Why Building Owners Need Risk Assessments

In September 2021, ISSA, the leading association for the professional cleaning industry, announced they were teaming up with IFMA, the International Facility Management Association. According to a news story released at the time, the partnership's goal is "to best serve the global cleaning and facility management industries."

For those not familiar with IFMA, it was started in 1980. Its purpose was to help professionalize the facility management industry and help facility managers maintain their facilities in a clean, healthy, and safe manner.

As with every organization, IFMA has had to evolve as the needs of their members has changed. One issue they are now grappling with, which was not even a consideration in 1980, is cybersecurity.

But it's not just cybersecurity that has evolved into a very significant concern since the organization's founding. There is a much bigger issue in place here.

Today, facilities need much more than a lock on the door, an alarm system, or a security guard. Today, they need their entire properties evaluated for safety and protection against a variety of different threats.?

?In the professional security industry, accomplishing this requires what is typically referred to as a "risk assessment." As we shall see, in addition to helping to prevent cyberattacks, a professional and thorough risk assessment can also help facility managers and business owners avoid – or at least minimize- the chances of a break-in, workplace violence, a cyberattack, even a terrorist attack.

What is a Risk Assessment?

Let's start with a definition.?A professionally conducted risk assessment can be defined as follows:

A detailed examination of one or more facilities, looking for vulnerabilities that could allow people or property to be harmed. A thorough and professional risk assessment helps identify these risks and then suggests ways to minimize or eliminate them in a systematic and prioritized way.

One of the first things a risk assessment investigates is access control.?Who has permission to access a facility and its data??For those of us that remember, before 9/11, most office buildings were wide-open.?In most cases, anyone could walk in at just about any time, potentially putting people, places, and information at risk.

That openness ended after 9/11.?After that event, building workers were required to wear badges and have access cards to enter the facility and their offices. Visitors often had to "sign-in" with entry personnel and may be asked to carry a temporary badge.

But now, in a post-COVID world. A risk assessment may suggest going much further. These old access control systems should be replaced with smartphones that allow people to electronically enter facilities, biometrics (physical identifiers and recognition systems), and touchless readers.?Touchless readers and the other systems just referenced allow for "hands-free" access to facilities and offices—something we need in a post-COVID world.

Risk Assessments and Cybersecurity

As to cybersecurity specifically, the pandemic allowed many unsavory characters plenty of time to think up new ways to secure (steal) data from an organization, harm people, or compromise facilities.?They were aided by the fact that many cybersecurity systems were in place before the pandemic.?They were designed assuming workers would be working in a facility.?

When most of us started working from home, an unforeseen opportunity was provided hackers. This was likely why ransomware attacks spiked by 150 percent in 2020, according to Help Net Security, and why Wired magazine reported in late December 2020, "the pandemic created…digital risks and cybersecurity woes," for all types of organizations and governments, "generating new fodder for criminals to launch extortion attempts and scams."

Cybersecurity is a growing concern for organizations worldwide.?A risk assessment will investigate new technologies and new ways to "tighten networks" and prevent intrusion, whether staff work in their offices or at home. ?An effective risk assessment will also find ways to help ensure office as well as remote workers can interface freely and securely with corporate databases and information sources.

Conducting a Risk Assessment

A facility risk assessment can involve many different things, from access control to the technology and data systems used in the facility.??Not all facilities need the same risk assessments. However, in general, a risk assessment will investigate and report on the following:

Site information:?If a facility is in a high crime area, which increase the chances of burglaries, vandalism, even street unrest.

Site location. Is the facility on a busy street??Near a busy freeway or roadway??If so, if emergency personnel are called, it may take considerably more time than typical to reach the location.

Site appearance. Unkempt or neglected facilities tend to attract more security risks.?

Site weak spots. In some cases, a risk assessment uses drones to look for weak spots in, for instance, a suburban or remote facility.??Airports often use drones to look for areas where someone could get on a runway or breach building security.

?Site lighting/camera. Is the property well-light at night??A risk assessment often finds dark areas that can become vulnerable to break-in. Additionally, high definition "smart" cameras may be recommended as well as "zero-light" camera systems. ?Smart cameras are triggered by movement. Zero-light cameras can take clear images day or night.?Both improve facility security.

Finally, an effective risk assessment involves two more very crucial things. It must help facility managers and building owners ensure a crisis communication system is in place.

Managers need to know whom they must call and what steps they must take in case of an emergency. Acting promptly, quickly, and properly in a crisis can protect people and property assets. ?This also helps decrease the likelihood of lawsuits, job loss, profit loss, fractured employee morale, and loss of trust an organization or facility may experience if an unfortunate incident should occur.

Additionally, facility managers and building owners must realize that ensure the safety of people, places, and data is an ongoing journey.?We referenced this earlier. Things change and evolve.?Many of the security issues we have discussed here were not issues in 1980, when IFMA was created. Because of this, managers and owners are urged to conduct risk assessments every three to five years. Crime, criminal activity, and risks evolve.?We have to be one step ahead of them.

Johnathan Tal is CEO of TAL Global.?Based in Silicon Valley, TAL Global is a leading risk management, security consulting, and investigative agency serving clients all over the world.?The company has a large client base, with a focus on the High-Tech, Hospitality, Manufacturing and Financial industries.?He can be reached through his company website at?www.talglobal.com ?

?