Introduction
There is an extended list of measures that companies need to take in order to make sure that their employees are comfortable, incomes increase, and customers and clients get satisfied. One such measure is personnel security – an essential step that is typically overlooked by most organizations. There are many peer-reviewed articles regarding the importance of human security and the possible hazards, including internal and external ones (“The importance of physical security in the workplace,” 2018). The purpose of this paper is to discuss some of these papers, focus on the necessity and threats of physical security, and propose three recommendations to Congress.
Importance of Personnel Security
Personnel security is about protecting the company’s workers, facilities, equipment, software, networks, and confidential information and data, so there is a number of significant reasons for it to be a necessary part of any organization. First of all, as mentioned above, it keeps the employees, assets, and information safe by enabling the company to several essential actions, including delivering services and operating more effectively (“Why personnel security matters,” 2020). To be more precise, providing physical security allows the organization to have greater trust in those who have access to important and official assets or information. As for the staff, if they know that they and their work is secured properly, they also trust the leaders of their company and respect and obey the rules more readily. Personnel security helps to reduce the risk of partners, customers, and workers getting hurt and the information being compromised, damaged, and lost (“The importance of physical security in the workplace,” 2018). What is more, adequate personnel security is necessary to achieve proper cybersecurity, since the second cannot exist and function without the first.
Considering the factors mentioned above, it is hard to disagree that physical security is extremely vital for any company. Unfortunately, this crucial measure is generally overlooked by most organizations since they tend to pay much more attention to technology-oriented security (“The importance of physical security in the workplace,” 2018). Nevertheless, if the leaders do not want anyone to hurt the employees or destroy confidential information, it is better to make sure that this security is maintained constantly and properly. In case it is not, then it is likely that all other safety measures are useless.
Personnel Security Threats
Precisely the seriousness of a number of hazards and the necessity of escaping them make personnel security so important. Indeed, with the development of technologies, the possibilities of various methods of protection increase (Goldstein, 2016). Simultaneously, it becomes more challenging to provide physical security since more sensitive devices like tablets, smartphones, laptops, and USB drives are available and used ubiquitously (“Introduction to personnel security,” 2017). Moreover, for physical security, fewer measures are used compared to technology-oriented ones, and this mistake provides the attacker with many more chances to open ports or exploit data. Therefore, to maintain constant personnel security, it is necessary to pay attention to internal (coming from the staff) and external (coming against the staff) hazards.
Internal Threats
Overall, internal threats are those that begin within the organization. Unfortunately, such attacks typically come from employees, either formal or present, who were dissatisfied for some reason (Houlis, 2020). Such accidents are also known as insider hazards and are really severe as no one can damage a company more than a person who knows its inner structure (Lobova & Bogoviz, 2018). Workers, consultants, and contractors are granted a greater privilege than outsiders due to occupying a trusted position. Therefore, they understand the company’s operations and have legitimate access to its assets (Lobova & Bogoviz, 2018). However, if some of them decide to threaten and access the organization’s assets for personal reasons, they abuse the sense of common purpose and the leaders’ and other workers’ trust. This may be done by using their insider knowledge to exploit the weaknesses of the company’s facilities, products, services, systems, and security.
It is better to discuss insider threats more thoroughly and provide examples. There is a former employee Alex who was dismissed and now harbors feelings of thirst for revenge, anger, and resentment. In order to avenge himself, Alex decides to take action against the officials and image of the organization (Smith, 2018). For instance, he can provide a competitor with vital and confidential information, destroy essential documents, prepare physical violence towards his former managers or colleagues, and challenge the management’s decision in the court. If Alex chooses to switch to competitors, it will also significantly damage his former workplace and be considered an insider attack.
Moreover, some applicants may appear to be pseudo ones sent by headhunters, criminal organizations, or competing companies. Their purpose may be to get confidential data and then use it for their own illegal, immoral, and selfish goals or transmit to competitors (Compagnone et al., 2019). As for the current workers, they are no exception and pose a personnel threat, too. According to Lobova and Bogoviz (2018), “the most serious economic offences committed by persons employed by the company” (p. 37). If there is a destructive activity from the workers, they can have unintentional nature or selfish motivation.
External Threats
It is possible to divide the external hazards into two groups: natural and those performed by other people. Certainly, all of them are equally serious and significant as they mean that the lives and personal information of the employees, as well as the data, assets, and facilities of the organization, may be in danger. Nevertheless, there is a great difference between these two groups (Wimmer, 2015). The natural threats do not depend on people, while attacks by a malicious party are planned and performed by humans against other humans.
Natural Attacks
As mentioned above, such attacks are unlikely to be prevented, and the level of damage done by them is rarely possible to be predicted. In this group, power fluctuation, fire, flood, and other natural disasters are included (Lobova & Bogoviz, 2018). Indeed, if a flood has affected the organization’s work, it will not steal the critical and confidential information from it, but it can put the employees’ lives in danger (Wimmer, 2015). Moreover, it will take time to deal with the consequences of the flood or fire, so additional damage may be caused by missed deadlines or spoiled goods (Goldstein, 2016). What is more, it may be challenging or even impossible to restore all or a part of the company’s data and information that was lost because of the natural attack.
Attacks by a Malicious Party
In this group, all malicious actions of a person or group of individuals aimed at stealing company data or money or causing harm to employees are included. Usually, such activities are considered to be theft, vandalism, and terrorism. There is a vast number of reasons for people to take a risk and perform such action (Wimmer, 2015). For example, competitors may want to get rid of a successful company and ask hackers to steal their private information (Lobova & Bogoviz, 2018). Someone may decide to steal the organization’s money or data concerning the most purchased products’ traits. There is also a possibility of a hacker choosing to improve his or her skills and train while online-attacking the company’s security system. Finally, one of the most severe threats of the twenty-first century is terrorism, and such attacks are also included in the group of malicious party attacks.
Recommendations
It is evident that personnel threats reduce the organization’s success and performance, put its employees in danger, and make it more challenging to maintain mutual trust and support within the company. Therefore, it is necessary to improve physical security at the workplace, and there are three recommendations to Congress that may help achieve this purpose. To begin with, it is rather necessary to promote personnel safety among all workers and tell them how they can make themselves and the environment at their workplaces safer (Fennelly, 2016). Not all people realize what exactly physical security is, and educating employees all over America will fix this situation. Evidently, if the staff helps the company’s officials maintain and promote personnel safety, its level and strength will increase. Second, imposing large fines for the slightest non-observance of personnel safety measures can be a great reason for the organization’s leaders to pay more attention to it. Finally, it is necessary to make the company’s officials and staff report any suspicious behavior since a timely reaction can prevent further hazards.
Conclusion
To draw a conclusion, one may say that eliminating personnel hazards and paying more attention to physical security at the workplace is of vital importance. The leaders and the employees of the company will never be able to fully trust each other without knowing that the personnel safety is properly provided. Therefore, it is in the interests of both the workers and the officials to unite their efforts and eliminate the threats.
References
Compagnone, M., Hickman, D., & Acikgoz, Y. (2019). Personnel security: Recruitment. In L. R. Shapiro & M. H. Maras (Eds.), Encyclopedia of security and emergency management. Springer.
Fennelly, L. J. (Ed.). (2016). Effective physical security. Butterworth-Heinemann.
Goldstein, P. (2016). Why physical security should be as important as cybersecurity. BizTech. Web.
Houlis, P. (2020). How a personnel security policy can combat the insider threat. IFSEC Global. Web.
The importance of physical security in the workplace. (2018). Infosec Institute. Web.
Introduction to personnel security. (2017). Center for Development of Security Excellence, 4, 1-72.
Lobova, S. V., & Bogoviz, A. V. (2018). The subject-object identification of personnel security threats. Revista Espacios, 39(24), 34-44.
Smith, M. J. (2018). Workplace violence, security, and safety. Professional Safety, 63(8), 26-27.
Why personnel security matters. (2020). Protective Security Requirements. Web.
Wimmer, B. (2015). Business espionage: Risks, threats, and countermeasures. Butterworth-Heinemann.