Creating Strong Office Security Starts With A Good Plan

Security is all about letting the right people in and keeping the wrong people out. It’s been that way since people first gathered around campfires and chose one person to watch for intruders.

Building an effective office security system is about creating layers of protection that can raise the level of difficulty for intruders and create multiple opportunities to catch or repel them. When successful, office security doesn’t just keep the bad guys out, it creates peace of mind for your employees and the other people who may depend on it, such as clients, investors, and partners. Finding this balance starts by defining your security needs.

While we all recognize the importance of data security in a digital age, focusing solely on digital protection can leave vulnerabilities in physical protection. In fact, Verizon found that 22% of cyber-attacks involve abuse of physical access.

The first step is to establish the perimeter of your building and all physical access points. This allows you to plan how many cameras you need to cover all the important angles. The appearance of security cameras can serve as a low-level deterrent to malicious actors. That said,  don’t rely on camera decoys — when something does happen, there’s no substitute for video footage.

Keeping security footage for 30 days is standard practice. Even if you employ full-time security personnel to monitor video feeds and ensure they’re working as planned, it’s prohibitively expensive to have a person watch through every second of every day.

Sophisticated surveillance systems use a range of techniques to minimize storage demands and isolate useful periods of footage. The system can trigger a higher frame-rate recording when motion is detected and can provide alerts for abnormal activity. Having multiple hard drives or cloud backups can ensure clean records even if the system is partially compromised.

Security guards can be expensive, but you can still restrict unauthorized access by installing a digital access control system. By installing an access-control system that integrates door locks with your ID card database, you can assign access levels to every area of your office and corresponding permissions to every employee. That way, you can provide freedom of movement to the right people and trigger alerts when unauthorized people try to access restricted areas. Access control systems also keep logs of movement, so should there ever be an internal threat, it can be easily identified.

You need an alarm system that works with your access control system. If intruders only used clearly marked doorways, the job of office security would be a lot easier. Your security system should monitor unconventional access points such as windows, service entrances, and utility corridors.

When triggered, your alarm system should immediately alert the authorities and the responsible parties at your company. This increases the likelihood of catching the thieves and your chances to lock down any critical systems before it’s too late.

Cybersecurity is a major concern, but don’t believe for a second that threats to your data only come from virtual intruders attacking over the internet. If a malicious actor gains access to your physical server, they can wreak massive damage in a hurry. This also applies to physical data such as paper files left on desks or documents that are insecurely discarded. Some of this risk can be mitigated through proper employee security training. Employees should have a lockable drawer where important documents can be securely stored, they should be trained to never write down passwords, and documents should always be shredded and disposed of securely.

The important thing is to identify which types of data need to be protected and then establish protocols to keep them out of the wrong hands.

If you use on-site servers, then treat them like the precious treasures they are. Make sure the server room locks automatically and only authorized employees can access it. Cover your server room in the surveillance cameras and make sure that you keep an updated list of who has permissions — a list that should be revisited every time an employee separates from the company.

Instruct your employees on which types of information are confidential or especially valuable. Provide locking filing cabinets and drawers to all employees so they can easily store and protect printed information.

Keeping an accurate inventory of assets should be a recurring task for any IT department. It is critical to know which employees have access to what devices. IT should also ensure that the device is up-to-date with software updates to remove any vulnerabilities. Employee passwords should have minimum difficulty standards and required update periods — typically every 90-days.

Your company may have other valuable assets that aren’t stored on paper or on a hard drive. Identify what they are, think through how to secure them, and create access control logs to monitor who touches them and when.

Training your employees on your security measures and the proper protocols to follow can greatly reduce the risk of theft and intrusion, as well as increasing the likelihood that any intruders will be caught before they do much harm. Employees should be trained annually on the most current security practices. Training should include behaviors like:

1. Knowing how to report unrecognized/unauthorized visitors.
2. Avoiding compromising security features – like holding doors open for un-badged guests.
3. The risks of social media and social engineering.
4. Identifying common phishing attempts.
5. Avoiding dangerous websites.
6. Password best practices.

Communication is a two-way street. Your security plan should detail both how you will communicate with employees during a security event and how employees can securely notify management of any issues. The emergency communication plan should have different levels that match the communication with the risk level. For example, a t0-everyone-email is probably sufficient to notify employees of an active phishing campaign again your company. An intruder in the office would warrant more urgent communication, like using the paging system.

The same methodology should be applied to reporting issues to management. There should be a secure and confidential email inbox to report any internal concerns, like a fellow employee taking home sensitive documents. For more urgent emergencies, the use of blue-light telephones around the office campus might be more appropriate.

Employees are your strongest asset, but it would be naive to ignore the reality that employees can also be a security risk. Strong background checks and references can serve as a frontline defense against employee theft. Beyond that, it is important for business owners to have strong auditing processes to catch both physical theft and theft of sensitive data. Training employees to be aware and identify suspicious behavior is another step towards minimizing internal damage.

Above all, it’s important to document your security plan, review it with all major stakeholders and audit your procedures regularly. The best security in the world doesn’t do you any good if people don’t support it and keep it in good working order.

Your security plan should include lists of common threats, such as external theft, internal theft, phishing, active shooters, and natural disasters. Document how your organization should respond to each threat and who is responsible for reporting on the event once it’s over.

It’s better to have an imperfect plan that you implement and follow than it is to have a perfect plan that isn’t executed. Strong building security isn’t a static system that you can set up and forget; it’s a dynamic network of systems that work together around the clock to protect your business.

i.e.Smart Systems is a Houston, TX based technology integration partner that specializes in design and installation of audio/visual technology and structured cabling. For more than three decades, our team of in-house experts has partnered with business owners, architectural firms, general contractors, construction managers, real estate developers, and designers in the Houston market, to deliver reliable, scalable solutions that align with their unique goals.