Two forms of security risk in 2021

Issue 7 2021 Security Services & Risk Management

As independent security risk assessors/advisors, Alwinco has a rather solid digital footprint in the security field throughout South Africa and the rest of the world.

Andre Mundell.

Keeping that in mind, when people have been negatively impacted by crime in whichever way, whether directly or indirectly, they start to research the concept of security risk which often leads them to Alwinco.

There are two forms of security risk and can be explained as follows.

The first risk

The first type of assessment usually comes from estates, corporations and shopping centres. This is when residents, employees and staff start researching and trying to get information about the rules, concepts and what needs to be done for a security risk assessment to be conducted.

They also ask questions, especially if someone has been affected by crime. They want to know who made the decisions; they want to know who gave authorisation for the directors to make security decisions and based on what research these decisions were made.

Alwinco is often directly approached and asked if it have conducted a security risk assessment for a specific establishment.

Remember, the management portfolio of any of these entities are essentially making security decisions on behalf of their residents, employees and staff and they often want to know what experience and knowledge these people have.

The company has also had requests, where three or four families pull together after someone in their family has been affected by crime at the workplace or in their estate, to conduct a full security risk assessment on the company or estate to establish if the directors made the right security decisions.

The main problem is that most residents, employees and staff do not understand the decisions that were made and to add fuel to the fire, there is usually poor communication when it comes to security.

People tend to think that security only entails the selling and installing of security hardware. They forget that security is more about knowledge and information.

Alwinco is often asked, if a director of an estate, business or the owner of a mall, can be held responsible for the decisions that they make regarding security. While the company does not have all the information and the details pertaining to certain incidents, it does know that people are upset and they want answers.

Communication is critical

I believe that the main reason for the anger and frustration can be blamed on the lack of communication about security aspects throughout the entire structure. A lack of communication is the sole reason for the lack of understanding. Not understanding a concept or aspect, especially when it comes to security, causes frustration and anger. It is a rather vicious circle.

Trust is another aspect that is under attack if communication is unclear or non-existent. If employees, residents or staff members do not trust the people who make security decisions on their behalf, you can be sure that it is a recipe for disaster.

Alwinco also deals with children and family of elderly parents living in estates who are concerned for their safety because of the severe lack of security in and around the estate. You need to remember that people are far more informed than they used to be. Information is available everywhere, articles in magazines, on the Internet and so on.

Knowledge is indeed power. Knowing what a security structure should look like and what it should do gives people the power to question the decision-makers. The sad thing is that when people come Alwinco for advice, the first thing the company often says is that they should speak to the board of directors or the body corporate, but the answer is almost always the same: “they are unapproachable”.

When people start asking uncomfortable questions about security, the decision-makers often give them a million answers and sometimes even excuses. Nobody knows what the true answers are. Sometimes they refer the people to the security companies to ask them all the questions.

This is not the best option as people who are already upset and confused want answers, they do not want to be sent around from one person to another.

People want to know who made the decisions, what authority do they have to make these decisions? Was any research conducted to base these decisions on? Were the decisions only based on the price, or was there expert advice given? How did they get to the decisions? Who decided that one security person was better than the next?

Value of a human life

We like to think that one cannot put a price on the value of a human life. I beg to differ. I can show you hundreds of documents where CEOs, boards of directors and body corporates did put a price on a life. Some lives are apparently not even worth R5.

When you look at it from this perspective, you realise why people are up in arms about the security component in their living or working environment and on the flip side of this coin, it makes sense why there is so much crime. We are allowing it.

This is harsh, I know, but the truth is that crime is harsh too. Crime does not care, crime has no conscience and crime has no respect. We cannot go ahead and sugar-coat the truth when we know the devastation crime causes. It ruins lives.

The saddest part is that most crimes can be averted if the security risks are identified and eliminated.

As a security risk assessor by profession and through passion, I do not have all the answers, but I can say that there will be a lot fewer crime-related issues if humanity start holding the decision-makers accountable for the security decisions they make on behalf of other people. Especially if these decisions are not based on facts and proper research.

The second risk

The second problem that is surfacing is when people contact Alwinco via email to request a proposal for a security risk assessment, mostly for estates. In this request for a proposal, they will also ask me for a list of properties that I have assessed.

I understand that companies need to do due diligence and it might sound like it is surely great for promoting the company’s business, but the truth is that this is a huge risk. Giving the company’s client’s details to anyone who asks for it creates a tremendous security risk.

Since I received so many requests for quotations and my client lists, I thought that I would give it a try. I sent an email to several companies telling them that I need security advice and if they could provide me a proposal and a list of their clients as references, past and present.

Surely enough, in the blink of an eye, I received proposals with their client lists attached. They sent it to me without asking one single question to establish my authenticity. How do they know I am who I say I am and how do they know I will use the information for reference purposes only? This is a rather serious matter.

Now, when someone approaches Alwinco and asks for a proposal, the company needs to make sure that the people who are requesting this have the necessary authority to do so. This saves it a lot of time and effort as it has done multiple proposals that take a lot of time, just to never hear from the people who requested it ever again.

The company also sends an entire list of questions before starting with the proposal. This gives it a lot of necessary information about the person/company/estate requesting the proposal. The information gathered from these questions also assists its grid system to calculate the price for the assessment.

To summarise, on one side it have employees, residents, staff who are angry, upset, confused and frustrated with the decisions that were made on their behalf and on the other side, it has potential criminals looking for information from unsuspecting and sometimes uninformed security companies or security consultancies to find their next targets.

If you think about it, I have several people’s information and I know that a certain company conducted a security installation for them. I can easily call them, tell them that I am doing a follow-up on the security work that was conducted and just like that, I have access to the property. If it is this easy for me, a law-abiding citizen, how easy will it be for a criminal?

This is the danger of sharing customer details. We have spoken about this before in several articles, including ‘Loose lips sink ships’ and whilst this information is out there, people are still not paying attention to it.

Be careful of the decisions you make, especially when it entails other people’s lives. Make sure that the decisions you make are based on validated, well-researched information and that you have the necessary backing when people ask questions.

To the suppliers, security, assessors and contractors out there, I urge you to be careful to whom you give your client information. Do not just share it with anyone who asks. Both of these risks discussed in this article have detrimental consequences if caution is not taken.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

End the scourge of solar panel theft
Guardian Eye IT infrastructure Security Services & Risk Management
Modern solar installations are designed so they can be put together very quickly, but this means they can also be dismantled very quickly, and so there has been a massive spike in the theft of solar panels from roofs.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.