Strong physical security in the workplace protects sensitive data, inventory, trade secrets and employees’ safety. Failure to implement or consistently follow proper security measures, can put your employees, your clients and your organization’s intellectual property in danger.
Developing a program of security breach drills can help you identify risks in your organization and test employees on security procedures. Use our tips below to get started.
Download our eBook to learn how case management software can help you conduct security breach drills and manage security incidents more effectively.
Developing Your Security Breach Drill Program
In order to develop the best security breach drill program for your organization, assess your current physical security risks and procedures.
Security vulnerabilities might include:
- Entry door access
- Secure area access
- Video coverage
- Employee error
Conduct Risk and Threat Assessments
The first step in designing your program is to identify risks your organization already faces. This way, you can test your current security procedures’ effectiveness while uncovering unknown risks at the same time.
Identify potential security threats, calculate their likelihood and threat level, then determine potential consequences of each one. Read more about how to conduct a risk assessment here.
Launch a Security Committee
Select a security committee with employees from different departments and levels. Together, they can discuss the risk assessments and design security breach drills to test those risks. In addition, the committee should meet after each drill, analyzing its outcome to offer suggestions for changes to security policies and procedures.
Security Breach Drill Examples
Once you’ve determined the security procedures and areas of risk you want to test, you can plan out which security breach drills to run and when. Some example drills include:
- Send a visitor (vendor, client, etc.) who has accessed your workplace before into the building. Have them try to bypass security by saying they’ve been there previously and see how far they can get.
- Hire someone to fake an employee or visitor ID badge to try to access secure areas.
- Have a former employee try to use their credentials (computer login, passcode) to access secure areas and devices.
- Walk around your workplace to test security cameras. This will show low-visibility areas and test the image quality.
- Stage a physical security incident to test employees on detection and reporting procedures.
During security breach drills and when real incidents occur, use our security incident report template to streamline your record-keeping.
Following Up After Security Breach Drills
After you’ve developed your security breach program and run a few drills, analyze the results and what they mean for your organization’s security.
Write an Incident Response Plan
Should a real security incident occur, employees need to know their roles and responsibilities. If you don’t have an incident response plan, write one.
If you do, make sure it’s up-to-date and make changes and clarifications that are needed after the security breach drills. For instance, if employees were unclear about the time limit on reporting an incident, make it clear in the new version of your incident response plan.
While your organization probably already has security training in place, you may need to amp it up. Security breach drills will reveal what policies and procedures employees aren’t following and need to be reminded of.
In addition, touch on unintentionally risky employee behaviors that could threaten the organization’s security, such as leaving an access card out on their desk during a bathroom break.
Establish a Corporate Security Culture
Creating a culture of security in your organization decreases your chances of security breaches. Write a strong corporate security policy with measures that help you comply with laws as well as your workplace’s unique concerns.
Your policy should include a security breach drill schedule or plan and regular, mandatory security training. Stress that you have zero tolerance for breaking the policy.
Finally, encourage management to set the tone at the top by practicing good security habits. John N. Stewart, Senior Vice President and Chief Security and Trust Officer at Cisco, says, “When security isn’t made a priority at the executive level, I believe it is less likely to be successful. If an organization’s leadership does not set the right tone, security posture will struggle.”
Use Case Management Software
Case management software makes managing security incidents (or mock ones that come up during security breach drills) easier and more effective.
Use a case management solution that integrates with hotlines, webforms or email-to-case systems to ensure you capture incidents of every size and type.
In addition, make sure your system has powerful reporting capabilities that help you spot areas of risk and incident trends using charts, graphs and maps. When you can sort security issues by location, department and type, you’ll detect problems earlier and prevent future incidents.