-
Security Procedures Can Improve Your Bottom Line: Training
In my previous post I outlined six aspects of security procedures that can improve your company’s bottom line. In this first installment of the series, I discuss training and training strategy. I frequently provide both of these services to my clients. Because there are many options when it comes to security training, it is important to focus on the aspects that are the most useful to your operating environment.
I believe that security training is often ignored by management because it does not drive profits and it is not required by government regulations (unless you are talking about one of several regulated industries, such the chemical and nuclear industries).
So, why is security training so important? The primary purpose of training your people is to reduce your risk from a security related threat, and that in turn helps prevent company losses in the form of injury or death of your workers, loss of your information or damage to your facilities. If your people don’t understand the purpose of the security equipment that you have in place, they undermine the value of that equipment. For example, your badge readers and locks are useless if your workers prop the back door open during their smoke breaks or if they let someone without a badge tailgate to enter the building.
Security training is important for the same reasons that you train your people to use your computer systems, interact with customers and many other behaviors that you have determined make your business run better. Security training can:
- Make your people safer
- Make your response to emergency situations more effective
- Help your people understand who to contact if a crime occurs
- Lower the risk of theft of equipment or information
I could list more positive results from security training, but we’d be here for a while. My point is that your people are in situations every day in which they could utilize the lessons they learn in security training. Security procedures are most effective when they are known and practiced by everyone in an organization.
Depending on your relevant threats, existing security procedures and the types of incidents your company has experienced, you should determine your strategy for training your people. Some options include:
- General security awareness
- Protection of information (both the cyber and physical aspects, see my earlier post)
- Workplace violence
- Emergency procedures
- Changes to security systems (e.g. access control system, panic buttons, etc.)
- Recognition of suspicious mail and packages
- Process for reporting crimes, security incidents or suspicious activity
As you can imagine, it is easy to get off track when trying to determine what your people need. At Gralion, we help companies with figuring out what training to give their people, and we lead training courses tailored to our client’s needs. There are many other security training providers as well. If you do hire a company to provide security training to your people, you need to ensure that the company has relevant expertise and that the course material truly applies to your situation.
Another good resource for security related training is ASIS International. I have taken many training courses through ASIS, including classroom and webinar training. ASIS provides a wide spectrum of useful training materials, mostly aimed at security professionals. (Disclaimer: I currently serve as the Vice Chair for the Greater Atlanta ASIS Chapter.)
In addition to security training that you can purchase, there are several organizations that offer online and classroom training free of charge. Some of these courses require the trainee to prove that they are in a security, safety or emergency response role for their job, but some are open to anyone.
Many companies are currently focused on how to protect their workers from workplace violence and active shooter incidents. The Department of Homeland Security (DHS) has developed a comprehensive library of materials to help companies, schools and other organizations prepare for an active shooter event, including a webinar, an online course and an instructional video.
Another source for training on crisis management is the Federal Emergency Management Agency (FEMA) Emergency Mangement Institute. FEMA offers online independent study courses in emergency management and incident response. For those of you in Georgia, where Gralion is based, the Georgia Emergency Management Agency (GEMA) offers classroom training courses as well to people in an emergency response related role. I have attended their class on Managing School Bomb Threats, and I would recommend that course to anyone working in a school setting.
One other comprehensive source is the TEEX Domestic Preparedness Campus, which is DHS/FEMA certified online training in cyber security, terrorism awareness, basic emergency response awareness and WMD/HAZMAT awareness.
These free training sources offer information that is general in nature, but you can utilize that information to discuss these issues with your employees.
It is important to remember that just because management understands security, your people might not have the same understanding or perspective. You have to create a security culture in order to increase the likelihood that everyone in the organization understands the importance that management places on having a safe and secure workplace. If your management provides your people with good quality security training and communicates clear expectations that security procedures are mandatory, your return on investment from your security training program will be significant.
