Seven Deadly Sins of Building Security

From bad building designs to management that ignores badge rules, Tim Giles runs through the top building security mistakes.

You've got a few security guards and your CCTV system is up to snuff. You've got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.

Tim Giles, a security consultant and author of 'How to Develop and Implement a Security Master Plan,' was once in charge of all IBM Security operations for the US and Canada and today advises clients about how to design a security plan that fits the risk-level and needs of their building. He provides a rundown of some common missteps organizations make when devising a plan to secure their facilities.

1. Creating post orders without advanced analysis

"Most companies don't have an inside person with facilities security expertise," said Giles. "Often the facilities manager will put together a guard services contract and contract services with a company and they really have very limited ideas about how to manage it."

Giles thinks the problem is that an outside contract company will often come into the assignment with their own post orders and place security personnel without first conducting a real analysis of the security needs of the building. And because there isn't an experienced person within the company that understands security, there is no system of checks to ensure the contract security personnel are doing what they should be doing, said Giles. (Read a first-hand account of how easy it is for criminals to get in the door of a secure building in Anatomy of a Hack) Before any contract security services firm creates post orders for a building, they should first conduct a thorough assessment of the unique needs for security in the facility.

"Buildings differ primarily because of who the tenants are," said Giles. "Security needs to evaluate who is in there and what kind of risks they bring with them. Some have a high-traffic volume of visitors. They could be controversial; some might face the possibility of problems with former or disgruntled employees. All of those things dictate what security should be doing at their posts." (See Giles's sample employee termination checklist in CSOonline's Security Tools and Templates section)

2. Placing aesthetics over security

Giles said this mistake can be made as early as when the building is designed by an architect. While ground-level lighting and hidden cameras may be more pleasing to the eye, neither are good for security. Giles said he once worked in a building where the architect had designed all the cameras to be out of sight.

"But someone seeing the camera is 50 percent of the value because it's a deterrent," noted Giles. "When people know they are on camera, they are much less likely to do something wrong."

Another common design Giles sees that makes him cringe is shrubbery that runs along walkways and sidewalks.

"Suddenly someone who wants to rob someone has a nice hiding place," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Amazon.comAmazon Web ServicesCTVIBM AustraliaIBM Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts