Security Awareness Training for Employees


One of the most cost effective security countermeasures you can put in place is a well-trained employee.  Think about it: Your staff knows the facility layout better than anyone else, they have intimate knowledge of how things operate, they are onsite at least 40 hours a week and many times more than that, and they see who is coming and going.  Why wouldn't you want them to be the primary defense against burglary, theft, terrorism, corporate espionage and other crimes?

 

Additionally, an employee who is trained to respond when he/she sees a security issue now becomes a

defacto part of your security staff; no longer do you have to rely on the lone receptionist or security officer to be the only person who is looking out for the safety and security of your business.  And dollar for dollar, Security Awareness Training is the least expensive and most cost effective solution to keep criminals at bay.

 

Let Secure Strategies come to your facility and present a Security Awareness seminar to your employees.  We have performed these seminars for as little as four and as many as one hundred staff members at a time.  Our presentations are engaging, interactive and full of practical advice to make your employees part of the solution, not part of the problem.

 

WHAT'S THE PROBLEM?

 

Over the years our experience has shown that employees who are not trained in proper security practices can actually add to a company's difficulties instead of helping them:

  • They assume that since there is a Security Manager on staff they don't have to be concerned about suspicious behavior, visitors without escorts or other dangerous activities.

  • If there is no Security Manager on staff they assume that "management is taking care of it."  This lack of ownership of the security function is one of the most dangerous issues facing the business. With no one assigned to secure the facility and its contents, the necessary duties will not be performed.  This creates a negligent or careless attitude towards security and is difficult to turn around without outside assistance.

  • Unwitting employees perform dangerous practices like propping doors open to have a cigarette, and allowing strangers to "piggyback" into the office area.  This practice is one that we at Secure Strategies have exploited many times during our penetration testing of a location.  Dressing professionally in a suit, or carrying boxes so we "can't swipe our ID card" at a perimeter door is an easy way to fool an unsuspecting employee into allowing unauthorized access.

  • Employees falsely assume that since a visitor is now inside the facility they must have been cleared by the receptionist (even if the visitor is missing the requisite ID badge)

  • Because employees report to the same work space day after day, year after year, they become desensitized to the valuable or sensitive assets around them.  Client records are no longer important documents to be protected, they are just papers to be filed; that new R&D product is no longer a huge moneymaker for the company, it's just "a boring rack of test tubes that's preventing me from going on to the next exciting project."

  • With no Security Awareness Training, staff members assume that management doesn't care about security

  • Even the employee who does care about security for himself and the company may not know what to do when an issue arises, or may not know how to spot a security problem in progress.

WHAT'S THE SOLUTION?

 

Sitting people down in a classroom or conference room allows everyone to understand that management has taken a positive step to improve the organization's security posture.  The classes are done in an informal atmosphere where people can voice their thoughts, ask questions and view photographs and videos of everyday issues and their solutions.

 

WHAT'S THE COST?

 

Not only is a well educated staff beneficial to your facility security posture, training your employees is one of the most cost effective countermeasures you can institute. The cost to educate your entire staff could be lower than you think, ranging from a few hundred dollars for a brown bag lunch session to a few thousand dollars for a full day seminar. Compare this expenditure to the thousands of dollars for a CCTV camera system or access control system and you can see why training is so efficient.

 

WHEN TO TRAIN?

 

We have found that training should be conducted on a regular basis, not as a one-time event. The repetition of instruction allows new employees to see vital information firsthand, as opposed to hearing it second or third hand from a fellow employee (and only receiving the information that the fellow employee happens to remember). Training should also be conducted when facility changes are imminent at a location, so new structures, buildings and methodology can be incorporated into the security plan and passed along to staff.

 

SAMPLE SEMINAR

 

The following is a sample outline of a security awareness seminar. An actual class may be modified from the list below to accommodate time constraints, risk assessment findings and company requirements.

 

1.0    Course Opening

 

1.1    Course description

1.2    Learning objectives

1.3    Security objectives (why do we need good physical security?)

 

2.0    Risk Assessment

 

2.1    Principles of effective physical security

2.2    Critical asset identification

2.3    Defining potential threats

2.4    Identifying facility vulnerabilities

 

3.0    Design & Implementation of a Good Security System

 

3.1    Characteristics of an efficient system

3.2    Physical security design considerations

3.3    What changes are being implemented here (if applicable)

 

4.0    Security Best Practices

 

4.1    How do you, the employee, become a better security watchdog

4.2    Visitor access control

4.3    The reporting process

4.4    Document security

4.5    Bomb threat procedures

4.6    Types of suspicious activities

 

5.0    Social Engineering

 

5.1    Who is a target of Social Engineering

5.2    Examples (piggybacking, forgotten p/w request, got an extra butt?)

5.3    Mitigating risk (b/g checks, phone procedures)

 

6.0    Maintaining and Adapting the Security System

 

6.1    Audits

6.2    Employee feedback

 

Copyright 2005-2006 © Secure Strategies