Personnel Security

While physical security often focuses on things (Fences, CCTV, Locks etc) personnel are also a key aspect of the overall physical security system. Physical security should be a part of a firm’s overall security program - from guards to receptionists who act as gatekeepers for visitors and packages, people are a critical part of the physical security system. This section looks at the multifaceted role that personnel, including security guards, receptionists, and the principle of two-person integrity, play in enhancing the robustness of physical security.

Security Guards

Security guards are one of the oldest and most dynamic aspects of any physical security program. While modern technology is quickly becoming more capable than ever, there are some situations in which the flexibility of a human agent is still infinitely preferable. Security guards have several key roles as part of the security system:

• A security guard’s presence alone serves as a deterrent to potential wrongdoers. Their visibility sends a clear message that security is taken seriously. Moreover, guards are poised to respond swiftly to unfolding incidents, reducing response times and minimizing potential damage.

• Guards stationed at entrances and exits fulfil the role of access controllers, managing the flow of individuals and maintaining detailed access logs. These logs become invaluable resources for tracing movement within the facility, a vital element in incident investigations.

• To harness the full potential of security personnel, it’s imperative to provide them with a holistic understanding of security. While their physical presence is essential, their education and training in network security should not be neglected. Guards should recognize not only physical security threats but also suspicious network activity (for example, a whole room of computers rebooting all at once at 2 AM), turning them into the company’s eyes and ears against cyber threats, especially when a facility is otherwise unstaffed.

• Guards can also maintain access logs of who has entered and departed the building. In many organizations, everyone who passes through security as a visitor must sign a log, which can be useful in tracing who was at what location and why.

Robot Sentries

With the steady progression of technology, the role of personnel in physical security is undergoing an evolution, ushering in innovations like robot sentries. These automated guards present a blend of technological sophistication and practical application. Like any form of automation, there is debate about whether a robot sentry can truly perform the same role as a human Guard, however, it’s likely that robots will eventually take over at least some of the more monotonous patrol and observation-type duties, allowing human guards to focus on situation response.

Whatever your view on the use of robots, they do have some significant advantages. One of the most obvious is economic efficiency - while human guards might accrue substantial costs over time, robot sentries offer a cost-effective solution for continuous surveillance. They eliminate the constraints associated with shift-based human presence and provide non-stop vigilance at a lower price point.

It’s also the case that no matter how diligent or responsible a guard is, humans are fallible – we get tired, bored and hungry. Robot sentries, on the other hand, are designed to patrol and monitor designated areas consistently, eliminating the possibility of human fatigue or distraction.

Does this mean the security guard will eventually be replaced? Probably not - although robot sentries can autonomously identify unauthorized individuals or possible security incidents through sensors, their effectiveness is amplified when combined with human collaboration. A more likely future scenario will be that sentry robots transmit incident reports to manned stations, where human operators can make informed decisions and alert the necessary authorities.

Reception staff

While many people wouldn’t think of them in this role, staff in reception areas do serve as the first line of defence against many kinds of physical attacks, acting as buffer zones that manage the ingress and egress of individuals. While a receptionist’s role is usually more detective or administrative (whereas a guard is a preventative control) - the receptionist’s role does include some vital security functions.

Firstly, beyond simply welcoming visitors, receptionists are usually responsible for logging visitor details and distributing access badges. This documentation helps create an audit trail of who enters the facility, aiding in tracking and investigations. In the same vein, receptionists manage not only visitors but also deliveries, ensuring that incoming packages are scrutinized (and at least logged) before reaching their intended destinations. Additionally, they provide necessary escorts to visitors, maintaining controlled movement within the facility.

In some more high-security environments that require elevated security over customer satisfaction, receptionists might control access not just through records and badges, but also by physically managing the door through which everyone must pass. In some situations, a, remote door control can be used to ensure that no unauthorized access takes place.

Employees

The simple fact is that all employees of an organisation, whatever their role present both an opportunity for physical security and a potential threat. On the positive side, diligent employees can hopefully spot and report any suspicious activities – with proper training and motivation, the general workforce can serve as a powerful augmentation to dedicated security staff.

On the flip side, employees have the access (and sometimes the motivation) to do a company or organisation harm. While it’s not always possible to prevent this, one proactive tool businesses often employ to minimise the risk are background checks. Background checks are a process for vetting individuals before granting them access to sensitive environments or information. These checks involve thorough investigations into an individual’s criminal history, employment records, educational qualifications, and other relevant factors. The objective is to identify any potential red flags or inconsistencies that might pose a risk to the organization’s security or reputation. By conducting comprehensive background checks, organizations can make informed decisions about personnel recruitment and promotion with a view to ensuring that individuals with questionable backgrounds are not given access to sensitive areas or information.

The Value of Access Logs

Access logs maintained by security personnel such as guards or receptionists are a crucial asset for physical security control. Whoever is responsible for compiling them, these logs serve as a comprehensive record of individuals entering and leaving the premises, offering vital insights into the movement patterns within a facility. In the event of an incident, access logs can be instrumental in piecing together a timeline of events, aiding investigations and helping security teams trace the origins of potential security breaches. Additionally, access logs provide an audit trail for compliance purposes, ensuring adherence to security protocols and regulations. They empower organizations with a tangible means to track activities, identify anomalies, and proactively address security concerns.

Don’t forget that security isn’t just about protecting things and data – human safety is always a key objective, and visitor logs can be incredibly useful as a tool to ensure everyone is safe in the event of a fire or emergency requiring evacuation.

Two-Person Integrity / Two-Person Control

The principle of two-person integrity is also relevant to physical security – we often see this security control discussed when covering critical actions within an information system (such as creating and restoring backups or deleting data) but it’s just as important in the physical world.

Two-person integrity (also called two-person control) is simply the principle that more than one person must collaborate to perform an action. While this does not totally prevent a malicious action from taking place, it does force two individuals to plan and collude to take an action – the act of doing so tends to create more opportunities for the activity to be detected. The classic example of two-person integrity is actually a physical security one – think of a bank vault in which two keyholders must insert their keys and turn them at the same time to unlock the door. The key slots are placed too far apart for a single person to operate both keys at once, thereby forcing two-person action.

• Enhanced Accountability: When tasks carry heightened risks or ramifications, having two individuals involved introduces a layer of accountability. Mistakes, errors, or intentional deviations are less likely to go unnoticed.

• Process Protection: Applying two-person integrity to critical tasks ensures that no single person has undue control. For instance, when an action requires two people to coordinate, such as access control and data logging, it minimizes the chances of unauthorized or malicious activities.

• Risk Mitigation: This approach significantly mitigates the risk of a single point of failure. The requirement for two individuals to collaborate in completing a task provides a safety net against potential errors or intentional deviations.

Final Words

All personnel involved in an organisation have some responsibility (and pose some risk!) to physical security. Security guards, robot sentries, receptionists, and approaches such as the principle of two-person integrity collectively contribute to creating an environment that is secure, efficient, and as responsive as possible to emerging threats.