Coronavirus on black background

Managing security risks throughout COVID-19

As part of managing the Coronavirus (COVID-19) situation, organisations will need to understand the security risks to them and their staff.  This guidance provides steps to take when managing these risks

Last Updated 29 April 2021

COVID-19 and security

Due to the global pandemic all organisations will need to adjust their protective security arrangements to reflect changing threats and new working practices.  

Key activities for all organisations at this time are:

  • Identify the threats from the current pandemic situation to your organisation     
  • Conduct a Risk Assessment based on the identified threats and update risk registers
  • Put proportionate measures, policies and procedures in place to mitigate the new risks
  • Communicate changes across the workforce clearly and effectively
  • Provide guidance and training to the workforce to adapt to the new security arrangements and give access to welfare for those needing additional support. 

As lockdown eases there may be different, or additional, security risks and implications to take into considering.

The advice and guidance on this page is designed to support your organisation during this pandemic and to highlight opportunities to strengthen your protective security regime for the future.  

Latest guidance

man walking with bike

Published May 2021

1 - Identifying new security threats

Insider Threats in a Pandemic

During COVID-19, poor employment screening processes could enable an insider to recognise the value in being able to access sensitive information or equipment. Having a strong security culture will act as a deterrent to insider activity by ensuring the workforce have a good understanding of security awareness, and ensure they understand how to report concerns where they notice behaviour of concern.

Pandemic Security Behaviours

We have issued an updated high level guidance on good personnel security during a pandemic. Where usual security practices are either suspended or changed to reflect different working patterns and where security staff resource is limited, it is important to take a strategic view of security risks and priorities.

Protective Security Management Systems (PSeMS)

PSeMS is an assurance system for organisational security. This version of the PSeMS checklist provides Security Managers a set of protective security statements, specific to the current pandemic crisis, to help assess the new security posture of their organisation identify where gaps are and what mitigations they may need to put forward for Senior Management approval. 

Threat to workforce using professional networking sites

Hostile actors and criminals may act anonymously online in an attempt to connect with people who have access to valuable or sensitive information. CPNI have released Think Before You Link which provides advice on the security risks of putting too much information about your employment on social media.  

2 - COVID-19 risk mitigations for organisations

Right to Work checks

The Home Office has issued guidance for how to conduct right to work checks during COVID-19 and this advice can also be applied to other parts of an organisation’s screening processes where it is not possible to check an original document.

Ease of Lockdown

Updated for May 2021, this guidance provides Personnel Security advice for organisations on how to mitigate potential security risks during the government’s 4 Step Plan for coming out of lockdown.

Remote Interviewing

The way in which you employ people may also have changed during this period and it is increasingly likely that interviews for either recruitment, HR, vetting purposes or even line managers will be required to be undertaken via a telephone or online. CPNI have produced guidance which is designed to make interviewers aware of tried and tested best practice, as well as recommendations from latest academic research.

Guard Force Response

This guidance is to assist site security managers in understanding how to get the best security effect from a depleted guard force and establishing resilience through the COVID-19 pandemic phases.

Controlling Access

CPNI have produced guidance on securing and preventing access to non-essential area and how to ensure these Access Control points are kept clean and safe during a pandemic.

Countering Drones

This document provides advice on countering drone threats during COVID-19. It has been developed for new and existing CPNI customers.

Communicating with a Face Covering

The guidance provides some hints and tips on what can be done to maximise effectiveness of communicating when wearing a face covering such as a face mask, and some things that need to be considered when seeking to identify and resolve suspicious behaviour in light of the wide spread wearing of face coverings.

Promoting Protective Security Measures

Hostile actors and criminals may also seek to gather information about your organisation or event to inform their attack planning. CPNI have released guidance on how to promote protective security measures alongside any planned communications related to COVID-19.

Financial Distress

CPNI has drawn together important security considerations for businesses in financial distress, including those in insolvency or administration, either directly or as a third party. This guidance note covers people, information and property, highlighting how to protect your most important assets, with links to further CPNI advice. 

3 - Internal communications to the workforce during COVID-19

Preserving Organisational Trust

It is important to preserve the trust already established with employees, despite serious disruptions caused by such events as the COVID-19 pandemic. If there is a breakdown in trust and employees see limited efforts to support them during the crisis, some might seek to undertake unauthorised insider acts for their own benefit or even just to exact revenge against their employers. CPNI have guidance to give employers hints and tips on how to keep the trust employees have in their employers and organisations.

Communicating Organisational Change

As a result of the COVID-19 pandemic many organisations will go through a significant period of change to adapt to new ways of working. Communicating this change effectively to employees will help ensure they continue to trust in the organisation’s ability to support them during this period of uncertainty.

Return to Workplace

Guidance to support line managers for holding a ‘return to the workplace’ conversation with staff that will support the organisation’s personnel security regime.

Workplace Behaviour Campaign

This campaign can help encourage the right behaviours in your work premises to ensure your work can continue whilst keeping our employees as safe as possible.

4 - Remote Working

Remote Working

This document provides advice on the key Personnel Security considerations for remote working during the second wave of COVID-19.

5 - COVID-19 risk mitigations to Crowded Places

Countertop Screens

This guidance discusses the purpose and aim of the COVID-19 countertop screens and highlights the security implications which should be considered. Recommendations for meeting COVID-19 requirements as well as minimising the additional risk the screens may create from a blast threat are also provided.

Virtual Tours

Virtual tours are a great way of helping attract people to your site and/or plan their visit. For advice on how to create virtual tours CPNI has published Security Minded Communication Guidance for Virtual Tours.

Social Distancing in Public Spaces

The risk to people from Vehicle As a Weapon (VAW) attack remains a real possibility during the COVID-19 pandemic.  Social distancing measures will require authorities and businesses to guide customers in and around commercial premises and publicly accessible locations e.g. high streets.  In order to minimise the risks to people, organisations and authorities can take practical steps to reduce the risk. 

High Street Hospitality

CPNI has published guidance on protective security considerations for high street hospitality and guidance on protecting queues to counter attack this methodology. Additional guidance is on the Hostile Vehicle Mitigation page.

6 - Further information and guidance

There are other resources that will also offer guidance on dealing with the COVID-19 pandemic within your organisation. NCSC has produced a guide to working from home which gives information and guidance around the challenges of an increase in home working. They have also produced guidance on mitigating malware and ransomware attacks which provides information on steps to take before a malware infection has occurred and guidance to help organisations to select, configure and securely implement video conferencing services.

The Government also have a website which will be updated regularly providing the latest recommended guidelines on what we should all be doing during the lockdown.

If you have any queries regarding the above or if you would like to know more specific information please contact [email protected]

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.