You could be responsible for the lapses in your organisation’s business security

Investors always venture into business with the aim of making  money using the resources which the business has acquired using the capital injected into it.  The resources include the staff that have been employed to link the organisation with customers and other key stakeholders and fixed assets like buildings, computers and furniture, cash in the bank and at hand, stocks and intangible assets like IT based information among others. You can only make money using the resources of the organisation provided the resources are continuously available for the intended purpose. We often take it for granted that the business resources will always be available to the organisation to make money.  This is not always the case as the business can  either temporary or permanently be denied access to the organisation’s   resources for purposes of making money. The organisation’s capacity  to make money can be compromised as a result of espionage, sabotage, fraudulent and attack actions by the wrongdoers.  Security challenges may include frauds,   threat to your staff both at work and home, theft of assets and other business resources and the threat of terrorist attacks among others.

Taking business   security for granted  can be  risky  as it can lead to a business coming to halt as a result of actions by the wrongdoers.

The security of the organisation is the responsibility of management in ensuring that an effective risk prevention, detection and response strategy is in place. The responsibility of staff is to do the right thing even if no one is looking at them.

You may want to ask yourself  on what causes the security lapses. Many business security exposures are due to lack of effective action from management.  Lack of effective action from management can cause  security lapses  as a result of the following;

Management attitude

I have come across some CEOs who believe that they are competent enough not to allow security lapses to take place.  They have a negative attitude towards business risk and hence cannot have an open mind about business security. It is important to appreciate  that business security lapses can take place in any organisation and the existence of  effective internal control makes  difficult for  security incidents to  take place and  to remain un identified.

Tone at the top

The moral tone and the emphasis of prevention of security lapses must come from the board through management to staff and the outside world. Management’s stand on business security must be clear enough and adequate security guidelines should be available  to staff.

Internal controls          

It is the responsibility of management to design and implement an effective internal control system which ensures that risks are prevented in first place, promptly identified in case they have taken place and effective mitigation strategy is promptly implemented to minimise losses.

Collusion of staff and third parties

Always bear in mind staff may collude with each other in exploiting a lapse in the business security system. The plan to exploit the  lapses  are  normally hatched by the ring leader  and sold to other trusted staff.  The collusion can also be between staff and outsiders.  It is advisable not to make staff that are closely connected through friendship and other means to check each other.

Over trusting

It is important to trust your staff that they can do the right things even if no one is looking at them but do not over trust.   I have suffered from fraudulent actions because of over trusting people around me that they  can not do anything wrong. A number of terrorists’ attacks, frauds, thefts etc are pulled off by the trusted people.   When you are trusting people always bear in mind that anything negative can be done by someone who is trusted so much. Therefore make sure no staff does any process from beginning to the end without any other staff independently checking the work during the cause of their own work.


John Muhaise Bikalemesa

Director: Big Drum Advisory Services