Access Management

Managing Modern Risks in Access Control and Identification

As evidenced in this year’s Security 500 report, today’s leading organizations have understood that they cannot operate without Security’s participation. They see the security program as a value advantage. And security leaders, in turn, are creating value across the entire organization and “taming their risk tiger.”

Facility access control and identification plays a key role in risk mitigation. In both the physical and virtual world, controlling who and what gains access into buildings and systems is strategic to risk reduction and the value-added model. However, risk reduction and valued-added programming is not easy to accomplish.

As we have seen, all industries have had to deal with violence in the workplace. Recent events demonstrate the continued need to evaluate access control and identification in order to reduce the potential for violence. For example, recently a student was shot and critically wounded on the first day of classes at a Baltimore County high school. The school had to be evacuated, moving students to a nearby shopping center and middle school. Another example: a disgruntled employee who worked at an import company within the Empire State Building in New York City, fired a year prior, entered his past employer’s business and killed his ex-boss. The assailant was killed by police in the streets of New York City while fleeing from the Empire State Building. Just over a month later, five people were killed and four others were injured after a shooter opened fire inside a sign company in Minneapolis.

Security leaders not only have to deal with workplace violence, but social unrest as well. Many companies were caught off guard by the “Occupy Wall Street” movement that occurred in many cities as well as venues across the globe since early 2011. The movement, however small, still exists today – creating an access control and identification nightmare for organizations targeted by this group.

Violence also occurs in the corporate virtual world. A study by the Verizon RISK Team, titled 2012 Data Breach Investigations Report, stated that in 2011 the online world was filled with data breaches where the theft of corporate and personal information was a priority. The report documented 855 incidents of corporate data theft and 174 million compromised records.

Property crime and fraud continued to be a problem for organizations, again looking at access control and identification to key areas of an organization and its systems. According to the 2012 National Crime Victimization Survey(NCVS) by the Bureau of Justice Statistics, more than 1 in 10 property crimes, including motor vehicle theft and property theft, occur in parking lots or garages. The 2012 Report to the Nation on Occupational Fraudand Abusesurvey indicates that a typical organization lost five percent of its revenues to fraud in 2011. Applied to the 2011 Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion. The median loss caused by the occupational fraud was $140,000. More than one-fifth of these cases created losses of at least $1 million. Financial statement fraud schemes made up just eight percent of the cases in our study, but caused the greatest median loss of $1 million. Corruption schemes fell in the middle, occurring in more than one-third of reported cases and causing a median loss of $250,000.

From workplace violence to civil unrest, to property crime and fraud, corporations need to continuously assess risk and implement processes that reduce incidents and provide real value to the corporation. Formulating a program in access control and identification helps to reduce the risks and, when implemented properly, can add real value to the organization and its employees and stakeholders.

Corporate security continues to succeed when it evaluates and improves access control and identification programs in order to ensure it is providing the best possible security and value to the organization. Practices in access control and identification should be ingrained within the organization from the C-suite on down so that that employees and visitors are well protected and feel secure within their workplace.

This article was previously published in the print edition as "Grabbing the Access Control and Identification Tiger by the Tail."

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bernard J. Scaglione, CPP, CHPA, CHSP is the Director of Healthcare Security Services for G4S Secure Solutions. He has 30 years of experience in the healthcare security field including a Master’s Degree from Rutgers University School of Criminal Justice in New Jersey. Ben currently serves on the Board of the International Association for Healthcare Security and Safety (IAHSS). He served on IAHSS Education Council from 2005 until 2011. Ben is past Chairman of the ASIS International Healthcare Council and the Past President of the New York City Metropolitan Healthcare Safety and Security Directors Association. He has been a columnist for Security Magazine and contributing author for the Journal of Healthcare Protection Management. Ben was an adjunct faculty member at Pratt Institute in New York teaching engineers and architects in physical security. He taught at Interboro Institute in New York and at New Jersey City University. He was also an instructor at John Jay College Peace Officer Academy.