Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second Hand Security can crop up in situations like company mergers and acquisitions. One of the challenges is to see beyond what the other party is telling you.
Your prospective business partner may be assuring you with all the honesty in the world that security in its firm covers all requirements. However, what is true for one organisation does not necessarily carry over to another.
This difference in security may be due to the nature of goods or information being handled, or to the geographical location of the business.
It may, notwithstanding the good faith of the other party, simply be due to security gaps. In a company merger or acquisition, where there is often pressure to proceed rapidly, security differences automatically turn into security gaps.
They need to be addressed up front, or the resulting combined organisation will be at best lopsided and at worst exposed to security risk.
Understanding the background of the other company is the first step to charting its security. The type of business, geographical locations, management structure, number of employees and IT environment are basic pieces of information to be gathered.
Areas of security to be assessed can then be categorised as physical security, IT security, disaster recovery and security awareness. Physical security involves people and equipment, with possible risk of theft or damage.
IT security addresses access to computer systems. Disaster recovery is the recovery of critical computing systems, should they fail. Security awareness involves communication, training and behaviour of personnel to keep themselves and company assets safe.
With a car, once you’ve looked at the engine, the tyres and the bodywork, you’ll know better about any necessary repairs. Similarly, companies need to be examined to see what works and what needs attention.
The purchase decision for a company may be out of your hands, but at least you’ll be able to forewarn and act to harmonise security accordingly.