The Vulnerability of Welcoming ─ Balancing Accessibility

From community name selection to marketing websites to the home environment architectural designs, the openness of senior care lends itself to being a soft target for security threats.  This high degree of accessibility with numerous entry and exit points places limitations on some choices of physical security.

The physical security plan concept of gates and guards does not complement the welcoming marketing approach of today’s senior care communal living, and the once siloed approach for each different threat no longer meets the varied needs.

The intricate link between the entry security and protecting the mechanized sensitive information contained within electronic systems for health care records continues to be a challenge.  With the increase on reliance and correlation of data by day to day users, the sharing of this information with third parties including the recent increase in commercial obtainable portals, awareness has been given priority for a combined external/internal security plan to run interference.     

A well-developed general plan will provide the framework for procedures for team members during the need to respond and provide a clear security statement building employee and consumer trust. 

Knowledge and visibility drive the most successful security plans and play a large part in deterrence.

Every security plan will have unique challenges and action details driven by operations of the organization and vulnerabilities of the business model.  

This fluid risk will necessitate a viable working plan based on all threats, vulnerability and security assessments, and will require frequent changes and updates to the primary plan depending on newly defined risks and procedures, technology, and added employee privileges and skills.

Regardless of the scope of the plan there should be one common goal – to bring it all together for governance support and to avoid the silo effect.

Check Points

  • Does your organization have a written plan based on deter, delay, and defend?
  • Is there a current goal statement which will drive the plan, connect all elements, and can be used to measure success?
  • Is occurrence management and recovery clearly defined for the first few minutes with assigned teams and action items?
  • Are key staff and new team members aware of the current security plan?
  • Is there a plan champion who is aware of their role of maintenance and revision?

If the plan needs to be reviewed or revised, start by classifying actions based on large categories of threats such as natural disasters, cyber-attacks, and physical intrusion.  There will be many subcategories as the plan develops; for example, a data breach within, but these headers will assist with evaluations of existing procedures.  

Take Action

  • Create a team keeping everyone informed of the plan including how and when it will go into action and focus on the plan’s visibility for primary deterrence.
  • Assess the risks, threats and vulnerabilities routinely and classify and define the security sensitive areas.
  • Measure the functionality of the current system and test the awareness of the team.

Mitigating risks as the goal statement should be at the core of all security plans and drive and focus the efforts to meeting this goal.

For keeping your people, communities, and assets safe, your selected resources are:

  • Security policies are critical to ensure everyone understands their role in asset protection. The plan and template both offer guidance for topics to include and will assist with developing subcategories for connection of procedural steps and policy language.
  • Vulnerability Analysis Worksheet – this tool will assist with identifying high probability events for which your business will need to be prepared.
  • The Data Cybersecurity Assessment has three main areas for preparedness consideration: the organization as a whole, the IT systems, and at the facility level. This simple tool may define processes which pose a risk and can become a resource for action teams.

Leave a Reply