Blog

Common issues found during a security assessment

by Paul Kazlauskas

Common issues found during a security assessment
Security assessments are a holistic look into the overall physical security of a building or facility. It involves a walkthrough of the facility with evaluations of such things as access control systems, CCTV cameras, visitor management, security guards, locks, lighting, gates, and fences. Many organizations never evaluate their existing physical security tools. They may spend thousands of dollars on physical security controls, but don’t know whether they are the correct tools and if those tools were implemented correctly. A security assessment can take an objective look at the tools in place, identify where security is strong, and make recommendations on areas that need improvement. Here is a list of some common issues found during security assessments.

Lack of support for the company’s security program from senior management. Upper management has a responsibility to take security seriously, but they don’t always do. Issues include not authorizing the security funding for a needed project or setting a bad example for other employees by not following the rules. Upper management needs to understand the value of security and model the correct behavior.

Lack of security awareness training for employees. All employees need security awareness training when first starting a job. There should also be periodic refresher courses during the year to make sure the policies and procedures haven’t been forgotten about. Security awareness training should cover such topics as cybersecurity, access control, workplace violence, and visitor management.

Employees fail to secure items around them. Employees are sometimes so caught up in their day-to-day job that they fail to protect company-owned assets like laptops and workstations. These should be locked when not in use. Employees also forget to lock offices and secure personal items such as purses, backpacks, and cell phones. In an open office layout, personal and business items can easily be stolen or hacked because employees rarely work in the same place every day or next to the same people.

Poor visitor management. No matter the type of facility, all buildings should record who came in through the front door, at what time, for what reason, and when they left. Visitors should be required to verify their identity and be logged into a manual or electronic visitor management system. In addition, visitors should be required to wear visitor badges when on the facility grounds and the badge should be worn on a jacket, shirt, or blouse in a uniform location so security personnel know where to look. All entrances should have the ability to document visitors or they should simply be a locked door. Even when inside a facility, some visitors may require a security escort, depending on the scenario.

Poor control of keys. The facility needs to have a policy on who gets issued keys and for what reason. This information needs to be recorded and backed up regularly. In addition, there needs to be a procedure for dealing with lost keys and a policy for making sure keys are turned in when an employee no longer works at the facility.

No procedure for handling confidential information. Sensitive information can range from employee background information to social security numbers to customer credit card information. Sensitive documents should never be found in unsecure areas like facility lunchrooms or restrooms. Confidential file cabinets should be locked and confidential electronic data should be encrypted. Printouts of data that isn’t needed anymore should be shredded and not simply left in a recycling bin.

Poor management of shipping/receiving areas. When not in use during a delivery or pickup, the doors to the shipping/receiving areas should be closed and locked. Too many times doors are left open, valuable merchandise is left unattended, or delivery drivers are allowed to enter secured areas.

What other security problems have you encountered at your workplace that would be an issue to worry about during a security assessment? Have a story to share? Please comment in the section below.

Our visitor badges “VOID” overnight to prevent reuse.
See them for yourself — request free samples!