Take Me To Your Leader

Space aliens, at least in B-movies of the 1950’s, immediately order the first person encountered to, “Take me to your leader.” Of course, you have to wonder how an alien smart enough to fly across the galaxy could not have figured out how to land on the south lawn of the White House.

"Take me to your leader."

Even so, these slightly wayward aliens may be on to something. After all, the best way to get something done is to ask the person with the authority to make any necessary decisions. Sales people stress the need to ‘sell’ to the decision-maker – anyone else is a waste of time. Even so-called customer service centers have figured this out. They avoid actually solving customer problems by making sure the leaders who can make a decision are never available. Try it. Call with a complaint and ask to speak to a supervisor – they are always in a meeting and not available so you get the promise of a call back, which never happens. No matter the perspective, alien, customer service or sales, leadership matters. It is every bit as important when it comes to protecting a business as well.

When it comes to security, many companies have no leadership. The end result, as you would expect, is a disjointed and unfocused security program at best, or worse, no security at all.

Many businesses may not be large enough to justify a full-time security leader. That does not mean then that there should be no leader. It may be a collateral, or side, duty of another leader in the business. For example, the facility director may be assigned security leader functions as well.

This leadership should be identified in the job description and included in any future job postings. Be sure to tie the role to a clearly identified position rather than one individual. If that person leaves, there may be confusion about who will take over. For many organizations, there will be even more confusion on what those security duties are.

By identifying a leader, you provide focus and direction. There is also one person responsible for security decisions. The security leader becomes the primary focal point and can work with other leaders to coordinate security concerns. For example, it may be necessary to coordinate the issuance of keys with HR and maintenance departments. This ensures that employees have the appropriate access that they need to do their job.

So who should be the security leader? First, it should be someone with a direct reporting relationship to the c-suite. This ensures the right level of authority to act if there is a serious safety issue or concern. 

Second, if it is a collateral duty, the primary role of the leader should overlap the security role. This could vary on the type of business industry or specific needs. Security can be found in a broad range of company functions. It may fall under legal, human resources, facilities or operations. If your company is focused on physical security of the buildings, the best fit may be facilities. However, if the focus is on protecting employees then HR may be the best fit. If compliance or regulatory requirements are the focus, the legal department is the better option.

Security is truly inter-related into so many areas, the best fit may be director of operations. For many companies, operations covers or works with other departments and security may be a perfect complement.

Make sure that your business has a security leader. This is the only way to have a cohesive protection program that keeps employees and visitors safe, protects vital assets and reduce losses. And any visiting space aliens will know where to go with any security questions.

For more ideas on how to protect your business, check out Workplace Security Essentials. For a limited time, the publisher is offering 25% off the cover price so act now.

-------

Get a Business Black Belt for your organization – visit www.businesskarate.com/karate-belts.

Learn self-defense for your business with Eric Smith’s new book, Workplace Security Essentials! Every aspect of protecting a workplace is compared to a self-defense skill taught to budding karate students, all in a practical and entertaining style, drawing on Eric’s law enforcement and security experience.

Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email Eric at businesskarate dot com.

Will the Real CSO Please Stand Up?

               Many large organizations are beginning to add the position of chief security officer (CSO) to the C-suite.  This is great news as it highlights the benefits and importance of a well-designed security unit as a business function.  However, some recent trends suggest that some organizations still may misunderstand the impact and role of security.

               One tendency is to combine information technology (IT) security functions under the same umbrella as more traditional or physical security management.  Just because both use the word security does not mean the same skills, experiences or knowledge are involved.  A CISO (chief information security officer) faces true threats, but ones that are very different from a security management perspective.  Hackers, firewalls, database protection are more the focus, compared to burglars, cameras and employee theft.  A leader with extensive experience blocking cyber attacks from overseas may not have the background or expertise to plan for executive protection overseas or to conduct an internal investigation.

               If you look at the ways IT security and physical security go about protecting an enterprise, you will see that the talents, know-how and abilities are very different.  Both roles are focused on protection, but in very different ways.  Both have grown up as separate industries, each with their own professional organizations and professional certifications.  Even some terms may be similar such as risk assessments or threat analysis and again the meanings vary. 

               Threat assessment for a physical security leader is the process of reviewing threats of violence against a facility or individuals as compared to an analysis of malware and hacking attempts.

               As companies become more reliant on technology there is an increasing need for information security and physical/environmental security to partner together.  Security software systems tied to the Internet may need to be set up in conjunction with IT to ensure that any risks of unauthorized access are minimized.  At the same time, IT should not be selecting the systems based solely on what works best for the network or any applicable databases, switches, encoders etc.  IT may not understand the needs or expectations with the system by those depending on it.

               A former law enforcement officer may know a lot about loss prevention, handling investigations or crime prevention, but be completely lost when it comes to SSL certificates, VPN and database encryption.  On the flipside, an information system manager may be an expert with SQL databases or programming in C++, but not understand criminal law, the warning signs of violent behavior or the force continuum for security personnel.

               So which background makes for the best CSO?  The answer will depend on the organization.  Ideally, there should be a CISO and a CSO to work in tandem with each other and with other business units for the best level of protection.

               If there is only one CSO, careful thought should be given to the job functions.  In this case, it is highly unlikely that one person will have the necessary background for all the job description.  Then the real CSO should be the leader who demonstrates the ability to develop teams and cultivate enough understanding to manage both info security and physical security challenges.

               Perhaps the single most important skill set is the understanding of human behavior; specifically, an in-depth understanding of the criminal mindset and its ability to exploit vulnerabilities in both the virtual and real worlds.

Have you wondered how to deal with an aggressive employee or phone threats against a staff member?  Do you have the security system you should?  Are you worried about how your business would handle an emergency situation?  There are lots of worries as a leader in your organization.  Security risks do not have to be one of them. 

Get solutions to your questions.  Contact eric@businesskarate.com.