August 13, 2007

False Security

Many believe that having "false security" or having the perception of a secure environment is more dangerous than having no security at all because at least when you realize you have no security, you are on the look out for strange behavior.

An example of false security that I have seen were the door guards at a retail store I worked at. When employees left for the day, the door guard was instructed to check the employees bag to be sure they haven't taken anything. In addition to that, if the employee owned a product that the store sold (it was an electronics store so it was very common) we had to log them into a book and include make/model/serial number. It sounds like a good idea right? well here are the flaws.

  1. Security never checked the serial number/make/model against the log book.

  2. Security often would look in just one pocket of a bag, and just glance so it looks like they did their job.

  3. Employees could easily add the make/model/serial number of something they stole to the log book so it looks like it was theres.

These were the three biggest flaws. This is false security. At most it is a deterrent to employees who want to steal because there is a slight chance they could get caught. In addition to this it wasted my time as an employee because I would have to stop, wait behind customers who were also leaving, just so the door guard can pretend he gives a crap and checks my bag.

What this does is gives the company the feeling that they are protecting them selves, but in reality they are paying staff to not do anything. Then they wonder why things get stolen so often.

A way to prevent false security is to be honest with your self. Do an audit on your security practices, and be honest with the results. DO NOT make excuses for why things didnt go the way you had hoped. "well, it was an only an audit...that wouldn't happen if it were real" is a bunch of crap. To get a real feel of how things are going, pay an outside company to do the audit, and don't tell your staff. If you say "we are being audited on security on Tuesday" they will be on their best behavior on Tuesday, this will give you a false reading of what really happens. This is the same reason large retail companies pay "secret shoppers" its an audit of their performance. The same should be done for security.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google