There has never been closer integration between physical and logical security systems, so there has also never been greater importance when it comes to defining and maintaining the security culture within an organization.

Unfortunately, with increasingly complex security protocols required on a daily basis (and used by every employee), a security regime can easily become lax through apathy – which offers the perfect opportunity for potential intruders to take advantage. While security technology is rapidly evolving, it is essential that the team it protects do so as well.

It is vital that you maintain an effective security culture within a business or organization. Naturally the details will vary between organizations, but the common goal for all is to impress upon the team just how important security is. This will safeguard their jobs, the security of fellow workers and clients, and even in some cases, their personal safety.

All-inclusive Security Culture

In many organizations this will be a top-down approach – after all, if the company leaders don’t practice what they preach then why should the rest of the team? Human nature tends to shy away from complicated processes, especially if the benefits aren’t fully realized or explained.

An apparently trivial lapse of security protocols can have big and damaging real-world consequences

Clarity and honesty on the potential pitfalls and consequences of failing to secure the business can be a powerful tool in demonstrating the importance to the team. Legislation and legal ramifications, along with potential damage to the business in terms of reputation are all powerful messages.

Equally, for an organization in healthcare or education, the protection of vulnerable people is also an important security consideration. An apparently trivial lapse of security protocols can have big and damaging real-world consequences.

 Frequently Communicated Security Protocols

The ways to build up a good security culture are as individual as the organization it serves, but undoubtedly training and reminders are cornerstones of this. An important time to impart this to employees is when they join the organization, but equally it is vital to ensure the rest of the staff get a refresh on a regular basis too.

This could be in the form of regular emails or internal messages in whatever form the staff prefer to receive them. Regular refresh seminars or presentations can work particularly well for businesses that regularly meet together anyway.

It is important to ensure software protection is as tight as the physical security around your assets
Regular refresh seminars or presentations on an organization’s security regime can work particularly well for businesses that regularly meet together

Involving Team Members In The Security Regime

Another approach is to train key team members as evangelists who can then encourage their colleagues to follow best practice on a constant basis. The benefit here is that the team doesn’t just embrace the security regime when reminders are launched – they are encouraged to do so all the time. This makes potential failings less likely.

The logistics of all this are totally up to the organization and the way it works – but it’s important to stress that security is of concern for everyone in the business and needs to be approached in full unity.

Practical Steps To Enhance Security

Many practical steps are actually relatively simple to implement. Here are some seemingly obvious things to consider which often get overlooked:

  • Strong passwords – It is easily done – you choose a password which is either short or fairly obvious! Anyone who is trying to access secure systems or areas will undoubtedly try all the obvious passwords first. Worse still, it’s very easy to keep using the system default password. Choose a password which can’t be easily guessed and if possible add numbers or other characters to make it even tougher to crack.
  • Have a highly secure password adminInevitably people will forget their passwords from time to time so its sensible to nominate a highly trusted person or team to be able to access or renew these when needed.
  • Don’t write down passwords then leave them in full viewAgain this is easily done, but having all your passwords on a post-it note on your desk is not at all secure! If it must be written down, make sure it is hidden and locked away from prying eyes – or even leave yourself a coded reminder or question so the note is only useful to you.
  • Change passwords regularly – Using the same password for months, if not years, makes it much more likely to be stolen. Worryingly, you may not even have a warning if the intruder doesn’t use it immediately. Set a company-wide policy that passwords get changed on a regular basis and stick to it.
  • Maintain anti-virus and software updatesThese are tasks that can easily be overlooked, but it’s important to ensure software protection is as tight as the physical security around your assets.

Network Security Against Outside Devices

The Bring Your Own Device (BYOD) trend is another potential security worry. As a ‘back door’ for intruders, allowing staff to use their own devices, with unknown security and network access capabilities, is a potential headache. It’s important that strict security policies also cover BYOD components – and if this is not possible, it may be prudent to limit their access to your data and facilities.

It may seem ironic, but the more
complex security systems get,
the more important it is to
cover the basics

Even with mobile equipment belonging to your organization, the use of other Wi-Fi and open access networks can be an unknown quantity and potentially lead to insecure points in your security network. It may be the case that only encoded data should be passed across these networks. Again, limiting their use or the data that can be shared across them is a prudent measure in the security policy.

Covering Basic Security

It may seem ironic, but the more complex security systems get, the more important it is to cover the basics. There is no point having the most up-to-date systems in place only to let the whole thing down with an incomplete or lacking security policy in place.

When access control consisted of just a simple lock and key it would have made no sense to lock the door and then hang the key on the outside wall right next to it! This is what a poor security policy (or failure to follow it properly) boils down to.

Intruders will always look for that chink in the armor, so why make it easy for them?

Download PDF version

Author Profile

John Davies Managing Director, TDSi

John joined TDSi in 2003 when it was owned by Norbain SD Limited and led the management buyout in February 2005. TDSi manufactures electronic access control and integrated security systems. Export sales have grown from 25% of the business to 40+%.

In case you missed it

Intelligent Video Surveillance And Deep Learning Dominate MIPS 2018 Agenda
Intelligent Video Surveillance And Deep Learning Dominate MIPS 2018 Agenda

Milestone Systems is embracing artificial intelligence and deep learning in a big way at this week's yearly Milestone Community Days (MIPS 2018) in Las Vegas. The Danish company's theme is "Creating an Intelligent World," and Milestone's stated goal is to make "the Milestone community part of every surveillance installation in the world."   Science Fiction Becomes Reality In a presentation on opening day, Milestone CSMO Kenneth Hune Petersen pointed to the 2002 movie The Minority Report as highlighting a variety of gadgets and systems that seemed futuristic at the time but are now perfectly possible, and in some cases outdated. Movies have previously highlighted gadgets and systems that were futuristic, but are now perfectly possible, or outdated "If we dare to dream together we can make this a better world," says Petersen. "Through AI and machine learning, we can help define tomorrow. There's no doubt about it: There is a massive business opportunity for us in artificial intelligence." Despite all the talk about artificial intelligence, only about 0.5 percent of all the data in the world has currently been analyzed or used, says Peterson. "Our open platform technology is the foundation for intelligent video systems and our partners have the expertise and infrastructure needed to reach the next frontier in intelligent video solutions," said Bjørn Skou Eilertsen, Milestone Systems CTO. "Together, we can provide unlimited solutions for our customers." Deeper Integration And Broader Coverage Expanding the Milestone community this year has included the addition of 1,000 new models of supported hardware devices; there are currently more than 7,000 models supported. Milestone is also pursuing broader coverage of installations through their partners, with deeper integration of functionality, and by deepening existing relationships with customers. ‘Creating an intelligent world’ includes deep learning and lots of video systems, says Milestone at their annual conference Under new agreements, hardware partners such as Dell EMC and BCDVideo now provide XProtect Essential+ software pre-loaded on servers they sell. The focus at MIPS 2018 on AI included a presentation by Tanmay Bakshi, the "world's youngest IBM coder" and TED Talk speaker, at 14 years old. The prodigy, who has been coding since the age of 4, has worked with IBM and other companies on a variety of AI-related projects. Using deep learning with video is currently limited because so much video is unlabelled and unstructured In his MIPS 2018 keynote speech, Bakshi traced the development of AI through high-profile events, such as IBM's development of the "Watson" computer, which successfully competed on Jeopardy!, and Google's development of AlphaGo, a program that successfully plays the complex ancient board game, Go. Data Demands Deep-Learning Bakshi focused on security and healthcare as two disciplines where deep learning can potentially have a big impact. Using deep learning with video is currently limited because so much video is unlabeled and unstructured. Still, projections are that there will be a billion cameras worldwide by 2020, providing an over-abundance of data that demands the use of deep learning to make sense of it all. "There is a misconception that AI is meant to replace us, to make humans obsolete. AI is not replacing us. It is created by humans to amplify human skills. AI can reduce information overload to enable humans to work with the data more efficiently," said Bakshi. He suggested that AI is equivalent to IA; Bakshi's abbreviation meaning "intelligence augmented." Johnmichael O’Hare (left) of the Hartford Police Department, and Tanmay Bakshi (right) discusses key security issues of the modern day The ability to scale AI applications using "distributed deep learning" and graphics processing unit (GPU) hardware is paving the way for greater use of deep learning in video applications. Adam Scraba, Global Business Development Lead at NVIDIA, outlined the trends that are making the current "Big Bang" of deep learning possible. He said it is "the most exciting time in tech history," with "software that can write its own software" now among the tools that make previously unsolvable problems now solvable. AI-driven intelligent video analytics can now achieve "super-human" results, he said. An Intelligent World To Combat Crime Instead of sitting for hours staking out a suspected drug dealer alone, entire investigations now take hours instead of days A success story about the game-changing capabilities of video data was supplied by Hartford, Conn.'s Capital City Crime Center (C4). The Hartford police department uses video data in a "predictive policing" approach. They have created an "intelligent world with smart policing to combat drug trafficking," according to C4 Supervisor Johnmichael O'Hare of the Hartford Police Department. Instead of sitting for hours staking out a suspected drug dealer, for example, video of a site can be analyzed to determine areas with higher levels of foot traffic that indicate drug buys. The result is investigations that take hours instead of days. Hartford incorporates several technologies, including ShotSpotter gunshot detection, Briefcam video synopsis and other systems, all tied together using the Milestone platform. More than 700 attendees make MIPS 2018 the largest such event ever, and exhibits by around 60 Milestone partner companies attest to the continuing expansion of the Milestone community. [Main image:Tanmay Bakshi (left) and Johnmichael O’Hare of the Hartford Police Department (right) discuss key security issues of the modern day]

Has The Gap Closed Between Security Fiction And Security Reality?
Has The Gap Closed Between Security Fiction And Security Reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

How Moving To Security As A Service Benefits Both Providers And End Users
How Moving To Security As A Service Benefits Both Providers And End Users

The way we purchase services and products is changing. The traditional concept of buying and owning a product is giving way to the idea that it is possible to purchase the services it offers instead. This approach has come from the consumer realisation that it is the outcome that is important rather than the tools to achieve it. For example, this approach is evident with the rise of music streaming services as opposed to downloads or physical products.   With the physical security industry becoming ever more integrated – and truly open systems now a reality – there is every reason to assume this service-lead trend will come to dominate the way our industry interacts with its clients as well. Interest In Service-Based Security There is a significant change of mindset that the security industry needs to embrace before a large-scale move to Security as a Service can take place. Like many technology sectors in the past, security providers have focussed on ‘shifting boxes’ as their definitive sales model. This approach was especially prevalent when proprietary systems were the mainstay of the security industry. Essentially, if the customer wanted more services they simply bought a new product. This was a straightforward and economic sales approach for manufacturers and installers alike.The security industry needs to embrace a change of mindset before a move to SaaS can take place The flexibility of integrated and open technology has changed the way consumers view their purchase, so it shouldn’t be any surprise that there is increased interest in a service-based approach. Customer choice equates to a change of focus and interest, with physical products being eclipsed by the benefits of the overall solution. We have already seen these changes in other technology areas, notably with smart devices and general IT systems. Cloud-based services put the onus on the result rather than which device the user chooses. This approach is even starting to manifest in areas that couldn’t have been predicted in the past, such as the car industry for example. Consumers are focusing more on the overall costs and convenience of buying a car over the specific specification of the vehicle. Equally, urban dwellers don’t necessarily want the hassle and expense of owning and parking their own vehicle anymore. If you don’t use it every day, it can make more sense to rent a vehicle only when you travel beyond public transport. For these consumers the car has become a service item for a specific journey. Benefits For End Users At the heart of this approach is the simple equation that consumers have a need and suppliers need to provide the most cost-effective, and easiest, solution. At the same time, the security operator may not necessarily want to know (or care) what specification the system has, they just want it to perform the task as required.   By discussing with consumers, we can ensure we work even more closely with them to provide the expert support they need and deserve Most security buyers will identify the specific business needs and their budget to achieve this. This is where a service approach really comes into its own. Customers need expert advice on a solution for their requirements which takes away the stress of finding the right products/systems. In the past there was always a risk of purchasing an unsuitable solution, which could potentially be disastrous. The other issue was having to budget for a big capital expenditure for a large installation and then having to find further resources once an upgrade was due when systems went end of life. Most businesses find it far easier to pay a sensible monthly or annual fee that is predictable and can easily be budgeted for. A service model makes this far easier to achieve. Great Opportunities As well as the benefits for end users, there are considerable benefits for security providers too. Rather than simply ‘shifting boxes’ and enduring the inevitable sales peaks and toughs this creates; a service sales model allows manufacturers and installers to enjoy a more stable business model. You don’t have to win new business with every product, but rather sell ongoing services for a set period. Its highly likely that the whole security industry will start to take this approach over the next few years. Manufacturers are already well aware of this shift in customer expectations and are changing their approach to meet demands.There are major opportunities on offer in return for a change of perspective in the security industry With the service and leasing approach already firmly entrenched in other industries, this is well proven in a consumer market. The airline industry is a great example. Manufacturers understand that airlines need flexibility to upscale and downscale operations and therefore whole aircraft and even individual key components (such as engines or seating) can be leased as required. Using this approach, airlines can concentrate on what customers demand and not worry about the logistics of doing this. Manufacturers and leasing businesses provide assurances and guarantees of service time for aircraft and engines, taking care of the servicing and maintenance to ensure this delivery. This approach is just as well suited for the provision of security systems. Servicing The Future Security Market Undoubtedly there are major opportunities on offer in return for a change of perspective in the security industry. However, this will involve substantial changes in some quarters to ensure the business model is aligned with the market. Overall, the security industry needs to not only develop the right systems for the market, but also to deliver them in the right way as well. This will ensure we work even more closely with customers to provide the expert support they need and deserve.