Are you prepared?

With the incidents of active shooters and innumerable other threats being on the rise, it really doesn’t matter whether they are real, perceived, or just threatened. They still will scare the bejebers out of employees. That should be of concern to everyone. However, despite the ever increasing threat of events, are you prepared for it?

According to a recent survey we are not. While 69 percent of businesses believe that such a disastrous event is possible, less than a quarter of all businesses are actually prepared for it. That should be the most disconcerting statistic of all, even if the study was for IT, it would still apply to all security functions.

Even with training your employees/security officers in the threats that are waiting to get into your facility that may not be enough to protect both them and the facility. Why you ask? Studies have postulated that they will not retain much of it;

  • 50% after 1 hour
  • 72% after 24 hours
  • 90% after a week!

Worse yet is the fact that less than 78% of companies actually train their employees on any security topic much less active shooters or even their disaster recovery plans even once a year. That practice is absolutely unacceptable.

These numbers are for cyber security and computers but it doesn’t really matter. I will postulate that non-technological companies train even less and their employees retain even less information after training. With the threats we face in this world and we don’t even train our employees to minimize the damage much less the incidents.

So what are some of these threats that we all face no matter the industry or business. No matter where we work, in a home office or an office complex or corporate campus we face all of these and more specific to your industry on a daily basis;

  • Hacking into our personal electronic devices and corporate networks.
  • The number of incidents of malware is expected to skyrocket in 2017
  • Misappropriation of intellectual property by the insider or from a hacker.
  • Malware from phishing scams, bogus websites, and even watching videos on-line.
  • Workplace Violence which can come from either internal or external sources, possibly from unexpected sources as well
  • Physical breaches also from innumerable sources including propping a door open ‘just this once’.
  • Fraud from vendors, employees in workers compensation claims, and customers

The worst part of this list is that it’s only a partial list. There are innumerable threats from both inside and outside the company which are exclusive to your industry whatever it may be. Whether it is physical harm or financial doesn’t really matter either, they have to be stopped or at least minimized.

Most of the lackadaisical attitude falls to the C-suite. Since they have to approve the budgets for the company, training gets cut ruthlessly because in most cases “It’s a waste of money and why should we train employees on those things, it’ll only clog their day and slow down productivity!” And before you say anything I have heard this excuse from more than a couple of C-suiters.

The C-suite doesn’t like losing money or when things just ‘suddenly’ pop up to ruin their day and the bottom line. The problem is that most of these issues can be limited if not prevented before they happen. That would lessen the impact on the bottom line but you can’t convince many people to spend resources on something that may or may not happen.

So the question becomes what I asked in the title, are you prepared? If not then you need to reassess how you ask for the necessary resources to train, train, train your employees. Whether they are security officers or other front line employees. They absolutely must be trained on security issues to a certain degree. Employees don’t need the same level of training as your officers but they still need it.

Employees need the basic training in security awareness with the backing of all other management including the C-suite. This training needs to be followed up on and if they break a basic tenet, i.e. leaving a door propped open.

The solution is to pick a training method most likely to be accepted by the officers/employees and implement it (KISS, videos, presentations, classroom, Socratic). Just remember the statistics above about how much they retain and how much they forget in a relatively short period of time. or Twitter: @robertsollars2

I May be Blind but my Vision is Crystal Clear

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s