What guidelines are needed when life safety is not the paramount physical security concern

Unlock More

About our COVID-19 coverage

In our ongoing coverage of the COVID-19 outbreak, experts from across Willis Towers Watson share insight into what you need to know to manage your business and employees and reduce your risk.

With the COVID-19 virus significantly disrupting professional activities and routines, business and organizational stakeholders and leaders are understandably focused on key topics such as business continuity, crisis management, and environmental health and safety. At the same time, many robust companies and entities recognize that their personnel, physical, procedural and systems security considerations must remain top concerns. Throughout the pandemic period and afterwards, as we make efforts to return to full business operations in all sectors, protecting employees, assets, facilities, information, product and reputation will be critical.

Good organizational security is a core business trait of many organizations. Leading companies recognize that providing a secure work environment, one that demonstrates sound emergency readiness and a solid protective security posture, is paramount – even while addressing challenges related to a pandemic.

Safety considerations – now and post-pandemic

The following key security program areas must not be neglected as you concentrate on responding to the current health crisis. We also offer suggestions that we believe represent not-yet-defined best practices, which you may wish to have ready to implement post-pandemic, when we expect to find ourselves operating in a new business and social context. Consider these as opportunities for enhancing your firm’s security stance in this unique climate.

1. 01

   Do not neglect workplace violence and active shooter prevention and response initiatives.

   Pandemic-related stress is likely to contribute negatively to the prevalence of behavioral red flags in some people. In rare but tragic circumstances, untreated mental illness and access to weapons can be a deadly combination. Even while most work environments are currently operating remotely, we recommend organizations continue to prioritize deterring, identifying and responding to workplace violence. Doing so is good due diligence and governance and will prepare you well when employees return from remote work.

   The negative impact of gun violence at work is so severe that we must never take time off from risk mitigation in this area. The core action steps needed are to establish a workplace violence prevention policy, create and implement a threat resolution process, educate all employees on the prevailing societal risk of violence at work (to include identifying red flags and how to respond), and model and enforce a zero-tolerance mandate across your business.

2. 02

   Educate employees on prevalent scams and fraud.

   We are seeing extensive local, state and federal police and intelligence reporting on criminals attempting to take advantage of the COVID-19 pandemic. The U.S. Secret Service has advised that they are investigating many cases of fraudsters seeking to exploit the new stimulus relief package. In one common scheme, perpetrators contact intended victims by email or text messaging and pose as U.S. Department of the Treasury officials to obtain personal information, including banking data.

   The Federal Bureau of Investigation (FBI) has identified and reported on other similar cybercrime schemes. We should be cautious in our online shopping and use of virtual educational applications. Stay informed on the prevailing tactics employed by fraudsters and remind all employees to practice prudent use of information systems and the internet.

3. 03

   Be aware of teleconference hijacking.

   Due to closures and the need to practice social distancing, businesses and schools have increased the use of virtual learning online. Cyber criminals have reacted to this by disrupting video-teleconferencing (VTC) calls with hate and violent messages. According to Boston 25 News, “Cybersecurity officials also advise people not to share links to their teleconference meetings or lessons, manage screen-shooting options to be available for the host only, ensuring users are using the most updated version of the application and ensure that their organization’s telework policy or guide addresses requirements for physical and information security.”

4. 04

   Use social distancing to improve pedestrian access control.

   The Centers for Disease Control (CDC) advocates that we maintain six feet of distance from others when possible to help avoid transmission of the virus. Many experts believe that this practice of social distancing may remain embedded to some extent as a new cultural practice in post-pandemic society. This may present an opportunity to assist us in enhancing physical security at work.

   A recurring client concern we encounter regularly pertains to discrepancies in pedestrian access into secure facilities or office space. Often called “piggy backing” or “tailgating,” these acts are rarely serious and don’t often represent major security intrusions; however, each instance negatively impacts security. Allowing tailgating gives employees the impression that your organization does not take access control seriously. It may also allow anyone seeking unauthorized access opportunities to commit acts of crime or violence onsite.

   For those businesses still operating in a physical environment at this time, and for all once we reach the post-pandemic stage and return to our buildings, we suggest that you communicate a clear message to employees stressing 100% access card usage and no tailgating.

5. 05

   Emphasize a clean desk policy.

   Many organizations have long held that it is desirable for employees to secure all work papers, files and laptop computers at the end of each business day, prior to departing the office. This practice helps mitigate risks of exposing client data and company proprietary information. It may assist with preventing theft. However, we rarely see this policy very well adhered to as we conduct physical security reviews. Consider combining the need for a sanitized and clean work area (prevention of disease) with the security value of having sensitive materials and computer hardware locked away after hours.

6. 06

   Accept only best-practice physical security strategies for the protection of information systems.

   In the post-9/11 world, business continuity became an area of major importance for most companies and organizations. We believe that post-pandemic, many lessons learned will involve information technology (IT) topics, considering the heavy demand required for the sudden work-from-home climate. In most security inspections, we find that internal data centers and computer rooms usually have adequate – but not best-practice – physical security measures in place. These generally consist of high-security locks, card readers and sometimes video surveillance cameras.

   At this time, when IT departments are likely not staffed at the building where the onsite computer rooms are located – and post-pandemic, when we begin implementing more robust response plans – technical security best practices could include burglar systems, PIN code or biometric readers and environmental detection.

7. 07

   Offer employees general security guidance and protocols supporting remote and work-from-home environments.

   When employees work from their employer offices, they enjoy the benefit of a secure workspace and the umbrella of an organizational or landlord emergency response and security capabilities. One of the many challenges associated with remote working is that company and client information could be inadvertently exposed. Be sure to consult internally and give appropriate consideration to remote-working security practices.

8. 08

   Review how your organization handles contractor, guest, vendor and other in-person visits.

   Visitor access is a recurring point of concern in all industries. Some organizations require that nonemployees such as contractors and visitors be escorted by a host. We see both manual visitor logs and electronic visitor management systems used to record and track visits. Some organizations do not keep any documentation of visitors to their premises. Others program and issue access cards to nonemployees (visitors).

   Visitor handling is no doubt discrepant in many organizations and room for improvement exists. CDC guidance around preventing community spread and social distancing aligns with maintaining good visitor security protocols at work. Post-pandemic, all employers should review their existing visitor screening and registration steps and considering making any changes to safeguard the process.

9. 09

   Prioritize travel security in your organization.

   Prior to the COVID-19 pandemic, it was prudent to have a travel security protocol supporting your business travelers. Core actions associated with secure global travel to risky environments typically included being alert to local crime and scams, and identifying safe ground transportation and hotels. After the pandemic, it will be critical to address program factors and think about implementing emergency medical evacuation resources and pre-trip health and safety briefings for traveling colleagues.

10. 10

    Consider how the COVID-19 pandemic and future health crises may impact enterprise-wide personnel and physical security going forward.

    The current crisis has impacted businesses across their entire enterprises and portfolios. As you migrate from a response to a post-pandemic comprehensive review and determination of new procedures, consider taking the opportunity to review your current embedded base of security (fencing, exterior lighting, guards, security system technologies, and the like) in order to determine any gaps.

    Some organizations have institutionalized nationwide health checks, including temperature screenings upon entry to their buildings and limited approved visitors to common areas only. For locations that have closed temporarily, organizations have increased remote monitoring and are conducting minimum weekly onsite checks for physical damage, burgeoning homeless camps and other security risks. Post-COVID-19, organizations may likely continue the added weekly checks as a new best practice for their business.

Additional resources

In addition to giving thought to the practical tips above, it may add value to your security initiatives to practice robust benchmarking. We have found that companies are keen to determine their posture as compared to other organizations. To accomplish this, we recommend being active in your local chapter of The American Society for Industrial Security International and ensure that your business liaisons with police. Some may benefit as well from membership in both the U.S. Department of State’s Overseas Security Advisory Council and the joint Department of Homeland Security/FBI Domestic Security Alliance Council.

An organization-wide commitment to security

During a recent webcast, security expert Jonathon Harris of Guidepost Solutions emphasized that security’s role in dynamic organizations is to “keep the doors open.” Security is no longer a department meant to primarily enforce regulations but, instead, should be a trusted business partner. Insightful and innovative security practices, tips and tactics may successfully lead to a safer and sustainable business atmosphere.

It is our belief that good organizational security is everyone’s responsibility: each leader, stakeholder and contributor must be cognizant of sound emergency preparedness and security operations and programs. More than that, each colleague must be committed to the security of the organization. Embrace this theme as you go about the business of securing your people and organization now, and in the post-pandemic era.

Disclaimer

Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates.

COVID-19 is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.

Author

What is physical security concerned with?

How do we solve the conflict of safety and security for an escape door?

What Are the different types of physical security?

What is physical security and why is it important?