Kevin Ian Schmidt

7 Sins of Physical Security

physical securityYou’ve got a few security guards and your CCTV system is up to snuff. You’ve got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.

Here’s a rundown of some common missteps organizations make when devising a building security plan.


7 Sins of Physical Security

1.) Creating post orders without advanced analysis

Most companies don’t have an inside person with facilities security expertise.  Often the facilities
manager will put together a guard services contract and contract services with a company and they really have very limited ideas about how to manage it.

The problem is that an outside contract company will often come into the assignment with their own post orders and place security personnel without first conducting a real analysis of the security needs of the
building. And because there isn’t an experienced person within the company that understands security, there is no system of checks to ensure the contract security personnel are doing what they should be doing. (Read a first-hand account of how easy it is for criminals to get in the door of a secure building
in Anatomy of a Hack) Before any contract security services firm creates post orders for a building, they should first conduct a thorough assessment of the unique needs for security in the facility.

Buildings differ primarily because of who the tenants are. Security needs to evaluate who is in there and what kind of risks they bring with them. Some have a high-traffic volume of visitors. They could be controversial; some might face the possibility of problems with former or disgruntled employees.
All of those things dictate what security should be doing at their posts.

2) Placing aesthetics over security

This mistake can be made as early as when the building is designed by an architect. While ground-level lighting and hidden cameras may be more pleasing to the eye, neither are good for security. We’ve even worked in a building where the architect had designed all the cameras to be out of sight.

But someone seeing the camera is 50 percent of the value because it’s a deterrent. When people know they are on camera, they are much less likely to do something wrong.

Another common design we see that makes us cringe is shrubbery that runs along walkways and sidewalks.  Suddenly someone who wants to rob someone has a nice hiding place.

Check Out: Common Security Vulnerabilities

3) Neglecting to properly secure certain entrances

We believe in the rule that the fewer entrances into a building, the better.  Every door is
another opportunity for someone to get in. While it is important to have several doors for emergency
exits, they all too often get neglected. We suggest alarms at all doors that have been designated as emergency. Employees should also be asked to demand ID or badges from individuals entering a secure building, and noted the best defense against intruders is a good security awareness program among workers that gets them to notice what is going on around them.

4) Allowing management to ignore security rules

Sure, a good awareness program might ask employees to “check” on one another to ensure they are wearing badges or ID. But what if management is neglecting to follow the rules? It is a physical security mistake we see all the time.

You have to make a choice. If you are going to have badge-wearing program, you have to wear the badge. If you’re not going to wear one, do away with the program because if you don’t wear it, you undermine the program.

5) Failing to take time to understand your technology

Physical security technology, such as CCTV, has come a long way in the last decade. The problem is many people don’t know how to use it. Often, a good CCTV recording system will be for naught because if there is an incident, the staff doesn’t know how to find the recording they need.

Companies will have a contractor come in an install the cameras, and then there is no follow up to learn how to really use it.

Another common scenario is a building with 40 or more cameras around the facility which use a multiplexer to toggle between cameras and record images. But the switching is done at random and is therefore of little use.

If you don’t set that up properly you might have situation where a person is breaking in a door but you don’t capture the event because the recorder was not on the door at that time.

Instead, monitoring systems be configured to have event-driven recording, which means a camera is activated where ever an alarm goes off.

Check Out: How do your alarms communicate

6) Failing to secure important rooms inside the building

You may have people working the server room all the time (in organizations), but now they can control what is going on in there remotely. So if someone is going in and out of there, you really want to know who it is and why they are there.

Consider access control systems around data centers that include badges and/or access cards as well as cameras. Also, if you have concerns about proprietary information – secure your mail rooms as well.

Check Out: Transparent Security – not seeing it is the point

7) Overdoing security

Lastly, it’s important to remember that these tips are not a one size fits all prescription for your building’s security. The level of facility security will need to fit the level of risk an organization faces.

We’re opposed to going into a facility and having them do as much security as they can do. If you overdo it to where it doesn’t make sense, within six months people will have figured out ways to get around security, not to be dishonest, but to avoid the hassle and it will be a waste of money. It has to match the risk and culture of the business.


If you need your physical security processes reviewed, please feel free to contact me.

Leave a Comment