How to test your security emergency plan

The words “Amat Victoria Curam” which translates “ Victory Loves Preparation” is a famous quote from the movie Mechanic. It has become an inspirational quote for so many people across the world of business.

When you break the phrase down, it reveals a deeper meaning to staying relentless and prepared.

As your business grows and expands, so will the demand to secure your investments, property and the people you care about become a priority. You should have a contingency plan to overcome threats to your security.

Emergency response preparedness has steadily increased in importance given the legal, economic and environmental implications that can be generated by unforeseen events. 

For this reason, being prepared for emergencies is a priority since they may occur at any given time.

In this post, I am going to show you ways can test your security emergency plan to ensure safety.

If you are ready, let go!

But first, what is a security emergency plan?

In the context of a business environment, a security emergency plan can be said to be a set of rules, guidelines or program ushered to contain or respond to emergency situations.

It establishes the actions to attend to in a timely, efficient and effective manner in case a risk endangers workers or visitors. 

It is very important to have a security emergency plan even if you are a small organization.

Having a security emergency plan helps in the following ways:

1. The Identification of  threats 

A threat is any phenomenon natural or human-made that may endanger a group of people, their things and their environment.

There are different types of threats, some are natural, others are caused by humans. For example, terrorism, robbery, explosion, fire. Having such a guide or policy in place helps in identification and solution.

2. Emergency detection and notification 

Having an emergency plan also ensures that attention is given to regular inspection and, where necessary, repairs carried out.

It also ensures that in the event of an emergency or unusual situation, information is gathered to ensure better remedy in the future.

For example, if an emergency plan incorporates the use of security features like CCTV and Access Controls in their guide it helps prevent many white-collar crimes at workplaces.

3. Team Capacity building 

Emergency security plan goes a long way to build and sharpens individuals security consciousness.

A security plan that incorporates departments heads and teams helps in keeping people away from unsafe areas within their locations.

Forming such teams and giving roles and responsibilities help eliminate panic in an emergency situation.

NB If you don’t have a security plan yet, then it’s about time you speak to a professional security service provider to assess your risks and put together a plan that will work for you

Now that you know some of the importance of having a security emergency plan at your workplace. Let’s look at how you can test your security plan

Some organizations go to great lengths to set up effective security emergency plan, very few proactively test their processes to ascertain how they will work when faced with a real threat. 

SANS Institute found that only 33% of organizations periodically review and update their security emergency plan. 25% only review and update their processes after a major incident. Essentially, organizations assume their processes work until they don’t. 

These are ways you can test your security emergency plan;

1. Theoretical Test

A theoretical test simply looks at the documentation of processes in case of a security breach. These tests, also known as paper tests are not expensive to conduct.

That said, these kinds of tests sometimes leave room for errors. My advice is for you to use it to update your processes. Example, if a previous security breach occurred through a logbook error, your test should be on how it was reported and solved?

2. Simulated Attacks

A fully simulated attack is the most effective way to test your security emergency plan. This is because it uses real-life, controlled attacks to see how your people will respond to threats.

A simulated attack is the most resource-intensive type of test. It often involves all your business stakeholders.

Simulated attacks do only test your team capabilities on what should be done but how it is done.

This gives you and your team the clearest picture of how they would perform in the event of an attack.

3. Round/ Table Top Exercises

Round Table exercises are the situation where stakeholders hold a round table security event.

This technique allows teams to review and practice the various actions detailed in the security emergency plan.

Round table exercises appear informal. This is why it should be done in a controlled and focused environment.

To make these exercises effective, you should prepare well in advance. This ensures the right teams participate. You should try and make a threat scenario as real as possible.

4. Playbook Walk-through

Playbooks ensure that everyone in your organization knows their role in the event of an incident.

Just like attack simulations, there are a variety of ways to approach it. You can use automated playbooks available within many security orchestration platforms.

Wrapping Up,

My advice is for you to set a schedule for testing, reviewing, and revising of your security emergency plans. It is better to start with short-term drills then work your way up.

I often advise business leaders to start small with seminars then enhance through:

  • Short-term drills
  • Tabletop exercises
  • Full-scale attack simulation

Have Your Say,

What means are you using in testing your security emergency plan? What other security emergency plan test will you implement now? Do you need a security service provider to help you plan and implement a test strategy?