I live in a deed restricted neighborhood in Texas. For those of you who aren’t familiar with this, it means we have a lot of rules so that our neighborhood doesn’t get “too country”. This can be a blessing and a curse. The property values stay up, but some of the rules are ridiculous to me…and I roll my eyes almost daily at this neighborhood homeowner’s association. If it weren’t for my 11 year old daughter and the fabulous schools she loves so much, I would be living in a one bedroom low maintenance condo in Miami right now.
Instead, I get notices in the mail that I am out of compliance for weeds running into my driveway. Or my trash cans weren’t taken back up from the curb timely. Anyway…there is a point to all this and I am getting there. This weekend, I took my daughter and some of her friends to Incredible Pizza. Which was not very incredible, in my limited experience with pizza places that also have arcades, go karts and laser tag. Think: sticky floors with food crumbs, dirty seats, a buffet with cardboard style pizza and a fancy soda dispensing machine that mixes whatever drink you pick with a small drizzle of whatever the person before you was drinking. I ended up with Orange Sunkist mixed with Sprite (in a cup I was pretty sure was just dipped in old dirty soap water and not really washed).
Before the Incredible Pizza adventure, I picked up my daughter’s friends; who also live in our deed restricted neighborhood. One of the mothers was outside with a water hose in hand when I pulled up. Their home was beautiful. Pristine lawn, trimmed bushes, fresh mulch…the whole nine. I bet they don’t get HOA warnings in the mail for anything.
“I’m sorry for the mess”, she said, “its Porch Day. So we are cleaning the porch.” I looked at the porch and sure enough, the concrete was wet and clean (hence the water hose) and her young son was washing windows with a sponge.
Porch Day? I’ve been a home owner for over 10 years and I don’t think I’ve ever even swept my porch. Other than opening the front door a few times a year to sign for a UPS package…I don’t even glance at my porch. Like most people I know, I enter my home through the garage. I don’t think I own a key to my front door.
So, I got to thinking about my porch. I wondered what it looked like. I was certain people did not pull up into my driveway and oooohhh & awwwww over my pristine porch. But how dirty was it? Was the furniture decent? Was it even still there? Were there leaves all collected in a corner? Cobwebs? Hmmmm, what DID my porch look like? I should have a porch day.
So of course, being the security professional I am, and obviously a person who cares much more about my work than my curb appeal; I started to correlate this porch neglect to work.
Did I have any proverbial porches at work? Are there any areas I don’t look at enough? What in the security industry are things we possibly overlook or never think about?
Below is a list of items I came up with after pondering (and of course googling) often overlooked items in security. By the way, all this research and brainstorming was done sitting at Incredible Pizza for four hours, drinking my dirty drink (not the good kind), huddled in a little corner table hoping and praying no little kids fell on me, tripped into me or spilled anything on me. Or talked to me. Or breathed on me.
Often Overlooked Security Items:
Emergency Contingency Plans
A lot of security departments are really thrown off course when natural disasters such as tornadoes, hurricanes or floods happen. Even if you are in an area where such occurrences are not likely…if they are even a remote possibility, you should have a plan. This is applicable to IT and Operational/Physical Security.
I live in Houston, and my headquarters are in Houston. We usually plan for hurricanes because of the many days notice, but have been caught off guard by power outage from a thunderstorm.
Checking alarms or security procedures for 24/7 facilities
This is another one I have learned firsthand and have had a couple of mishaps.
Once, a facility decided to close for Christmas for the first time in 10 years. Guess what? No alarm. The contract had expired 5 years prior.
Another example, a high value cage was cleaned out & over $2M in product stolen. Why? Alarm wasn’t set. People were in the warehouse working. But the people were on the other side. Security had never visited and conducted a good audit. “We have staff here 24/7” was accepted as a good reason not to set any alarms or check security.
Reviewing customer contracts
This one is a big item for a lot of people. According to AIG, many corporate insurance claims based on “neglect” are made against companies who had no idea they were neglecting or violating a contract. Review all contracts and become familiar with your customer security requirements. If you are executive level, ensure your sales team sends contracts to you to review before they sign the dotted line.
IT Security- Forgetting about Certificate Expirations
Microsoft seven time MVP and former DOD IT Administrator, Brien Posey wrote about going on vacation to South America, turning his phone off, and then turning it back on when he returned to the states to find nothing working.
The culprit? The digital certificate for the exchange server had expired.
If you’re responsible for IT security or anything related, it’s a good idea to keep a log or an automatic reminder for these types of expirations. You don’t want to have to be the guy who explains the two week operational halt that happened while you were on vacation….
Most large corporations have corporate security policies. But more often than you might think, operations personnel are unaware, untrained or (sometimes) just don’t care.
About a year ago I was at a facility and we had a meeting with senior management, middle management & some dock workers. The subject of cutting bolts on deliveries came up. I asked, “Who cuts the bolts now?”
One of the senior managers said “We do”.
Then a dock worker said, “Well, we don’t. Our drivers do.”
Then a supervisor said, “We are supposed to be doing that.”
Then another dock worker said, “Well, then you should give us some bolt cutters.”
It was against the corporate policy to allow drivers to cut seals, and against almost every customer contract. And the managers all knew it. The dock workers seemed unaware of the policy and I believe they were.
The point here is…make sure what is SUPPOSED to be happening is ACTUALLY happening. Even if everyone knows the policy; if security isn’t enforcing it, it may not be adhered to.
Inspect Physical Security Equipment
This one is my “work porch”.
Before last year, I had no physical security inspection log in place at individual facilities where we service gates.
I went to one facility, and a camera was being held up with duct tape. Another one, a gate kiosk held to a post with rope.
I had mixed emotions at both facilities. On one hand, I was thoroughly impressed with the local team’s ingenuity and efforts to keep things working. On the other hand, I was very disappointed in myself for not being aware of these sooner due to the lack of communication between the field offices & corporate security.
I implemented the inspection log, but it was one of those things that really should have already been in place. It had just never occurred to me.
So, walk around your work “house” and look at your porch, the driveway (for rogue weeds), the yard and anythng else you don’t normally pay close attention to. Try to look at your company facilities with a fresh set of eyes and make sure you are not missing anything. Get with colleagues or a security organization online & chat to see what kind of facility inspections others in your industry are conducting to see if there is anything you can learn.
I would love to hear feedback from you guys.
And just to be fair to Incredible Pizza, I should tell you guys that my daughter wants her 12th birthday party there. To heck with those sticky floors and mixed soda flavors!!! Apparently to a certain age group…it IS pretty incredible.