The right direction: Canadian Security’s editorial advisory board offers guidance for 2017 and beyond
Canadian Security is fortunate to have a committed Editorial Advisory Board. To kick off this year, we asked each board member (there are a few additions for 2017) a simple two-part question with a complex answer: What is the biggest challenge security professionals will face in 2017 and how should they prepare? The answers are varied and thought-provoking.
Jason Caissie, Vice-President of Operations, Profile Group of Companies
Our industry’s biggest problem continues to be public perception.
It impacts every single one of us, whether we are selling security guard services or promoting an internal business case to executive leadership. If the general public develops their opinion of “security” through television or film, or from their interactions with low-wage uniformed security in their condominium or business, that opinion carries over to the people who are buying our services and paying our salaries. Public perception will keep security guard wages low, will dissuade young people from pursuing a security career and will keep corporate security departments relegated to the dreaded category of “cost centre.”
We need to be seen as a business partner, and the best way to do that industry-wide is to showcase what we do and what makes us professional to the general public.
There are some extraordinary tasks that security professionals in Canada accomplish in a day: kidnap and ransom events, active shooters, organized crime theft/fraud, undercover investigations, special event protection, and even just extraordinary customer service interactions by security guards. But we are reluctant to share these stories because of confidentiality, privacy, or because some of us still believe “knowledge is power” and sharing it makes us weaker. As an industry, we need to promote our professionalism in an engaging way to as wide an audience as we can.
Ken Close, Manager Security & Parking Services, Trillium Health Partners
Workplace violence is an ongoing challenge and one that I often deal with as manager of security in a major hospital. I’ve attended various seminars over the past few years and usually multiple presentations or discussions are devoted to this topic.
This is a hot topic that is highlighted by the media and nursing unions that expect more will be done to protect staff. Most health-care organizations support safe work environments and due to the increase in attention to the topic, most are going above and beyond to improve safe work environments. The organization I work for has created a health workplace committee that has various initiatives to ensure a safe work environment. This committee will be reporting into the senior level of the organization to ensure they are aware of the initiatives available for employees.
For our organization, and I’m sure many others, this will be an ongoing initiative in 2017 and for years to come. The expectation is that there will be ongoing support to ensure that all workers have a safe and enjoyable work environment.
David Hyde, Owner and Principal Consultant, David Hyde and Associates
Protecting information will continue to be a top priority on the agenda of Canadian security professionals. Corporate and operational security management must avoid looking at information security (including IT/cyber) through a different lens than physical security. Fundamentally, the same concepts apply — security professionals across all domains need to characterize assets; identify threats; establish likelihood and impact of threat realization; assess vulnerability/existing security controls; and enact/adjust controls to bring security risk levels to as low as reasonably practicable.
Approached in the above manner, there is much to be gained from collaboration between physical and IT security pros.
Corporate/operational security leaders should understand the primary methods of information targeting — including theft, solicitation, hostile interception, malicious attack and inadvertent disclosure. They must also know the primary avenues of protection — including employee screening, awareness/education, security culture, information classification, technology-based controls, physical security controls, administrative controls, monitoring and response protocols, information security principles (e.g., need-to-know, need-to-go, principle of least privilege, clean desk, etc.) and so on.
Sherri Ireland, Director of Operations, Security Exclusive
The physical security industry is a mature industry and best practices are well documented. The challenge in 2017 is, how will cyber security risks impact the physical security business? Cyber attacks in 2016 utilized vulnerable CCTV cameras and DVR/NVRs to propagate DDoS (Distributed Denial of Service) attacks on many well-known organizations, including Twitter. Security professionals must understand the risks that are inherent to the equipment they have installed in their facilities and hold their vendors accountable to ensure strict username and passwords policies are in place for all IP-based equipment. If the IP devices do not have user name and password capability, they should not be installed on a network with external access.
As malware becomes more sophisticated, it requires a balancing act when managing people. Do you continue to allow security officers and alarm monitoring operators unrestricted access to the Internet? Do you diminish their ability to perform their jobs and restrict all access to eliminate risk? What type of education do you have in place for your staff regarding cyber risks?
Continuing education for security professionals is critical. They must understand cyber security risks, ransomware and plan how your organization will handle an attack to minimize financial risk and for business continuity. An enhanced partnership with the IT department is crucial to the security industry today.
Mark LaLonde, Chief Safety Officer, Simon Fraser University
While there are many different trends, outside influences and legislative changes that continue to shape the broad industry we work in, one that I am particularly focused on is the increasing public expectation of greater integration and co-operation between private and public sector actors involved in providing community safety and crime prevention services. This suggests a tiered delivery of services, or as some describe it, a continuum of services. Issues of privacy, governance, civilian oversight and agreement on shared goals are all part of the discussion.
This is an evolving conversation that is taking place not only in Canada, but in other countries where there are diverse private and public actors who are responsible for services ranging from parking control, bylaw enforcement, security in mass private and quasi-public spaces, investigations, emergency preparedness and response.
Within this discussion is the evolving notion of what is “policing” beyond the traditional notion of a job description and perceiving it instead as a service that includes maintaining order, preventing crime and enforcing rules. In this sense, there are a range of entities engaged in policing — private security, bylaw officers, special constables and municipal police officers.
The question we are left with is what model of public safety service delivery will work best in urban and rural contexts and is also fair, equitable and meets a consistent professional standard.
Bill McQuade, President, Final Image Inc.
We often hear industry peers say the security industry is changing. The reality is our industry changed several years ago.
To be successful today, security professionals should have a solid understanding of business fundamentals as it relates to their organization. They also need to have better than average skills in communicating the benefits of a well thought-out security strategy to senior management.
At Final Image we engage with many individuals at various stages of their career. It’s unfortunate some find themselves in over their head today due to the fact they are highly invested in the way things used to be and sometimes are adverse to change. My advice to anyone hoping to advance his or her career in the security profession is to embrace change and become fully committed.
Obtaining industry certifications is certainly a good way of demonstrating you have the drive and passion to enhance your career by staying current with industry best practices. Network with thought leaders, attend trade shows and aspire to become a subject matter expert in your field. Read as much as possible — specifically around cyber breaches and technology.
Carol Osler, SVP and Head, Financial Crimes & Fraud Management Group, TD Bank Group
Currently, the top security challenges faced by our industry vary widely — from the persistent threat of increased social activism and civil protests to cyber-attacks. Which means the security industry needs to be ready for almost anything.
To respond quickly and ensure a consistent state of readiness, security plans need to be constantly evaluated, tested and adjusted to deal with these security challenges. Industry and intelligence sharing between law enforcement agencies and corporations will also continue to play a critical role and inform effective preparation strategies.
Cyber-attacks have presented a unique security challenge. The speed and persistence of such attacks require faster identification and prevention strategies that go beyond our traditional defence and protection principles and practices. Passive monitoring tactics will need to be transformed into active monitoring strategies focused on a wider range of targets, both internal and external. The emergence of the Internet of Things (IoT) into corporate environments will challenge our current vulnerability assessment programs, and require coverage of a wider spectrum of interconnected technologies. Clarifying risks related to trusted insiders will also take on increased focus as corporations design more effective programs to monitor those with access to critical company data.
While traditional security principles and practices will continue to apply, the need for rapid analysis of security and intelligence information will be critical. As such, we should expect to see an increase in security fusion programs allowing multiple data sources to be consumed, analyzed and quickly acted on.
Theresa Rowsell, Asset Integrity & Inventory, Kit and Ace
As 2017 arrives, protecting our businesses from hackers and virtual crime rings continues to be top of mind for security professionals.
Rightfully so, as digital technology has become the heart of our businesses. That said, the bigger picture means addressing this but also going beyond the digital world. Having a business continuity plan in place to match the type and size of your business is a must.
We’ve seen a steady increase of global events that have the potential to derail your organization’s aspirations and even bankrupt smaller organizations or start-ups. Disruptive protests, workplace violence, cyber attacks targeting company data and violent incidents around our businesses and where our teams live, are events that can create business disruption.
The direct impact and potential ripple effect of a single event, or series of events, can result in injuries, profit loss and brand reputation damage.
Supporting the success of our companies means security professionals must take intentional and proactive steps. Along with protecting consumer and private company data, it is important to review, update, or create an adequate program for business interruptions that includes: Employee support; public relations representation; appropriate insurance coverage; emergency preparedness and training programs and business continuity planning. Preparation will not prevent uncontrollable events, but it will help to avoid crippling your business and will mitigate the impact on your team, customers, brand and operations.
Tim Saunders, Chief Business Development Officer, G4S Secure Solutions Canada
In 2017 the biggest challenge facing security professionals will be the increasing demands by their organization to show a return on investment.
The solution for security professionals is to demonstrate an enterprise-wide approach to managing security risk. They should be prepared to continually assess every element of a security program. From there they must understand how each element relates to one another and have the knowledge to find efficiency. For example, can the security guard stationed after-hours be augmented with off-site video monitoring as a “force multiplier” or can the client use off-site video monitoring to altogether replace that shift without compromising the security posture of the site? Furthermore, how does the security program relate to the broader organization?
In every large company, there are competing priorities for budget dollars so understanding how your department affects others is critical to your success. Successful security professionals will be those who are generalists, those with a good working knowledge of all facets of security, and those with the contacts in the industry to leverage specialists when required.
Sean Sportun, Manager, Security & Loss Prevention, Mac’s Convenience Stores, Central Canada
Outside of the evolving reality of terrorist threats, the biggest challenge for security professionals in 2017 is two-fold: the continued advancement of the digital world and its vulnerability to crime, and the reduction of loss prevention funding as a result.
These new age criminals possess the information, the means and the motivation to ensure high-profile security breaches continue to make headlines; while disrupting businesses of all sizes. As a result, businesses will need to deploy IT resources in an attempt to protect their valued consumers and maintain their brand reputation. The continued investment on the IT end could result in shrinking budgets on the loss prevention side — which is never good. Loss prevention has historically been viewed by operations as a “cost centre” not a revenue generator, making it the likely area for businesses to pull funding from — which could cause other areas of the business to be compromised. Therefore, it is essential for those in high-level loss prevention positions to continue demonstrating the value that loss prevention plays in the organization.