In the early morning hours of Sunday June 12th, 2016, events were unfolding in Orlando, FL that would once again shine the national spotlight on the need for increased security in and around what is commonly referred to as “soft targets,” a person or thing that is relatively unprotected or vulnerable, especially to a terrorist attack. Forty nine people lost their lives, and countless others were wounded during a shooting rampage that was carried out by a man who was intent on making a murderous statement on behalf of his beliefs. Just a day earlier, a popular singer was also gunned down in Orlando at an autograph signing after a concert. While the investigations into these tragedies are on-going, the call for immediate action was swift.

These types of incidents typically result in a national outcry for more to be done by our government to protect us, and always prompt more discussion around the issue of intelligence gatherings, gun control, and how we as a nation must fight terrorism more effectively. These are all very important topics that must be examined, but for the business owner who is trying to absorb the potential impact of such events, more practical matters take priority over political debates.

Over the past week, media outlets have asked the following question: “What security measures need to be present to guard against these types of incidents?” Unfortunately there is no short, easy answer that would apply to every situation. I recently spoke with a reporter from a major newspaper who asked the following question: “Mr. Sorrells, please give me an estimate of how much it would cost a business to provide the security necessary to prevent the type of attack we witnessed in Orlando?” While I can’t fault the questioner for asking such an obvious question that is on the minds of many after a horrible tragedy, it is of course one that has no stock answer. The real answer is: It depends.

At the beginning of a security service relationship some normal ground rules have to be established. These can include things such as operating procedures, uniform styles, and equipment needs, but one of the most overlooked elements of beginning the security relationship is actually designing the security plan and procedures. This may seem to be a simple task, but there are many hidden areas that can cause significant issues for service providers and customers alike. An effective Security Service should start out with a basic risk assessment being offered, and hopefully ultimately performed. Each customer and individual property present unique and different environments for potential security operations, but some common elements can be used in the risk assessment process. There is no one-size-fits-all approach to risk assessments. I will not commence a risk assessment until I have had a chance to speak in detail with the organization I am assessing. While there are standard assets inherent in any business, there will also be unique aspects depending on the environment. People and property are going to be a standard asset at every location. Every organization has a vested interest in keeping its employees and visitors safe, and depending on the nature of the business, more or less assets could be present. Personality of the business, its standing in the community, and the reputation of the organization are often overlooked assets. Without knowing what is important to the customer, it is nearly impossible to know what their security needs are. For example, in healthcare settings patient satisfaction is key. While this does not negate the need for effective access control and other security measures, without taking this philosophy into consideration some recommendations may make sense in the security context, but are impracticable because they don’t line up with the organization’s overall mission of serving the needs of patients and families.

A retail customer once asked me to speak to a gathering of local business owners at a shopping mall. It was just prior to the Christmas holidays and I had gone over a few helpful hints on how to recognize shoplifters and how to be aware of suspicious behaviors. At the conclusion of my presentation, one of the business owners asked why could we not just “keep all of the bad people out of the mall,” thereby ensuring no theft or other negative incidents would happen. Sounds simple enough, right?

The obvious flaw in his question was that he was proposing to do the exact opposite of what he is in the business of encouraging: having people enter his business. I responded that this task was difficult to achieve since there is no real formula or common sense criteria that could be employed to keep certain people out, unless they had a history with the mall or the security officers were trained in behavioral recognition, and the “bad” people showed warning signs that would indicate intent to commit crimes. The real point was that effectively shutting down access would have potentially very negative consequences for the shopping mall in general and the businesses located within it specifically. Some properties may have the luxury of having very tight access control, while some depend on a free-flowing stream of customer traffic to survive. I have also been asked a variation of this question when conducting training for churches, casinos, and even restaurants. While the concern may be genuine, it is often up to the security practitioner to point out to the customer that there must be a balance of security and commerce, with both goals hopefully being ultimately achieved. I do believe that this balance is shifting as we are willing to accept more security in exchange for safety, but this consideration must not be overlooked.

Just as the personality, philosophy, and mission of the organization must be clearly understood, the financial limitations must also be taken into account. Let me be clear: I have never hesitated to recommend a reasonable and necessary security measure to a customer because of some perceived lack of resources. But the keywords are reasonable and necessary. As with any profession, there is sometimes a tendency to overstate the importance of a potential service or a solution to an identified problem. I have always found it quite interesting how some organizations can go from one extreme to the other in the wake of a serious incident. Even more perplexing is how the same organization will eventually revert back to the same, or in some cases even less, security measures than they had prior to the incident. Obviously, increased attention is warranted in the wake of a security-related tragedy such as a high profile shooting or a major breach, but sometimes measures are offered up and implemented with the hopes of being permanent, only to be eliminated when the memory of the incident fades. Sometimes as security practitioners we are tempted to start with offering the most costly and involved recommendations possible. The rationale is rooted in logic. The thought process usually follows that if the tightest security possible is employed, then most security risks are eliminated. But the stark reality is that security budgets are finite and have to be managed in a real-world business environment.

The bottom line is that each organization must develop a security plan based on the unique risks faced by that property. Unfortunately, we will continue to find opportunities to reexamine the need to continually assess these evolving risks in in the current culture of global terror. DSI Security Services knows that the threat is not going away, so we must meet it head on and design plans that best protect our customer’s assets.

Eddie Sorrells is a CPP (Certified Protection Professional), PSP (Physical Security Professional) and CHS IV (Certified in Homeland Security), and is also a licensed attorney in the State of Alabama and serves on many boards and committees within the security industry. Mr. Sorrells has been a valuable part of the DSI team for over 25 years.