People and plans: training's role in homeland and workplace security: is your business secure? Here's how some organizations and training functions are preparing for the unexpected

T+D, Sept, 2003 by Eva Kaplan-Leiserson

EXECUTIVE SUMMARY

Are you worried that your company doesn't have enough resources to keep up with current security needs? Don't be. Knowledge is the best weapon against the unexpected.

Here are measures being used by some companies.

Designate a security officer. He or she will safeguard the company from threats and protect employees, physical assets, computer networks, and intellectual property.

Assess vulnerabilities, threats, and risks, identify potential adversaries and their capabilities and intentions.

Create a crisis-management plan. The goal is to protect employees and the business during the incident and minimize the damage to both.

Create a business continuity plan. This plan is a specialized component of a crisis-management plan that aims to keep a business running after a disaster.

If companies can change employee behavior, they can tighten security quickly and cheaply. Only repetitive training can raise employee awareness and provide them with the critical knowledge and skills needed during an emergency. That might require hiring security experts and getting officials to make security funding a priority, but experts argue that training has never been so important.

For complete text, see page 66. Reprint TD030966

To purchase a copy of this article, go to the ASTD Online Store at store.astd org.

Here's how some organizations and training functions are preparing for the unexpected.

Homeland security. In the United States, you can't turn around without seeing mentions of it in the newspapers, on television, in metro stations and airports, in the workplace.

Stricter controls by the new Department of Homeland Security and its partners are firming up U.S. borders, making it more difficult for potential terrorists to enter the country. Other DHS agencies are analyzing threats, protecting high-profile targets, and coordinating first responders. But there is still a lot to be done.

One major area that still needs improvement is security in private industry. Although experts point out that U.S. business interests were targeted in the attack on the World Trade Center and in the distribution of anthrax through the U.S. Postal Service, a year after September 11 only half of organizations surveyed by SHRM (Society for Human Resource Management) had put tighter security measures in place. A 2003 survey by IT security firm mi2g found that about a third of companies interviewed still didn't have complete preparedness and business continuity plans.

Morgan Wright, manager of Bearing-Point's homeland security and intelligence community sector, points to the lack of government regulations as the reason industry has been slow to jump on the security bandwagon. Companies are waiting for mandates, he says, so they don't take wrong steps and waste resources. But the government gives the responsibility back to the private sector, saying in the National Strategy for Homeland Security * www.whitehouse.gov/ homeland/book/index.html that the United States' tradition of limited government requires that businesses take the lead.

Overwhelmed with information and short on cash, your company may be hesitant to the point of inaction. But much can be done with readily available resources. An organization's people and plans--not exhaustive government directives or expensive technologies--are key. Regular people in regular companies will ensure that U.S. workplaces are prepared for the unexpected. And directly and indirectly, HR and training functions will lead the way. Are you ready?

The benchmarks

Certain types of organizations have a head start on heightened security and can offer best practices and lessons. Adam Bianchi of Cutting Edge Information, a business intelligence and research firm, says that companies in "high-capital industries" have been focusing resources on security for years. Large automotive, pharmaceutical, and energy companies, Bianchi says, have billions of dollars worth of reasons to address security: Any small glitch could cost them clearly. Also, many international organizations--oil companies, for example--have locations in hot spots around the world where terrorism is a constant threat, so they have years of experience dealing with the realities that many U.S.-based companies have just woken up to.

Some of the large corporations that CEI profiles in its in-depth report, "Corporate Security: Protecting Productivity" * www.cuttingedgeinfo.com/reports/FL53 _Security.htm, fall into the category of companies the U.S. government calls "critical infrastructure." Eighty-five percent of those companies, deemed crucial to the operation of the United States, are owned privately. Their importance to the U.S. people has earned them special attention and direction from the Department of Homeland Security. The 96-page "National Strategy for the Physical Protection of Critical Infrastructures and Key Assets" * www.whitehouse.gov/pcipb/physical strategy.pdf defines roles and responsibilities both for industry and the U.S. government and offers security strategies and actions. An Office of Private Sector Liaison * www.dhs.gov/dhspublic/display?theme =37 created within the new Department of Homeland Security also provides guidance.