Creating a *Culture* of Security

"Is security a 'mindset' at your company....or just a 'department'?"

So many business owners, large and small, have invested in what we traditionally call "security". They have (rightfully) invested in cameras and alarms, some in access controls, others in physical onsite (even armed) security officers, with larger companies investing in an actual security department. And of course today the same can be said for investments in cyber security with IT enhancements and professionals focused on cyber security issues.

But what is the mindset of your rank and file staff -- your people? You, your people, and your company are only as "secure" as your weakest link. The employee with a gambling problem that can potentially find themselves owing the wrong people and handing over sensitive internal data; the employee with an alcohol or drug addiction that can lead to onsite incidents of irrational (or violent) behavior; the employee keeping that domestic violence situation at home a secret until it shows up at work hurting them or others; the employee with some type of unusual fetish caught (unknown to him or her) on film now compromised in a blackmail scenario turning over vital data to outside parties or competitors. These are "the employees" that can make all the previously mentioned security measures a moot point. Think about that -- thousands if not tens of thousands of dollars invested in security -- all for nothing.

Creating a true *culture* of security translates into an all-out, full-court press to empower every single employee with the knowledge, ability, and discernment to see potential vulnerabilities and situations before they escalate (onsite or offsite) into work related liabilities or tragedies. But this entails addressing issues -- personal as well as professional issues -- that most employers would feel highly uncomfortable (if not ill-prepared) to address with their own people. Those very issues are what pose your company its greatest potential liabilities, simply because they are *unknowns* to you, and we all know "it's what you don't know that can hurt you."

Addressing such issues opens lines of communication where employees feel more comfortable divulging their issues with others, whether fellow employees or (hopefully) management. Most do not do so as they feel their shortcomings, mistakes, or similar will result in their perceived weakness if not termination. Who wants that? So their secrets fester until they manifest in the various liabilities mentioned above, if not others. And situations that can hurt your company are not always related to an employee becoming a "victim". What happens, if instead, one of your employees becomes the perpetrator of the crime?

There are two major benefits to such a proactive educational approach: (1) it helps keep your employees out of the emergency room, and (2) it helps keep you, their employer, out of the court room and/or the news room. Risk management is concerned with keeping people safe, but reputation management is concerned with keeping your public perception safe. Either can affect the other, positively or negatively, impacting your bottom line.

Working with a company who understands these dynamics is essential in developing a true *culture* of security -- or you can just have a Security Department. Your choice.

I know someone who can help.