One of the first questions I always get asked is: How much will it cost?
Now we all know it’s not all about cost, there are other things to consider such as the benefits it will bring to the business:
- The improving bottom line due to the reduction in financial loss from criminal activity.
- The extra productivity from the staff who feel safe and happy.
- The extra peace of mind from knowing all the hard work is protected effectively.
But still, the cost can the deciding factor on whether a project is given the green light or not.
So, I’ve put together a list of eight things that you should consider BEFORE investing in security. A few won’t cost you a penny, and a few will. But after consideration, if you cannot reduce the risk to an acceptable level, then you should consider spending that hard-earned money.
Before we start, you need to identify your assets. What are you protecting? What stuff do you use in your business to produce your products and services?
In my Guide to Protecting Property, I recommend writing down your assets and grading them on their importance to help prioritise your tasks.
When you have a better understanding of what you are trying to protect, it’s time to look at alternative ways that you can protect them that hopefully won’t cost you a penny:
1. Remove the Asset. The most sure-fire way of protecting an asset is to remove it. Do you really need it to produce your service or product? If the answer is no, then simply remove the asset out of the equation.
2. Move the Asset. Can you move the asset to a location where it doesn’t attract as much risk? Moving the asset to a more secure location is a simple yet effective way of reducing the risk to an asset. Or you could move it to a location where its existence is not known (see Hide the Asset below).
3. Substitute the Asset. Some assets are a valuable target because of their intrinsic value. Substituting the asset for something that is less valuable can reduce the risk. This is often seen in art galleries.
4. Hide the Asset. The first security breach is when an asset is known to exist. So, hiding an asset so that is not known to exist is very effective. The policy of least privilege is a valuable tool in maintaining the secret.
5. Stop the Activity. How is the asset used? Is the activity that attracts the risk necessary? Can you still produce your product or services without it? If you can, consider stopping the activity altogether.
6. Change the Activity. Very similar to the above, but can you change the activity around the asset to reduce the risk? An example would be using a laptop while in a coffee shop. Instead of using public WIFI, ensure your staff uses a VPN instead.
7. Transfer the Risk. The most common form of risk transference is Insurance. If an incident occurs the insurance pays out. But there are other options available such as using contractors, for example, who take on the risk on your behalf.
8. Accept the Risk. No security measures are 100% secure, so it may be a case of accepting the risk. This is a balance between the cost of an incident happening against the cost of preventing it. What we would refer to as ALARP (As Low As Reasonably Practical).
Focusing on the cost is never a good starting point for any business investment and security is no different. Good security should allow your business to operate and exploit opportunities in a safe and protected way. You should view security as a business enabler and invest in it accordingly.
If you would like to know more about how we can help with your security challenges, please get in touch.