Technology automation can help assess risk in a crisis

April 17, 2020
The COVID-19 pandemic has made it clear that organizations with a plan and a centralized approach can survive

The keys to riding out any crisis for an enterprise organization are speed, actionable intelligence, and transparent communication. Since margins within many companies teeter on razor-thin balance sheets, being able to take corrective actions fueled by solid data in a rapid manner may define its survival.

However, nothing this century has ever impacted global business operations as has the ongoing COVID-19 pandemic. As organizations cope with the reality of shuttered brick and mortar facilities in lieu of workers at home doing their jobs as they shelter-in-place, the CDC and other world health agencies chart the peaks and valleys of the deadly virus attempting to define this new normal in business.

In the wake of the pandemic, C-suite executives from the boardroom to the GSOC have been challenged to manage and secure both empty facilities and battalions of telecommuting workers. For security executives, this seems an almost impossible task. But as the global shutdown creeps from days to weeks; perhaps even months, security solutions providers are realizing that mitigating risk will be as much about the process as it is technology.

Technology Can Help Mitigate Risk

Philip Stockham, who serves as Vice President of Operations for Europe, Middle East, and Africa (EMEA) at Vidsys figures a measured approach to securing business operations and all that it entails may be prudent at this juncture. It is a cautionary tale based on observing how executives, staff and general employees adapt to the evolving security operation continuity roadmaps. Then, and only then, can a solutions provider step in with technology and/or software to help the organization manage its crisis.

He adds that with many of his clients using his company’s solution going to remote operations, the dynamic of securing facilities from a central operations center or off-premise location that could clock staff in and out is no longer an option. This makes access verification for sensitive data and corporate information sharing a challenge.

“When you've got everyone in a room on local area network, they're inside of the firewalls. But when that goes to remote operations there are security aspects you have to set up, bandwidth issues to contend with and so forth,” says Stockham, taking an optimistic tone continuing that as a vendor, when you support a customer through a crisis transition such as the current pandemic, the experience can be leveraged to ensure procedures and protocols being installed to contend with COVID-19 shutdowns can transition to future potential challenges.

The immediate challenge for organizations slugging their way through uncharted operational territory with COVID-19 has dictated new risk parameters and how that risk is addressed. He feels that a more intense collaborative effort between personnel and the automated process has to be considered a priority.

“Your threat vector has just changed. Some of the threats that you are dealing with actually are the polar opposites of what you are used to. A good case in point, there are many security operations teams right now who are charged with monitoring empty buildings and those buildings are actually more vulnerable than when they're occupied. So, it's the night shift guys who are going to have to be more on the ball now,” Stockham explains. “it's really a paradigm shift that the guys on the night shift are the guys that need to be more aware than the guys on day shift when the office building is usually open. Your building is definitely a softer target when it is empty, and it will get worse as it continues.”

Business Operations Paradigm Shifts

This is where technology can fill the breach according to Stockham. He says that platforms like Vidsys are capable of handling the workflow that can guide operational response.

“Steps in the workflow process can be automated; if the human operator fails to respond within a certain time, we can have the technology take over. So to use an example, if someone hasn't been able to react to an incident within a set amount of time, push out an SMS to a supervisor to handle or if conditions are met automatically send out an email notification to all staff within a given area. This also can occur in the background and via this intelligent automation there is less reliance on the human in the chain.

As security and risk executives scramble to assemble reconfigured business operations assessment plans now that many enterprise organizations have staff working off-site, constructing a new tier of best practices to mitigate and manage risk is a priority. Creating a new plan allows risk, security, IT, finance, HR, and other key management levels can help support the effectiveness of the response team in any crisis throughout the organization.

“We've got the need for situation awareness and visualization to be key elements of an overall mitigation plan. Situational awareness provides your own operating picture of your organization’s premises, helping track alerts and helping your team to be a proactive force. But how do you assess and interpret what is going on at the macro-level environment? News, weather, the pandemic e-mapping which everyone is looking at least 1,000 times a day; how can your teams use that data being monitored to better understand the big picture? And then when those workloads become even more critical, knowing the operator is doing the right thing at the right time in response, and being able to adjust those new workloads as a result of evolving situations is crucial as well,” explains Stockham.

 “In the case of this pandemic, if you have a case (COVID-19)  at your premises how are you going to know who you have just come into contact with, how are you going to be able to support the relevant authorities, stakeholders, during that process? Your team must be proactive in managing the vetting of potential virus carriers if you hope to protect older members of staff or departments from this individual and then help to facilitate the testing process to have the ability to assess your organization’s exposure risk. Being able to automate that process when staff is off-premises is very important.”

Security Must Adapt and Facilitate

Stockham says his company is still working with some organizations that are maintaining a skeleton staff of around 25% of their workplace on-premises. He adds that if security staff can actually decamp and respond if they need to, but they are kept in a centralized monitoring location, then an organization can help achieve those mitigation objectives with lesser exposure to security staff

“If you have operations around multiple locations, and as we have seen with this pandemic, it's come across like a wave, how does your organization adapt to or respond to that? Do you assess and respond to it by location, by pushing out SMSs, on Facebook, with staff handling procedures based on what's happening in their area and the risks they have been exposed to? A company could have taken a gradient-based approach based on what was happening, as I believe some organizations have done. The technology could support that -- how many cases in that given area -- and push out pertinent guidelines accordingly to the staff in those locations,” Stockham concludes saying it is important for the security department to be able to have the necessary data and information to make cogent assessments that can then be fed back to the organization’s crisis management team to help in deploying appropriate responses.

About the Author:

Steve Lasky is a 33-year veteran of the security publishing industry and multiple-award-winning journalist. He is currently the Editorial and Conference Director for the Endeavor Business Security Media Group, the world’s largest security media entity, serving more than 190,000 security professionals in print, interactive and events. It includes Security Technology Executive, Security Business and Locksmith Ledger International magazines, and SecurityInfoWatch.comthe most visited security web portal in the world. He can be reached at [email protected]