One of the most common examples of a security breach, the simple practice of tailgating can provide undocumented and unauthorized access to potential threats. Small behaviours, such as holding open a door for the person behind, can undermine the security system for a property and grant free access to strangers.

Poor security practices such as tailgating can leave visitors and contractors with the impression that your organisation has a relaxed attitude to security, indicating it could be an easy target.

Guides are readily available from organisations such as Centre for the Protection of National Infrastructure (CPNI) to help individual staff members ensure that they are getting the security basics right, in and around the workplace.

Security is Everyone's Responsibility

Physical and cyber (or information) security measures can only go so far in mitigating security threats. Employees must behave in the right way to optimise the effectiveness of such measures

Encouraging employees to think and act in a security-conscious and collaborative manner can help businesses to prevent incidents and breaches from happening.

By ensuring simple security behaviours are shared, the overall level of security can be dramatically improved.

Embedding Security Working Behaviours

Security behaviours refer to the set of values and practices - shared by everyone in an organisation - that determine how people are expected to think about and approach security.

The development of an appropriate security culture within UK organisations, where the right security behaviours are adopted by the workforce as a matter of course, is an essential component to any protective security regime. It is also something that can be achieved at a relatively low cost in comparison to some physical and technical measures.

One method is to follow the 5Es framework - this is recommended as a way to guide organisations on how best to embed and sustain security working behaviours within the workforce:

• Educate Why: Educating employees about the security threat. Employees are less likely to adopt the required behaviours when they are uninformed of the susceptibility to threats (both their own and the organisation's susceptibility) and the severity of the consequences.

• Enable How: Enabling employees to demonstrate the behaviours being asked of them. If employees aren't provided with the appropriate information, training, advice and support they may not know what security behaviours are expected of them, how to do these, or have the necessary confidence to demonstrate them.
• Shape the Environment: This is about ensuring that employees have the resources they need (e.g. equipment, materials, people), the physical opportunity (e.g. space, time, access) and the social opportunity (e.g. peer pressure, leadership, support) to demonstrate the behaviours. If employees perceive that there are too many hurdles or barriers to applying the behaviours in a practical setting, they will be less likely to do so.
• Encourage the action: Providing feedback to employees, encouraging the adoption and consistent use of security measures, is key to sustaining security behaviours in the workplace. If employees receive little or no feedback when trying a new behaviour, they may be less likely to perform the behaviour again.
• Evaluate the impact: It is important to review the improvement in security behaviours to ensure they are maintained and not a temporary response that will subside over time.

Workplace Behaviours: Getting The Basics Right

Guidance such as this is designed to empower employees to create a challenge culture.

From tailgating to challenging an unfamiliar visitor to a property, getting the basics right can prevent damaging security breaches. In some scenarios, good security practices can prevent theft, criminal damage, and the negative effects security breaches can have to an organisation's reputation.