Why Now is the Best Time to Conduct a Security Assessment

John Orloff

Share this post

Oct 5, 2021

For almost seven hours yesterday, billions of people could not access their Facebook, Instagram, and WhatsApp applications. A global outage of this scale is unprecedented, and it highlights the vulnerability of our digital networks and security systems. The official statement from Facebook is that a “faulty configuration change” sparked the outage — but some are also speculating sabotage by an insider.

While the inability to access these social media tools was an inconvenience for Facebook users, the question remains: Are organizations prepared to ensure the safety of their employees and visitors at their locations when these security breaches occur?

Yesterday's shutdown is a good reminder to remain vigilant and ensure you conduct regular physical and technical security assessments. It's also a reminder to review your company’s security policies and procedures to provide a safe work environment for your employees, guests and visitors.

Return to the Office Combined with Increased Cyber Events is an Ideal Time to Re-examine Security Operations at All Corporate Locations

A security assessment can tell you how to protect employees and visitors best. Security experts conduct several types of these assessments, such as:

  • Physical and Technical Security Assessments
  • Crime Prevention Through Environmental Design (CPTED) Assessments
  • Physical Penetration Tests
  • Security operations assessments, including effectiveness of guard services

Assessors may visit during the workday to see the flow of employees, visitors and guest as well as to better understand the culture of the organization. Alternatively, night and weekends are an option depending on the situation which reduces the time from assessment planning to execution and eliminates the risk of interrupting regular operations. Regardless of the time of the visit, conducting assessments gives the security consultants time to determine system effectiveness and identify gaps in baseline levels of protection and system coverage during normal working conditions and when situations arise.

Update Security Policies and Procedures

Company leaders should look to their security consultants to review and implement existing policies and procedures and evaluate their effectiveness to ensure best practices are being implemented based on their industry and culture. This goes hand-in-hand with onsite security assessments and provides an opportunity for discussion with company leaders on what is working and areas of growth, especially as employees return to the office.

When thinking about your security policies and procedures, consider whether you have protocols in place for:

  • Access control and key issuance
  • Intrusion detection
  • Video surveillance, including your system’s remote monitoring capabilities
  • Heating, ventilation and air conditioning (HVAC) and emergency shutdowns
  • Security system testing and maintenance

Take on Resiliency Planning When It’s Needed Most

Resiliency planning probably was not top-of-mind at the beginning of 2020. No one expected the COVID-19 pandemic or the Facebook outage and now companies are either enacting or developing plans that will ensure business continuity and employee safety during emergency scenarios.

Now is the best time to look at resiliency planning to improve or learn from current actions and prepare for the future and different types of circumstances, like the impact of a cyber event on physical and security operations. As companies prepare to welcome employees back to the office environment, working with your security consultants to determine your organization's specific risks, threats and vulnerabilities is critical. It will provide you with the foundation to accurately develop recovery plans and implement action plans to minimize impact on your employees and business operations.

In addition to an Emergency Response Plan, it’s a good time to review your:

  • Business and Supply Chain Continuity Plans
  • Corporate Communication Plan
  • Crisis Management Plan
  • Occupant Emergency Plan

By engaging a security consultant now in performing these assessments will provide employers with a road map of what's needed to be done to ensure a safe and secure operating environment for employees once they begin returning to work but also if a security event occurs impacting their team.

Feel free to reach out to us with any questions.

Headshot of John T. Orloff

About the author

John T. Orloff
John leads Jensen Hughes' Security Risk Management Practice and, as a senior advisor to corporations, major public organizations and affluent families, taps a wealth of domestic and international experience in security best practices, threat assessments, emergency preparedness and crisis management.