For this organizational plan, I would propose studying a bank/currency trading organization. The reason for this choice is that these organizations need many forms of security that are not solely physical forms of security. In establishing a new branch of “Bank A,” there are a plethora of security concerns for me to consider as a manager. What a manager would prospectively have to consider when implementing this kind of security plan for their organization is both physical and cyber threats to security. The reason for this is that Bank A is particularly vulnerable to both kind of threats pertaining to the industry of working with money. Many individuals want to steal money and so, it is in Bank A’s interest to invest in the proper security controls to their organization.
Basic Physical Controls:
The first investment for the basic physical controls is securing the Cloud and the Wi-Fi of the building. In many hacking cases, organizations data security was compromised as a result of Wi-Fi that was unsecure, (Riley, M.). This can be seen from the hacking that Target recently experienced, (Riley, M.). Companies need to invest in proper IT security from the beginning in order to avoid a costly emergency IT repair later on. This can be seen from what Sony and Target experienced with their business models, (Riley, M.).
The best way to handle these concerns is to meet with an IT company that will provide a proposal, budget, and formal schedule for the proper IT implementation. It is usually best to outsource these services to a third party company in order to have the most objective set of advice for potential holes in your company’s firewall that exist. This will allow you to find the best IT plan for your budget and company needs.
Pertaining to Bank A, the financial industry has a great deal of confidential information that if exposed, could expose Bank A to lawsuits. Thus, I would advise Bank A to take the aspects of this IT security to their building and business in general very seriously and factor that into their budgetary concerns.
Perimeter Protection:
Bank A has a great deal to consider for protecting their perimeter. This would usually have involved a parking lot that is gated and has protections for who is entering and exiting. This can be patrolled by a simple security guard who takes tickets. At that point, Bank A should have a metal detector that the people will walk through upon entry to the building. Installing a security option such as this should be quite simple to implement in practice.
When considering perimeter protection, it is best if Bank A has a formal lobby with a secretary to check prospective customers in and guests who want to see the more specialized banks that have access to higher amounts of currency. This will keep the clientele exclusive and exclude the masses who would potentially be a larger threat to security. Additionally, it is important that Bank A has ample protections to the building for the hours that the building is closed. This particularly pertains to external parking structure that was reference earlier.
If the manager follows these recommendations, then they will have an effective and strategic perimeter protection plan in place. Once this plan is implemented, the building will have a more effective stronghold that will keep undesired trespassers out.
External Building Security:
External building security is primarily relevant to the hours when the business is closed. The reason fro this is that there are usually the majority of security risks at night; however, it is important for the manager to also anticipate security threats during the day. Another aspect of external security that the manager of Bank A needs to consider is the possibility that ordering a service that are undercover police officers for all hours of the day. These individuals are trained to blend in and assess whether there will be any threat of the prospective individual that is entering Bank A.
One area of external building security that managers do lose sight of is the importance of having additional security during the day as well as during the night. As a result, it is highly recommended that the manager of Bank A invest in daytime security in order to monitor who exactly is coming in during business hours. In fact, many times prospective robbers visit the bank that they are intending to rob during business hours and thus, will appear to be investigating the facility. The manager of Bank A should invest in video surveillance both internally and externally to be able to see a trend of customers that are coming in too often. This will potentially help identify potential robbery suspects should a robbery arise in Bank A.
Internal Building Security:
Pertaining to internal building security, it is essential that Bank A properly protects their tellers and bankers. Failure to do so, could cause many issues should there be a robbery. Panic buttons need to be installed in many locations of the bank. This is pivotal and the employees need to know how and when to use them.
It is also beneficial to hire both a dressed security guard and a security guard that is designed to observe the customers and blend in. This is very important to the security of the bank and it will deter many more robberies than if there had not been a security guard. Additionally, these officers should have a team who are monitoring the video cameras to look for unusual activity. These security guards should take regular breaks so that they do not grow lazy in their posts. They should be expert in studying people and their tendencies in order to be able to successfully ascertain whether an individual poses a threat. These officers should also be professional trained to handle a hostage situation with guns. The reason for this is that banks have been historically robbed with guns and their have been hostage situations and casualties. The only way to attempt to prevent this threat is to have officers that are trained to handle these sort of situations. Doing this will be a great idea for the security of Bank A.
Another aspect that is crucial to internal security is properly training the employees. This pertains to all of the computer systems and the panic buttons. There should be regularly held training sessions for updated protocols to security procedures. The reason for this is that security is always evolving and changing. Thus, it is imperative that the employees are kept apprised with what is going on.
When considering the internal security of Bank A, it is also recommended to have a multi-system access procedure for the vaults that contain the money. There should be at least six locks, Biometrics, and complex access codes in order to access the vaults. Additionally, there should be multiple vaults so that all of the money is not in one place. This is particularly relevant because it is best to keep the money separate in the even of a break in. Furthermore, only employees with a certain security clearance should be allowed to access the vaults and not too many people should be allowed to enter the vaults in general. Doing this will provide a higher level of security to Bank A and its assets.
Lastly, employees in banks pose an enormous risk to the bank overall. Thus, it is recommended that Bank A also conduct background checks and regular drug tests of their employees that they are both hiring and considering hiring. This will help prevent hiring employees with any criminal records that could prove to be an enormous risk to the financial organization.
Access Control and Protective Systems:
As mentioned earlier, one of the most important aspects of Bank A’s security is their IT. The IT system can be easily compromised by not investing the proper capital in the Cloud. Additionally, the Cloud cannot have access to devices that are not the banks. The employees have to be bought devices that can access Wi-Fi and the Cloud at work. This will avoid giving out the network password to too many employees. What will happen as a result, is that less people will have the credentials necessary to hack into the system. This will provide Bank A an insurance policy that will expose them to less liability for a potential lawsuit. Investing in these sort of IT procedures are crucial for Bank A to consider.
Estimated Budget According to My Recommendations:
In order to have the most secure organization possible, Bank A is going to have to invest in a substantial amount of security in order to prevent break ins. What is best is to consider these costs as an investment in the organization’s security to not lose all of the capital that it contains within. Consider the following chart when considering what Bank A needs to invest in order to make this organizational security plan a reality:
References
Riley, M. Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Bloomberg. Retrieved from: http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data/.