Creating a culture of curiosity vs. complacency

YARMOUTH, Maine—Albert Einstein once said, “The important thing is not to stop questioning. Curiosity has its own reason for existing.” This is especially true of physical security.

Most people like to do their research before buying a car. It usually starts with an evaluation of personal requirements including budget, safety, style, size, and more.

Then it comes time to conduct online research, visit dealerships, talk finance, read reviews, etc. With so many available options, the only way to know you are making the right choice is through research and proper planning. Making a choice regarding your organization’s physical security plan should be no different.

Unfortunately, that is not always the case. It is often only after experiencing a catastrophic security event that an organization starts to assess their physical security plan, and by then it is too late. These organizations react to a breach in security by making changes, rather than proactively driving change. It is these complacent organizations that stand to lose the most.

Ideally, security directors and organizations should enthusiastically and continuously address their physical security plans. They should be constantly researching what is new in the industry, what solution would best fit their facilities, and how to address emerging threats. These organizations are on a path of curiosity and are more likely to prevent security disruptions and rebound quickly when there is an incident.

Clearly, the curious have an advantage over the complacent when it comes to risk mitigation. Fortunately, it is never too late (or too early) to move from complacency to curiosity.

The Complacent

There are two different types of security complacent companies – those who do not know any better, and those who know better but are satisfied with their current security.

Organizations that do not know any better tend to make security choices out of convenience or necessity. For example, purchasing an access control system because it was on sale or the only option in stock. This choice, made due to tight budgets and timelines, may work great in the interim but perhaps suffers from security vulnerabilities shortly after install. If the complacent company had done some research, they may have found the only reason this brand of access control system was on sale and in stock was because it was reaching end of life. The organization thought they were doing right by their employees by simply deploying an access control system, when in reality they created another risk.

Other organizations may know better, but have adopted an “if it isn’t broken, don’t fix it” mentality. Perhaps they installed a top-of-the-line access control system on their swinging door entrances and therefore, consider their facility secured. They may not have considered what happens in the event the door is propped open or there is a tailgater. And why would they need to? Nothing bad has happened in the weeks or years since the system was installed.

But it only takes one security disruption to dispel these thoughts. Once a crisis hits, all types of complacent companies are just trying to stay above water. Loss of IP, physical assets, reputation, market share, and even life are real possibilities when a security breach happens. Add to that trying to amend a failed physical security strategy and organizations quickly find themselves in over their heads. Unfortunately, the solution is often a quick fix made using rushed decisions, only prolonging a complacent organization’s path to clarity.

The Curious

Moving to a culture of curiosity surrounding secured entry starts with proper planning. Much like buying a car, you wouldn’t jump in without a plan. Begin by analyzing what you already have compared with where you want to be. If your answer to the question, “How many unauthorized people are acceptable inside your building?” is zero, look at the gaps in your building’s current physical security infrastructure that provide opportunities for unauthorized entry. Physical security risk assessments conducted by outside firms are also helpful in uncovering overlooked points of risk. 

With your well-thought-out secured entry plan in hand, it is time to explore the market. The security industry is constantly flooded with a variety of solutions to meet a variety of needs. Keeping your thumb on the pulse of the industry makes the implementation process less burdensome since you are always up to date with emerging trends and products. It can seem overwhelming, but there are a number of online resources, industry trade shows, and security-centric podcasts available to support you on your quest for knowledge.

Security providers also have the potential to make or break your research and implementation process. A trusted partner will go beyond the sale to provide continuous training opportunities for their customers. Many also provide standard maintenance and service agreements that keep you focused on what is ahead. Security integrators and consultants similarly exist to provide professional advice, taking over much of the research responsibility and providing you with the highlights.

Once you accept that a security breach can happen to you at any time and you make the proactive decision to do something about it, you automatically approach any security decision with curiosity rather than complacency. This moment of clarity ultimately saves you and your organization time, money, and turmoil.

To the Naysayers…

There will always be reasons not to do something and adopting a curious approach to secured entry is no different. Perhaps there is no budget to implement strategic security solutions. Or there is not enough time in the day to plan and research. Or the C-suite is not on board with proposed policy changes.

But secured entry is never about convenience. Do not wait for a tragedy to befall your organization to devote the time, funds, and energy toward security planning. The time is now. Maintaining a complacent approach is a costly one and there will always be pushback, but you will never be sorry for being prepared.