Navigating Security Post COVID-19

Posted on by Jim Nowakowski

Sales and Marketing Insights

Gene Kranz, in his great book “Failure is Not an Option,” put it this way: “Kraft [his boss] nodded and growled at his controllers. ‘That is the first rule of flight control. If you don’t know what to do, don’t do anything!’” And later, “The learning curve of my first mission had been steep. But I had gained something precious. I now knew how much I didn’t know.”

If you made a mistake in flight control, people could die. If you made a mistake in business, you lose revenue and people might lose their jobs. The comparison is unmistakable.

COVID-19’s impact (and the government response) has changed the equation because you might lose revenue and people and there was nothing you can do about it. The devastation of COVID-19 on people and business is in the headlines each and every day. We are pounded with negative news, about the virus, about the economy, about us.

Nevertheless, you have to react. One media outlet told us: “We have to do something. I mean, we’re going down anyway, so why not redesign?” Redesigning your publications is probably the last thing you want to do during this kind of situation. The comment expressed the desperation we heard in many of the interviews and in the underlying tone of the webinars we attended. In fact, economic reports we attended drew the same conclusion: “No one knows what is going to happen, so it is impossible to forecast and act on anything.”

The security market is no exception. Security has become especially important to everyone in business after the virus hit, as well as with the subsequent social unrest that has and is occurring.

I was speaking with one of the top media outlet owners in March when it first hit and he asked me at the end of our virtual breakfast, “Do you think there will be social unrest?” Without hesitation, I said, “Of course. It’s going to be inevitable.”

The forecast has become, unfortunately, too true. It has unhinged the very definition of security itself.

I attended How Security Has Changed in 2020:  Benchmarking Trends in the New Normal on August 25, 2020. This online webinar presentation featured  Steve Vitale, Executive VP of P4 Protective Services, Jeff Didomenico, VP of Business Development at Trackfroce Valiant and Tim Lozier, VP of Market Research at Trackforce Valiant. Together, they discussed the state of the industry and how it has changed since COVID-19 hit us.

What I learned is common to all industries: the impact of the virus and the government’s reactions to the virus are profound, upending businesses at what seems to be warp speed. For example, before the virus, over 87% of the security market was made up of companies under 250 employees and 60% of the market’s revenue was from four security guard firms. Since the virus, the market has splintered according to these experts.

They pointed out common themes emerging from the shutdowns: economic downturns. That affected trust and fear – the two emotions at the heart of security and what drives to their marketplace. As you read their reactions and discussion points, ask yourself how much of what they are saying is EXACTLY not only as you feel, but what is actually happening in your own market!

1929

“Nothing like this since the great depression,” one said. “Just witness what people are doing with toilet paper and yeast, and now how will we react to what mask you should use. Turbulent times.” (One of the recurring themes are the opportunities that COVID-19 creates. In this case, the rush on toilet paper actually created a significant increase in the sale of bidets!)

Some of the key points are worthwhile to factor into our thinking about the security of our businesses.

  • Reduced on-site resources, including contactless operations, more lone workers, more restricted areas and remote supervisory.[1]
  • Processes Disruption, including more safety training. Enforcing distance rules, new ways of working for guard tasks, management, first response. This will have effects on commercial buildings, industrial buildings. When I was asked if there are design guidelines we were hearing about in the marketplace recently, I told our client that they have bigger problems than worrying about design guidelines for their products in the building. That is, the structure itself is the issue. If no one is going to the office anymore in a commercial building, there is no need for renovating with new products.
  • Technology Changes, including the real-time data driving response and communications, multiple-site monitoring from remote locations and leveraging analytics to mitigate risks. Technology – data – is at the heart today of everything we do (i.e., we listen to statistics on COVID-19 from a variety of sources, and still no one knows what is or what is not reality). As I heard Ian Schrager say in a recent webinar, “Playing with the data is very dangerous.” And by the way, one of the true benefits of COVID-19 is that powerful people like Schrager and others have been forced into the digital world into “zoom rooms,” so you get to not only see they are human, but hear for yourself what made them successful. It gives you excellent food for thought.

The security webinar discussed the guard outlook and the impact the virus had on that segment. In businesses that depended on a mix of guards and automated technologies (i.e., hospitality and high rise commercial as well as aviation schools), the impact was stunning: “from 90 MPH we went to to 10 MPH.” Bluntly put by the presenters: “If you are still in business, congratulations.”

Their suggestions for security companies – which oddly applies to all of us – is to align yourself with essential industries that thrive during virus. As we have seen in other industries, there is a positive impact from the virus: in this case, adding special forces s to work on crowd control at supermarkets, making sure customers keep social distancing or adhering to product limits. “Keeping the peace in a crazy time has brought on more officers to our locations,” said one customer.

Nimble, Nimble Burning Bright, In the Virus of the Night

Security companies have seen a boon from the virus in special work. Smaller and nimbler companies make it easier, often spawning boutique firms. These companies inventory people – getting them trained, getting them in the field so that they can do what companies want quickly and efficiently.

There is a lesson here for all industries: being nimble. But, what does “nimble” mean? What should your business be doing to emulate that model? What special work is emerging that you can take advantage of?

Baba Prasad, CEO of the Vivékin Group, a management consulting firm in Durham, N.C. knows something about being nimble. In Five Ways Companies Can Be More Nimble, he spoke with Knowledge@Wharton about his book in an interview. In that discussion, you will quickly find out that nimble is often used in the same context as agile. There’s an entire cult around agile. Or at least there was.

What they are really talking about is speed. If you want to know all you need to know about being nimble and agile in business, read Lone Survivor by Marcus Lutrell. The lesson can be summed up on one sentence: “The SEALs do place a premium on brute strength, but there’s an even bigger premium on speed.” With this added footnote: “Someone screws it up, the consequences affect everyone.”

The companies that survive COVID-19 will be the ones who move neatly, quickly and efficiently – the way my algebra teacher taught me to solve my math problems. Because as I learned in this webinar, there is no doubt that the uptick in security is here to stay, and that the virus will create new, different opportunities for the agile to take. The questions will be:

  • How does the situation impact your business?
  • How should your business impact the situation?
  • What are the associations (business, professional) you’ve participated in that need to be re-examined (see what’s happening to trade shows and other forms of communications AIM’s Snapshots)?
  • And what are the new products and services you should examine?

The presenters pointed out rightly that every company needs a purpose: why your employees (and your customers) are coming to work with and for you. They want to know what you will do for them from education…health and wellness.

They pointed out their top challenges, which extend beyond security industry to all our industries. But, the real question we all have to answer is: what are we going to do about them? Here are the challenges they outlined.

  • Hiring and Turnover – the PPP was the saving grace of many businesses, but all that did is buy some time. Owners, firms everywhere still have to decide what to do when PPP ends.
  • Implement COVID-19 protocols – being, feeling safe is one of the primary goals. But, what is safe? Is anyone really safe? Owners have to define that and what it means to employees and customers (i.e., see A Plea to Ban Masks from Business Meetings where I purchased a thermometer and took it to a meeting to help my client feel safe!).
  • Compliance risk and liability – this is the unknown territory. Part of the business is understanding this, and having access to excellent legal advice. Don’t forget, insurance companies don’t know either (remember they are still sorting out what the heck cyber liability really means).

Security new clients and timely receivables – everyone needs new business and driving for new business is a primary consideration. How you do it has changed, but change you must if you are to land new accounts.

Expanding service offerings to remain competitive. One of the reasons a business keeps standing is the ability to re-invent themselves – to go beyond what is “normal” into areas that may be outside their expertise. COVID-19 has made this an essential attribute to remain successful.

In other words, out-of-the-box thinking is necessary, as cliché as that statement has become. And by the way, the biggest to least challenge was from the top to the bottom in that list, the most urgent being hiring and turnover.

What is YOUR industry’s biggest challenge?

When the presenters noted, “Google said they don’t want to address going back to work until 2021,:[2] I found it difficult to believe. I remember when I started my business 30 years ago, I read an article that was an interview with the President of Toshiba. He said that he was willing to lose money for ten years, as long as at the end of ten years his company would be the number one in market share in that market.

I never forgot that quote. For me, in my just-formed business, I couldn’t lose money for one month much less ten years. Since then, of course, you understand or think you understand the ups and downs of a business. To make a statement like that is part of a strategic vision.

But, strategic visions take cash. Things like COVID-19 play havoc on strategic visions because it affects cash.

Unforeseen events happen all the time. Some are large and some are small, but the company’s reaction to events – seen and unforeseen – defines them not only to their internal people, but to their external observers. That’s why one of the common themes I heard in my investigations is reflected in Lutrell’s other comments from the many in his narrative: “Only one person in life knows whether you’re going to make it or fail. And that’s you. Always give it everything.”

This is also what is reflected in the security industry. As society goes through unrest, something interesting starts to occur: officers are transitioning to the private sector. As they said in this webinar, “resumes are coming in” giving the guard firms untold capacity of specialized resources that prior to COVID-19 would be out of reach. In other words, good things happen despite the bad.

So the real question is, what are we going to about it today?

A Word About Cyber

In Cyber and Physical Security: Safeguarding Employee and Customer Data on August 5, 2020, Jason Christman, VP, Chief Product Security Officer, Johnson Controls and Jon Williamson, Director, Cyber Experience Global Product Security, Johnson Controls, talked about the newly distributed workforce, which is creating new and increased cybersecurity risks.

One of the key things in any approach to security is “situational awareness.” This concept has been important before COVID-19, As any law enforcement or military person will tell you, you always have it on. “The primary element in establishing this mindset[situational awareness] is first to recognize that threats exist. Ignorance or denial of a threat make a person’s chances of quickly recognizing an emerging threat and avoiding it highly unlikely. Bad things do happen. Apathy, denial and complacency can be deadly.”[3]

And you might say, how does that affect you if you are “working from home” or in lockdown? The answer is when it comes to cyber it affects you more than ever .

According to Interpol, “With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.”[4]

The presenters noted that there is a shift in the way people are processing and reacting  in the environment today, but also from a physical and cyber security point of view. While physical security of “smart buildings” has been going on for awhile, what makes the building smart are the people in it. If no people are in it, it’s a dumb building, and the security shifts to cyber. Or does it?

As they pointed out, “A building can be both a target itself and also used to facilitate other attacks in the environment. It part of the ‘Kill chain’ for cyber security.”

What Cyber Security Risks Look Like Today

Sophisticated attacks. They discussed a new term — cyber physical attacks — that combines both strategies. For example, the attack goes in through cyber to circumvent access controls in a building so the actor can do things. A more severe cyber physical attack cause a process to go out of control and cause real damage even to remote workers.

“You have to think about what you are trying to protect,” they emphasized. In other words, situational awareness. Always.

Cyber hygiene today involves the remote workforce. Work from home policies should be developed because there will be fewer individuals onsite at a building to notice out-of-the-ordinary events.

“And continually re-access your policies,” they noted. “Things change fast under COVID-19. Those changes lead to new bad-guy initiatives.”

Physical and cyber security are shared responsibilities. It’s no longer the “IT guy” or the “security department.” Think broadly.

“Don’t run away from technology,” Jon Williamson said in conclusion. “Run to it. If you don’t, you will fall behind in other ways.”

When it came time to questions, I asked what can people do in this environment “if a Tweet can put a brand in a tailspin?” I asked that because they talked throughout the presentation about how brands are attacked and disrupted. I had always studied this problem for many years, including writing about it in Brands in Crisis.

Their answer was clear: “Don’t have a knee-jerk reaction. Put checks and balances in place.”

In other words, have a strategy! As Jim Mattis said in his book, Call Sign Chaos, “Strategy is hard, unless you’re a dilettante. You must think until your head hurts.”

________________________________________

[1] In a webinar Tech Solutions for Safer Buildings Bruce Montgomery Sr. Business Development Manager,  for Honeywell Commercial Security expanded on this trend, with people counting (in cameras), thermal imaging for health and a variety of other metrics that are being deployed. Interestingly, in the August issue of Security Business, Robert Few wrote “Security’s Role in Civil Unrest”  that discussed how guard services company is reaction, citing one firm in California. Besides more cameras, the owners recommended alarm companies install video verification as part of the process.

[2] https://www.wsj.com/articles/google-to-keep-employees-home-until-summer-2021-amid-coronavirus-pandemic-11595854201.

[3] A Practical Guide to Situation Awareness, March 14, 2012 on Statfor.com, the world’s leading geopolitical intelligence platform.

[4] In one four-month period (January to April 2020) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners. Interpol report shows alarming rate of cyberattacks during COVID-19. August 4, 2020 on www.interpol.int.

Leave a Reply

Your email address will not be published. Required fields are marked *