Your cybersecurity is only as good as your physical security (and vice versa). They are now very much two sides of the same coin. With that in mind, here Newgate, specialists in secured access solutions share their tips on business security and how to keep your facilities safe.
The basic concept of security
Security essentially means ensuring that attacking you is more hassle than it’s worth. Consequently, the level of security you need depends on your assets. This means that different businesses will have different security requirements. In fact, even within the same business, different kinds of assets may need different levels of security protection.
All security practices derive from this basic concept. Likewise, all security-related decisions should be taken with this concept in mind. In short, you aim to do the minimum amount of work to create a sufficient level of deterrent. Here is a quick guide to some points you should consider.
It’s vital to undertake regular risk assessments
You can only manage risks if you know what they are. The best way to find out what they are is to undertake regular, proactive risk assessments. The reason you need to conduct risk assessments regularly is related to the reason why you need to conduct them proactively. You want to be able to identify changes before they have an impact on you.
Remember, security applies wherever your staff work. If you have remote, hybrid and/or mobile workers then their work locations have to be included in your security assessment. The security of their business facilities will almost certainly impact the security of your main business location(s).
Likewise, if you have to move physical assets, then you need to think of their security in transit. This is particularly important if you have to ship them across borders. Post-Brexit, packages going to the EU need to have commercial invoices attached. These have to show the nature and value of the item. That can make your packages targets for criminals.
Security starts with your staff
Given that most companies are working on tight budgets, you need to prioritise your most valuable assets over your less valuable assets. In any organisation, your most valuable asset is your staff. That means your security starts with them. In fact, it starts even before they become your staff. Having a robust vetting process for potential staff is essential for your business’ security.
Once you have staff in place you need to think both about protecting them from threats and about stopping them from becoming threats. The way to protect your staff from threats is to ensure that you think about the threats they might face as part of your security risk assessment. The way to stop your staff from becoming a threat is to create robust, enforceable security policies.
Security policies reduce the scope for human error (and fraud)
If you’ve vetted your hires robustly, then any security issues you experience should be through human error rather than fraud. With that said, fraud cannot be completely ruled out. Vetting practices only identify what people have done in the past. In fact, more specifically, they only identify what people have been caught doing in the past.
The good news is that minimising the scope for human error generally also helps to minimise the scope for fraud. Firstly, it makes it more likely that issues will be detected early. Secondly, it makes it harder for bad actors to claim that they were making genuine mistakes.
You should aim to automate your security protocols as much as possible. That means staff can’t forget them. For example, if you have a security protocol that requires staff to log when they enter and leave an area, make them touch a pass card to a reader to go in and out. Training, although important, should be your Plan B rather than your Plan A.
Training should be kept to a minimum. It should focus on what staff really need to know to do their jobs effectively. Staff will only remember what they’ve learned if they’re continually applying it. Even if they are, it’s generally advisable to give them periodic refreshers. This is also an opportunity for you to check if your processes need to be updated.
You need an effective learn-and-prevent strategy
Even with all your preventative measures in place, security incidents are going to happen. That is just about inevitable. When they do happen, assess them and learn from them. Take measures to ensure that they don’t happen again and then move on.
Protect your infrastructure to protect your assets
Physical security is now converging with digital security and technology. Overall, that is massively exciting. It opens up all kinds of possibilities for businesses of all sizes from sole traders to enterprises.
At the same time, it does mean that physical security is now increasingly dependent on technical infrastructure. In particular, it often depends on electricity and network connectivity. Make sure you have security protocols in place for outages to any essential infrastructure.
Apply effective access controls
Effective access controls are at the core of security. In the context of physical security, that means implementing physical barriers with an authentication process to pass through them. This can mean anything from electric gates with Automatic Number Plate Recognition to petty-cash boxes with keys via metal window shutters and doors with access-card readers.
As always, you don’t need to use a sledgehammer to crack a nut. A small local business is unlikely to need the same level of protective barriers as an advanced research facility. If in doubt, however, err on the side of caution and add extra protection. Also, try to use modern access controls rather than physical keys. They are both more secure and more convenient.
Support access control with monitoring
Assume that your access controls are going to fail. Use monitoring to detect failures. These days, CCTV is now within the reach of even the smallest businesses.
You should also keep an inventory of your assets and log all actions taken with them. Ideally, make sure that people have to log their actions in order to perform them. Even so, you should spot-check regularly to ensure that the correct process is being followed.
It’s also worth noting that monitoring depends on visibility. In the case of CCTV that means literally. You should therefore ensure that your monitoring systems have sufficient visibility of whatever it is they are meant to monitor. For example, in the case of CCTV, you need to ensure that there is sufficient lighting. That may require you to move items to prevent shadows.
Test in the real world as much as you can
There will probably be limits as to how practical this is but if you do get the opportunity, take it.
