How prepared is your organisation for a major security threat, such as an act of terrorism or extreme violence?
You may have emergency management and security procedures in place, but are these clearly communicated to staff?
Do your employees or volunteers know how to report incidents or suspicious behaviour in your workplace, and is this encouraged?
In other words, what kind of security culture do you have?
Security Culture is what we call an organisation’s set of values shared by everyone that determines how people are expected to think about and approach security. improving your security culture can help your staff be more security conscious and vigilant in their day-to-day business.
Importantly, building a good security culture is central to developing resilience to terrorism and other types of criminal activity.
Any location, accessible by large numbers of people, on a predictable basis can become what we call a "Crowded Place".
Crowded places remain the most likely location for an act of terrorism or extreme violence to occur.
This includes a range of publicly accessible locations, including fixed sites such as offices, and temporary sites such as events.
Critical infrastructure may also be targeted by someone looking to commit an act of terrorism.
Developing and sustaining a good security culture within your organisation, workplace or venue is essential to preparedness.
There are a range of benefits to having an overt and professional security culture.
It allows for better detection of threats, acts as a visible and effective deterrent to would be attackers, and helps protect against threats that could cause physical, reputational or financial damage to your organisation.
Before we get into what a good security culture looks like, let’s consider what a poor security culture looks like.
At an organisation wide level, some signs of poor security culture might be.
A lack of security policies and standard operating procedures, and a lack of direction on how to enforce these policies.
A siloed security culture that isn’t led from the top down or communicated across your organisation/
A lack of investment in training your employees and security staff or, having poor pre-employment screening, resulting in hiring of staff with unknown credentials and motivations.
These practices can lead to: Vulnerabilities not being identified. A greater risk of an incident occurring, meaning reputational, financial, or safety consequences and a loss of trust amongst both staff in the organisation, and the wider public.
Establishing a good security culture requires positive behaviours and policies across your whole organisation.
A whole-of-organisation approach will ensure you are best placed to address vulnerabilities in your workplace, create positive behaviour, prevent an incident occurring, or minimise harm if an incident does occur.
So, consider the following actions to assist you with establishing a good security culture:
To start with, develop a comprehensive security plan and exercise it regularly.
Every organisation regardless of its size should have a detailed security plan in place, one that embeds the process for reporting an incident, a security breach, or suspicious behaviour.
Next, it’s a good idea to appoint a dedicated security manager.
This enables staff to have a point of contact for security matters and will assist in ensuring information is communicated to staff.
It’s also important that good security practices are lead from the top.
Security should be a permanent feature of executive decision making and senior management should demonstrate personal commitment and compliance with security values and standards.
Staff training should be a priority.
Employees should be trained to practise positive security behaviours, to know security processes and how to identify suspicious behaviour.
It’s important that all employees have a baseline capability to address security concerns and understand threat levels.
Staff should also be encouraged and rewarded for identifying and reporting security vulnerabilities and incidents.
It is also very important to reinforce these messages.
Good security practices should be promoted to both staff and site visitors by making use of internal communication systems, posters, message boards and newsletters.
If there are other businesses in or around your site, they should also be included in your security planning.
Having protocols in place to facilitate information sharing is an important element of building and maintaining a good security culture.
Finally, consider the potential for insider threats.
Threats can come from within your organisation in the form of misuse of legitimate access to information.
Mitigation strategies include educating and bringing awareness to unwanted behaviour among staff and developing proactive response plans.
Remember, while these actions will assist you in building a good security culture, actively maintaining that culture within your organisation is equally important in preparing for and mitigating against major security threats.
This is an ongoing process that requires a commitment to embedding security into your organisational fabric.
It's important to continuously communicate with your staff and provide training around security concerns, and regularly update and exercise your security policies and procedures.
Having a workplace that is informed and knowledgeable about security increases
the likelihood for threats to be detected earlier and mitigated faster.
It also sends a message to would be attackers that your organisation is prepared for any security breaches.
By cultivating a strong security culture, you're protecting your organisation, your people, and your assets.
Visit www.vic.gov.au/crowded-places for resources to help you get started today.
Updated