SECURITY — When we talk about threats related to visitor management solutions the obvious security risks are often the first things that spring to mind. We immediately think about critical emergencies and violent incidents, and while those are important to get on top of, threats related to visitor management go far deeper than that.
In fact, there are a number of risks related to visitors that have very little to do with the physical security of your employees, but have everything to do with the financial and legal security of your business. And while the safety of employees should always be a top priority, securing your business shouldn’t be forgotten.
In this article we’ll discuss the threats related to visitor management that goes beyond the facade.
What does today’s visitor look like?
Every time we talk about visitor management, and especially when we talk about how visitor management has evolved, we need to ask ourselves who the visitors are.
In years past, visitors were customers, clients, and external meeting participants. That was the case for most organizations.
But that’s not the case anymore.
Today a visitor is anyone who interacts with your organization. From employees to VPs and executives, vendors, partners, contractors, and auditors as well customers, clients and external meeting participants.
And each type of visitor has different requirements and needs when it comes to their visit. And each type of visit presents a different threat to your organization.
For instance, the risk related to a customer coming through your doors is more likely to be legal in nature where the risk related to a contractor showing up might end up turning into a business risk where sensitive information and trade secrets become compromised.
Historically visitor management solutions haven’t catered to the threats and challenges presented by different visitor types—but that’s about to change.
Visitor management solutions of the past, present, and future
In the grand scheme of things visitor management is a relatively new field. While guest books and receptions have of course been around for centuries it wasn’t really until the appearance of touch screens and smart devices that visitor management evolved past a manual process for receptionists to follow.
Visitor management solutions of the past
Even moving past the paper logbooks, visitor management solutions of the past share a number of things that are outdated.
They are fragmented and manual, meaning that a lot of related processes such as security and host notifications are carried out alongside the visitor management itself, which makes it inefficient and costly.
At the same time visitor management solutions of the past are primarily reactive, meaning the process does not start before a visitor walks through the door. Which also means that the security process doesn’t start until the visitor walks through your doors.
Visitor management solutions today
One thing that modern visitor management solutions have in common, and the way that they differ from visitor management solutions of the past, is that they provide you with real-time as well as historical data that you can act upon.
Whether it’s visitor lists you need in case of an emergency or it’s the development in occupancy trends over time, data is the name of the game for newer visitor management solutions.
At the same time modern visitor management solutions tend to be a lot more scalable and adaptable, meaning you won’t need to change systems or rebuild processes from scratch every time your organization is presented with a new regulation.
Lastly, they tend to be very easy to use and even enterprise level systems tend not to require experts to operate them. This is also a necessity when you start to consider everyone as a visitor, because you will need the check-in procedure to be fast and efficient for anyone who enters the premises, even visiting family or friends of employees.
Visitor management solutions of the future
If we start to look at what the future holds for visitor management solutions, and we recognize the shift from “visitors are people who register in the lobby” to “a visitor is anyone who engages with our organization”, we can see a new standard beginning to unfurl.
Instead of being something we do for security reasons, safety reasons, and to live up to certain regulations, visitor management becomes much more focused on managing experiences for anyone who interacts with the organization, whether they are employees, contractors, vendors, auditors, external meeting participants or even guests.
Why threats matter
When we look at the typical understanding of the threats posed by a visitor it’s easy to visualize the result of not addressing the threat properly. Whether it is an emergency like a fire or a violent incident the results are physical, and often catastrophic for anyone in the building during the incident.
But what is the result of not addressing less dramatic threats, like access control during a visitor tour or something as mundane as a tedious and manual visitor registration experience?
While it of course depends on the threat in question there are three overarching risks to not proactively addressing a threat: Increased risk, spiraling costs and negative experiences.
Security risks
When it comes to security risks we often focus on workplace shootings simply due to their horrific nature.
Looking at statistics related to mass shootings The Violence Project (a nonprofit organization funded by the National Institute of Justice) found that 30% of all mass shootings between 1966 and today took place in the current or former workplaces of the perpetrator.
Over the course of 2023 alone the United States saw 13 workplace shootings, and out of those 13 shootings five resulted in fatalities and the remaining eight saw injuries without fatal outcome.
But if we look broader than gun violence the number grows exponentially. In the United States of America 400,000 aggravated assaults take place in the workplace every year. [2]
Workplace violence statistics:
Business risks
While reputational and security risks both pose threats to your business in terms of legal complications and loss of income, there is a bit more to visitor related business risks.
Corporate espionage and leaking trade secrets is one of them.
For instance, different visitor scenarios can pose a threat to your intellectual property and the competitive advantage your company holds.
The nature of this risk varies based on your organization, industry, and whether it occurs during a facility tour, a long-term professional visit, or a joint venture, but the result is usually the same—a monetary loss.
3 ways visitors have obtained business critical trade secrets
During a tour: During a tour visitors have used double-sided tape attached to the soles of their shoes to collect metal alloys from the floor of a production plant for US military planes. The alloys were used to determine the exact metallic components used in the planes.
During a joint venture: Under the guise of a joint venture contract three employees from one company attempted to remove proprietary information from the facility of the other company by putting it in boxes labeled as their personal belongings.
During a visit: Foreign visitors dipped their ties into chemical solutions to obtain product samples. The host company was subsequently unable to find a market for its product in that country.
Reputational risks
Compared to security risks like workplace violence, reputational risks might seem a lot less important, but in an economy where 70% to 80% of a company’s market value comes from things like brand equity and intellectual capital, organizations can be especially vulnerable to anything that causes damage to their reputation.
The worst case scenario when it comes to reputation damage isn’t just a dip in revenue, it’s mass lay-offs or even bankruptcy, which affects not just the business itself but partners, investors, employees and their families, which quickly turns into hundreds or even thousands.
The cost of reputational damage
When we talk about reputational damage many of us are likely to think of the data scandals surrounding Facebook Inc. (now Meta), and how that data was used to influence Britain’s vote to leave the EU and the US presidential election. And with good reason.
But what was the outcome of that scandal?
Financial loss, plain and simple.
Less than six months after the aforementioned data scandals started rolling, Facebook experienced the largest one-day loss in market value by any company on the US stock market. Over the following year the Facebook stock dropped by more than 50% in value.
Using paper sign-in sheets in lieu of a visitor management solution is a compliance risk
Paper sign in sheets and manual sign ins are most often criticized because the process is inefficient, and while hopelessly outdated many smaller companies are still using paper log books or printed sign in sheets. This is usually because they don’t see many visitors and so the inefficiency of paper sign-ins aren’t that big of a deal.
You may even experience the manual, paper sign-in when visiting some larger companies. But this should never happen. And not primarily because of efficiency issues but because it poses a very real threat to your business.
Most paper log books and sign-in sheets are simply a sheet of paper with lines where everyone who arrives writes their name, time of arrival, who they’re seeing and potentially their contact information.
The issue here is, that when a person signs in with their name, they are providing you with personal information. And when the next person shows up to sign in on the line below, they have access to the personal information of everyone else who previously signed in.
How you make a safer visitor management process in 2024
Reducing the risk related to visitors isn’t just about the physical risk, and it’s not just about your physical office, it’s not even solely about the visitors. It’s about every interaction an individual has with your organization.
In the same vein security incidents aren’t just violent incidents, they’re public relations issues, and business risks as well as security risks. Which is why you need to start looking at threats beyond the visitor and the visit. The question is where do you start?