This forms the third and concluding part of the series on core aspects of workplace physical security, and puts into perspective and is the practical aspect of the theorizations in previous parts.

According to the National Center for Education Statistics, without strong physical security, no security professionals can claim to provide true information security or a good security posture.

Workplace physical security is one that should not be overlooked or replaced, as a failure to have a standard or well thought out plan can put the lives of employees at risk, lead to litigation and eventual loss of revenue. This need is emphasized, as many businesses and organizations do a brilliant job protecting themselves from cyber-attacks and virtual threats, while overlooking the risk of physical attacks such as: lock picking, device/ document theft, unauthorised entry, mail terrorism, etc.

The importance of cyber security cannot be denied in the general security structure, many business owners and organisations, however, relegate threats of criminals having access to e.g. the control room and stealing valuable information needed to maintain a competitive edge.

On the other hand, physical security testing also known as “physical penetration testing, physical intrusion testing”, reveals the true vulnerabilities in the physical obstacles and structures meant to protect and secure information, data and lives. Physical penetration testers create simulated attacks that imitate the actions expected of criminals to gain unauthorized physical access to the premises, sensitive areas, documents or information. Some of the obstacles tested include locks, windows, alarms, cameras, security operatives and employees.

Physical penetration testing is needed to confirm and validate the accuracy the current security system and clear all doubts about the efficiency and effectiveness.

In a physical penetration testing, it shifts the focus from “if something happens” to “when something happens.” It is a preparation for attempts will be made at security breaching, but not when it will happen. Thus, testing deals with response. It shows the preparedness of the business or organisation to threats, prevention and response when it occurs.

Some recommendations for preventing threats i.e. ensure the security structure is in tune with the current realities are:

  1. Conduct regular training to ensure response policy is accurate and all shareholders are fully aware of the procedure;
  2. Review mustering and evacuation procedures;
  3. Review CCTV and alarm systems, to ensure there is sufficient coverage etc. also, monitor to track suspicious activity, and such should be reported to law enforcement.
  4. Build a good relationship with security/ law enforcement.
  5. Increase the number of security guards to help employees and clients get to safety, in the event of the violent outbreak;
  6. Train employees on mail handling, to prevent receiving of compromised emails, threatening phone calls, etc.
  7. Develop emergency response and recovery plan  for the business and organisation
  8. Re- testing must be conducted to close gaps discovered.


In the event of a security threat, the response is important to minimise causalities and the impact on the organisation or business.

Some immediate response procedures should include:

  1. Obtaining control over the situation and ensuring casualties are brought to safety;
  2. Contacting law enforcement and other emergency responders;
  3. Securing the site of the event and others pieces of evidence;
  4. Assessing the threat and severity of attack;
  5. Immediately commencing utilisation of recovery plans.