While the cybersecurity landscape changes daily, physical security risk mitigation demands constant assessment, too. Small- and medium-sized business (SMB) owners have been challenged by the COVID-19 pandemic regulations, shutdowns and protocols, as well as crimes due to looting, protests and social unrest over the past two years. However, lessons learned from many business leaders in this sector can provide hopeful insights for the future and some tried-and-true best practices to keep employees and assets safe.
Physical Security Planning for the Future
One of the pain points for many SMBs, particularly when it comes to security technology, is price. Because security technology changes rapidly, not only must the technology fit into an SMB’s budget, but scale must be part of any buying decision to make sense. For a small business, cost and desired level of physical security often seem out of reach.
Yet, while it may seem counterintuitive, investing in solid security upfront that targets the business’ risk profile will pay off in the long run.
“You want to buy something you can grow with,” advises Kathleen Smith, former Vice President of Security for Safeway-Albertsons grocery stores. “You don’t want to get stuck with one system because tomorrow it’s going to change.”
Smith says enlisting outside assistance from a trusted source who isn’t invested in selling you something helps. “Equipment companies are there to sell,” she says. “They can sell you the Cadillac when the Chevy will do.”
A scaled approach to planning can encourage stakeholder buy-in. But Smith recommends security leaders plan their technology approach as carefully as possible before asking for a piece of the budget. “You have to communicate in business language, not security speak. Explain that there will be a return on investment in X amount of time.”
Regina Lester, Director of Security at the Toledo Zoo, agrees. “You need to show [stakeholders] the value,” she says. “Remind them that security may not generate revenue, but is definitely involved with day-to-day revenue because we’re helping to ensure that people on the property have a positive experience.”
Lester says a proactive mindset allows security leaders to ease stakeholders into transitioning to an updated security system or new risk mitigation measures a little at a time. “Plan carefully to ensure you get the most bang for your buck. Replace [old equipment] on an as-needed basis, if you can.”
Layered SMB Security Solutions
Keith Aubele, President and CEO of Nav1gate Group, encourages security professionals to think in terms of layers. “You start from a global perspective. The building and surrounding land, parking, ingress and egress points. You create security barriers there which may include security fences, gates, access control, cameras, security patrol officers and so on. Then you move into the building and identify the gaps that exist there,” he continues. “It could be that there are not enough cameras or analytics, or improper analytics, inefficient locks and key controls, inadequate fixtures, security personnel or alarms, among other things.”
Lester says the Toledo Zoo’s layered security configuration has kept the property safe for her nearly 10-year tenure at the zoo. “It works 100% because even if the perimeter is breached, there’s the next layer and the next layer for an intruder to have to get through.”
When planning a layered security approach, protecting the perimeter is an obvious place to start, and there are a wide range of options for SMBs. Camera capabilities to consider include weather- and vandal-resistant features, adequate storage for replay, higher resolutions, infrared technology, motion detection and analytics, all of which can increase surveillance effectiveness and add to the return on investment.
Placing cameras outside and inside a building supplies an extra layer of protection. Donovan Kelley, Infrastructure and Security Manager at McNICHOLS CO., says, “You want [cameras] placed in sensitive areas like data closets.” He also recommends frequent assessments to fix blind spots and camera shifting.
But Steve Georgas, CPP, Security and Executive Consultant at Geo Security and Investigations, cautions business owners from becoming too camera-complacent. He says that while cameras are useful after an incident in identifying perpetrators or keeping slip-and-fall victims honest, they don’t necessarily keep people from breaching a property. “We used to say cameras were a deterrent, but the reality is that people are bolder.”
Aubele says SMBs can incorporate analytic capabilities into their video surveillance system either on the camera’s edge or as a stand-alone platform to address an incident before it happens.
“Mass gatherings, queuing, loitering and a host of other identifiers can be triggered with analytics, identifying a multitude of data points that can be tailored to provide advanced information,” he says.
No matter what equipment SMBs choose, Kelley recommends appointing a person to handle security, so lines don’t get blurred. “One of the best things that I’ve learned is that when you have people tasked with monitoring cameras and access in addition to their other duties, security falls to the wayside. It’s not their primary concern.”
For small businesses without employees to spare for security duty, a surveillance system compatible with a smartphone app can be an economical solution that allows business owners to monitor their premises from anywhere.
Smartphone apps are advantageous for Sheldon Blake, Assistant Manager of The Plaza Beach Resorts in Central Florida. “Our camera system lets us monitor from our phones in real time, even if I’m in my car. So, if there’s a safety issue or if I see suspicious people walking toward our property from off the beach, someone can go down and check it out before something ruins our guests’ experience. It helps us ensure it’s a secure environment for our guests at all times.”
Another important security consideration for SMBs, of course, is access. Effective access control technologies and strategies can help fortify a location’s perimeter no matter how many employees you have.
Kelley says that while everyone at McNICHOLS is issued a digital keycard, “not everybody will have access to say, the accounting closet where sensitive information is stored or the data closet where the IT equipment is. There are certain floors or certain areas that are restricted by groups that we manage through the software that handles the keycards.”
Kelley stresses the importance of access integrity and employee training, which is always a challenge. “Holding a door open for somebody is common courtesy, but there are reasons not to do that. Your logs aren’t correct when somebody swipes someone else through the door. You don’t really know when somebody has or hasn’t entered a particular area of the building. Employees have to change their behavior.”
Lester says a dedicated space for key storage, along with a designated employee to manage those keys, can keep keys from being copied or ending up in unauthorized hands. “We are the key warehouse,” she explains. “We manage all the keys for the entire institution. When people need assistance, they come to one of my staff or me.”
Controlling the Environment
Controlling ingress and egress is another useful layer to a security strategy and, if the budget allows, turnstiles and other barriers can offer extra protection. “These things funnel people a certain way,” Smith says. “Customers purchasing high-end products can be directed to a kind of store-within-the-store.”
Georgas says some merchants are managing their environments by restricting access even further. “A lot of people are closing their doors and making appointments only. Or they’re pooling their money to hire private security across four or five storefronts.”
Internal communication is a growing concern, too. Kelley recommends companies arm frontline workers with hidden duress alarms for situations that turn volatile and says that having a plan in place is crucial.
“First and foremost, it’s educating employees on how to be smart. Don’t put yourself or your staff in a position to get hurt. Work in teams. If your policies and procedures require that you engage to prevent a potential theft on your property, know ahead of time how you are supposed to approach that person. Does someone call 911 first to start that ball rolling? And don’t put yourself between yourself and the exit. If a perpetrator is going to flee, don’t be that barrier to them getting through the door,” Kelley says.
Smith says that over the past two years, a few of their stores were ransacked or overrun by looters. “They went after our cash registers. So, we kept our emptied registers open so looters could see there was no money inside and hopefully wouldn’t destroy them,” he shares.
Blake says his hotel communicates with guests by text through its front desk computer. “It’s a touchpoint for guests to feel comfortable. For example, we can check on them at 7 p.m. and ask, ‘Is there anything we can do to make your stay more enjoyable?’ And they may answer, ‘Well, we noticed a car sitting out here in the parking lot, and somebody’s been in it for a while. Can you look into it?’”
To minimize theft, Georgas further recommends retailers move merchandise away from windows to avoid being a soft target, while Smith recommends that retailers rethink how they display their merchandise altogether. “If an item is on an end cap, it may be easier to steal than on an aisle, or vice versa. Use cameras to identify patterns to see how thieves are stealing and do what’s necessary to keep it from happening again,” Smith says.