Risk Assessment Guide - Advice-01a

Practical Risk Assessment Guidelines

The following practical guidelines have evolved from years of loss analysis experience. Some may seem elementary and obvious, all however are easily overlooked when pressure situations demand instant action. The list is in no particular order and is not exhaustive however it represents the basic principles upon which a sound and effective security strategy and implementation can be formed.

Education

Every organisation should ideally publish its security policy guidelines to its employees and ensure that staff are appropriately trained and educated in security matters.

Don`t Advertise Valuables

Don`t advertise to people outside of the organisation that there are valuable assets that might be stolen. Many computer thefts, for example, are stolen to order. Intelligence on the type and location of equipment within a companies premises having been preveiously determined.

A real-world example is a company sign for a Print & Design company displayed proudly on their building. This is likely to attract thieves who will undoubtedly identify the business as heavy users of "State of the Art Computing" equipment that has resale value. A helpful secretary telling a would be computer maintenance company that there are only 10 PCs on site could be providing invaluable information to a bogus company who are in reality organised thieves. Packaging from new equipment left in a skip outside of the premises could alert thieves to the fact that new PCs, laptops or printers have been delivered!

Keep Your Security Simple

The more complex you make your security measure the more there is to go wrong. Always strive for simplicity and efficiency.

Identify Weak Points and Bolster Security

There are always some areas and aspects of an organisation’s security that are weaker than others. For example, damaged perimeter fencing, low quality window and door locks or poor data security. When conducting a security audit, focus on areas of vulnerability.

Implement Long Term Security

Security systems and solutions are constantly evolving and modern technologies such as wifi connectivity and low cost CCTV systems make sophisticated security systems within reach of even the lowest security budgets. When selecting a security product ensure your choice of solutions are interchangeable and upgradable wherever possible.

Layered Security

A layered approach to security, introducing a number of obstacles to be overcome sequentially by the criminal rather than relying on a single security measure, will be more effective in operation and cheaper to implement.

Continuously Review Security

Security is an integral aspect ofRisk Management. The outcome of any security review is a matter of best opinion at that particular moment in time, based upon the expertise and collective knowledge of the advisers and the technical solutions currently available. Security measures should therefore be kept under continuous review and upgraded as new risks are perceived or new, improved security solutions become available.

Recognise Security Limitations

There are no absolute guarantees that the security measures introduced to combat known vulnerabilities will prevent all forms of attack. Criminals are continuously coming up with new and ingenious ways to overcome security barriers.

Combine Security Precautions

A balanced mix of physical security measures, together with intruder detection, simple internal access denial or localised / area tracking that does not interfere with day to day business operations, is usually best. This is the area of expertise where your consultant or technical adviser is best placed to guide you in achieving that balance within a viable budget.

Get Staff Commitment

The ultimate success of any security measure depends on the commitment of individuals to make it work. Measures should be documented, must be practical in day to day operation and be understood as appropriate by security and other staff.

Consider Costs and Limitations

When selecting a security solution it is important to understand its limitations as well as its strengths and also to understand the full implications and cost of implementing it. For example, installing a simple CCTV monitoring / recording system could cost less than £2,000 and be achieved in just a few hours. In some circumstances however employees may view such a system as "Big Brotherish" and employee / management relations could be suffer unless the implementation is properly and sensitively managed. Financially, whilst initially the £2,000 price tag may seem attractive, the real cost of the system must also take into account maintenance and running costs which may include staff costs to monitor the camera images and react to suspect events.

Carefully Consider Security Products

Good product design and tactile feel are often good indicators to follow when impulse buying or shopping for an effective security solution.

Time is a Thief`s Worst Enemy

Remember, Time is the thief`s worst enemy. Once a thief has been detected and triggered an alarm time is not on their side. However, if they can remain undetected this will give them time to work on overcoming security precautions. 

Minimise Risk of Business Interruption

Business interruption is a serious issue for any company and is an essential consideration for any risk analysis programme. It can occur as a result of Fire, Theft (e.g. computer theft), computer failure, data breaches and much more. Statistically over 60% of companies that suffer interruption (from whatever cause) for more than a week or so fail within 18 months of the event.

Ensure Adequate and Appropriate Insurance

Insurance is essential to any business and should cover all perceived risks (including consequential loss) adequately to ensure the continued survival of the company. Careful attention must be paid to meeting insurers specifications where special requirements are stipulated. For example, door locks may need to conform to a particular specification, computing equipment of over a certain value may need to be physically secured to a desk or floor to be insured against theft and there may be other requirements specific to your organisation. Uninsured Losses are another major reason that many companies fail.

Consider Equipment Away from Base

Goods in transit or items such as laptop computers, smart phones and other devices which are frequently used by staff whilst offsite or working from home should also be considered for risk analysis purposes.

Protect Against Malicious Damage

Malicious damage is a major threat to your business and another aspect that must be considered. Damage might be caused by vandalism, by arsonists, by malicious attacks on your computer system or simply by children climbing onto your rooftops, equipment or fences. Identify areas of risk and take steps to protect your property.

We hope that information provided here will help in your fight against crime and assist you to make the most of your security budget. The friendly Insight-Security Help Desk team are always pleased to discuss your security issues & requirements and offer free advice and information on the many security options available today. We look forward to being of assistance.

Help Desk tel: 01273 475500

click here to return to;
Advice & Solution Finder index page