Make Security a Hot Product
Print Issue: January 2004
Education and training are essential parts of any asset protection plan. The key to selling employees on the importance of asset protection is a good marketing campaign. The goal of the marketing program is to have employees buy into the importance of following the asset protection rules. Thus, employees must be sold on the serious nature of the threats and on the effect that asset losses can have on the company and on them personally.
Plan development. After establishing the goals of the plan, the security director must develop the contents of the asset protection education program. If any laws apply, employees should be made aware of them and how they fit in with the asset protection plan.
In presenting this information to employees, security will need to consider the audience, speak the appropriate language, and understand employee motivation.
Audience. It’s important to know the audience and to target the message appropriately. For example, when speaking to management, security staff should stress the relationship of asset protection to corporate goals and objectives, including productivity and profitability. When speaking to staff, they should stress how losses don’t just hurt the company but the employees as well.
Language. A part of targeting the message to the audience involves selecting the right type of language for the particular set of attendees. For example, when speaking to executives, security will want to use words and phrases like “bottom line,” “cost-effective,” and “competitive advantage.” When talking with front-line staff, security may instead want to use phrases like “job security” and “personal safety.”
Motivation. Treating the audiences as groups of professionals and as parts of the asset-protection-solutions team is more motivating than giving a presentation that treats employees as if they were unruly kids. This means not only telling employees what they have to gain but also making them feel that their contribution will be valued.
Employee buy-in. Both negative and positive forces can be marshaled to stimulate the employee-customers to buy into the asset protection plan.
Negative. One option is to establish a disciplinary structure for violation of asset protection rules. Any such program should be carefully developed to ensure that discipline is reasonable and proportionate to the infraction, so as to encourage future compliance without creating resentment or possible HR issues.
Positive. Another option, which can go hand in hand with a disciplinary program, is to ensure that good behavior is rewarded. For example, asset protection compliance behaviors might be included in reviews and factored into merit raises and promotions.
Communications. The marketing campaign must also involve various means of getting the message across to everyone in the company. Options can include briefings, online and video instruction, booklets, posters, coasters, rulers, buttons, and notepads.
Briefings. Briefings can be focused on specific functions, issues, or responsibilities and targeted to the applicable group. Let’s look at three possibilities. The first, a general asset protection course for all employees, provides a basic set of asset protection guidelines that all employees should know. This course covers information protection techniques such as the identification of information by classification categories as well as how to properly mark, store, transfer, and destroy data.
The second type of briefing is designed to impart information about information systems security. This briefing is designed for users, managers, and custodians of computers, fax machines, cellular phones, telephone systems, and their peripheral components such as servers, networks, and Web pages. The purpose of the briefing is to discuss the protection of the information stored, processed, displayed, and transmitted.
The third briefing is geared toward equipment protection. This briefing is attended by those custodians and users of valuable equipment that are an integral part of the company’s operations. The information in this briefing stresses the importance of protecting the machinery and the ramifications of losing valuable information—if the robots stop, manufacturing stops.
Booklets. Asset-protection booklets, handbooks, pamphlets, or guides are another means of marketing asset-protection concepts to the consumer-employees. Before writing any booklets, security should talk with HR personnel about corporate policies and procedures for developing such documents.
The asset-protection handbook produced by the security team can be handed out as part of the first briefing new employees receive. It might include the definition of asset protection and the employee’s responsibility for asset protection. Also covered might be security procedures such as the proper use of IDs, the proper way to gain access to facilities, how to escort visitors, and how to protect vital equipment.
A special section on sensitive information could discuss categories of such information and how it should be marked, controlled, transmitted, stored, and destroyed. Instructions on reporting violations should also be given.
At the back of the handbook could be a tear-out page that is preaddressed to the security department. During the orientation briefing, new employees can be instructed to read the handbook and then sign, date, and tear out the acknowledgement page in the back of the handbook and return it within 30 days. The acknowledgement page might tell employees: “You are the first line of defense in the protection of our vital corporate assets. This handbook is being provided so that you are aware of your responsibilities for protecting these valuable assets and what you can do to help the company in that endeavor. To satisfy the company’s asset protection policy and to assist in protecting the assets, you are required to: Read this handbook, and retain it for ready reference and write your organization’s mailing address and telephone number where indicated; sign and date this tear-out page as a certificate of receipt and understanding. Return this certificate to the security department within 30 days of receipt.”
Next on security’s agenda might be reinforcement of the message. Means of doing that include such media as Post-It notepads, drink coasters, and rulers containing asset-protection messages. Similar themes can be repeated on calendars and posters.
While security managers must frequently enforce rules rather than persuade employees to buy into them, they may find marketing to be a useful tool. By developing a marketing plan, gaining employee support, and selling the security program through communication, security managers can increase support for critical programs.
Gerald L. Kovacich is a writer and researcher with more than 40 years of security experience. Edward P. Halibozek is currently the corporate director of security for a major corporation. Both are members of ASIS. This article is excerpted from their book The Manager’s Handbook for Corporate Security, published by Elsevier/Butterworth-Heinemann. To read a review of the book and to obtain purchase information, see page 110.