Personnel Access Poses a Continued Risk

Posted on: August 10th, 2014

The Security Consultant’s Perspective…

Implementing Personnel Security Initiatives should be the objective of every change agent, security director, human resource director, facility manager and safety manager. Key to the assurance of who gained access to your facilities is the knowledge of having a centralized identification system that allows for verification and retrieval of historical data through collaboration by the team mentioned above. I believe a solid ID Badge System is your first line of defense against fraud, theft, espionage, violence, sabotage and other identity-related threats. Such systems are specifically designed to reduce one’s security vulnerabilities and increase your control over visitors, vendors, contractors, delivery personnel and employees and are not difficult or expensive to implement.

Violators Seeking Access Are Creative…

Individuals wanting access will stop at nothing and stoop to anything including compromise of your identification systems. If your lack luster identification system provides an opportunity for the average thief, imagine what a professional can do with a sophisticated approach. In an April 22 bulletin, the Department of Homeland Security warned hospitals that a string of people posing as inspectors for the Joint Commission on Accreditation of Healthcare Organizations had visited hospitals across the country at odd hours, demanding information about the inner workings of their facilities. Such intrusions are not limited to hospitals only. Any organization, business, or system is the target of calculating individuals focused on probing existing security measures and evaluating protective measures. Their goal is to plan for the future.

“Hospitals are particularly attractive because a terrorist could use radiological material to create dirty bombs, or steal, an ambulance to create a well-disguised explosive”, said, Dr. Irwin Redlener, Director, National Center for Disaster Preparedness at the Mailman School of Public Health at Columbia University. Frank Taormina a Hospital Security Director and current president of the Metropolitan Healthcare Security Directors Association and chair of the New York City Chapter of the International Association of Healthcare, Security and Safety Professionals said, “He takes warnings like these very seriously…it is something I am concerned about. It makes you wonder what the underlying reasons are for all this…we have been assuming the worst in New York since September 11. We’ve been checking IDs all along.” Mr. Taormina and other professionals are quite concerned because one breach is all that is needed to afford the perpetrator his base of operations.

How Effective Is Your Security Identification System…?

Given the fact that we cannot guarantee access denial to a well prepared professional, security professionals can implement preventive and proactive counter-measures to distract, deter and defend one’s facility against compromise through faulty access controls. If you are relying on a simple sign-in system, you are setting yourself up for a problem. Whatever system is used must allow for as much verification as possible, a photograph of the individual and some type of system that allows the capturing of data in order to track movement and verify departure. In sensitive environments, identification issued must endeavor to limit access to the specified floor or department. While sophistication is my objective in protecting against intrusion, most security experts would be happy with a verification system the employs a photo identification. Them more sophisticated systems go beyond traditional identification systems and might suit your particular operation.

Intruders Are In Your Facilities Daily…

Your Risk Assessment should endeavor to ask, “What measures can I take to reduce or eliminate the threat and/or conditions posing the potential threat”? This is a vitally important beginning point because every facility and type of business is potentially compromised every day. What do you do when the regular truck driver of a service provider, messenger or delivery person suddenly appears at your door or loading platform? What system do you have in place to verify the identity of this person? Do you check at all? Do you believe the employee is authentic or do you verify? What if you are the victim of a robbery that goes bad and several employees are seriously wounded and killed because due diligence was shortchanged? A simple preventive and proactive procedure is having the employer notify you when they change employees. After all, you are paying for a service and therefore have the right to instill a heightened sense of security to your operations. Lawsuits emanating from due diligence issues are real. While this scenario seems far-fetched, it is not.

Your Identification System…

Your Identification System should at a minimum contain the following elements:

  • Trained personnel
  • Limited & restricted access
  • Suitable form of identification with a photograph
  • Tracking and monitoring capability

Notice how I did not mention sophistication while I know the technology exists. And depending on the type of establishment, the imagination runs the gamut. The objective is to prevent a compromise by being proactive.

What are your thoughts?