Security Management's June issue features an article, "Lessons Healthcare Security Professionals Learned from Hurricane Harvey," which noted that the storm's intensity forced professionals to reconsider current standards. For this post of Today in Security, we spoke with Andres Paz Larach, senior vice president, Americas for Pinkerton, about how corporations, especially those who have never encountered a hurricane event, can successfully navigate storm preparations.
Knowledge is Power. "From a total risk perspective, natural disasters can impact supply chain, your tech, and access to data," Larach says. "So it really starts by understanding." Insight into the likelihood of dealing with certain natural disasters and how an organization would fare with the current policies and practices it has in place, along with an enterprise-level risk assessment, is valuable intel. From understanding its current state, a corporation can develop a strategy and business continuity plan, ready for when disaster strikes.
Move Past the Plan. Having a plan is crucial, but plans are ultimately useless if they aren't put into action. "The real challenge is to make it operational," Larach says. Between 2017 and 2018, he saw clients who were impacted by severe storms, including Hurricanes Harvey, Maria, Irma, Florence, and Michael. He said that the companies that came out of these storms successfully were the ones that were prepared "end-to-end." "What we saw during the hurricanes in 2017 is that a lot of our clients ... were improvising on the fly." Most likely, he added, many of these organizations, which represented a wide range of industries, had not been hit by a hurricane or storm or such magnitude within at least the past decade; their improvising left them sometimes ill-prepared or scrambling as the storm fell on them.
In 2018, Larach noticed a change between clients who were hit in 2017 and those who were not but were now facing storms just as big and beastly. Those with more recent experience were more proactive about putting their plans into motion, calling well-ahead of a hurricane's landfall. "They knew exactly the type of asset protection support they needed on the ground." Other initiatives, such as hurricane monitoring, helped Pinkerton, which specializes in corporate risk management solutions, collect data that would later accelerate insurance claims.
Avoid Silos. Larach also stressed the need for an organization's security team to step out of an isolationist mindset. Instead of operating within a silo, security professionals should be seeking more exposure to the overall business and working with various other teams (for example: human resources, legal, liability, insurance) within an organization that will ultimately provide better protection for not only employees, but the company as a whole. Most companies with security teams that continue to operate solely within a silo are likely to slow down recovery after a significant event. "That's why having more cross-functional collaboration is more relevant today than ever."