Why Security Measures May Miss the Target
Part 2: The People Part
The People Part
By Karen Kroll - November 2010 - Security
While technology is key to almost every effective security program today, it's a mistake to place too much faith in technical systems. For instance, some facility or security managers rely heavily on alarm systems, says Louis Caravelli, a security consultant. However, when Caravelli has tested these at different facilities, he says he's always been able to gain access.
Several reasons account for this: It may not be clear who is monitoring the alarm, or it may take them too long to respond. When an alarm is forwarded to a monitoring service and then on to the police, a criminal may be in and out by the time a response is mounted. One way to counteract this is to implement measures that will slow down anyone who's in a facility illegally, such as including a layer of wire mesh within the drywall. That makes it harder to simply cut out a wall section to move from one room to another.
Another mistake is to place contacts for the alarm system on doors, while ignoring windows. Some facility managers also may skip a door that appears to be low-risk. Sophisticated criminals will study facilities to identify and exploit these areas. "The burglar will know what they have to beat," Caravelli says.
Security camera installations also can come up short. One mistake is placing cameras only on the exterior of a facility and ignoring the inside, Caravelli says. Criminals who use hoods or masks to disguise their faces while trying to enter a facility often remove them once they're inside in order to see more clearly. Only an interior camera would pick up their images.
Similarly, roofs and fire escapes also tend to be overlooked when designing security systems, leaving the upper-level windows and doors vulnerable to criminals trying to use them as entry points, Caravelli says. Passive infrared motion detectors typically make the most sense here. They can be supplemented with closed-circuit cameras that security officers can use to tell when an alarm has been accidentally set off by a bird or other animal.
Another mistake: failing to use a conduit or piping to house the wires going to security or perimeter devices, leaving them unenclosed. Conduits make it more difficult for someone to cut and disable the wires — again, slowing them down, Caravelli says. Lights also can give rise to problems, Ahrens says. High-pressure sodium (HPS) lights tend to cast an orange tint, so people often don't want to remain in these areas. That reduces the potential for witnesses, if something occurs. Also, HPS lights can interfere with the accurate capture of video. In one instance, HPS lights were used in a parking garage where a person was breaking into cars. The camera picked up the individual, but his red shirt came across as pink in the video. In a trial, Ahrens says, the discrepancy would hamper the prosecution.
One other mistake when it comes to security and lighting actually results from the growing movement to use less energy. When it comes to building security, turning off lights obviously reduces electricity consumption. However, if thoughtlessly carried out, it can lead to an increase in crime, says Ahrens. "Lights are the number one deterrent to crime," he says.
To be effective, security technology needs to be complemented with appropriate policies and procedures. For instance, some facility managers may aim just for a perception of security by installing a camera and security guard, and stopping there. This can backfire, experts say. "The bad guys will know if it's just a guard and camera," Sako says.
Similarly, it's easy to fall behind when it comes to maintaining the security equipment. A system that's not maintained may not be up to the job.
In addition, failing to properly maintain security equipment can pose liability issues. For instance, an insurer may deny a claim if it discovers the facility owner failed to take reasonable measures — such as keeping equipment in working order — to reduce risks.
That requires a program of ongoing testing to ensure that everything works as it's supposed to. On a regular basis, elements of the security system, such as the exterior doors and alarm systems, should be tested and any problems corrected.
Along with the equipment, the security policies themselves need to be maintained and updated, Ahrens says. The reviews should include the date, the name of the person reviewing and the next review date. Similarly, the emergency contact list needs to be updated regularly. It's not unusual, Ahrens says, to find lists filled with names of people who have been gone from the organization for years. When an emergency occurs, a great deal of time and energy is wasted trying to reach the right people, which could create additional exposures.
Because so much security equipment now resides on the corporate computer network, the IT staff often wants — and needs — some level of involvement with security, Aggleton says. They're the ones who will be charged with keeping the system running and ensuring that it doesn't introduce problems to the rest of the network.
But it's a mistake to turn over responsibility for this equipment to the corporate IT guru. "The IT department knows the technology, but not the application," Aggleton says. For instance, the IT folks probably won't know which type of lock will work best on a specific door, or where a camera should be located. As a result, they may place the camera so that the sun streams through its view and washes out the subjects so that they can't be seen, he says.
In one office building, the IT crew installed a release button on the fire door leading to the stairwell. However, it was placed so high on the door that it was difficult to press and open the door at the same time. If a fire actually occurred and the room became smoky, whoever used the door probably would have had a hard time locating the button, he adds. "It's a matter of having the experience to know what the equipment can and can't do," Aggleton says.
Get Employee Buy-In
Another major people-related mistake is neglecting to foster buy-in for the security solutions from both the executive staff and rank-and-file employees. If the top brass feels they should be exempt from showing their security cards or going through a turnstyle, other employees will pick up on that, and limit the program's effectiveness, Ahrens says.
Similarly, every occupant needs to believe that the program benefits him or her, Sako says. Much of security is psychological and based on behavioral science, rather than physical science, he says. For the system to work, everyone needs to behave in ways that contribute to — rather than detract from — the overall safety of the facility. That means encouraging occupants to take appropriate measures when they see actions that seem suspicious, such as a person walking out of an office with a half-dozen laptops. That doesn't mean the observer should tackle the person, but they should know to alert security.
If they're not engaged in the building's security, it becomes too easy for occupants to take steps that undermine security, such as letting in individuals who lack the proper credentials. "You can't have a situation where someone says, 'Security is his problem,'" Sako says. "Good security involves everyone in the building."
Karen Kroll, a contributing editor for Building Operating Management, is a freelance writer who has written extensively about real estate and facility issues.