5 Steps to Develop Effective Physical Security Measures


A big part of success in physical security comes not in winning battles but in avoiding them altogether. In order to make our buildings, facilities, and warehouses less attractive for would-be criminals we need to have effective preventive measures in place. Preventive measures reduce the likelihood of a deliberate attack, introduce delays, reduce vulnerabilities, or otherwise cause an attack to be unsuccessful. Let’s talk security! 

Preventive Measures

Gate barrier parking lot.
Preventive measures protect vulnerable resources and introduce delays.

Preventive measures protect vulnerable resources, introduce delays, and make an attack unsuccessful or reduce its impact. They include both physical and psychological deterrents. Physical security measures such as anti-climb fences, bollards, and locks are physical deterrents. Even more effective than these are psychological deterrents such as security cameras, security guards, and high-tech security innovations such as mobile surveillance devices. A quote from the great Bill Russell actually teaches us a lot about the key to effective preventive measures:

“The idea is NOT to block every shot. The idea is to make your opponent believe that you might block every shot.”

-Bill Russell
Subscribe to the @DavidSecurity blog and receive regular security management insights! 

Physical Security Prevention

Dome security camera building lobby.

When it comes to physical security, prevention is the most desirable option. Enhancing existing security systems and introducing appropriate security measures based on vulnerability assessments are crucial to preventing security incidents.

Security Vulnerability Assessment is the process that includes determining the likelihood of an adversary’s successfully exploiting vulnerability, and the resulting degree of damage or impact. Based on this assessment, judgments can be made on the need for additional countermeasures.

Security experts agree that the three most important components of a physical security plan are access control, surveillance, and security testing, which work together to make your space more secure.

5 Steps to Develop Effective Physical Security Measures

Security professional viewing data.

Since it is difficult to completely eradicate all risks, we must rely on sound principles that improve our security posture. Here is a five-step process to develop effective physical security measures:

  1. First, an organization should commission the Chief Security Officer (CSO) or consult with a security professional to conduct a threat assessment of its facilities and operations. The purpose of this analysis is to identify significant hazards and determine the risks of a security incident.
  2. The second step is to establish monitoring protocols to ensure that operations are not disrupted by identifying critical control points (the locations, processes, functions, or times when the operation is most at risk) and critical control points (the locations, processes, functions, or times when the operation is most at risk).
  3. With the above data, we can assess significant threats or hazards, as well as exposure, to evaluate the probability of occurrence and critical control points.
  4. Now we are ready to develop and implement preventive measures to reduce hazards. These preventive measures will be a combination of architectural, operational, and system measures.
  5. Finally, we can confidently develop security monitoring procedures for each critical control point.

It is important to note that monitoring procedures are systematic, periodic activities meant for ensuring that critical controls are in place and not compromised in any way. Equally as important to note is that this is a continuous process that requires a collaborative approach.

Connect with @DavidSecurity

David Santiago (@DavidSecurity) is a veteran United States Marine and Certified Security Professional with more than 15 years of security operations experience. Make sure to follow his blog and connect with him on LinkedIn to receive regular security management insights.

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

What are Physical Protection Systems?

Physical Protection Systems
 Physical Protection System (PPS) should meet three basic elements (detection, delay, and response).

Before we get into physical protection systems, it is important to note that in order to protect your company and its assets, the very first step is to perform a threat and vulnerability analysis. Based on that analysis, the Chief Security Officer (CSO) or property manager, etc., can then coordinate with security integrators and implement physical protection systems (PPSs) to provide safeguards that mitigate the threats.

A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent human attacks.

Physical Protection Security Measures

Facility with physical security.
Perimeter of a well designed high security building.

Physical security involves the use of multiple layers of interdependent systems that can include CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to protect persons and property. For the purposes of simplicity we can divide security measures into three types:

  • Preventive measures: These are arrangements that reduce the likelihood of a deliberate attack, introduce delays, reduce vulnerabilities, or otherwise cause an attack to be unsuccessful.
  • Corrective measures: These are efforts meant to reduce the effects of an attack and restore the facility to normal operation.
  • Detective measures: These steps and plans meant to help discover attacks and activate appropriate preventive or corrective measures.

Physical protection systems consist of a proper mixture of architectural, operational and security systems elements.

PPS Architectural Elements

Security bollards located at street entrance.
Bollards are an example of strong PPS Architectural elements.

Architectural elements include barriers and locks, exterior and interior lighting, critical building services, space layout, parking, and dock facilities just to name a few. For example retraceable bollards serve as an effective solution to address the challenge of securing access points that are shared by both vehicles and pedestrians.

PPS Operational Elements

Campus security control room.
Most University Campuses focus on strong operational elements.

Operational elements refer to organization and staffing, policies and procedures, training, visitor control, security guard staffing, incident responses, and the administration of security systems among other factors. In the picture above, we can see a campus security guard on duty at their operational center. Campus security guards respond by observing and reporting violations related to their policies and regulations.

PPS Security Systems

Security systems include automated access control systems, intrusion detection and alarm systems, closed-circuit television (CCTV) systems, communication systems, and security control center equipment. Additionally, touchless technologies and cloud-based security solutions are increasingly becoming essential components of an organization’s security toolbox.

Emerging Touchless Access Control Technologies include:

  • Wave-to-Open Door Sensors
  • Mobile Credentials
  • Contactless Fingerprint Sensors
  • Iris Scanners
  • Facial Recognition
  • Wearables
  • Touchless Turnstiles

Future of Physical Protection Systems

In today’s highly technological and health conscious world, Physical Protection Systems (PPS) will have to address both new as well as traditional risk factors. This will give rise to more touchless cloud-based security solutions that enable organizations to enforce safety guidelines while maintaining a strong security posture.

The stakes are high and the importance of balancing technology and human factors are more important than ever. The physical security field is currently going through a massive shift away from traditional physical security systems to technological solutions. While there is a lot of excitement and optimism, with great change comes even greater challenges.

Make sure to follow my blog and connect with me on LinkedIn to receive regular physical security analysis and updates.

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

Oldsmar Water Treatment Incident UPDATE: FBI Issues Alert and Provides 9 Cybersecurity Tips



The Federal Bureau of Investigation (FBI), issued an alert to inform companies about the use of out-of-date Windows 7 systems, dangers that come with the desktop sharing software TeamViewer, and the importance of having strong passwords.

The latest warning was in response to the Oldsmar incident in which an attacker managed to gain access to a water treatment plant’s network and (as shocking as it may sound) managed to modified chemical dosages to dangerous levels.

Receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!

TeamViewer Vulnerabilities…

The FBI’s investigation identified TeamViewer as the attacker’s entry point into the Oldsmar water treatment plant’s network. This was determined after they confirmed that the attacker connected to a computer in the plant’s network via TeamViewer on several occasions.

Regarding TeamViewer, the FBI’s exact advisory was:

“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” the FBI said.

“TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”

Issues with Windows 7

Guess which operating system they were using the Oldsmar water treatment plan? If you guessed Windows 7 you are correct!

Last year the FBI advised US companies about the dangers of using Windows 7, after it reached end-of-life, on January 14, 2020. While the investigation is still ongoing, the FBI says that continuing to use any unsupported operating system exposes networks to attacks and other vulnerabilities that can compromise security.

Here 9 basic security best practices that the FBI recommends:

  1. Use multi-factor authentication;

MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone.

  1. Use strong passwords to protect Remote Desktop Protocol (RDP) credentials;

One way of initiating security for your remote desktop connection is by generating a strong password. This will serve as the first line of defense of your organization’s RDP against any unwanted attacks and threats. Pro tip: Your password must contain at least one numeric character and one special character in it.

Tips 3-6 are mainly for IT & Cybersecurity Professionals but you should still consider them...

3. Ensure virus, spam filters, and firewalls are up to date, properly configured, and secure.

4. Audit network configurations and isolate computer systems that cannot be updated;

5. Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts;

6. Audit logs for all remote connection protocols;

7. Train users to identify and report attempts at social engineering;

Employees are your biggest vulnerability—at least until they are prepared to recognize and report phishing attempts. Phishing and related social engineering campaigns are today’s number one attack vector. Over 90,000 unique phishing campaigns are launched every month. Surveys show that phishing is seen more than any other type of threat, and that phishing and social engineering attacks are the number one concern of security professionals.

Watch VIDEO on how to Phish Your Users in Under a Minute…

8. Identify and suspend access of users exhibiting unusual activity;

Your organization should have a strong cybersecurity awareness program that covers how to report unusual activity. When in doubt, the FBI encourages victims to report information concerning suspicious or criminal activity to their local field office.

9. Keep software updated.

If the Oldsmar water treatment incident taught us anything it was that we must ensure that our software are up to date. So instead of procrastinating about software updates, see those updates as one of the most essential steps you can take when it comes to protecting your information.

The bottom line is that Oldsmar water treatment attack reminded us that in order for organizations to operate safely in the Age of Information they must value cybersecurity and adopt a proactive mindset.

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

3 Tips To Reduce Your Ransomware Risk



2020 was a tough year on many fronts. As far as cybersecurity, it was a volatile year in which the number of ransomware-related breaches more than doubled according to a recent report

Ransomware Statistics, Trends and Facts for 2020 and Beyond


In fact, ransomware is now responsible for 46% of healthcare data breaches and more than 35% of all breaches are linked to ransomware attacks. Worst yet, the average ransomware attack can cost a company an average of $713,000 per incident or more when you factor in the expense of downtime and lost business due to reputational harm.

Data breaches are in the headlines every day so we know that ransomware attacks are not going away any time soon. The question is: What can we do about it?

Receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!

Here are some basic yet effective tips to minimize ransomware risk: 

  1. Be Prepared.

“Don’t depend on the enemy not coming; depend rather on being ready for him.” While ransomware is a relatively new threat, Suz Tzu ancient advise still rings true. According to analysts, ransomware attacks will only increase. That is my it is important that we invest in our cybersecurity awareness programs to foster a culture of vigilance. 

  1. Back it UP!

One of the most effective ways to limit the impact of a ransomware attack is to not forget the value of backups. Simply stated, if you have no backups your defenses are weak. As a good practice, Network segmentation and constant monitoring are critical. 

  1. Pick a standard. 

Whether it is the NIST Risk Management Framework in the United States or the guidelines set out by the European Union Agency for Cybersecurity (ENISA), it is a good idea to align one’s practice with a recognized authoritative source. 

The bottom line is that the term ransomware will continue to appear in the headlines so it is up to us to prepare and stay vigilant. By putting these tips to action and investing in cybersecurity awareness we will at least be able to minimize the impact of a ransomware attack. 

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

5-Minute Travel Security Brief for Morocco

Every Thursday we deliver a 5-Minute Travel Security Report with practical advice and insights so that you can explore the world safely!

This week we’re focusing on the only North African country with a monarchy …Morocco!



Morocco Travel Security Brief

Before we get into the Travel Security Brief remember that this is a Quick Security Brief and our goal is to empower you with a solid security foundation NOT to sell you on a travel package. Now for the briefing:

Geography

Morocco is located in the northwest corner of Africa and is bordered by the North Atlantic Ocean and the Mediterranean Sea. Algeria and Western Sahara are the land borders to the south and east. Morocco is about the same size as California. And let’s face it, Morocco is down right beautiful!

Morocco has beaches along both the Mediterranean Sea and the Atlantic Ocean. There are many lovely beaches and attractions. Popular holiday spots include Tangier and Agadir, and Asilah.

Safety Concerns 

Road in Tunisia with taxi cab and crossing sheep.

Demonstrations occur frequently in Morocco, and are typically about internal issues dealing with local politics. Although many protests take place throughout the year they are mostly peaceful and not directed at foreigners.

The Buddy System

It is important to note that visitors, especially females, should strongly consider traveling with a buddy. Traveling in pairs is a good practice in any major city. However, in Morocco many travelers have noted that Western women receive frequent unwanted attention and solicitation.

Public transportation is somewhat reliable in Morocco. Drivers often do not follow road safety rules or traffic laws, and many vehicles lac proper maintenance. Watch belongings on any type of public transport.

Subscribe and receive weekly Travel Security Insights practical security.

Crime Threat

According to the U.S. Department of State, Casablanca is considered a HIGH-threat location and Rabat MEDIUM-threat location for crime directed at or affecting official U.S. government interests.

 The government of Morocco’s 2020 Crime Rate Report highlighted an 8.6% decrease in violent crimes in 2019, noting that law enforcement ultimately resolved 90% of cases. The report also noted increased efforts to combat criminal networks, particularly those involved in illegal immigration and forgery.

Source: Numbeo


Terrorism Threat 

The U.S. Department of State has assessed Casablanca and Rabat as being MEDIUM-threat locations for terrorism directed at or affecting official U.S. government interests.

The Government of Morocco is very proactive when it comes to counterterrorism. The Moroccan security forces have foiled countless terrorists organizations, plots, and low level criminals.

CyberSecurity

Cybercrime in Morocco thus far remains generally limited to common scams requesting money up front for promised services, or chances to obtain more money with a down payment.

ATMs are generally safe when taking normal precautions. There have been several recent reported cases of debit/credit card fraud. In all cases, the victims reported money withdrawn from their accounts after using their cards at ATMs, or their credit cards being billed for unaccounted charges after using them at local establishments. 

Health & Safety

Morocco has adequate medical services in the larger cities, but the quality of care diminishes elsewhere. The medical facilities and hospitals in Rabat and Casablanca can treat most general illnesses, and can provide emergency trauma care. However, specialized care is not as easily accessible in Morocco as in Western countries.

Consider insurance and flight options before leaving home, and be sure to carry insurance policy identity card as proof of such insurance. The U.S. Department of State strongly recommends purchasing international health insurance before traveling internationally. Review the State Department’s webpage on insurance overseas.

@DavidSecurity Travel Rating

Overall I give Morocco a 4.6 out of 5 in terms of Travel Safety.

The bottom line is that when visiting Morocco, think & act like you would in any major city. Pay attention to your surroundings and avoid playing the role of the clueless tourist.

That’s your Morocco Travel Security Brief– Let me know what you thought of it in the comment section and if you want more information about travel security t

That’s it for now. @DavidSecurity reminding you to Travel Safe and let’s keep it going!

Stay Safe!

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

SolarWinds Cyber Attack and One Important Resource for American Businesses Operating Abroad…

Technology Tuesday! Insights on the SolarWinds Cyber Attack and One Important Resource for American Businesses Operating Abroad…


Subscribe and receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!

Do you want to get the attention of a cybersecurity professional? Just mention the word “SolarWinds“. What happened? Basically, a group gained access to government and other systems through a compromised update to SolarWinds’ Orion software and caused havoc like the cybersecurity world has never seen before.

SolarWinds was NOT just another cyberattack…

The attack compromised the infrastructure of SolarWinds, and the incident has the potential to reshape the entire cybersecurity landscape. “OK so another hack…what’s the big deal?”… you may think.

Indeed cyberattacks have become more common than we think. In fact, since 2019  AT LEAST 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches. The first quarter of 2020 was one of the worst in data breach history, with over 8 billion records exposed.

After compromising the infrastructure of SolarWinds, the hackers gained access to their network and applications monitoring platform called Orion. Using that access they were able to produce and distribute trojanized updates to the software’s users.

This was a BIG deal because according to SolarWinds their customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide.

This case is far from being closed. As of January 2021, the U.S. federal government and private sector are still investigating the incident. In the meantime businesses have to take proactive measures and ensure that their Cybersecurity Awareness Program remains strong.

Resource for American Businesses Operating Abroad

In response to this major cyber incident, the Overseas Security Advisory Council put together a Resource Guide to educate and assist American organizations operating abroad. The guide contains useful information including helpful articles, and can be viewed by any good standing OSAC member.

To learn more about the OSAC, how to become a member and access the Resource Guide feel free to visit their website.

This concludes this week’s Technology Tuesday UPATE. Let me know if you have any questions and stay safe!

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

5-Minute Travel Security Brief for Tunisia

Every Thursday we deliver a 5-Minute Travel Security Report with practical advice and insights so that you can explore it safely!

This week we’re focusing on beautiful Tunisia!


Subscribe and receive weekly Travel Security Insights practical security.


In this article, we are focusing on Tunisia the smallest country in North Africa and home of the 7 UNESCO Cultural World Heritage Sites.

Watch: 5-Minute

Tunisia Travel Security Brief

Before we get into the Travel Security Brief remember that this is a Security Brief and our goal is to empower you with a solid security foundation NOT to sell you on a travel package. Now for the briefing:

Geography

Tunisia is at the northmost point of Africa and is boarded on the west by Algeria and by Libya on the south. Not in the best neighborhood but Tunisians are one of the most friendliest and welcoming people in the world.

Unfortunately, Tunisia is NOT the best place in the world when it comes to road safety.

Safety Concerns 

Road in Tunisia with taxi cab and crossing sheep.

Road safety poses one of the greatest risks to foreign travelers. According to the Tunisian National Road Safety Observatory, there were more than 6,700 recorded traffic accidents, approximately 1,421 traffic-related deaths, and well over 10,000 injuries in 2017.

Driving in Tunisia is a CHALLENGE!

On that note, I should also add that I do NOT advise travelers to take public transportation in general especially the yellow minibusses…because well let’s just say those drivers do not have a good track record.

Crime Threat

The U.S. Department of State has assessed Tunis as being a LOW-threat location for crime directed at or affecting U.S. citizens. Also worth noting that crime involving the use of firearms is rare in Tunisia. Although violent and nonviolent crime (personal robberies, residential breakin-ins, financial scams, thefts) occur in Tunis and other large/tourist cities in the same way they do in any major city. 

The most-reported criminal incidents against foreigners are crimes of opportunity (pickpocketing, purse/phone snatching, petty theft). The targets tend to be foreigners who appear unfamiliar with their surroundings and look very shall we tourist-like. 

Terrorism Threat 

The U.S. Department of State has assessed Tunis as being a HIGH-threat location for terrorism and it is important to note that a state of emergency put in place after a 2015 terrorist attack in Tunis continues…pretty much the government reinstates it monthly like clockwork. 

Tunisian security forces.

There have also been some notable terrorist attacks mainly against Tunisian Security forces but it is something to keep in mind. 

CyberSecurity

It is well documented that the internet played an important role in the historic evens of the Arab Spring. Furthermore, Tunisia has one of the most developed telecommunications infrastructures in North Africa with broadband prices among the lowest in Africa. Internet access is available throughout the country using a fibre-optic backbone and international access via submarine cables, terrestrial and satellite links. 

Data protection law: A draft law on the protection of personal data designed to replace the previous Law No. 63 was approved in March 2018 and came into force on May 25, 2018. Tunisia has a data protection agency, the National Authority for Personal Data Protection (INPDP).

Health & Safety

Well, we know that the pandemic is something to consider and Tunisia has been affected by it in the same way that most countries have during this time period. The important thing when visiting Tunisia is to know the requirements before traveling at the minimum be prepared to present a recent (72hrs) or less PCR test. 

@DavidSecurity Travel Rating

Overall I give Tunisia a 4.7 out of 5 in terms of Travel Safety unless you are one of those adventure-seekers that wants to hang out by the border or climb a restricted mountain located in a military zone.

The bottom line is that if you carry yourself as you would in any major city and practice situational awareness you will greatly reduce your chances of being a crime victim and have a great time. 

That’s your Tunisia Travel Security Brief– Let me know what you thought of it in the comment section and if you want more information about traveling to Tunisia make sure to check out our active Tunisia Security Update Facebook Page where I share all the latest updates on Tunisia and travelers from all over the world interact and share information. 

That’s it for now. @DavidSecurity reminding you to Travel Safe and let’s keep it going!

Stay Safe!

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

Six Business Continuity Principles to Prepare your Organization for Disruptive Events

State capitols across the United States are stepping up security by deploying National Guard units, SWAT teams and extra police officers in preparation for Inauguration Day on January 20th.

As State Capitals ramp up their security here are a few key points to consider as you prepare your organization…


Subscribe and receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!


Overview

State capitols across the nation are stepping up security by deploying National Guard units, SWAT teams and extra police officers in response to last week’s violence at the U.S. Capitol.

The additional security and precautions come as the FBI issued a bulletin warning of plans for armed protests at all 50 state capitals and in Washington ahead of President-elect Joe Biden’s Jan. 20 inauguration.

State capitols across the country, including Nebraska, step up security amid new safety concerns

An internal FBI bulletin warned, as of Sunday, that the nationwide protests may start later this week and extend through Biden’s Jan. 20 inauguration, according to two law enforcement officials who read details of the memo to The Associated Press.

Politics aside, this development offers Security and Business Continuity Professionals an opportunity to review sound BC principles that we should use during civil unrest situations.

Business Continuity Precautions

During Marine Security Guard Training in Quantico, Virginia, a good part of our training is focused on how to react to civil unrest and disturbances. Never would I have taught that U.S. based business security managers would reach out to me to ask for insights regarding civil unreset but here we are so let’s get prepared.

Here are a few key points to consider as you prepare your organization to recover from disruptive public events such as protests or riots.

  • Ensure employees are knowledgeable about the organization’s Emergency Response Plan. This is true of any business disruption and it is an ongoing process. For this principle I think Eisenhower has the best quote: “In preparing for battle I have always found that plans are useless, but planning is indispensable.”
  • Ensure work-from-home plans are in place. By now most organizations already have plans set up but now may be a good time to review and update plans.
  • Utilize emergency notification services effectively. There is no replacement for regular, clear, and empowering communication during times of disruption.
  • Monitor news and social media. This principle was invaluable for me and my security team especially during times of widespread, unpredictable events. Thankfully we don’t have to fear an “Arab Spring” type situation on the homeland but being able to monitor the news and social media is beneficial because it enables you to address rumors and provide actionable advice.
  • Proactively coordinate with local law enforcement. This should be done throughout the year be attending local meetings and building solid relationships not just with law enforcement but also with fellow security professionals including on LinkedIn.
  • Adapt and Overcome. Be prepared to make adjustments. This may entail adding third-party security personnel, physical or psychological barriers, or equipment such as security cameras and supplementary lighting.

While the chances that we will have massive disruption throughout the country on January 20th is unlikely, as security and business continuity leaders, we should always strive to remain prepared and engaged.

Stay Safe!

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

Remote Work is Here to Stay-3 Trends Why We’re Never Going Back…

Since the beginning of the pandemic, businesses faced the challenge of how to integrate remote work into their everyday operations. Industries that ignored remote work innovation found themselves struggling to adapt to the “new normal”. But will the changes continue? Or will workplaces revert to their pre-pandemic forms?

The short answer is YES & NO!


Subscribe and receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!


COVID-19 has forced companies all over the world to adapt and embrace remote work in one way or another. The question is will this trend continue?

3 Trends Fuling Remote Work

Trend #1-The number of people working from home is only growing

Nearly 90% of people who have been able to work from home during the pandemic do not want to go back to the office full time, even once it’s safe to do so, according to a new study out today from Pew Research. And employers are already thinking about how that’s going to change their workplaces.

Trend #2-More and more companies are seeing the economic impact

U.S. employers are saving over $30 billion per day by allowing employees to work from home. This major economic benefit of remote work could continue as more companies make it a long-term solution.

The 3.9 million employees who work from home at least half time reduce greenhouse gas emissions by the equivalent of taking more than 600,000 cars off the road for an entire year, according to the “State of Telecommuting in the U.S. Employee Workforce” report.

Trend #3-A.I. wil take off! 

In many ways, the growth of remote work parallels the growth of artificial intelligence (AI). It wasn’t so long ago that AI was confined to the realm of science fiction. Now, like remote work, AI promises to transform nearly every industry and every company. As we look to the future, AI will almost inevitably accelerate our transition to remote work after Covid-19. 

The verdict is in. Remote work is here to stay and these trends clearly show us that the traditional 9-5 office setup is a thing of the past. Still, with great change comes even greater challenges and risks. That is why now more than ever organizations need to ensure they have a strong Cybersecurity Awareness Program so that their employees are equipped with tools to thrive remotely.

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

3 Valuable Lessons for Security Professionals in 2021

2020 will go down as one of the most disruptive years of all time. For security professionals, 2020 was filled with many challenges. It also gave us valuable lessons that we can use moving forward.

Here are some of the major lessons we learned in 2020 and how we can use them to thrive in 2021:

  1. The importance of business continuity
  2. The need for cybersecurity awareness.
  3. The value of being resilient

Security Professionals! Subscribe and receive weekly UPDATES with Leadership Insights, practical Career Advice, International Job Opportunities, and MUCH MORE!


Even before the global pandemic, security professionals found themselves in a world of constant change. In many ways, the global pandemic called us out and asked a very powerful question: Do you have the skills necessary to overcome these challenges?  

During 2020, security professionals scrambled to find answers, mitigate new cyber threats, and identify the skills required to remain operational. 

3 Lessons Security Professionals learned during the Pandemic

As much as 2020 was challenging it also gave us valuable lessons that we can use moving forward. The top 3 lessons being:

The skills required to be successful in 2021 are a mix of time tested leadership skills and new technological techniques that empower us to remain productive & effective.

Lesson #1: Business continuity planning matters. Set realistic objectives, and involve everyone in the organization to avoid falling into the reaction vortex.

“Business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company.”

The pandemic in many ways (was and continues to be)  an economic earthquake with unknown consequences. Security professionals, know that during economic disruption, business continuity planning is there to provide organizations with the resources and framework needed to mitigate the negative impacts of disruptions to normal operations—while continuing to fulfill key objectives.

In 2020 most organizations with a business continuity plan (BCP) were able to actually see if their plans were up to the task. Organizations that focused on BCP prior to the pandemic performed better than those that decided to make it important during the April-July time period.

Lesson #2: Cybersecurity awareness is more important than ever. All security professionals regardless of specialization must focus on raising the security posture of their organization. 

The pandemic forced organizations and individuals to reconsider the very nature of how we work. Suddenly remote work, telecommuting, work from home, became standard operations.

As the world scrambled to figure out how to go from office spaces to work from home setups, many security professionals in positions of leadership were left searching for answers. At the same time, cybercriminals around the world plotted to capitalize on the crisis. 

Many cybersecurity experts documented a spike in phishing attacks, Malspams and ransomware attacks during the highest of crisis. Unscrupulous cybercriminals used COVID-19 as bait to lure confused employees.

The lesson is clear, in 2021, security professionals regardless of their specialty, sector, or region must focus on cybersecurity. At the very minimum, we have to make sure that our organization’s cybersecurity awareness program is strong, relevant, and supported.

Lesson #3:  In 2020 Security Professionals learned the value of being resilient.

It is fair to say that the entire world was tested in 2020. Security professionals in the leisure and hospitality, wholesale and retail trade, education and health services were some of the most impacted by the pandemic.

Throughout the crisis, we saw many examples of security professionals performing at a high level regardless of the challenges. Resilience is what gives people the psychological strength to cope with stress and hardship. It is the mental reservoir of strength that people are able to call on in times of need to carry them through without falling apart.

Moving forward into 2021, security professionals will have to continue to focus on business continuity and cybersecurity. The only thing that we know for sure about this ongoing pandemic is that is that the challenges are far from over.

As security professionals, we have to continue to cultivate our resiliency both within our organizations and ourselves. Let’s have a safe and successful 2021!

Sign Up to receive @DavidSecurity’s latest security updates & insights!

@DavidSecurity

%d bloggers like this: