Security breach Featured

8:22am EDT November 26, 2002
The executives of many smaller companies think they don't have to make security a priority because they simply don't have anything worth stealing.

These same executives also tend to overlook the value of their customer lists, trade secrets or even employees who might become targets of criminals, says Ralph Witherspoon, a certified protection professional and president of Witherspoon Security Consulting. Witherspoon recommends companies do a risk assessment, which starts with identifying all the things that are critical to your business or building.

"Once you do that, you simply look at what the threats are to the business," says Witherspoon. "It may be based in part on what problems you've had in the past -- perhaps robberies or employee theft. One of the things you need to do is go beyond your own facility and look at what's happening around you. Talk to your neighbors or the local police department and find out if there has been an increase or decrease in crime."

Once you've identified crime trends or problems, you need to assess your business' security.

"Go outside your building and think about how a criminal would look at it," says Witherspoon. "If someone wanted to break in, how would he go about it? Is that door secure? Can that air conditioning unit just be pushed in through the wall so he could get through the hole? These are the types of questions you have to ask yourself."

Witherspoon recommends testing the locks on all doors, and if you're using electronic locks or keypads, make sure you're not using the factory default combinations for entry.

"Once you've done that, then you need to ask what you are protecting, what are we protecting against, and is what we have in place enough to do it?" says Witherspoon. "If not, you need to look for cost-effective measures against the threats. Prioritize your assets, and fix the needs that apply to the greatest amount of those assets."

Sometimes the lowest cost but most cost-effective measures are simple policies. Designate someone to be in charge of making sure the doors and windows are locked, and name a back-up in case that person is out sick.

"One of the big failings of many companies is that management has not taken specific steps to develop and implement security awareness programs," says Witherspoon. "One of the things I encourage employers to do is put in everyone's job description a basic responsibility for security." How to reach: Ralph Witherspoon (440) 779-3203 or www.security-expert.org