There has never been closer integration between physical and logical security systems, so there has also never been greater importance when it comes to defining and maintaining the security culture within an organisation.

Unfortunately, with increasingly complex security protocols required on a daily basis (and used by every employee), a security regime can easily become lax through apathy – which offers the perfect opportunity for potential intruders to take advantage. Whilst security technology is rapidly evolving, it is essential that the team it protects do so as well.

It is vital that you maintain an effective security culture within a business or organisation. Naturally the details will vary between organisations, but the common goal for all is to impress upon the team just how important security is. This will safeguard their jobs, the security of fellow workers and clients, and even in some cases, their personal safety.

All-inclusive security culture

In many organisations this will be a top-down approach – after all, if the company leaders don’t practice what they preach then why should the rest of the team? Human nature tends to shy away from complicated processes, especially if the benefits aren’t fully realised or explained.

An apparently trivial lapse of security protocols can have big and damaging real-world consequences

Clarity and honesty on the potential pitfalls and consequences of failing to secure the business can be a powerful tool in demonstrating the importance to the team. Legislation and legal ramifications, along with potential damage to the business in terms of reputation are all powerful messages.

Equally, for an organisation in healthcare or education, the protection of vulnerable people is also an important security consideration. An apparently trivial lapse of security protocols can have big and damaging real-world consequences.

 Frequently communicated security protocols

The ways to build up a good security culture are as individual as the organisation it serves, but undoubtedly training and reminders are cornerstones of this. An important time to impart this to employees is when they join the organisation, but equally it is vital to ensure the rest of the staff get a refresh on a regular basis too.

This could be in the form of regular emails or internal messages in whatever form the staff prefer to receive them. Regular refresh seminars or presentations can work particularly well for businesses that regularly meet together anyway.

It is important to ensure software protection is as tight as the physical security around your assets
Regular refresh seminars or presentations on an organisation’s security regime can work particularly well for businesses that regularly meet together

Involving team members in the security regime

Another approach is to train key team members as evangelists who can then encourage their colleagues to follow best practice on a constant basis. The benefit here is that the team doesn’t just embrace the security regime when reminders are launched – they are encouraged to do so all the time. This makes potential failings less likely.

The logistics of all this are totally up to the organisation and the way it works – but it’s important to stress that security is of concern for everyone in the business and needs to be approached in full unity.

Practical steps to enhance security

Many practical steps are actually relatively simple to implement. Here are some seemingly obvious things to consider which often get overlooked:

  • Strong passwords – It is easily done – you choose a password which is either short or fairly obvious! Anyone who is trying to access secure systems or areas will undoubtedly try all the obvious passwords first. Worse still, it’s very easy to keep using the system default password. Choose a password which can’t be easily guessed and if possible add numbers or other characters to make it even tougher to crack.
  • Have a highly secure password adminInevitably people will forget their passwords from time to time so its sensible to nominate a highly trusted person or team to be able to access or renew these when needed.
  • Don’t write down passwords then leave them in full viewAgain this is easily done, but having all your passwords on a post-it note on your desk is not at all secure! If it must be written down, make sure it is hidden and locked away from prying eyes – or even leave yourself a coded reminder or question so the note is only useful to you.
  • Change passwords regularly – Using the same password for months, if not years, makes it much more likely to be stolen. Worryingly, you may not even have a warning if the intruder doesn’t use it immediately. Set a company-wide policy that passwords get changed on a regular basis and stick to it.
  • Maintain anti-virus and software updatesThese are tasks that can easily be overlooked, but it’s important to ensure software protection is as tight as the physical security around your assets.

Network security against outside devices

The Bring Your Own Device (BYOD) trend is another potential security worry. As a ‘back door’ for intruders, allowing staff to use their own devices, with unknown security and network access capabilities, is a potential headache. It’s important that strict security policies also cover BYOD components – and if this is not possible, it may be prudent to limit their access to your data and facilities.

It may seem ironic, but the more
complex security systems get,
the more important it is to
cover the basics

Even with mobile equipment belonging to your organisation, the use of other Wi-Fi and open access networks can be an unknown quantity and potentially lead to insecure points in your security network. It may be the case that only encoded data should be passed across these networks. Again, limiting their use or the data that can be shared across them is a prudent measure in the security policy.

Covering basic security

It may seem ironic, but the more complex security systems get, the more important it is to cover the basics. There is no point having the most up-to-date systems in place only to let the whole thing down with an incomplete or lacking security policy in place.

When access control consisted of just a simple lock and key it would have made no sense to lock the door and then hang the key on the outside wall right next to it! This is what a poor security policy (or failure to follow it properly) boils down to.

Intruders will always look for that chink in the armour, so why make it easy for them?

Download PDF version Download PDF version

Author profile

John Davies Managing Director, TDSi

John joined TDSi in 2003 when it was owned by Norbain SD Limited and led the management buyout in February 2005. TDSi manufactures electronic access control and integrated security systems. Export sales have grown from 25% of the business to 40+%.

In case you missed it

How can manufacturers and integrators mitigate the risks of port forwarding?
How can manufacturers and integrators mitigate the risks of port forwarding?

Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open por...

ASSA ABLOY's mobile unlocking innovation wins award
ASSA ABLOY's mobile unlocking innovation wins award

ASSA ABLOY’s innovative new mobile access solution has won yet another prestigious industry award. At October’s Detektor International Awards, ABLOY CUMULUS received t...

Milestone enhances Care Plus with XProtect remote manager
Milestone enhances Care Plus with XProtect remote manager

Milestone Systems, a global provider of open-platform video management software (VMS), announced the release of the R2 2024 update to its XProtect platform.  This release int...

Quick poll
What's the primary benefit of integrating access control with video surveillance?