When we hear about workplace safety, we usually think of places like construction sites and factories. Places where accidents can easily occur. However, 2018 and 2019 saw several high-profile incidents of workplace violence unfold in office spaces. It highlighted an important need: workplace and office security.
In order to ensure employee safety and well-being, as well as maximize productivity, a company must make its workplace feel as safe and secure as its employees’ homes.
Additionally, a safe and secure office not only protects the employees, but it also protects its data, documents, and other physical assets from theft and damage. Office security helps keep a business up and running, on top of reducing its liabilities, insurance, and other related expenses.
In other words, a secure company is a more profitable company.
What kind of threats exist towards office security? And what should a company do to keep its physical assets and employees safe from these threats?
Threats to Office Security
Every company has items of value it needs to protect, such as its inventory, data, documents, computers, communications, and employees from theft and attack. Putting any of these essential assets at undue risk is an unconscionable breach of responsibility.
The assets of a typical business face a number of identifiable risks. These risks include:
- Burglary and theft. Both physical and virtual assets can be stolen. Intruders can physically break into an office and steal money, inventory, confidential documents, computers, and other documents. Virtual thieves can break into a company’s network and steal digital documents, business secrets, and other confidential data. Thieves don’t have to be external actors; the incidence of employee theft is on the rise and can be even more destructive. All of a company’s assets need to be protected against theft of any type.
- Vandalism. Vandals can damage both physical and virtual assets. The result is the same – documents, data, and devices defaced, destroyed, and otherwise rendered unusable.
- Unauthorized access. Criminals don’t have to physically steal something to do irreparable harm. By accessing a company’s physical or digital files a malicious intruder can steal company and trade secrets, disrupt company communications, and even lock employees out of key systems.
- Extortion. Malicious actors can render systems, data, and other assets unusable unless a ransom is paid. This form of extortion is often done digitally via the use of ransomware that locks companies out of their own systems.
Any of these malicious actions will, at the very least, cause a disruption in a company’s operations. At worst, these security breaches can significantly impact a company’s bottom line and even, in the worst of circumstances, force a company out of business.
Develop an Office Security Plan
How does a company create a safe and secure office environment? No company has to reinvent the wheel; there are established office security best practices and procedures that, when implemented, help to create a safe workplace for all employees.
After knowing the potential threats to company assets and employees, the first step a company should take is to develop a detailed security plan. This plan should spell out potential risks, necessary steps to mitigate those risks, and instructions for recovering from any security incidents. A good place to start is with the guidelines issued by the U.S. General Services Administration.
Most companies approach an office security plan by following these steps:
- Assess the security risks to the company, its physical offices, and employees.
- Determine where the company is most vulnerable to theft, vandalism, and other forms of attack. Identify the company’s most vulnerable – and valuable – assets.
- Evaluate ways to protect against identified vulnerabilities.
- Implement actions, systems, and technologies to secure the company’s office and assets.
This security plan should be a written document or series of documents, distributed to key management, security staff, and appropriate employees. The plan needs to be embraced by all players and adequately funded by management.
Of course, developing a security plan is just part of the solution. The plan must be fully implemented and then monitored and updated on a regular basis. Situations change, threats evolve, and new assets are acquired; the company’s security plan must adapt to all of these changes.
Best Practices: Physical Security
The most common and most effective security methods involve physically securing premises, people, and other assets. This can be done via traditional means or using various types of security technology.
Lock All Doors and Windows
This may sound like a blatantly obvious thing, but all building doors need to be closed at locked at the end of normal business hours. For added security, keep doors locked during business hours and require keycard entry for employees. Electronic locks are more effective than traditional mechanical locks.
Install Physical Barriers
To guard against forced entry, consider installing swing gates or similar barriers at key entrance points. To keep automobiles from ramming into exterior doors and windows, install physical barriers along the building’s perimeter and in front of large doors.
Install Metal Detectors
To help guard against violence from guns, knives, and other weapons, consider installing metal detectors at all key entrance points.
Employees should be issued identification cards to be worn on a lanyard or clipped to their clothing. Guests should be issued temporary ID cards. This way unauthorized visitors will be easily and visually recognizable.
Employees and authorized visitors should also be issued electronic keycards. The use of keycards to enter the building, office or specified areas can and should be tracked by a computerized security system. This way the company can track who is in the building, where, and when.
Develop Access Control Policy
Not all areas of the company should be accessible by all employees. It is now commonplace to restrict access to certain areas for designated employees only. This is done by installing electronic keycard readers on doors leading into restricted areas.
Management and security staff should develop an access control policy to determine which employees have access to which areas. Only approved employees can enter these designated zones by using their keycard, and employees not previously approved are locked out of these areas.
Many companies employ a “nested” or zoned access policy. In this scheme, the facility is divided into different areas or zones, with each zone having its own level of access. The least secure zone is accessible by all employees and has the least amount of security. The next zone is restricted to a smaller group of employees using a more sophisticated means of entry, such as a keycard. The next zone is even more restricted and secure.
This “nesting” of access continues to the office’s most secure areas, which are restricted to just a handful of employees via multiple locking systems.
Secure Important Documents
Important company documents should not be left laying around on people’s desks. The more important the document, the more critical it is to secure that document inside a locked safe with limited access.
Secure All Cash
If a company deals in cash transactions, all cash received should be immediately secured inside a safe. Employees should only have access to small amounts of working cash.
Larger corporations should be on the lookout for potentially dangerous packages delivered via the mail or delivery services. Develop a policy for how deliveries are accepted and monitored. Be cautious of packages with no return address.
In addition, security may want to check the bags, purses, and backpacks of all the company’s visitors, both arriving and leaving the building. A post-visit bag check is especially important to guard against theft of documents and other assets.
Require Strong Passwords on Computers
All of the company’s computers and devices need to be secured with strong passwords. If possible, two-step authorization should be employed for stronger security. Make sure employees do not write down their passwords – or, if they do, that they don’t place their passwords in easily found locations, such as on top of their desks. In addition, all computers and other devices should be logged and labeled to aid in recovery in case of theft.
Best Practices: Systems and Staff
One of the most effective ways to protect a workspace is by watching it. Companies can use traditional human-based surveillance as well as state-of-the-art electronic surveillance.
Employ Appropriate Security Staff
All companies above a certain size should hire security personnel to monitor the workspace. This staff should patrol the building both during and after work hours. Designated security personnel should also check and log in all office employees and visitors, as well as discourage loitering on-premises.
Obviously, a full-scale security staff might be overkill for a smaller organization. Security log in duties may have to be assigned to another employee, such as the receptionist. Other security activities can be outsourced to a third-party security firm.
Record All Visitors
Security or office staff should keep a record of all visitors, either electronically or on paper. This record should list the visitor’s name, company, purpose, time in, and time out. Historical visitor records should be easily accessible if necessary to track possible intrusion or theft.
Install Video Surveillance
All offices, big or small, should have appropriate surveillance systems installed. Cameras should be installed both inside and outside the building. Live monitoring is recommended for sensitive areas or assets in large organizations. All feeds should be recorded with either onsite or cloud-based storage for future review. For stronger security, consider using a remote monitoring facility, staffed by an external security firm.
Install Intrusion Detection Systems
All companies should install physical security systems in their buildings. This typically consists of traditional locks or electronic keycard readers on all external doors and doors leading into defined workspaces. Doors and windows should be protected by glass breakage, perimeter, passive infrared, infrasound, ultrasonic, photoelectric, or motion sensors.
Any breach of the security system, especially after hours, should set off a loud alarm (to scare off intruders), activate emergency lighting, and automatically notify local authorities and company security and management. Ideally, the security system should be monitored by an independent security firm. Rapid response to unauthorized entry is important to both catch and discourage intruders.
Install Second Layer Security
For particularly sensitive areas or assets, a second layer of security should be employed. This may include additional sensors and alarms, surveillance cameras, or perimeter protection. This is particularly important for servers and data rooms, which should be protected with their own electronic locks and alarm systems.
Secure the Building Itself
Most security plans focus on obvious entry points, such as doors and windows. Security experts recommend that companies also consider the construction of the building and look for less-obvious points an intruder could use for entry.
For example, a good security plan considers and defends against roof or ceiling entry. Drop ceilings can be used to enter from less secure to more secure areas. Solid floor-to-ceiling barriers, including through drop ceilings, should be installed around all restricted areas. These barriers should also be equipped with intrusion detection systems.
Secure Public Areas
Areas of a building that are open to visitors, such as waiting rooms, should only have secure doors to the rest of the building so visitors can’t inadvertently or purposefully enter private work areas. This public area can have guest-level WiFi access but no direct connections, wired or wireless, to the company’s main network.
Consider the Lighting
A building’s physical security can also be enhanced by installing proper lighting around the building’s perimeter and at all entrances and exits. Strong lighting will deter burglaries and assaults and generally make a building safer.
Install Other Detection Systems
It should go without saying that all public buildings should be protected by smoke, heat, and carbon monoxide detectors. Proper authorities, including the local fire department, should be notified when conditions activate these alarms.
Best Practices: Preparedness
In addition to the best practices discussed, companies need to prepare for security incidences. This means establishing security guidelines, developing an emergency response plan, and training employees on security procedures.
Establish Security Guidelines
Every company needs to create a set of security guidelines for the organization. These guidelines should establish the procedures that employees must follow to enhance the organization’s physical and virtual security.
Develop an Emergency Response Plan
Staff needs to know what to do in the case of a workplace emergency. It’s important to develop detailed plans for responding to all kinds of incidents, for employees, management, security staff, and first responders. A good place to start is with the BeSafe Emergency Response System, which tackles all these issues and more.
Test the Security
It’s important to verify that all security and surveillance systems are in working condition. Test all systems when installed and on a regular basis. Record the results of each test and make necessary adjustments and repairs based on results.
Stock Emergency Kits
It’s important to have emergency kits available for use when necessary. These kits should include first aid supplies, one or more flashlights, bottled water, and similar items. Distribute multiple kits throughout a large workplace or on individual floors of a large office building.
Conduct Security Training
Employees at all levels need to be trained on the importance of office security. This mandatory training should present and reinforce the company’s security guidelines and stress how the security of the company is dependent on the vigilance of individual employees.
Manage Employee Turnover
Every employee who leaves a company presents a new and unique security risk. When an employee leaves, on good terms or bad, that person’s security privileges should be immediately revoked. All security-related devices, such as keys and keycards, should be obtained from that individual and that person’s access should be removed from the company’s system.
Security and front desk personnel should be alerted to that employee’s leaving, especially if the employee was terminated or left on bad terms so that they can keep an eye out for any future unauthorized access by that person. If the person was at a high enough security level, the company may need to change passwords, access procedures, and such to prevent that person from further accessing the system.
Keep Systems Updated
Installing security systems and implementing security plans is not a one-time operation. Security technology is constantly improving and physical systems need to be periodically updated to keep pace with similar developments from the criminal element.
Plans and procedures also need to evolve over time as new assets are required and as security threats evolve. Keeping a company’s security up-to-date is a constant process that requires continual attention and regular funding. Not updating a security system will eventually put a company at risk.
BeSafe Ensures Office Security
Creating a secure office environment is more than good business, it’s essential for the safety and well-being of all of a company’s employees and data. The BeSafe Building Safety System can help your company ensure your office security and be prepared in the case of any emergency.
Contact us today to learn how to BeSafe.