures you can put in place is a well-trained
employee. Think about it: Your staff knows the facility layout
better than anyone else, they have intimate knowledge of how things
operate, they are onsite at least 40 hours a week and many times
more than that, and they see who is coming and going. Why
wouldn't you want them to be the primary defense against burglary,
theft, terrorism, corporate espionage and other crimes?
Additionally, an employee who is trained to respond
when he/she sees a security issue now becomes a
defacto part of your security staff; no longer do
you have to rely on the lone receptionist or
security officer to be the only person who is
looking out for the safety and security of your
business. And dollar for dollar, Security
Awareness Training is the least expensive and most
cost effective solution to keep criminals at bay.
Let Secure Strategies come
to your facility and present a Security Awareness
seminar to your employees. We have performed
these seminars for as little as four and as many as
one
hundred staff members at a time. Our
presentations are engaging, interactive and full of
practical advice to make your employees part of the
solution, not part of the problem.
WHAT'S THE PROBLEM?
Over the
years our experience has shown that employees who
are not trained in proper security practices can
actually add to a company's difficulties instead of
helping them:
-
They assume that since there is a Security
Manager on staff they don't have to be concerned
about suspicious behavior, visitors without
escorts or other dangerous activities.
-
If
there is no Security Manager on staff they assume
that "management is taking care of it."
This lack of ownership of the security function is
one of the most dangerous issues facing the
business. With no one assigned to secure the
facility and its contents, the necessary duties will
not be performed. This creates a
negligent or careless attitude towards security and
is difficult to turn around without outside
assistance.
-
Unwitting employees perform dangerous practices like
propping doors open to have a cigarette, and
allowing strangers to "piggyback" into the office
area. This practice is one that we at Secure
Strategies have exploited many times during our
penetration testing of a location. Dressing
professionally in a suit, or carrying boxes so we
"can't swipe our ID card" at a perimeter door is an
easy way to fool an unsuspecting employee into
allowing unauthorized access.
-
Employees
falsely assume that since a visitor is now inside the
facility they must have been cleared by the receptionist
(even if the visitor is missing the requisite ID badge)
-
Because employees report to the same work space day after day, year
after year, they become desensitized to the valuable or
sensitive assets around them. Client records are
no longer important documents to be protected, they are
just papers to be filed; that new R&D product is no
longer a huge moneymaker for the company, it's just "a
boring rack of test tubes that's preventing me from
going on to the next exciting project."
-
With no
Security Awareness Training, staff members assume that
management doesn't care about security
-
Even the
employee who does care about security for himself and the
company may not know what to do when an issue arises, or may
not know how to spot a security problem in progress.
WHAT'S THE
SOLUTION?
Sitting people
down in a classroom or conference room allows everyone to
understand that management has taken a positive step to
improve the organization's security posture. The
classes are done in an informal atmosphere where people can
voice their thoughts, ask questions and view photographs and
videos of everyday issues and their solutions.
WHAT'S
THE COST?
Not only is a well educated staff beneficial to your
facility security posture, training your employees
is one of the most cost effective countermeasures
you can institute. The cost to educate your entire
staff could be lower than you think, ranging from a
few hundred dollars for a brown bag lunch session to
a few thousand dollars for a full day seminar.
Compare this expenditure to the thousands of
dollars for a CCTV camera system or access control
system and you can see why training is so efficient.
WHEN TO TRAIN?
We have found that training should be conducted
on a regular basis, not as a one-time event. The
repetition of instruction allows new employees to
see vital information firsthand, as opposed to
hearing it second or third hand from a fellow
employee (and only receiving the information that
the fellow employee happens to remember). Training
should also be conducted when facility changes are
imminent at a location, so new structures, buildings
and methodology can be incorporated into the
security plan and passed along to staff.
SAMPLE SEMINAR
The following is a sample outline of a security
awareness seminar. An actual class may be modified
from the list below to accommodate time constraints,
risk assessment findings and company requirements.
1.0 Course Opening
1.1 Course description
1.2 Learning objectives
1.3 Security objectives
(why do we need good physical security?)
2.0 Risk Assessment
2.1 Principles of
effective physical security
2.2 Critical asset
identification
2.3 Defining potential
threats
2.4 Identifying
facility vulnerabilities
3.0 Design &
Implementation of a Good Security System
3.1 Characteristics of
an efficient system
3.2 Physical security
design considerations
3.3 What changes are
being implemented here (if applicable)
4.0 Security Best
Practices
4.1 How do you, the
employee, become a better security watchdog
4.2 Visitor access
control
4.3 The reporting
process
4.4 Document security
4.5 Bomb threat
procedures
4.6 Types of suspicious
activities
5.0 Social
Engineering
5.1 Who is a target of
Social Engineering
5.2 Examples
(piggybacking, forgotten p/w request, got an extra
butt?)
5.3 Mitigating risk
(b/g checks, phone procedures)
6.0 Maintaining and
Adapting the Security System
6.1 Audits
6.2 Employee feedback
|
