Security I was at a customer site while they were practicing procedures for their DR plan. This day, they were practicing the fire drill. I watched with curiosity as the event unfolded. I was completely impressed with the fact that they had an orderly clearing of the building. My contact told me that they were told where to exit the building (good), where to meet as a department in the parking lot (good), then as we got out there a fire marshal checked the head count for each department – they even identified an "extra" in the IT department--it was me (excellent). We waited until the building cleared – then the doors were opened for everyone to come back in. This is where the whole procedure "went south". With only a disarming smile, I walked past the two guys holding the door wide open for me. No badge (I had taken it off to "test the system"), just a smile and polite, "Thank you" for holding open the door for me. What is truly remarkable is that every morning, I could not leave the front door without an escort from the IT department and every night, I had to sign out and leave my temporary badge. Their security had failed. The World We Live In… Another speaker at the conference who was formerly a "Director" with the CIA, left most of the attendees leaving his session with the hair raised on their necks. He made a stunning comment regarding terrorism. He said two things are absolutely true in the world we live in; 1) Americans typically have a short-term memory and 2) terrorists are very patient! This statement reflects the world we live in very well – some of the terrorists involved in 9/11 had lived in the US for 5 to 7 years. That's a long time to wait, but in a very sad way, we must acknowledge that they successfully planned and executed their mission. So when it comes to security, think on these things and recognize that we need to learn to remember the past better and patiently pursue Disaster Recovery planning until we have done all we can to protect our businesses. So where to begin – Let's take a tour… Premise Security Your tour should begin on the outside looking in. One of the most valuable assets you have other than your people is your facilities. A review of your property insurance program is also important. As your business changes, you may not have adequate coverage for your facilities. You can also determine what is and what is not covered during a review. Does your policy offer "blanket coverage" for a number of different properties? If so, make sure they are all listed on the policy property schedule. Is your policy for replacement value – it should be because replacement costs will typically be higher. -
What type of entrance security is used? -
Do you have adequate perimeter security such as fences and gates surrounding the building and parking areas? -
Is there adequate lighting around the building? -
Are windows and doors properly secured? -
Is there easy access to the roof? -
Is there an Alarm System for after hours monitoring? Does the alarm sound at a central location that is staffed 24/7? -
Do you require Security Badges for entrance to the facility? -
Are visitors signed in, receive appropriate badges and escorted into the building? -
Do you have a comprehensive security policy that outlines procedures for personal threats against employees; theft of personal belongings, drug or alcohol abuse, and external threats called in or "delivered" to the facility? -
Is everyone checked by security for clearance as they enter the building? Security Of Building Infrastructure Check the outside of the building for Maintenance issues. Below are some matters for consideration. You may even concern yourself with items that are not part of your infrastructure but may have an impact. Consider the case of a customer with a Municipal Water Tower right next door on the top of the hill! They needed to consider the What if… the tower fell? Their planning needed to include the potential risk of flood damage since a good portion of their business was on the bottom of the hill! Is the buildings exterior in good condition – review all equipment including drain pipes, signage, tanks used for storage of various materials, fences, additional buildings used for maintenance, towers, canopies over entrances, trees and landscaping, etc. -
Is your Electrical System adequate and up to date? Have provisions been made to ensure that the system is adequate for further business growth. Is it properly grounded? -
Is the HVAC system properly maintained and safely located? -
Are there any plumbing issues or concerns that should be addressed? -
Is the roof free of leaks? Is it inspected regularly? Is the drainage from it unobstructed and appropriate for the type and size of it? Can any elements accumulate on the roof? What can be done to monitor or maintain these areas? Security Of Goods Move inside the building now – Begin to evaluate the office area from the inside out. Years ago in Russia, a miner left the mine at the end of each day. The guard stopped him and looked under the sack covering the wheelbarrow the miner had with him. Each day the guard saw only the empty wheelbarrow underneath the sack. After some 20 years, the miner was leaving the mine for the last time and the guard posed this question to the miner. "Each day for twenty years I have watched you leave this mine with the wheelbarrow. Each day I have checked under the sack only to find nothing. I know you have been up to something, but I do not know what it is. Now that you are leaving for the last time, tell me – what are you going to do now that you no longer work in the mine?" To this, the miner replied, "I am going into business – I am going to sell wheelbarrows!" -
Is proper security and accountability for equipment, tools and products established? -
Do staff have personal effects secured while they are working – either in lockers or at their workspace? -
Is office equipment marked (today etching is popular as a method of identification) so that it can be inventoried and identified readily? -
Are these items listed in a property report that can be used for loss or destruction claims? -
Is there a process and policy in place to report theft or vandalism committed by employees, vendors or visitors? Security In The Computer Center Looking at the Computer Center we think of Security of our Networks and Computing Systems. These have become much more vulnerable today than ever before. Look at what the Department of Homeland Security says about this: "Our nations information and telecommunications systems are directly connected to many other critical infrastructure sectors, including banking and finance, energy, and transportation. The consequences of an attack on our cyber infrastructure can cascade across many sectors, causing widespread disruption of essential services, damaging our economy, and imperiling public safety. The speed, virulence, and maliciousness of cyber attacks have increased dramatically in recent years. Accordingly, the Department of Homeland Security would place an especially high priority on protecting our cyber infrastructure from terrorist attack by unifying and focusing the key cyber security activities performed by the Critical Infrastructure Assurance Office (currently part of the Department of Commerce) and the National Infrastructure Protection Center (FBI). The Department would augment those capabilities with the response functions of the Federal Computer Incident Response Center (General Services Administration). Because our information and telecommunications sectors are increasingly interconnected, the Department would also assume the functions and assets of the National Communications System (Department of Defense), which coordinates emergency preparedness for the telecommunications sector." -
Are computers and servers properly and securely installed? Do they have a backup procedure in place that is properly defined? -
Do you backup critical data such as payroll, tax, accounting, production records, customer lists, leases, and insurance policies? Do you store them in a separate secure location? -
Do you back up critical Web Site data and provide maximum "anti-hacker" protection to your information online? -
Do you use data mirroring technology to prevent interruptions in service? -
Have you done a Business Impact Analysis to determine potential risks and address those concerns? -
Is there adequate security for the Computer Center to stop unauthorized access? -
Have you installed Anti-Virus software, added firewall protection and protected email servers? -
Do you keep the Anti-Virus protection up to date? -
Do you have someone on staff that is responsible for Data Security? -
Is your Website designed by an internal or external source? -
Is your legal department involved in approving content and have they developed a privacy statement re: this content and other business documentation. -
Do you use generators or uninterruptible power supplies to augment energy requirements in the event of an outage from your regular supplier? -
Do you have a written recovery plan for Power Interruptions and Data Recovery? Evaluating Your Findings Now that you have completed the task of casing the joint, it is time to act upon the information you have gathered. If the questions cannot be answered with assuring responses, it is also time to act! A important shift in thinking here will lend itself to a better assurance that you are protecting your business. Call centers are the "face" of many businesses to their customers. By securing and protecting your business (inside and out) you are able to translate that into the ability to serve your customers adequately and protect your business even in the event of disaster. About 180cc: 180cc is a Disaster Recovery Consulting business focused on educating Call Centers on DR Planning & Business Continuity Strategies. We also provide Risk Assessments, Business Impact Analysis, DR Plan Development and Testing Support. |
I am checking out all the amazing and daily updated content on ContactCenterWorld.com and networking with professionals worldwide
Send To Friends Post On My Wall