Although many businesses are aware of physical security threats, they still need to do what’s necessary to protect their site locations. Without appropriate security measures in place, businesses like yours are left vulnerable to various threats.

To combat this, a mitigation strategy is essential. Here’s what’s required in a mitigation strategy and how to reduce security risks. 

Security LI-1

What is risk mitigation?

Risk management identifies, evaluates and prioritises risks and applies a coordinated method to reduce any risks found. These methods will minimise, monitor and control the likelihood or impact of an event such as a security breach.

Why do you need a mitigation strategy to manage risk?

With a robust mitigation strategy in place, you can identify vulnerabilities and reduce the risks of these vulnerabilities being breached. In turn, this creates a safer, more secure work environment where data is protected.

What to consider when developing risk mitigation strategies

To ensure premises are secure, it’s essential you consider physical security. Without appropriate action, a business will be left vulnerable to physical threats. Here are some of the most common physical security risks to companies and what to do to protect against them.


Tailgating is when unauthorised personnel follow an authorised person into a secure area. Most sites are secured by access control, such as a swipe-card access point. However, these kinds of measures can be easily breached by a determined criminal. 

This type of crime occurs when multiple people pass through doors and only the person in the lead has to provide identification. The people behind then follow through, making it easy for the unauthorised person to get in.

With the right physical security measures in place, you can reduce tailgating risks. Alongside security guards, anti-tailgating doors make tailgating nearly impossible. Providing training to employees will also ensure staff are aware of the risks, so they'll know not to hold doors open to people they don’t recognise. Employees should also be advised to report any attempted tailgating.

Document theft

Most offices will have critical papers and documents, usually stored at desks or printer stations. Sensitive documents such as these can become easily misplaced and fall into the wrong hands. This doesn’t necessarily mean they'll be taken from the office, but a visitor could potentially see the information they weren’t meant to.

To prevent document thefts, implement a clear-desk policy. This will ensure all desks are cleared and documents are put away at the end of the working day. Employees should also shred all sensitive documents after they no longer need them.

Unaccounted visitors

If a business isn’t aware of who's in their workplace at all times, it’s impossible to maintain a high level of security. This means if an incident occurs, it’s hard to tell who was and who wasn’t present at the time. 

To keep track of visitors, access control with ID is essential. Not only will this ensure all visitors are accounted for, but it'll also show who's in the building at what time and when they leave. 

Stolen ID

Access control systems are only reliable if everyone uses their own ID. If a person enters and leaves the premises while using another person’s identification, there may as well be no access control at all.

To mitigate this risk, educate your employees on the importance of protecting their IDs and access cards. With this knowledge, employees will know not to share or lend each other their cards. Unless employees are aware of the risks, they may be careless with their IDs.

Social engineering

This is one of the most challenging physical security vulnerabilities to overcome as it comes in several forms. Social engineering involves manipulating employees, such as impersonating another person. 

Another common social engineering example is known as the ‘coffee trick’. This is similar to tailgating. The attacker will hold a cup of coffee in both hands while walking towards an office door so an unsuspecting employee who's passing through the door will hold it open out of courtesy and allow the unauthorised person in. 

After a thorough risk assessment to identify vulnerabilities, staff should be trained in combatting social engineering. Employees should understand the risks that social engineering poses and how they can be more alert to any suspicious behaviour or activity.

Why security guards are necessary for a comprehensive mitigation strategy

A security guard has a significant impact on the security of a site. Their presence sends a message to any potential intruders that they’re being watched. They observe and report any suspicious activity while also reacting quickly to any unwanted behaviour on the premises

Although access control and CCTV are key components to deterring criminals, passersby may still take the chance if they don’t see a physical security presence. Ultimately, people who know they’re being watched tend to behave better. 

On larger sites, the use of 24-hour staffed guards is appropriate. For smaller sites, guard patrols, particularly at night, are the most beneficial and cost-effective solution. 

To ensure your site is in the best position against intruders, take a look at our latest security checklist.

Is your site secure?

Without a reliable security system in place, your site is open to theft, burglary, vandalism and more. To minimise the risk of criminal activity, the best line of defence is implementing a risk analysis. 

In our guide, we show you how to conduct an assessment yourself and provide a comprehensive checklist so you won’t miss any important steps. To start protecting your site today, click the banner below.