Making the case for security
Many security managers can say they’ve had headaches over this issue. And most consultants will say the same thing. It’s hard to convince the c-suite to spend the necessary money to increase security in their facility.
In some cases it may be justified. Non-profit organizations or small businesses may not have the financial resources to spend hundreds, much less the thousands often recommended, of dollars to increase security, because no inexpensive (but reasonable) choices are offered, especially to a non-profit. Most figure that it CHH, it Can’t Happen Here.
But here are a few tips that you may be able to utilize in presenting your case to them. And these are only a starting point for any discussion for increasing security, especially if you’re either working for or consulting with a non-profit. Hopefully, you can convince them to spend or adopt changes without resorting to dramatics or anger, on either side.
Points to Cover:
• An organization is only as strong as its weakest link i.e. locks, lighting, people, or similar
• Emphasize the importance of never having the attitude of ‘Just this once’ in opening doors and etc.
• Prepare, preferably in your industry, a list of recent incidents in your area.
• Show them that a tightening budget will restrict how safe the facility & employees will be.
Again a list of recent incidents may be a good start, if possible
• Utilize all necessary statistics for crime both nationwide and locally. Use the statistics for workplace violence, theft, fraud, burglary, and others against businesses
• At the same time as the statistics list the methods used to perpetrate these crimes, hopefully some of them will fall into what you’re proposing
• No one solution will solve your issues – not technology, personnel, or hardware
Show them how training your employees in security awareness, emphasizing what can happen if not followed. Use a worst case scenario to further emphasize the facts
• Inform them of the rule of less privilege can, and will, decrease the chances of either a computer hack or barrier breach
• Show them of the wisdom of restricted access control and the differing levels of access control
• List and show them your observations to all security areas, even if they cross over to inventory control, shipping, HR, garbage, as well as computers and other items
• Show them how they have to be involved to gain acceptance of the security plan to the employees
Keep in mind, as I stated above, you have to use these points as a place to start. You need to develop your own list and expand it out to fit your organization or business. As I always do, I’m giving you enough to get you started on this project and not much else, mainly because what I think is important won’t be to you.
What you also have to do is avoid an old trap. “I’m the security manager and I know what’s best for security here. Why can’t you trust me and do what I ask/give me what I ask for?” All this is going to do, in most cases, is cause the c-suite to not trust you. Or worse just dismiss you out of hand for being unrealistic.
Another thing you have to remember is that the c-suite may not recognize the numbers you present. For the most part they are concerned with P & L statements, projections for revenue, orders/shipping of same in the next quarter, and the general overall bottom line. YOU are a cost center and not a profit center. Therefore you need to convince them that you are a profit center and not just a cost center. How do you do that?
You show them that by implementing your changes, whether they are policies, procedures, additions to costs, or whatever, that you will save them money in the long run. Be prepared to show them what the return on investment will be (ROI).
Will these always work? No, but they are a start. And you’ll notice one word consistent throughout this post and you must utilize it as much as possible. SHOW THEM. If they can see it and not just hear it, it may well convince them faster. Use your salesmanship, not to mention your showmanship, and soft sell the C-suite on your plans. It won’t be easy but it’s better than having an incident and then over spending on items you don’t need.
Robert D. Sollars is a recognized expert on workplace violence prevention and other security issues. With numerous interviews, blogs, articles, and 2 books he has proven himself in the security arena for more than 32 years, and 24 studying workplace violence issues.
His latest book ‘one is too Many: Recognizing & Preventing Workplace violence is available for numerous e-book formats. It helps all organizations to reduce their risk and limit their liability of an incident. And it does this by breaking the rules in several ways, as well as following conventional wisdom in others.
He utilizes his years of field knowledge to give real life examples of incidents pulled from both his own experiences and the news headlines. Contact him at 480-251-5197 or Visit his Facebook page http://www.facebook.com/oneistoomany, Here you will see and read about other items related to WPV/SV as well as incidents you may not have heard or thought about.