Security procedures are often seen as things that get in the way of doing business. Whether it is a locked door, or a rule that prevents an employee from installing a new software application on his desktop computer, many people see security procedures as things that slow them down and prevent them from getting things done.

 

When you are the security director for your business, or a manager of a department that has security as one of its many responsibilities, you are often in the position of having to say “NO” to employee requests. When you see things that you think have potential to cause harm to the organization and the people that you are charged to protect, your first reaction is to prohibit these things. While this response is natural, it is typical of the “old school” way of thinking in the security profession, where the need to provide good security takes priority over all else.

 

While this way of thinking was prevalent in the 20th Century, it has given people who manage security the image of being the “company cop” – stogy, unbending, and an obstacle to productivity. Consequently, these people are never really seen as a part of the management team, and are rarely invited to strategy planning sessions and are often the last ones to learn about new developments in the company.

 

The 20th Century security manager is going the way of the dinosaur. To survive in the 21st Century business environment, security professionals must be “business enablers” that help the business move forward and contribute value to the bottom line. Managers responsible for security need to think more like business people and less like cops. As a part of this shift in thinking, managers need to find ways to stop automatically saying “NO” when other business units suggest doing things that may conflict with standard security practices

 

While there are some things that are and must remain absolute “NOs”, there are many requests that can be safely accommodated without jeopardizing security if they are approached in a positive and creative way. Instead of saying “NO”, try to find a way to say “HOW”. In other words, instead of telling someone that they can’t do what they want to do, tell them how they can do what they want to do while at the same time minimizing security risks.

 

For people who have been in the security business a long time, this shift in thinking can be a real struggle. You must set aside your normal prejudices and start thinking outside of the box. Here are a few things that you should consider when making the transition to the Don’t Say "No" – Say "How” way of thinking:

​

• Try to really understand the mission of your organization and what it’s trying to accomplish. Do everything in your power to support and not interfere with this mission.

​

• Consider the time it takes for your employees to comply with each security system or procedure, and consider the indirect costs of this lost productivity. For example, if a security procedure delays each employee by five minutes each day, and you have 200 employees who are paid an average of $30 per hour, this procedure is costing your company $500 per day, or around $123,000 per year.

 

• Consider how employee morale will be impacted by each security procedure. People who feel that they are not believed or trusted by the company have a hard time making a positive contribution to the company’s goals.

 

• Consider the image that your security procedures convey to your customers, visitors, and the general public.

 

• Don’t inconvenience everyone to prevent improper behavior by a small minority of employees.

 

• Don’t put big procedures or systems in place to solve small problems.

 

• Don’t put permanent procedures or systems in place to solve short-term problems.

 

• Don’t react to each new theft or security violation by creating a new security procedure. Consider the big picture and only institute new systems or procedures when absolutely necessary. When in doubt, error on the side of not instituting a new procedure.

 

• Consider accepting certain losses if the security procedures necessary to stop these losses cost more than the value of the losses themselves. Be sure to factor in the cost of employee inconvenience when making this analysis.

 

If you need help in finding ways to make your security program more responsive to the needs of your organization, please contact us.