What is Your Business Doing About Security?
So many businesses turn a blind eye to security, essentially meeting minimum compliance where required by regulation (public or private), and otherwise doing the bare minimum where not regulated. It’s important to set the standard for your organization and even industry. Some business-leaders will even dodge the issue entirely and reference lawyers and financial safety when asked point-blank about physical, electronic, and data security concerns.
Security comes in many aspects. The one people think of most these days is cyber/data security. There’s a dearth of qualified personnel to fill those spots, but that cannot be overlooked at the expense of physical and personnel security. Locking down internal/customer data doesn’t do you any good if a quasi-competent crew comes into your business and runs off with $120,000 worth of merchandise or property. It also doesn’t prevent or mitigate insider threats: employers must understand their employees’ issues and lives in order to mitigate the risk of internal theft or destruction of property, money, and data, extortion, and everyone’s worst fear, workplace violence.
Nobody understands your business like you. Consultants are great and necessary, but it’s imperative that you have an internal asset to measure the effectiveness and efficiency of proposed solutions. That internal position has your business’s best interests at heart because they are a part of it. Consultants have to ensure their priorities align with yours for the project/contract, but they have to preserve themselves and grow as a business. That internal security team should be able to tell you in no uncertain terms if a company is over-promising and under-delivering, and taking your bank account to the cleaners as well.
We all say that security is everyone's responsibility, and it is. It's not a platitude. It's practically a truism, but it's worth restating over and over again. Complacency is a huge part of the human condition. Modern Americans spend little enough time in any industry or facet thereof that requires them to be fully devoted to security. In any given year, there are between 750,000 and 850,000 people actively serving in one of the 18,000 federal, tribal, state, or local law enforcement agencies, and just over 2,000,000 personnel in the entire military (across all three components). Fewer than 3,000,000 people, total. Add to that the millions of veterans, and we're still only talking about roughly 6.6% of the entire population of the United States having worked in an environment where you had to be "on" 24/7/365.
Having a team of security professionals, particularly with a combined experience from law enforcement and the military, will genuinely help improve your overall culture of security.
I understand that a mom-and-pop business may do the absolute bare-minimum for security, it's a business decision based on a series of calculations -- real or imaginary -- that the proprietor has made. At a larger level, whether you scale up as a business, or you are part of an enterprise, having an in-house security asset is absolutely crucial to improving your business's safety. Your asset will be responsible for conducting and monitoring training programs, ensuring compliance, and improving processes by identifying efficiencies within a program, particularly one developed by a consultant, because, as I said above, your security team is your security team. Their business interests, their personal interests, are, or should be, symbiotic with yours.