Managing Modern Risks in Access Control and Identification
As evidenced in this year’s Security 500 report, today’s leading organizations have understood that they cannot operate without Security’s participation. They see the security program as a value advantage. And security leaders, in turn, are creating value across the entire organization and “taming their risk tiger.”
Facility access control and identification plays a key role in risk mitigation. In both the physical and virtual world, controlling who and what gains access into buildings and systems is strategic to risk reduction and the value-added model. However, risk reduction and valued-added programming is not easy to accomplish.
As we have seen, all industries have had to deal with violence in the workplace. Recent events demonstrate the continued need to evaluate access control and identification in order to reduce the potential for violence. For example, recently a student was shot and critically wounded on the first day of classes at a Baltimore County high school. The school had to be evacuated, moving students to a nearby shopping center and middle school. Another example: a disgruntled employee who worked at an import company within the Empire State Building in New York City, fired a year prior, entered his past employer’s business and killed his ex-boss. The assailant was killed by police in the streets of New York City while fleeing from the Empire State Building. Just over a month later, five people were killed and four others were injured after a shooter opened fire inside a sign company in Minneapolis.
Security leaders not only have to deal with workplace violence, but social unrest as well. Many companies were caught off guard by the “Occupy Wall Street” movement that occurred in many cities as well as venues across the globe since early 2011. The movement, however small, still exists today – creating an access control and identification nightmare for organizations targeted by this group.
Violence also occurs in the corporate virtual world. A study by the Verizon RISK Team, titled 2012 Data Breach Investigations Report, stated that in 2011 the online world was filled with data breaches where the theft of corporate and personal information was a priority. The report documented 855 incidents of corporate data theft and 174 million compromised records.
Property crime and fraud continued to be a problem for organizations, again looking at access control and identification to key areas of an organization and its systems. According to the 2012 National Crime Victimization Survey(NCVS) by the Bureau of Justice Statistics, more than 1 in 10 property crimes, including motor vehicle theft and property theft, occur in parking lots or garages. The 2012 Report to the Nation on Occupational Fraudand Abusesurvey indicates that a typical organization lost five percent of its revenues to fraud in 2011. Applied to the 2011 Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion. The median loss caused by the occupational fraud was $140,000. More than one-fifth of these cases created losses of at least $1 million. Financial statement fraud schemes made up just eight percent of the cases in our study, but caused the greatest median loss of $1 million. Corruption schemes fell in the middle, occurring in more than one-third of reported cases and causing a median loss of $250,000.
From workplace violence to civil unrest, to property crime and fraud, corporations need to continuously assess risk and implement processes that reduce incidents and provide real value to the corporation. Formulating a program in access control and identification helps to reduce the risks and, when implemented properly, can add real value to the organization and its employees and stakeholders.
Corporate security continues to succeed when it evaluates and improves access control and identification programs in order to ensure it is providing the best possible security and value to the organization. Practices in access control and identification should be ingrained within the organization from the C-suite on down so that that employees and visitors are well protected and feel secure within their workplace.
This article was previously published in the print edition as "Grabbing the Access Control and Identification Tiger by the Tail."