That said, for the businesses that are still trading, some showing true grit and resilience in this unpredictable climate, there are yet more risks to be assessed.
There are both internal and external threats to consider. People behave differently under pressure and it has never been more true that desperate times call for desperate measures. Businesses are under constant threat from competitors and indeed desperate employees who may believe that their employment is no longer secure.
Unemployment is at its highest since 1995. In a recent survey entitled The recession and its effects on work ethics, carried out among 250 office workers in Londons busy Canary Wharf, a staggering 60% admitted they would take valuable data with them (if they could get away with it) were they faced with redundancy or the sack.
Remarkably, 40% confessed to having already snooped around the networks and downloaded sensitive company secrets from under their boss nose in anticipation that they could lose their job.
With all this going on internally added to the usual business pressures of your competitors trying to get an edge, add to that the terror threat that could face any business and load on the possibility of random vandalism and general crime. Its probably time you gave your business a security health check.
– Carry out a risk assessment to decide on the threats you might be facing and their likelihood. Identify your vulnerabilities and the potential impact of exploitation. Act on these risks. Decide on a plan to eliminate or reduce these risks. Implement it, consider the risks, identify a problem and act to reduce the risk.
– If acquiring or extending premises, consider security at the planning stage. It will be cheaper and more effective than adding measures later. Security of your business should be at the heart of all new projects. Speak to your current security provider for guidance or contact a consultant if you are unsure what is required.
– Make security awareness part of your organisation’s culture and ensure security is represented at a senior level. Security should not be left to a junior staff member. Whether it be IT security to physical security board members should be involved and accept ultimate responsibility for the businesses decisions that are made.
– Ensure good basic housekeeping throughout your premises. Keep public areas tidy and well-lit, remove unnecessary furniture and keep garden areas clear. These basic steps have foiled many an attempt to cause harm to a business or individual. It also acts as a deterrent as visibility is clearer therefore the chances of being seen higher.
– Keep access points to a minimum and issue staff and visitors with passes. Where possible, do not allow unauthorised vehicles close to your building. An efficient reception area is essential to controlling access, with side and rear entrances denied to all but authorised people. Keep access points to a minimum and make sure the boundary between public and private areas of your building is secure and clearly signed. Invest in good quality access controls such as magnetic swipe identification cards or ‘proximity’ cards which are readable from a short distance. If a staff pass system is in place, insist that staff wear their passes at all times and that their issuing is strictly controlled and regularly reviewed. Visitors should be escorted and should wear clearly marked temporary passes, which must be returned on leaving. Anyone not displaying security passes should either be challenged or reported immediately to security or management. Consider introducing a pass system if you do not have one already.
– Install appropriate physical measures such as locks, alarms, CCTV surveillance, complementary lighting and glazing protection. Contact your own or a reputable security provider to discuss systems that could be introduced that may compliment or replace your existing systems and that are within your budget.
– Examine your mail-handling procedures
– When recruiting staff or hiring contractors, check identities and follow up references. Staff should be vetted correctly. You are allowing these people full or partial access to your business. You must be sure you know as much about them as is possible. You must be sure they have not recently been in prison or have had extended holidays out of the UK. Did you check their references thoroughly before you let them swipe in or log on? If you havent got the time or ability to do this you should absolutely outsource this immediately.
– Consider how best to protect your information and take proper IT security precautions. Examine your methods for disposing of confidential waste. Trust is not a security policy.
– Plan and test your business continuity plans, ensuring that you can continue to function without access to your main premises and IT systems. This is key to any business. Everyone is liable to flood at some point, be shut down by a highly contagious illness, suffer a fire in the premises or just have the main server blow up. What if the water supply to your site broke and all staff had to be sent home? Terrorism is a real threat that should not be over looked but perhaps a more realistic danger for your business is Swine Flu, Norovirus, no heating or a burst water pipe. All these could stop your business functioning.
Your security supplier should be able to help with all these issues and help you work your way through your health check. If your security is in house perhaps it would be worth contacting a consultant to assist with the health check, testing your current provisions and creating a plan.