When we all headed home to work back in 2020, security teams reeled at the shift in protection for the modern workplace. And as businesses continue to require more time spent in the office – or manage hybrid-remote teams (74% of U.S. companies are using or plan to use a permanent hybrid model) – security leaders continue to assume a duty of care to increase workplace safety.
To do this, leaders assess risk to make decisions about physical safety in the workplace. Workplace safety continues to make headlines as everyday, as these acts affect more than a million Americans each year.
In many instances, physical security teams are tasked with the oversight and risk management for multiple locations, which can each be vastly different. As an example, the risk profile for a location in downtown Seattle is going to be very different from the outskirts of Fargo, N.D., and security planning must reflect this fact.
There’s a big difference between knowing the risks that are present for an organization using real-time data, and assuming the risks based on what similar kinds of organizations face. Assuming these risks can be costly, as security programs are designed around protecting from these risks and potentially, from risks that are unrealistic.
We often think about data from the lens of our personal data, but for physical security, data is gleaned from intrusion and fire alarms, video surveillance cameras, access control systems, perimeter security devices, intelligence platforms, corporate traveler data, social media, and many other sources to help teams gather information about any given situation.
Too often, we’re leaving data on the table because we don’t know how to use it properly. We aren’t sure where it lives, where to view it, or how to access it in real-time. And in essence, you can’t realize its full potential until you do.
Global threats are evolving, meaning that risk levels at various locations fluctuate and make it harder to standardize an approach to workplace safety. Modern security leaders are now leveraging data to conduct quantitative, data-driven risk assessments, reducing the need for global travel among their teams and resulting in real-time risk data that has a meaningful impact on security operations, business investment, and resource allocation.
This is done by collecting data from multiple sources, such as security-related devices, monitoring social media, deep web traffic, and the dark web; all of which can be used to predict threats before they happen. The duty of care that a company has applies to what a company knows or should know when it comes to danger, making it even more critical to ensure that all of the information is properly gathered and analyzed to assess risk.
However, if a company or government entity has ample information on an impending threat, but refuses to act on it, the risk for that business skyrockets. This is largely because people have become much more demanding on organizations to act preventatively. After watching television shows like CSI and the like, people expect companies to use state-of-the-art technology at all costs.
"When running a company, nothing is more important than your employees. Prioritizing their safety and security is imperative. You spare no expense to do so." - Adam Bain, former Twitter COO
Security leaders need to be able to dynamically shift the measures they use on a case-by-case basis. For example, when an employee is working from home, or traveling, but near a dangerous event like a shooting or a weather event, there’s a potential risk for that employee to get injured, or for continuity of the business to be disrupted.
It becomes crucial then to differentiate between what is noise, and what is intelligent information which can be researched and found viable. Technology and software that can take device data and analyze and report on the incoming data to inform decision-making allows security teams to better assess the risks to the organization and protect the workplace.
Security leaders, therefore, must be able to tell the right story about using data and how certain security measures could prevent disaster so that they can be prepared when a security threat arrives at their doorstep. That’s the only way to elevate the conversation around workplace safety.