Elmo R Cortez, PGDip-AC, PGDip-SRM LEAPS Academy Philippines September 2020 Edition
As COVID-19 continues to weave its way into our daily lives, it’s imperative that companies take a step back and consider next steps as we begin to plan for the new normal. It's probably safe to assume that most of us weren’t around in 1918 for the Spanish Flu outbreak, and while it’s helpful to learn from the past, there have been quite a few changes since then. With this rapidly spreading pandemic changing the way we work, travel and live, we find ourselves in uncharted territory.
During this tumultuous period all aspects of our personal and work lives have altered. The coronavirus pandemic is having obvious implications for business continuity across the entire economy, and business in all industries and market sectors are adapting to a very different operational landscape. Security services providers are no exception and as the lockdown restrictions begin to ease, their role in protecting people is more critical than ever as lockdown restrictions are slowly lifted and workforce begins to emerge.
The security industry is well positioned to deal with these new challenges – identifying potential risks and managing them is what we do. However, there will be some fundamental differences to how this is achieved and, with the situation changing so rapidly, companies need to be flexible, agile and quick to react. Before people do return to their offices ‘en masse’, it must be safe enough for them to do so and effective systems have to be in place. Since lockdown was first announced, forward thinking organisations have spent time training their employees so that they can hit the ground running.
In a time of so much uncertainty, it has become overwhelmingly clear that it has never been more important to control what you can, for yourself and those around you, and take preventive measures to ensure health and safety for the future. Today, social distancing has changed the way we go to work, shop, and even what types of jobs are deemed essential. Companies have been forced to completely alter their business practices, and there's been a push to innovate new tools to help us understand, navigate, and stop the spread of this pandemic.
Because work-place are prime locations for viruses like COVID-19 to spread, we’ve witnessed a major shift in coronavirus office policies. For many businesses who are now operating with minimal staffing or a fully remote workforce, that means drastic changes to who has building access, and how employees are coming and going.
While the government has identified access control and security as part of the essential workforce during the pandemic, many businesses are still trying to navigate how to ensure the security of their physical spaces and assets without having someone on site, and how to pivot daily operations as they shift to a remote working environment. Even with fewer employees actually coming into the office, there are still security risks to consider:
- Access for regular deliveries and maintenance
- Updated door schedules and operating hours
- Possible internet or service interruptions
- Limited or no access to security systems that run on localized servers
- Inability to deactivate or replace lost badges, cards or fobs
- Access needs to allow for regular cleaning and disinfecting in the facility
One-way organizations are attempting to address some of these concerns is to install a lockbox onsite that holds a key or credential and can be accessed by anyone who has the code to the lockbox. While this seems like a convenient solution, the credential would need to be changed out weekly to prevent someone cloning or copying that credential at any nearby convenience store, not to mention, a communal lockbox will need to be disinfected after each use, presenting its own set of new potential problems. There has to be a better, smarter way.
ACCESS CONTROL SYSTEMS
As organizations make operational decisions in response to COVID-19, they should ensure their threat mitigation policy is reflected in their access control system. For instance, schools that have cancelled or postponed community activities should revisit their lock/unlock and alarm open/close schedules to make sure their building(s) is properly armed. They may also need to deactivate or suspend individuals’ access control cards to reflect these changes.
All operational decisions should be reinforced within your organization’s access control settings, so you can control the environment as best as you can. You may also want to use this as an opportunity to audit your access privileges to make sure the right people have access to the right areas of the building. Consider taking some time to review your settings, so they properly reflect the security levels of the areas you’re protecting.
REMOTE SERVICES AND SUPPORT
As more organizations send staff home and temporarily close their doors to visitors and contractors, they may need to leverage remote services and support for some business functions, including security.
It is critically important to ensure your security program is working properly when you’re off-site. Many technology manufacturers and security providers have remote services in place for learning and support.
For instance, some have remote training capabilities and online learning opportunities that allow individuals to receive technical training and certifications remotely. Be sure to leverage these when possible to help maintain your security program. While organizations continue to evaluate this dynamic situation, it’s important to take inventory of the tools you have at your disposal that may help you reinforce the safety and security policies of your organization.
GUARD FORCE ADMINISTRATION
The first order of the day for all security agencies has been making sure that their workers remain safe, particularly, but not exclusively, those who are serving the healthcare sector. It’s not just at hospital facilities, but everywhere. This is a pandemic hitting people in every single sector, in every area of the country.
Instructions to guards about workstation cleanliness and, in many circumstances, providing guard details with personal protective equipment (PPE) along with instructions on how to use it. We have to observe cleanliness at all times, hand sanitizer, washing hands, and social distancing in dealing with people.
Giving highest priority to a safe workplace, with practices that protect the health of employees, customers and other visitors. To that end, the company has obtained and distributed resources like wipes, cleaning spray, hand sanitizers and gloves, and giving instructions to the staff and officers to wipe high-touch surfaces on a regular basis.
Companies are in general reporting increased demand at healthcare, groceries, and for some hotel properties, but decreasing demand at some retailers, educational, government, office building and special events.
Obviously if there are no business establishments operating within the area, you don’t need as many security officers on duty. However, healthcare institutions are ramping up. That’s borne out of a need for hospitals to address lots of people who are coming and presenting themselves with symptoms of COVID-19 at the facilities. Many of the healthcare facilities are recommending that people who have mild symptoms to stay at home and call their doctors. That, despite public information, some people are deciding to go directly to the hospitals, which is a bit of a challenge.
Some hospitals facing that challenge, who have been hit with an above-average volume of COVID-19, have decided to partially lock down their facilities and allow access only through certain entrances. In those cases, they’re adding additional security coverage for their lockdowns for access control and to provide information to visitors and patients.
The COVID-19 pandemic has forced organisations and individuals to embrace new practices such as social distancing and remote working. Governments are reconsidering ways to ensure that their countries are stable by developing and enforcing new economic plans. Nevertheless, while the world is focused on the health and economic threats posed by COVID-19, cyber criminals around the world undoubtedly are capitalizing on this crisis.
INCREASED SECURITY RISK FROM REMOTE WORKING/LEARNING
With many employees working from home and students learning virtually, enterprise virtual private network (VPN) servers have now become a lifeline to companies/schools, and their security and availability will be a major focus going forward. In a bid to achieve this, there is a possibility that an organisation's unpreparedness will lead to security misconfiguration in VPNs thereby exposing sensitive information on the internet and also exposing the devices to Denial of Service (DoS) attacks. In addition to this, some users may utilise personal computers to perform official duties which could also pose a great amount of risk to organisations. Organisations should ensure VPN services are safe and reliable as there promises to be a lot more scrutiny against these services. Furthermore, employees should be advised against using personal computers for official use.
EXPOSED PHYSICAL SECURITY
The enforcement of “work from home” policy by some companies, where stable power supply and fast Internet connection may be a luxury in some quarters, may see employees work from public spaces to utilize power and free internet facilities. This behavior may inadvertently expose the computing facilities and confidential information it contains to theft or damage. Organisations are hereby encouraged to sensitize their employees around information security outside of the office space. Working from public spaces should be restricted and organization should utilize technologies that ensure confidential information remain secure on these devices in the case of theft or damage.
BUSINESS CONTINUITY PLANS (BCP) TO FEATURE GLOBAL PANDEMICS
Many organizations have business continuity plans, but it is obvious the impact of a global pandemic like COVID-19 was not considered in many BCPs. With the widespread impact of the COVID-19, organisations need to re-visit their Business continuity program and incident response plans specially to feature such pandemics that affect many countries and critical elements of supply chains at the same time. A revised risk assessment should be conducted on critical processes to identify the various options in ensuring these processes can still be maintained at an acceptable level and an effective fail over is achievable.
POTENTIAL DELAYS IN CYBER-ATTACK DETECTION AND RESPONSE
The functioning of many security teams is likely to be impaired due to the COVID-19 pandemic thereby making detection of malicious activities difficult and responding to these activities even more complicated. Updating patches on systems may also be a challenge if security teams are not operational. Organizations should evaluate the security defenses in place and explore the use of co-sourcing with external consultants especially for areas where key man risks have been identified.
INFLUX OF CYBER CRIMINALS
Globally, companies are downsizing their workforce to cope with the effects of COVID-19. Some people have also lost their means of livelihood due to the various restrictions of movement by governments across the world. This move would likely encourage the growth of cyber criminals as idle people with internet access who have lost their jobs from the effects of COVID-19 may see an opportunity to make a living out of this pandemic. Organisations considering laying off staff should enforce proper exit plans. Also, we encourage all who have lost their jobs or currently being restricted to a location to consider taking this period to learn a new profitable skill and undertake online courses.
POST COVID-19 CYBER SECURITY POSTURE
The COVID-19 pandemic has caused a huge strain on the global economy with some experts predicting a recession as part of the after effects of the pandemic. Organisations Post COVID-19 pandemic strategy might include downsizing by cutting off business lines considered as non-critical which may include cyber security operations. This short-term plan might however prove to be “penny wise and pound foolish” in the long haul as this will further increase the impact of attacks on the organization. Organizations are advised to update at their BCPs and remote working policies/practices whilst prioritizing cyber security during post COVID-19 re-strategizing process.
NEW SECURITY SYSTEM
In addition, relatively new systems such as CCTV cameras with thermal sensing are being used to identify those people entering a building who have a high temperature – a symptom of COVID-19. Some of these systems can even remotely read multiple individuals’ temperatures and use the cloud to share data in real time with security teams to keep buildings safe for operation.
Initially at least, employees returning to their places of work are likely to be nervous, apprehensive and uncertain. On top of that, a place that was previously familiar may now seem different and there is likely to be some confusion about how any new operational policies work in practice. A security team’s ability to communicate in a way that is firm but friendly, calm, focused, clear and tactful will be imperative, particularly when approaching occupants who are inadvertently contravening social distancing guidelines.
Good communication is also a prerequisite when working with clients to develop policy and operational guidance, carry out risk assessments and define business continuity strategies. By adopting a customer service and concierge-style approach, security professionals can demonstrate a level of proactivity that assists any defined objectives.
For instance, initiating a system whereby a member of its security team will act as an elevator operator, who is responsible for pressing the buttons and making sure that a lift is not overcrowded.
In many respects, security personnel need to be the eyes and ears of a building by monitoring whether seating and workstations are suitably distanced, if space is being utilized properly and if there are any areas where people are congregating. Employee health and safety also depends on a hygienic work environment so workstations, conference rooms, collaborative areas, cafes, reception desks and other common areas must be monitored and cleaning staff notified to take immediate action if minimum standards are not met.
The adoption of home working and the use of video conferencing technology have been two of the standout features of the coronavirus lockdown. While it’s too early to understand the full extent of the new skills and habits we’ve developed while working and communicating remotely, it’s reasonable to assume that this will continue to some extent once lockdown is fully lifted.
Security services providers have benefited enormously from video conferencing technology as a way to communicate with clients and colleagues, which has been highly effective in making sure that relevant personnel are up to speed with any developments. Just as importantly, it has allowed meetings to be carried out to brainstorm, share ideas, exchange best practice tips, monitor workflows, build community, reinforce organisational culture, and strengthen colleague and client relationships.
There have also been less obvious benefits. While some people have easily adapted to home working, others have not. For this group of people video conferencing has offered a welcome level of human interaction and engagement, which has reduced their sense of isolation. It has also meant that those who are visibly struggling with lockdown can be more easily identified, and action taken to monitor their mental health and well being.
The coronavirus pandemic has raised the profile of security within organisations and service providers need to start planning for when people return to their clients’ workplaces in greater numbers. As the security industry adapts to the ‘new normal’ we must not forget that pre-coronavirus threats still exist and must not be ignored, but be in a position to adapt to fundamental changes in the way we work, as well as workplace design and operation.
NEW TREND IN SECURITY SYSTEM INTEGRATION
We can expect a lasting impact in security trends in this area, for example automated customer counting and flow control (to comply with social distancing rules in shops), facial recognition, integrated fever screening and detection, remote monitoring systems, robotics and drones. However, automation must be carefully managed. We always stress to our customers that automation does not mean the replacement of people. Far from it. For an automated system to be effective, it becomes even more important to have reliable and accurate human input in order to respond if something goes wrong. People are less involved, but their involvement becomes more critical.
Perhaps one of the most notable consequences of the COVID-19 crisis is that it has given the digital transformation an immense boost. At the root of this boost is the remote everything habit that it has been necessary to adopt. We believe that digitization will continue, including in security, where security system will play a central role. They will be the hub where the digitized information is centralized and where smart operators (people supported by artificial intelligence) will act upon the information received as agreed with the customer.
NEW SECURITY THREATS SHALL EMERGE
New threats may emerge following the pandemic, making it more important than ever that threat and risk analysis is a part of every company’s continuous improvement plan. Gathering intelligence, and processing it, will become an essential activity of every security professional. Similarly, companies will have to consider their security needs and with more people working remotely, the need to protect ‘just’ an office building is extended to employees’ homes. No one has a crystal ball to look into the future, but by analyzing the current impact, trends and habits formed during the pandemic, we can glimpse what the new normal for security might be.
We have seen, and will continue to see, a huge change in our societal habits, for example an increased focus on health protection and social awareness, plus a dramatic reduction in travel, and we expect this to continue to some degree in the post COVID-19 world.
There will be continued attention on infection prevention and control. We expect to see more fever detection and screening systems, and a faster deployment and wider acceptance of personal protective measures, both with physical distancing and the use of PPE.
Remote working, remote shopping, remote sporting, remote entertainment, everything has turned remote and the most surprising fact, for many, is that it is working. People adapted to the obligation of keeping a safe distance and have adopted the remote technology that was already present in their lives. For example, remote monitoring by virtual security checks as an alternative to physical officers’ rounds has been in high demand and this will probably remain so.
COVID-19 has had financial implications for many, and the Department of Trade and Industry has reported a sharp contraction in household spending. Most leisure and culture sectors were at a standstill for many weeks. With less or no revenue coming in and production halted, companies have started cutting costs. Security activities are being rationalized and it will be more important than ever to provide solutions that are lean and efficient. This will require security professionals to be more agile, meaning they will need to have the ability to put new operating models in place (internal or external), supported by the right processes and governance. It is important for customers to know the quality of what they are purchasing when it comes to security, not just the cost. Solutions that are agile are not always the cheapest, but will be able to flex and adapt to challenges quickly and without compromising the assets they seek to protect.
Other significant economic impacts of the pandemic will be seen from increased unemployment, and the potential resulting increase in crime. The International Labour Organization estimated that in the second quarter of 2020, worldwide working hours have declined by 6.7%, which is equivalent to 195 million full-time workers losing their jobs globally. This increased unemployment is all the more alarming when considered alongside scientific research conducted worldwide, which found that in those countries up to 80,000 additional monetary crimes were committed each year for every percentage point that the unemployment rate increases.
Another economic factor to consider is the movement of goods and services across borders. As the virus spread, borders closed and countries went into lockdown, and sourcing products locally sometimes became the only solution. The repercussions of this trend could be seen when companies are forced to depend on local products as supply from beyond country borders may be limited. If supply streams come under pressure, the importance of securing them will increase.
COVID-19 will change our lives forever with new work styles, new cybersecurity issues, access control new proposed policies, personal hygiene and guard force administration. The fight against COVID-19 is not just for the organisation, employee or customer but a joint effort from everyone. It is also apparent that Post COVID-19, organizations will need to rethink their risk management measures to address the issues posed by this pandemic.
Organizations had to restructure their network and security systems almost overnight to respond to the COVID-19 pandemic, and doing this inevitably meant that security gaps opened up, increasing their risk and vulnerabilities and creating new opportunities for criminals. Now that we are moving towards a ‘new normal’ way of working as lockdowns lift globally, organizations need to close off those security gaps and secure their networks, from employees’ home personal computers and mobiles to the enterprise data center, with a holistic, end-to-end security architecture, promote social distancing and personal hygiene. The Covid-19 pandemic may be fading, but the needs to secure thereafter is triggered here to stay. However, the right approach to security, is to continue conducting risk and vulnerability assessment, and business continuity plan to address the issues on the “new normal” after the pandemic.