There are numerous key components that make up a functional security program, but arguably the most important one is a necessary alteration of behavior; which is the willingness of all parties involved to embrace new ways of thinking and acting to ensure that general safety and security are upheld. As someone with experience as a change agent in developing new or updated security, asset protection, safety and emergency management plans as a consultant and internal Chief Security Officer (CSO); I am a proponent of the “90/10” rule. The 90/10 rule professes that 90% of security is dependent on good policies, procedures and stakeholder compliance while 10% is attributed to the latest technological security measures on the market. While it’s easy for a security practitioner to explain the rationale behind a new security measure or protocol, your efforts may be futile unless you can get your staff and stakeholders to care about its purpose and thus adopt any new procedures therein.
Instilling motivation to be more vigilant and support organizational security is easier said than done; so it must be approached and defined properly to ensure both fluidity and efficiency. Here are some points to look out for:
Behavior of staff
If your staff is not motivated and educated about your security protocol, they may be unknowingly putting themselves in danger should a crisis arise. This detriment can be stifled through a strengthening of internal culture and incorporating security procedures into repetative, simple tasks (to build muscle memory). As an security practitioner, it is your job to instill a hive mind mentality in your stakeholders — especially when discussing their safety.