Gallagher Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :


GUEST BLOG: Security insights from the outer edge

960 640 Stuart O'Brien

Gallagher Security Perimeter Product Manager, Dave Solly, talks about security at the perimeter and not just at the door…

If there’s one area of security that’s often overlooked in commercial channels, it’s perimeter. This all too common gap in thinking is preventing businesses from really solving their security issues, often issues they don’t realise, or don’t want to admit they have.

As a product manager for perimeter systems, of course I’d say that. But hear me out.

In my experience, few businesses who have a security problem think they need a perimeter solution. Instead, they turn to traditional access and intruder solutions and their well-known benefits of business efficiency, compliance and risk management. These are all great reasons to spend money on a reader at the door, but they don’t address the business continuity problem at the gate, nor do they provide any protection to outdoor assets or the building itself. That’s where the perimeter comes in.

What’s the difference between securing a door and securing a gate? In my opinion, other than the physical structure, not a lot, though many organisations would rather secure a building because that’s where they see the value. But if an intruder is already in your yard, breaking through a door, then damage has already occurred and the intruder has potentially reached your assets anyway. Securing your perimeter allows you to solve this. Wouldn’t you rather stop an intruder before they even have a chance to get in?

Too often, perimeter security is a box-ticking exercise: employ a guard and put in CCTV cameras. This type of approach is cheap, easy to deploy and very common. It’s also retrospective, prone to human error, reliant on other technologies to be truly useful, and often results in continued security problems.

As the first cordon of security, your perimeter system gives you the chance to completely stop theft and damage from intruders. Not reduce: completely stop. I’ve seen many examples where this has happened – such as when a freight depot was experiencing ongoing fuel theft, they invested in a secure, well designed perimeter solution. Overnight, intruders and theft disappeared and they haven’t had a problem since. Right now, you should be asking not just “What investment have we put in to our perimeter?” But also “How much do we value our business?”

Theft, damage, trespassers and accidental access to potentially dangerous environments are all risk factors that put business continuity firmly at the heart of perimeter security. The low upfront cost of the most common perimeter solutions needs to be considered in the context of ongoing guard patrol expenses, lost work time to fix damage, replacing stolen assets and the often unseen cost to staff morale of repeated break-ins. What’s the true cost of your not-so-secure perimeter?

In places like water treatment plants, rail yards, council yards, manufacturing plants and power stations there’s also a duty of care required to the community – preventing people from accessing dangerous environments and doing silly things. As a kid growing up in the country, I remember running on the conveyer belts in the nearby dolomite (fertiliser) plant. Interestingly, the control room and processing rooms were secure, but not the conveyor that feeds the rocks into the crusher. Perimeter security would’ve prevented me from doing what in hindsight was clearly very foolish (but fun at the time). This is a good example of the growing need for proper protection at the perimeter – for both your organisation and the public.

There needs to be a widespread change in mind-set when it comes to perimeter security for commercial businesses. Done well, a perimeter solution is an important investment in business continuity and duty of care, with a huge impact on safety and cost reduction in the long term. It’s a change in thinking many businesses can’t afford to ignore.

GUEST BLOG: 5 tips for a winning risk management strategy

960 640 Stuart O'Brien

By Gallagher

Risk comes in many forms, with varying degrees of cost to your business and recovery times.

Here are a few items worth considering when it comes to producing a risk management strategy:

1. Take care of your people

Staff really are the most important asset within an organisation. From a risk management perspective, it’s important to ask: Are we doing everything we can to create an environment in which our people are comfortable, informed, and safe?

2. Be vigilant in the cyber world

Cyber-attacks are happening everywhere with increasing sophistication. Regardless of the activity the impact could destroy your business, so ensure you take the appropriate measures to limit the possibility of this happening.

3. Understand liability from both the personal and corporate perspective

The world is becoming a more litigious place where someone needs to be accountable for the outcome of any incident – especially when it comes to the safety of people. Does your organisation have appropriate measures in place to understand what this might mean for you? Look at your policies and processes to ensure that you have an effective program in place in the event that something happens.

4. Focus on the important things

It’s easy to say “measure, analyse, assess, and mitigate” for every possible risk, and you won’t have any problems because everything will be covered. However, in reality, it is a lot more difficult to implement and manage. Focus on the most important things first and keep risk in the equation of every decision you make.

5. Plan for it

“Prior Planning and Preparation Prevents Poor Performance” This is as relevant for risk management as it is for almost everything that we do. Plan and prepare to ensure that you won’t be surprised by anything, and you’ll be well placed to safeguard the success of your business.

INDUSTRY SPOTLIGHT: Gallagher access control systems

1024 683 Stuart O'Brien

Does your access control system allow you to implement, enforce and report on business policies and processes at every point using physical security infrastructure and command centre?

If not, it should. Access management can be based on individual competencies allowing your business to effectively manage compliance with business policy and government regulations.

Features and benefits

  • Check personnel at the door to make sure they are capable, qualified and compliant.
  • Monitor inductions, licenses, training and qualifications to only allow people access to areas they are qualified to be in.
  • Use random cardholder selection to check competencies and licensing.
  • Import competencies, images, roles and access rights from existing human resources, contractor management, or enterprise identity management systems.
  • Real-time audit trail provides prompt and reliable decision-making information.

Competency-based access management

  • Access management can be based on individual competencies.
  • Safety – is the employee inducted, trained, licensed and fit for work?
  • Equipment – does the employee have the right safety equipment?
  • Security – does the employee have the right clearance?
  • Regulatory compliance – are there other requirements the employee has to meet?
  • Validity periods and competence expiry can also be monitored. Access decisions are delivered to the individual instantly by the door reader or display monitor, or via SMS.
  • A variety of messages can be displayed which prompt the employee to proactively address any forthcoming issues that arise. If access is denied, then the individual is immediately informed of the appropriate corrective action.

The benefits of competency-based access management are:

  • Automatic enforcement of business OH&S rules and policies.
  • Reducing production disruption caused by presence of non-compliant staff.
  • Tangible evidence of duty of care to staff and customers.
  • Automatic compliance with government regulations.
  • Reduction in financial penalties for non-compliance.
  • Reduction in legal risks arising from employee accident claim.
  • Reduced likelihood of an employee failing to maintain access requirements.