Protecting your assets is one of the highest priorities for modern businesses, whether it be physical property, staff, or even intellectual property (e.g. images, or designs). Research has shown that 24% of small businesses are subject to a serious security breach fold within 12 months. It’s for this reason that we encourage not just our clients, but you the reader, to regularly audit your business security, and take your findings seriously. This blog shows our recommendations for auditing business security, based on over a decade of working in the security industry. With even enormous businesses like the NHS falling victim to ransom attacks, we hope you’ll agree this is worth a read, so that you can audit your businesses security effectively.
Businesses don’t just need to gain a basic understanding of the risks that are present- they need to establish what needs prioritising the most. There should be serious considerations of how dangerous the implications could be with each type of security breach and how challenging/expensive it would be to protect the business from each type of breach.
For big businesses like banks, cyber security and physical security is at the forefront of everything they do, and hence it’s worth for them to invest vast sums of money to keep all aspects of security up to date, to ensure that they are working as intended. For smaller businesses however, it would be silly to spend hundreds of thousands on monitored alarms, CCTV, cutting edge computer security and so forth – it would however be reasonable to invest in a basic alarm system, to keep data backed up, and to write procedures for things such as securing the building properly over long breaks (e.g. Christmas). Be realistic about what you need to achieve when your audit your business security and make sure your approach mirrors this from the start.We’ve carried out installations as small as a single CCTV camera accompanied by an alarm system and as large as a CCTV network across 35km with a surveillance control room. Ultimately when providing our technical and security services to clients we know that its always imperative to recommend and install equipment on a case specific basis, so that everything is fit for purpose.
DISCUSS AND ANALYSE
What we would recommend is to discuss with your team (often you’ll find other staff may be well placed to spot things that you didn’t) about the biggest risks to your business (e.g. burglary) and try and assign a score of 1 to 5 for both severity should it happen, and again for the likelihood that it would happen. By multiplying these two values together, you get a very rough estimate of risk – with the higher value meaning it needs to be tackled with more urgency and importance. If your risk as a business is high, it may be worth trying to put a financial value on the implications – if servers are stolen and your business therefore cannot function, this cost may be thousands of pounds per hour, and hence this information would show you that it’s worth investing to secure, or have back up options for your server in this case.
An example of a layout is shown below.
TALK WITH EXPERTS
Now you have a priority list, it’s time to discuss with experts. The hardest thing with a security audit, is unless your business is very small, it’s difficult to assess the security holes yourself – it’s a business you deal with day in day out and often will overlook things that are common procedure that actually present a risk.
An example in this case would be that you may mark your physical security as very high as you have strong 5 lever locks, fitted by a qualified security firm. However, a company like ourselves would advise that as you all share one common key, not only would it be easy to break in should the keys be lost near to the building, but also should an employee wish to take from the business, there would be no way of identifying which key was used. A much more secure system would be access control, with individual key fobs assigned to each user, with an audit trail of access and the ability to remotely disable particular users access fob should they lose it – this can even by done from your phone, minimising the time risk, and cost of replacing locks etc.
We work with Paxton as a gold level installer and find that systems like these can be fitted at minimal cost and help provide peace of mind.
Many of the security systems we find installed at businesses, are occasionally not maintained, or have been installed and assumed to be working for quite some time; be it CCTV, access control, or even manned guards.
Particularly for higher risk premises, if a security risk seemingly has a high factor (such as theft), which is perhaps mitigated by a monitored CCTV alarm system – then this should be tested when you audit your business security. We would always recommend unannounced tests, perhaps even done during out of hours in order to try simulate a real ‘worst case’ scenario. Not only will this make sure that the system performs as expected, but also there’s no peace of mind quite like knowing someone or something was stopped in its tracks as designed. All systems where applicable should be maintained at regular intervals, at least annually but sometimes more. This ensures that there aren’t high repair bills should the audit find that nothing worked as expected, and instead issues are tackled on an ongoing basis as part of an operating cost of the business.
A company like ourselves can provide recorded tests of alarm systems or penetration testing for IT systems to ensure they are secure
Business security is something that unfortunately needs to constantly be invested in. Threats change often, and particular in the information heavy age that businesses operate in today, this has never been more valid. The days of companies investing in security as a one off ‘capital cost’ are gone and now it should be seen as part of the cost of operating a businesses. We and other security companies can help with this, offering lease packages for equipment of incorporating equipment upgrades into maintenance packages. This along with a regular audit will ensure that security holes are addressed as they become apparent, without the shock should the worst happen. By regularly addressing it, it avoids complacency and keeps you at the forefront of technology. Security systems now can cost effectively include high definition recording, access from mobile phones, and integration of multiple systems (e.g. alarms, access control etc).
As your business grows, so will its security needs and ultimately safeguarding your business from threats is a job that doesn’t have an end date – so embrace it and find a company that you can work with- who you trust to advise you on security, to stop the worst happening.