Corporate security
Most of the companies in Bulgaria, where there is decision to take care for the corporate security, that means an electronic security system and a live guard, or contract with a company guarding with technical measures. Organizing these two functions, most of the managers are not aware that these are company security elements, which usually are the last line of defense, designed to work where others have failed. The companies usually solve security problems “on piece”, as regards to the different elements, as the separate objects and activities. It is mass to underestimate the other company or business threats. Hence come most of the problems related to the security.
The corporate security is a complex of interrelated measures and activities. Everything has to be premeditated and developed as an integrated system – called “Corporate security concept”. The corporate security can be determined as a combination of specific actions (efforts) and a structure for physical and information defence of people, funds, material and intellectual property, to ensure the sustainable functioning and creating conditions for continuous and successful business.
To develop a corporate security system has to be answered to the questions about its necessity and sufficiency. Naturally such a system depends on many factors. Firstly it is the business type, but there is direct exert influence by the scale, the different kinds of services and products, offices and production buildings in different areas, cities and countries. These kinds of factors influence on the possible threats and their relevance.
The threats for the activity and the business of a company can be divided to external and internal.
External are the threats from the actions of contractors, competitors, and environment, criminal contingent, government policies, authorities, bureaucracy, corruption, third parties, and force majeure, etc.
For example, the contractors could be divided to: capable of causing significant damages – 41%, well-intentioned – 30%, capable of causing serious damages – 22% -7% and crooks. The percentages are approximate, but generally the ratio is correct.
To the internal threats we can add the activities of shareholders, employees, management shortcomings, business technology disadvantages etc. Regarding to the security, the division of the personnel can be presented as follows: able to inflict minor damages – 50%; loyal employees – 33%, capable of inflicting serious damages – 12%; crooks – 5%. Of course in a two-three man company things aren’t so. In this case a single man from the company is capable to cause 100% damage.
Other threats to the security of an enterprise are political changes, changing demographic or social factors. Even not considering the global economic crisis, the change of international relations, the existence of wars and conflicts in some areas more or less affect the business, depending on the type and its orientation.
The social threats are mainly related to strikes and epidemics. Political and international threats are related to inflation, changing priorities, prohibition of an activity, introduction of licensing regimes, change of the political system, nationalization, etc.
When the threats begin realizing as a result of targeted actions against the company, they show via different kinds of attacks. The aim of the attacks and their consequences in most cases are:
• Financial – thefts, embezzlement, waste
• Information – distribution of confidential company information, compromising or malicious information, data theft, destroying or damaging information, documents and databases.
• Material – sabotage, damages, property destruction, thefts.
• Damages to the economic activity – breach of the normal company activities, delay or failure of processes and negotiations, contracts execution, etc.
• Threats to managers and staff health and lives.
The types of threats are exceptionally varied. For example the information theft from computer systems is often associated with hackers outside while ignoring the internal factors, such as an improperly constructed information security system, intentional or unintentional actions of employees. The analysis shows that the hack attacks as a reason for information theft and destruction are less than 20%. Many managers think that computers’ eavesdropping is a fantastic idea, but this way of information theft is the reason for over 10% of the cases. The social engineering is underestimated. The illegal tapping danger is totally ignored, which is often used by professionals and amateurs, adventurers and loafers, because of the widespread and low cost tapping means.
There are people involved in every attack – internal or external people. There is no big successful attack without information or contribution of an insider. The assistance from an insider is voluntary or involuntary, intentional or unintentional, but anyway demonstrates one of the most important and the most vulnerable sections of a security system – the people. Particular attention should be paid to people – as a potential threat and as the most vulnerable point.
Every threat has its history and reason. Typically, each attack is implemented in several stages: formation of an intent, information gathering, data analysis, preparation of a plan, providing the necessary resources to take action. Sometimes it happens intuitive, in seconds, and sometimes it is a result of a well-considered plan and takes months or years, but in both cases there are characteristic signs for each of the stages which can be detected and analyzed in order to implement preventive or protective measures. Such pre-histories, causes and signs, however can be perceived from professionals and in a well-established system of corporate security.
Company security purpose is detecting threats, objects security examination, creating an asset protection system, prevention and suppression of crimes and incidents, detect attacks, security.
The company security system has to be constructed so to ensure the prevention. This is done by providing early information about the external environment, i.e., by intelligence, timely providing inside information – counterintelligence activities, analyzing the received information and based on that – determining the levels and the main directions of threat – risk analysis.
Thanks to these activities the company security system can allow risk management. The risk management is a major activity of the corporate security system. It allows the prevention implementation, so to act “with mind, not with muscles.” So the company goes before the events, not after them. The crime or accident prevention is much more useful and profitable for the businesses rather than their disclosure. The preventive activity creates value, rather than spend funds for unplanned, less efficient and delayed actions.
To achieve its goals, the company security system has to be able to counteract the full spectrum of threats.
The building of an alarm system and placing a guard will not solve the problem with the corporate secret disclosure, the funds diversion from managers or shareholders, injury from corrupt officials’ activities or the takeover by other organizations threat. On the other hand, a well-built alarm system and a good security can prevent attack by the criminal contingent or renounce disloyal personnel hostilities.
The elements of a corporate security system are more than fifteen. Every element has to be dosed, applied on its place, interconnected with the others and adequately responds to the threats. Exceeding the security measures type and level don’t increase greatly the security level, but certainly hinders the daily activities and consumes financial and human resources. A poor organized security system, based on unprofessional actions and underestimate the threats level is extremely dangerous. Such a system gives false sense of security and comfort.
An example is the theft of nonferrous metals, gold and silver from a customs warehouse in Sofia Airport. Actually there is not an agility of the thieves and insider information and unique incompetence of the security guards and measures which don’t meet the threat level. Such situation is identified in some public and private financial institutions. Unfortunately the philosophy “It can’t happen to me …” is fairly common, but ineffective…!
There are two main problems of the corporate security in Bulgaria. The first of them is the lack of professionals in the field. That a man was a police or army employee does not make him an expert. The logistic of the most secret services, the most prestigious intelligence officer, police officer or motor rifle brigade commander hardly have an idea about half of the elements of the corporate security. On the other side are the academics in the country. There are a few books from Bulgarian authors on the subject, some of them well copied, others well-written. These are people with high theoretical preparation and often near to zero practical or at least not in the last 10-15 years. Some of these theorists have no clear idea of the current business processes. The truth is always in the middle. The science is leading, but the practical experience is on the basis of everyday activities and successful implementations. To avoid learning on the principle “trial-error” a stable theoretic base is needed, which will ensure the application of modern practical methods. That’s why professionals are needed and ongoing training. The business is a dynamic developing environment. The cases are frequent and varied and require adequate response of their provision.
The second problem is managers’ attitude. They see how they are paying for security, but don’t see returns. Don’t know the environment, the threats and threats’ level, underestimate the problem. For various reasons they limit the security unit field of business, often making it into a unit type “handyman” and guard the parking area. And there should be training. Managers are intelligent people, accustomed to making decisions and with a good basis and adequate information they will quickly orient themselves in the security issues. Their main task, however, is to lead and “make” business, that’s why it is necessary to be able to rely on an expert professional.
According to A. Onassis “The secret of business is to know what others do not know” and a well-established corporate security system allows the manager to learn a lot about himself and others.
Nikolay Tsaprev
Profisec Cryptor
Information protection
Security
Certificates
Partners
Send inquiry
Simulator Profisec Shoot
Price list
"Security has to be paid, for the lack of it – to settle."