Security Shredding and Storage - a shredding industry publication

Export Regulations
Security in Layers: Deter, Delay, and Detect


In the last issue, I wrote about security risk assessment principles and the foundations of the asset threat and probability criticality matrix. As a next step in the security process, this article defines five specific layers of security that can apply to your facility. By learning “security in layers”, you will be able to apply security management principles to specific risks at your facility.

Together, these two articles help you to 1) recognize vulnerabilities and 2) create solutions that can improve your overall facility security plan and to manage risk through the deterrence, detection, and delaying of crime and other loss related events.

Security is like an onion…

Imagine your facility like an onion, with various layers. What assets are located near the skin or outer perimeter? What assets are located toward the center? Which are in between? Though most of our properties aren’t concentric like onions, you can determine where your key assets are located (e.g., employees, digital systems, pre-destruction documents, vehicles). In most cases, our key assets are located within the deepest layer of our physical facility. Let’s look at five specific layers where security is critical:

1. Outer Perimeter

The first layer of security for a facility is the perimeter—that clear boundary marking a transition from public to private property. You may have a gate or a fence that clearly marks your facility’s outer perimeter. In some cases, the fence may not serve as a deterrent because it could be easily climbed, cut, driven through, and even stolen (yes, scrap thieves steel fencing). Most perimeter fencing offers little concealment for security; however, the same benefit is then extended to the guards and employees who can see beyond the perimeter to an approaching attacker. This line of sight may prevent a surprise attack when the first layer of security is breached.

Establishing a strong perimeter is more than fencing and walls, however. A change in landscaping or a difference in lighting can help mark the perimeter. Signage, such as “Visitors report to office to sign in” or the concise “Private Property: No Trespassing”, is important. Combining simple but multiple factors around your perimeter not only shows serious intention toward security, but establishes a psychological barrier that may prompt the opportunist or spontaneous offender to move on toward less attentive grounds. Unfortunately, I can’t stress enough that there exists no perimeter security plan that is 100% effective against all threats in all conditions, especially if the attacker is highly motivated. For example, if an estranged spouse wants to commit violence against an employee, then all the landscaping and lighting, signage and fencing at the perimeter will be little more than a first line to be crossed toward his goal.

2. Open Space

Perhaps at first glance the facilities of your customers—hospitals, office complexes, schools—may seem like some of the easiest perimeters to breach. But take a closer look at the landscape design, traffic flow patterns, and open space that exist between the perimeter and the exterior of the buildings. This open space is the second layer of security, and the most important function of this space is to maximize surveillance. This open space should be designed to facilitate the ability to see clearly from the buildings to the perimeter. This vision can be digital, with the use of video security cameras, PTZ (Pan, Tilt, Zoom) cameras, Infra-red (IR) devices, as well as physical, through the security officer with old-fashioned binoculars or an employee being able to see something suspicious on the property and determine if it is a threat.

The best design for open space between building and perimeter reflects order, control, visibility, and cleanliness. Signage should be concise and clear. If your facility has truck traffic, then safety should be a priority, which necessitates control and visibility. If your truck volume includes outside vendors or drivers unfamiliar with your facility, such signage may help direct those vehicles toward staging areas or to shipping or receiving docks without causing temporary hazards or opportunities to conceal trespassers or other threats. Signage should also direct visitors to specific parking areas with additional signage directing them to a central receiving station, guard post, or receptionist. Landscaping in this open space should be designed to minimize hiding spots, such as low ground shrubbery, as well as shade tree canopies that are manicured to a height that does not impede full visual recognition of a human body at the furthest point. Standards of landscaping and architecture and design of the open space can be found in various articles about CPTED, Crime Prevention through Environmental Design.

The design of adequate, continuous, and even lighting is most important in the open spaces. This open space may be a parking lot, a field on the back corner of your property where old equipment is stored, a long ascending lawn toward your corporate headquarters, a concrete apron from a city street to your warehouse door, or simply a sidewalk. Regardless of the size, the security goal for the open space should be to maximize surveillance, and adequate lighting makes this possible. There is a psychological advantage to using lighting, particularly against the opportunist who wants to conduct crime in the anonymity of darkness. Additionally, when parking lot lighting is bright, consistent, and in good repair, employees feel safer, and they, along with trained security, can observe and report threats.

3. Transition Space

The third layer of security is the building transition points, which we know more commonly as doors, windows, and portals. If a threat crosses into the perimeter and across the open space, the next destination is the edge of the building. How difficult would it be for an attacker to enter your building? Is the door already unlocked? Is there a mailbox, a fake rock, or a welcome mat where the spare key is hidden? Is the door pass code scratched into the wall adjacent to the card reader? Did the office manager leave the windows open at night when everyone is gone? Is a custodian propping the door open? Are there heavy objects—rocks, flower pots, small trash receptacles—near the building that could be used to break a window? These are just a few of the questions that seem obvious, but when I look at security at this layer, I’m looking specifically at how hard it is for me to get inside. I suggest that if you want more information on hardening the exterior of individual buildings during both operational hours and after hours, then you should review some free publications on commercial security, which might be available from your local police. You can also seek one of several resources on industrial physical security surveys. These resources can help you to develop a customized checklist based on the risks you have identified at your facility. Events such as natural and manmade hazards, safety issues, and crime in your area are examples of a few influences that may change according to location.

4. Internal Security

The fourth layer of security is the interior of your buildings. It’s not uncommon for a shredding service or recycling center, for example, to have more than one building on the property. Each building should be considered individually, and you should not lose sight of your primary asset, human life.

In the industrial setting, often a busy operating environment, I find that security awareness and situational awareness are countermeasures that are as important as cameras and alarm sensors. Ask yourself, how would my employees respond to a stranger walking through my warehouse or onto my loading dock? Would employees notice an unescorted individual…an intruder? Is there an established protocol for challenging unauthorized persons? Has this ever occurred in your facility before and what mistakes were made?

To maximize control over this interior layer, you may need to think beyond access systems, visitor logs, and guest badges—security measures taken in most facilities. These steps will not deter the motivated intruder. Locking interior doors that require a badge swipe along with a manually entered code are practical beginnings to delay intrusion. A modern digital video security camera system that can be monitored by a manager, receptionist, or security officer can be useful to detect intrusion. Installing layers within this layer, such as door alarms, motion sensors, motion-activated video recording, and locks on interior area doors are potentially effective. During normal operating hours, the training and awareness of your staff to recognize a threat and to respond appropriately could make the difference in preventing a data breach, exposure of private personal information, or even loss of life. Security training to all employees will communicate the importance of security awareness and increase their confidence to recognize and respond to threats effectively.

5. Specific Asset Protection

The last layer of security is the asset specific layer or the core. Though security awareness training is critical for employees, I believe that many people do not need a scripted plan to react in an emergency. If there is a fire, people will run to the fire or they will run from the fire. In an active shooter scenario, people will run if they can, or they will hide safely or fight furiously. The evacuation plans and emergency plans for your facility should include certain responses for medical emergency, fire or accident, evacuations or shelter in place scenarios, and crime (including workplace violence.) Plans should be simple to follow, concise, and easily accessible for review and use. Plans should be presented in face-to-face settings by credible and, ideally, credentialed security trainers. This provides a venue for employees to ask questions and learn the importance of their responses in an emergency.

Your other specific assets should all have a practical level of security which may include multiple measures. If you keep petty cash, the cash should have auditing controls and should be kept in a concealed and locked safe. Computer systems should be backed up daily and encrypted or strongly password protected. The hardware devices should be marked and serial numbers logged to help with recovery investigation if they are stolen. Portable devices which might be used by shredding truck drivers should have similar security.

Lastly, does your facility have bins, containers, and boxes of sensitive private documents that are staged to be destroyed? Are these materials kept in a secure cage or staging area? Is there an access control system or lock on this area? Do you have other security devices or controls to monitor this area? Consider what might happen if an intruder were able to breach this innermost layer and find himself standing in a warehouse with boxes of confidential customer documents. From within, this area should be controlled in a way that maximizes efficient access for your destruction personnel, while also affording a high level of guardianship against intrusion and breach, day and night.

The Five Layers in Synergy

As a final point of consideration, security in layers should be designed to deter, delay, and detect a wide array of risks. Even if your facility is located in a great neighborhood within a safe community, you may find yourself involved in a data breach investigation or audit that could suddenly challenge your integrity. Even if you are not at fault, an auditor could deem your security practices to be sloppy, inconsistent, or complacent. This may cast doubt on your security practices and may draw your facility into suspicion or, worse yet, wrongfully implicate you in the liability of a data security breach.

As you learned by conducting the security risk analysis, introduced in the previous article, you need to think broadly about the potential risks to your facility. When you do this, you can more effectively activate your “security in layers”, using each layer to enhance the strength of the next until all five layers are working synergistically to protect your key assets—your employees, your material assets, and your company’s reputation.

Brian D. Baker, MA, CPP, is a security management consultant based in State College, PA. He has over 20 years professional security experience and also has operational experience in the document destruction industry. Serving corporate clients across the US, Mr. Baker specializes in security risk assessment, workplace violence mitigation, executive protection, and corporate investigation. Mr. Baker is also an adjunct criminology instructor for Penn State and a member of ASIS, International.

Social Media

Security Shredding on Linked In Security Shredding on Facebook Security Shredding on Twitter

Sponsors

Shredding machinery to cost-effectively meet your waste reduction and recycling needs.

Subscribe Today

Every other month, Security Shredding & Storage News brings you important stories about:

  • New Technology
  • Products
  • Laws
  • Processes

Security Shredding & Storage News features articles and services relevant to your daily operations.

Subscribe Today

Click here for printable mail in form, and Subscribe to Security Shredding & Storage News Today!

USIlluminations on Linked In

Member Login