When most owners of small to medium-sized businesses think about their organization’s security priorities, the usual points come to mind—physically securing buildings, guarding those assets around the clock, building and maintaining a robust cybersecurity infrastructure and integrating the latest security technology across the business. Think everything from surveillance cameras to patrol drones.
All are valid security considerations and measures that are well worth implementing, along with a comprehensive security strategy customized to your organization’s specific operational needs. As we know, keeping your people, property, and assets safe depends on having the right plan in place.
But one key factor is often overlooked in the SME security discussion, and it’s an important one: employee buy-in.
The fact is that even the world’s greatest security strategy can be undermined in a matter of minutes by an employee who leaves a back door to an office or manufacturing facility unsecured; who opens a hacker’s email and exposes your organization to a ransomware attack, potentially compromising your operation in a mouse click; whose inattentive retail service leaves your store vulnerable to shoplifters.
That’s why it’s crucial that no matter your business model or industry, you make security a core component of your company’s culture. How?
It starts with training. From the point that employees are hired, they should understand that maintaining security across the company is everyone’s responsibility. Your workplace policies and procedures should set out that expectation in no uncertain terms. The consequences for gross violations of those policies should be termination—period.
That training should also include tactics to make security a reflexive, daily habit, ranging from cybersecurity awareness to simple measures such as ensuring that delivery or maintenance people entering your workplace are who they say they are. It’s shocking how easily imposters make their way into buildings to steal or damage equipment or pilfer data and are never caught. In many cases, unsuspecting employees welcome them with open arms.
But that training also needs to be constantly reinforced. Employees and managers should undergo regular security refresher courses to help them remain vigilant. That’s especially important when it comes to online security, which is in a perpetual state of flux and fastgrowing complexity. Staying a step ahead of cyber malfeasants takes sustained effort.
One of the most effective ways to drive home the security-first message is to explain the significant risks associated with theft or vandalism. Not only are security issues a timeconsuming challenge to manage, but they also cost Canadian companies billions of dollars every year in lost revenue.
As profits decline, so do an organization’s chances of remaining solvent— and workers’ chances of remaining employed. Making the economic case often helps reinforce the argument for building security into every aspect of your culture.
So, the next time you conduct a security review, remember that it’s not only the technology that needs investment and attention. Security is first and foremost a people issue. If your employees accept their responsibility and do their utmost to protect your property and assets, you stand a much greater chance of keeping the bad guys at bay.
By Winston Stewart, President and CEO Wincon Security
Winston Stewart is the President and CEO of Wincon Security, a Scarborough, Ont.-based security firm that has delivered property monitoring and protective services to retail, commercial, industrial and condominium clients across the Greater Toronto Area for more than 25 years. For more information, visit www.wincon-security.com