Physical security is the protection of personnel, hardware, software, facility, and other assets of the Company from physical activities capable of causing damage or loss. Some of the activities are theft and natural disaster.
Over time, individuals, corporations, and even tradesmen/women, business owners have come to overlook the importance of physical security in favour of technical security systems. This, while not a problem in itself, can lead to the absence of security for the protection of these gadgets. For instance, no amount of firewall can prevent the theft of a storage device from the control room or the insertion of a compromised USB/ flash drive by an unauthorized person in the control room’s computer.
Physical security is a broad aspect of security and is divided into various smaller bits; the core components shall be the subject of this paper. These components work together to ensure our working space is secure and free from unwanted individuals. The core components which will be individually discussed are:
- Access Control
- Testing and Response
Access control is a security term used to refer to a set of policies for restricting access to information, a facility, resource, tool, equipment, or technology gadget.
Access control is an essential aspect of security for all sizes and types of business enterprises, individuals, government facilities, and public areas. It includes the user of a smartphone unlocking it with a password, the security guard at the gate, the high wall fence, etc. and everyone practices physical security to a certain degree unconsciously throughout the day.
Access control prevents unauthorized access to a facility, records, a particular part of a facility, and thus protects the employees, clients/ customers, visitors, and the enterprise from loss, external attack, or threat.
Access control mechanisms include the deployment of technology or manned guards at points requiring restricted entry and visitor management is an offshoot of it. Visitor management is required to keep track of visitors within the premises, and it is mostly important when there is a disaster and the need to evacuate persons within the facility.
Usually, there are various aspects to access control, i.e. what the control is aimed to achieve, there are three common or core aspects to it and they are:
- Access to consuming: might be food, information, and other consumables capable of getting devoured, destroyed, or stolen, and once lost cannot be recovered.
- Access to enter: this is the most common type of access control. It is aimed at preventing entry into a facility or a particular restricted area within a facility.
- Access to using: while it might be an offshoot to access to entering, it centers on preventing the unauthorized use of computers, resources, tools, or equipment, which can lead to damage, loss or access to sensitive information, injury, destruction or danger to other employees/ users or the facility, prevention of those who need it from having access to it when needed. This can include borrowing company property for private use.
The aspect of access control employed is dependent on the needs of the facility and type of business, and the security issue or threat aimed at defeating. Some real-life examples of access control include:
- Airport custom agents
- Doors, padlocks, fence
- Bar bouncers
- Phone password
COMPONENTS OF ACCESS CONTROL
- Authentication: this is the process of proving an assertion e.g., showing identity before access is granted to a person.
- Authorization: this specifies the right or privilege to have access to a facility or resource. It follows authentication. The identity of an individual may be confirmed as being a staff of the organisation but the individual is not allowed to a particular area of the office facility, as it is restricted to certain persons.
- Access: once the identity of an individual has been verified and authenticated and it is found that such enjoys the privilege of consuming, entering, or using a particular resource within the organisation, access to such is granted.
- Manage: managing an access control system/ plan/ program requires close watch and constant updates in line with the dynamics of the workplace. There’s the need to update the granting and withdrawal of authorisation to prevent a former employee from accessing the facility as a current employee would.
- Audit: audit minimizes the risk of access by persons no longer authorised access. It also leaves a trail of information used in the investigation of incidents within the premises.
THINGS TO CONSIDER WHEN CHOOSING THE RIGHT ACCESS CONTROL MECHANISM FOR YOUR ORGANISATION/ FACILITY
The goal of access control is to balance convenience and effectiveness while taking into consideration the specific needs of the enterprise or facility. Therefore, in considering the most suitable access control mechanism, pattern, or type for an enterprise, some things must be considered. They include:
- Business/ facility type: the type of business to be secured plays a huge role in determining the type of access control system to be employed. The visitor management system employed in an estate will differ from that used in a medical facility. The bottom line of all the different systems is ensuring adequate protection and prevention of loss or damage to assets.
- Facility/structure ownership and type: the ownership must be considered before alterations or installations can be made to suit the type of access control mechanism to be deployed. Also, to be considered is if it is a shared facility and how the deployment of the access control will affect other tenants or co-owners.
- Application/ station of the access control mechanism: to be considered is where the access control is to be. Is it upon entry into the facility or within the facility to prevent some users from having access to a particular area of the facility etc.?
- Size of the facility, workforce, and client/ visitors flow: the size of the facility and users will greatly determine the choice of access control mechanism to be employed for efficiency and convenience.
- Budget: the budget of the enterprise, facility owner, or individual will determine the quality and type of access control mechanism or plan to be deployed.
- Access control system management: is the security system going to be outsourced? Is there an internal Chief Security Officer to monitor activities and mechanisms employed? How trained are the security operatives employed? All these determine the type of mechanism or access control plan/ policy to be employed.
IMPORTANCE OF WORKPLACE PHYSICAL ACCESS CONTROL
A secure workplace is vital to the protection of employees, work systems, assets, and promoting productivity. Some benefits of access control are:
- Knowing who’s coming and going at all times:
- Only pre-qualified individuals can automatically enter without special individualized attention.
- Keep track of employees
- Secure sensitive documents data, network, and connection
- Leaves an audit trail after the occurrence of incidents.
Access control in all forms of employment, digital/ technology-driven (e.g. installation of malware, various forms of data breaches and digital sabotage, etc.) and physical access (theft or damage of sensitive property, employees/ clients or visitors getting harmed, etc.) is the pillar of the continued existence of any business enterprise, corporation or facility irrespective of size. Implementation of access control can help to prevent problems and threats posed by employees, clients, or visitors.
The importance of physical security at the workplace as a way of curbing the prevalence of workplace violence from the above, cannot be overemphasized and it is our hope at HOGAN GUARDS LIMITED, that this three-part series will shed adequate light on physical access control and encourage employers to take deliberate steps in ensuring a more secure working environment.