We all agree that the landscape has changed, and it may be quite challenging for security. There are no and never have been silver bullets. Thanks to working from home, and as some organisations return to the office or other workplace, a ‘mixed economy’ of some working from home and some not, and staggered hours of work, it’s become harder for line managers to ‘take the pulse’ of a workplace. All that said, ‘I think as a profession we are more than equipped to be able to deal with this.’ That was the conclusion of a webinar on security culture, by consultant Sarah Austerberry for the Security Institute this morning.
There is, as she said, a wealth of resources out there; she praised the products and messages put out by the official Centre for the Protection of National Infrastructure (CPNI); and about cyber, by the NCSC; and from academia, CREST.
She argued that during Covid-19, as large workforces have continued to be productive, security managers need to look at their policies and procedures, ‘with a security lens’. She gave an example; that an organisation might now be grappling with staff asking that they are allowed to continue to work at home – but due to the lifting of the UK’s lockdown, perhaps at a second home in France, or with a boyfriend in Poland or Thailand. Why can’t staff work remotely, in a different country? As Sarah said, IT may say it’s not a problem, and HR and finance will have a view; security should also ask what such a way of working will do to the risk profile. Can staff carry an encrypted laptop overseas? What about business insurance?
Earlier, after an introduction by Carl Dakin, Sarah ranged over general and overall, organisational, and security culture. Questions from the floor covered how safety cultures in critical infrastructure (CNI) might be flagging due to the pandemic; the security aspects of where people work at home – perhaps with thin walls whereby others can overhear?! – and a topic that Sarah covered during her talk proper; our need to work out what ‘normal’ now looks like due to social distancing. If we are focused on our masks and not wanting to be on public transport at all, not interacting, where does that leave the ‘see it, say it, sorted’ message of British Transport Police, urging the public to watch for and report anything.
Likewise, the CCTV operator whose job it is to watch public space – what does ‘normal’ look like in the space that they are surveilling? Sarah asked. It may have changed, because a crowd is no longer normal; it may be that normal is groups of three or four.
Sarah, who is a Fellow of the Institute and a Chartered Security Professional (CSyP), has 21 years’ experience of giving public sector security advice; and just before the pandemic moved into consultancy.
More in the October 2020 print edition of Professional Security magazine.
