Not so long ago, if you mentioned security in any business setting, people would instantly think about security systems such as cameras, badge readers, alarms, locked doors, and guards. Conversely, the first thought that typically comes to mind today is cybersecurity. With threats that can instantaneously come from anywhere in the world, this shift in focus completely understandable. However, it also means that physical security has quickly become a secondary concern.
It doesn’t matter if you have a home office or storefront, physical merchandise, or intellectual property, theft or damage of resources can quickly put your company at serious financial risk. The costs associated with replacing or repairing these resources, or the downtime experienced while your business is unable to operate normally, can be devastating.
A fair amount of the theft and damage to any business comes from insiders; however, outsiders also lurk about as well, waiting to take and exploit your physical assets for their own gain. Threats from these entities can be mitigated by implementing some very simple and inexpensive measures.
So what can you do?
Assess your risk: Complete an assessment to identify risks to your business. Once risks have been identified, you need to consider the impact that each one has on your business operations and rank each according its impact to continuity. Once done, you can narrow your focus allowing you to only implement what you truly need. Once you’ve identified and rank the threats, you need to take action to decrease the risk. Eliminating a threat is not always possible, so focusing on lowering your level of vulnerability, you lower the risk of loss to your company. The final step is determining those security measures that provide the greatest impact.
Add some surveillance: Adding a camera is not only a great countermeasure to theft, it is also very inexpensive to implement. Having an openly visible camera is a great deterrent to would-be thieves. Cameras also provide documentation if an incident occurs. They can help identify the perpetrators, as well as providing insight in re-examining your risks.
Change your locks: Changing locks on your doors and cabinets is one of the easiest and cheapest things a small business can do to improve their security. Whenever possible, install high-security locks in areas where sensitive customer information is located. In cases of limited space, high-value data can be stored in locked cabinets, drawers, tethered cables, etc. Locks can even be added to existing cabinets, drawers, etc. if no lock is currently present. For the highest quality locks and installation, a professional locksmith can be employed. Locks and door mechanisms do not function properly should also be replaced or repaired. A defective lock or door provides little-to-no security. They are much easier for criminals to exploit, and employees are more likely not to use poor or malfunctioning locks.
Controlling paper documentation: The first step to securing your paper documents is to classify them. Keep your classification system simple, with no more than four classifications.
Examples of different document classifications would be:
Public: This type of information is not confidential at all and is typically used for public consumption. An example of this classification would simply be marketing or sales materials.
Proprietary: This type of information would be restricted to only approved internal and external entities. Examples of this classification would be documented policies and procedures.
Customer confidential: This is confidential information received from your valuable customers. An example of this type of information would be credit card numbers, medical data, or any other personally identifiable information (PII). This data should be restricted to approved internal access only.
Company confidential: This is information that is used by your company to conduct business. Examples of this type are financial documentation or an employee’s personal information. This information would only be used within your company and restricted appropriately.
Once your documentation has been categorized, you should consider setting up document templates and incorporating the document classifications which will better enable you to monitor the circulation of your documents.
If there are sensitive documents marked as trash, then they should be shredded as quickly as possible and keep them locked up until you do so. Paper documents should never be simply thrown away. There should also be a clean desk policy to help in preventing sensitive documents left unmonitored on employee desks.
All businesses must protect their physical assets as well as those in the cyber world. A large part of running a successful small business is improving both its physical and cyber security posture. It’s easy to forget about physical security, but if you don’t keep your business safe and secure, you just may be out of business.
Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.