Whether you're a security veteran or a rookie learning the ropes, creating the perfect security solution can feel like a moving target. Technology, KPIs, and a property's needs are all subject to change at a moment's notice.
How do you create a solution when the problem is constantly shifting?
Good question. Let's unpack the key areas you should address when you're creating a security strategy.
Don't make assumptions, make hypotheses.
As with any plan, it's important to stay flexible. Don't make assumptions, make hypotheses. This will keep your strategy agile and receptive to changing conditions and demands.
1. Historical data
Before you dive into a solution, it's important to know what the problem is. Ask yourself (and your team): what issues have we experienced in the past? Have we used solutions that worked? If so, what were they?
Answers will vary depending on your industry, property-type, and a variety of other factors. Here are some popular responses we hear from clients:
- Parking lot theft: "Our team doesn't feel safe walking through the parking garage late at night, and there have been a few break-ins during work hours."
- High cost and low ROI on security: "For years, we've overpaid for 24/7 security patrol. I want to cut our costs without sacrificing safety and security."
- Protecting the business and employee privacy: "I want to protect our employees' privacy while also monitoring our workspace, but there doesn't seem to be a happy medium."
- Complaint investigation: "Some desk items and products have gone missing. How can I investigate issues like this without making my team uncomfortable?"
2. Defining "success"
At this point, you've already isolated the issue(s). Now, let's answer this question: in a perfect world, what does success look like?
This is arguably one of the most important steps in the strategic process. Only you can define your own success. Start by imagining how the perfect security system would impact your business and daily routine. This can be an ambiguous answer; in fact, it normally is to start.
Once you have your vision of the perfect security system, get more specific by pairing your vision with a S.M.A.R.T. goal. A SMART goal is: specific, measurable, achievable, relevant, and timely.
As a Marketing Director, I use SMART goals to create a mutual understanding of what success means in my role. You want to accomplish the same for your security strategy.
Here is an example of a SMART goal for a local client that owns a garden center and nursery in San Francisco: Reduce vandalism and theft-related losses by 50% over the course of three months by improving our smart surveillance system and completing security training for our entire team.
Think of this as your guiding North Star. Your definition of success will change as your business grows and matures, but this sets the stage for the rest of your strategy.
3. A culture of security
Why it matters
You've heard the typical HR algorithm before: Here at [company name], we strive to cultivate a culture of [buzzword #1 and buzzword #2] by [action item #1] and [action item #2].
This calculated sentence is widely used, but doesn't necessarily mean companies are putting their money where their mouth is. In a recent article on Forbes, Gene Frediksen, a Chief Information Security Strategist, stresses the importance of "embedding" a program into the institution's very purpose.
The program is more effective when security values are embedded in the institution’s culture. Consider the following organizational goal: “We will provide world-class service for our customers.” A better goal that integrates security might be: “We will provide secure, world-class service for our customers.”
If security is not engrained into the business's DNA, then once push comes to shove, security measures and its budget will fall to the wayside. Executing a security strategy halfway is about as productive as taking advice from an armchair quarterback.
Security is a binary decision: you're either in or you're out.
How to achieve it
Changing company culture must start from the top, especially changes that require an investment of resources, time, and funds. Once a commitment from the leadership team has been made, security becomes everyone's responsibility.
Adding a security component in performance reviews, training team members, and partnering with management can create the right incentives to initiate change. These changes may be slow to start, but consistency and a long-term mindset will override initial hesitations from your team.
Implementing true cultural change takes pragmatic leadership in order for it to permeate day-to-day operations.
4. Your existing security system
Most companies already have some form of security system, whether it be IoT devices, building alarms or CCTV cameras. These pre-existing investments play an important role in determining the security hardware and software you choose in the future.
For example, ABC Storage Center wants to automate their security system to bring it into the 21st century. They already have 65 Bosch cameras installed on the property and they store the past 30 days of video footage on an in-house server. It's important to know the brands and capabilities of these tools.
In this case, if ABC Storage wanted to upgrade to a cloud video management service, they would want to ensure their pre-existing hardware works well with the cloud service they purchase.
Using compatible devices allows for the Internet of Things to work its magic. Hundreds, even thousands, of devices can be managed from one central system, and data can be collected on each device. This data welds a power of its own, as it equips business owners and decision makers with the intel to assess performance and areas of opportunity.
