Corporate Security: The Risks Threatening Your Business
All companies, regardless of their headcount or stock value, have a duty to keep their property and their most valuable assets – their employees, safe from harm and criminal acts. So, corporate security relates to properly recognising and mitigating risks that could put a business in danger, whether physical, financial, or reputational.
In fact, corporate security is frequently defined as the sum total of strategies directed towards identifying and managing any situation or development that could potentially harm the survival of an organisation. It covers everything from physical protection, to guarding a company’s reputation, its data and systems or finances.
How do you and your team evaluate if your company needs corporate security, and to what extent is it required? What considerations need to be taken into account? Do you need to consider your company size or the industry you’re in? The short answer is yes, however, there is more to it than that.
Building a risk profile around your company, its and executives, employees and the industry and the landscaping surrounding it makes up part of the risk assessment. Once you have identified the risk, the solution may simply be to engage a security firm, and hire corporate security guards, or buy security software or switch to more advanced technologies that protect your company’s tangible and intangible assets.
Common Corporate Security Risks to Your Business
As previously outlined the level or type of corporate security that you need will depend on your company’s unique threat landscape, however, there are risks that all businesses share. One being frauds or fraudsters – i.e. dishonest individuals who engage in illegal activities in order to achieve advantageous financial outcomes.
In fact, according to a report by the Association of Certified Fraud Examiners, businesses globally experience a loss of more than AUD 4.74 trillion (USD 3.48 trillion) each year due to fraud. Which is just the tip of the iceberg.
With that in mind, here is a list of some of the most common risks that could threaten your organisation.
Recent years have seen a rise in the number of protests, rallies, mass public gatherings and direct action – especially in the Western world. These events represent a challenge for corporate security because it can be difficult to predict when an otherwise peaceful gathering can go out of control and turn into a very violent situation without adequate or timely intelligence. This represents a danger to your property and your employees – putting everyone in the building at risk.
If you are aware that a protest is likely to take place, organisations and companies should consult with the police in order to gain further information or intelligence about any timings and locations of the event, as well as information which may lead your organisation to increase security measures.
Generally speaking, no two protests are the same. Although, they may follow a similar pattern where they may start peaceful and can turn hostile or even violent with mob mentality. Having sound security procedures and communicating them to every member of the organisation is an excellent step to mitigating the risks from hostile protests and avoiding any disruption to your operations.
PRO TIP: Have your security technicians conduct regular checks and tests of all security cameras and CCTV. Test your company’s physical security protocols regularly so there are no unpleasant surprises in the event of an unplanned protest.
Damage to your company’s property can range from minor incidents to major vandalism – which can delay or halt operations and productivity leading to significant financial impact.
Making rounds and conducting regular inspections of the premises, property or site allows corporate security teams to quickly identify the incident and respond accordingly. Corporate security strategy against such incidents should include these 4 phases:
- respond, and,
- recover or replace.
Your first line of defence should always be to protect your premises by conducting regular patrols (either physical or visual), this will allow you to detect any issue or incident and respond accordingly. Finally, recover or replace the damaged property.
Insider Security Threats
Insider threats are a corporate security risk that comes from within the targeted company. Typically, this involves current or former employees, or perhaps associates that have access to sensitive information, and who misuse that access.
The problem is that, traditionally, a company’s security strategy generally deals with and plans for external threats. This leaves them lacking in terms of properly identifying or mitigating risks that emerge from within an organisation.
The most common insider threats include:
The Turncloak – a person that intentionally abuses their credentials, whether for their own personal reasons or for financial gain.
A Careless insider — this is usually an innocent employee who unwittingly falls prey to a scam and exposes the company to outside threats.
A Mole — someone from outside the organisation who poses as an employee or partner in order to gain access to privileged information or access.
Cyber Security Threats
With the shift toward remote work, cybersecurity is becoming a major concern for many corporates. However, this concern and prioritising online safety practices is somewhat reactive and comes post-fact:
- S&P Global reports that the global pandemic in 2020 caused a 238% increase in cyber-attacks of financial institutions, and,
- According to Threat Post, more than 80% of corporates experienced at least one cyber-attack in the past two years.
CSO Online reports that 94% of malware gets delivered via email, with phishing attacks making up more than 80% of corporate security breaches. So, as organisations decide their budgets for 2022 or beyond, they should plan for technological solutions that will help them mitigate at least some of the most pressing cybersecurity risks.
Hostage Situations & Kidnapping, Ransom and Extortion (KRE)
Generally speaking, the risk of kidnap for ransom in developed or first world countries is low, however, economic and political instability in developing or third world countries means that travel can be an element of risk for corporate employees and executives. KRE and hostage situations may lead to serious harm and even death.
A report by Constellis states that globally there have been 1,193 kidnappings of foreign nationals in 2020. Additionally, ransom payment demands have increased by 30% with regard to the first half of 2020, averaging approximately AUD 312,000.
A recommended corporate security practice that companies or security teams should consider implementing is operational security, or in lay terms, only working on a need-to-know basis especially when travelling, specifically as it relates to schedules and itineraries. The less that is publicised the safer the traveller/executive/worker will be.
Additionally, performing a travel risk assessment ahead of time including, becoming familiar with any potential high-risk zones or “hot spots” and identifying safe zones which may be local law enforcement, recommended hotels, hospitals or trusted local partners will all assist in will minimising risk.
If an employee becomes a victim of a KRE event, the early hours are essential in deciding all the facts of the situation. In such cases, apart from your corporate security team, other stakeholders should include law enforcement, government officials, the victim’s family, and a specialist security firm that handles kidnap for ransom cases.
As part of an organisations threat and vulnerability risk assessment, terrorist attacks or incidents should be considered. The head of the Australian Security Intelligence Organisation, General Mike Burgess, warned in April 2021 that a terrorist attack in Australia is likely in the next 12 months. The type of organisation the company will dictate how likely, possible or probable a terror-related incident will be.
The organisation’s corporate security team should take this into consideration and ensure it has adequate protocols and responses in place. This response could be a simple as a report, evacuate and cordon, or it may include more involved and direct response up to and including physical force.
Any corporate security strategy should include a clear security protocol that is communicated to the entire organisation in the event of an evacuation or a lockdown.
The organisation’s corporate security team needs to be able to communicate clearly with local police and work to ensure the safety of all employees. Failure here leads to much worse results than just loss of revenue and business interruption.
A report by Trackforce Valiant outlines that 27% of corporate security teams lacked adequate communication interfaces, resulting in unnecessary miscommunication. Therefore, it’s imperative that corporate security teams are appropriately trained and equipped with an effective means to relay relevant and real-time information to emergency services in these incidences.
Conclusion – Corporate Security Challenges in 2021
There is no doubt that 2020 will go down in history as one of the most challenging years the world has been through. In addition to the personal challenges and sacrifices, there have been many challenges within the corporate security sector. Challenges have also led to some positive changes and reviewing of systems and protocols.
The COVID-19 pandemic has revealed flaws in the alignment of people and corporate processes that we may not have identified previously. It has also revealed that workforce security training and accountability measures in some corporate workplaces require a serious overhaul.
New and specific types of incidents need new management protocols, as well as reporting standards. Risk to business can be mitigated with the right plan in place. so, while the events of 2020 mainly revolved around reaction, the theme for 2021 is all about proactive prevention.
If you’re unsure how secure your organisation is, security experts – like Panoptic Solutions, can help you identify vulnerabilities and improve your security to future-proof your company.