Keeping your business safeguarded encompasses physical security precautions as well as cybersecurity measures. Here are nine essential tips to put in place at your enterprise.
1. Have an Effective Password Policy
Most of your employees probably use several passwords to access an assortment of workplace systems and interfaces — from their email accounts to time-tracking apps. The trouble is that people often reuse them across several services or sites. That could mean if a hacker gets someone’s password for one place, they could also access several others.
Enact a password policy that requires workers to use unique, strong passwords. Encourage them to pick a combination of letters, numbers and special characters. You may also specify that people must change their passwords every few months or weeks. Think about using a password manager so staying safer online becomes more convenient without sacrificing security.
2. Talk to Workers About Social Engineering
Social engineering occurs when people try to get others to divulge sensitive information or provide access to it. For example, a person might pose as a banking representative or tax authority and make someone think they must immediately provide private details to avoid dire consequences.
Social engineering could also have a physical aspect. Imagine if someone dressed in work clothes came up behind someone passing through an entrance and said, “Excuse me, could you hold that door? I’m here to take a look at the building’s air conditioner.” They may indeed have a legitimate access need, but it’s also possible that someone showed a brief moment of kindness and compromised security by letting an imposter inside.
Discuss social engineering with workers at length, and give them several real-world scenarios. The more they know about it, the easier it’ll be for them to recognize and handle possible attempts.
3. Instruct People to Verify the Authenticity of Urgent Email Requests
A newer kind of scam is the business email compromise (BEC). It is one of the most financially damaging online crimes. The people who orchestrate BECs have high chances of success since so many people depend on emails for personal and work-related reasons. Some scams target thousands of people at a time, but the BEC method is typically different.
It addresses one person, a single department or a similarly small group. The sender also poses as a known person, such as a supplier, company accountant or even someone’s boss. These emails often insist a person must act immediately, such as to transfer funds to secure a lucrative deal.
The ideal way to stay safe from BEC tricks is to ask workers to verify the legitimacy with the sender — through a different method than the original one. For example, if a personal assistant gets an email from their boss requesting to transfer $10,000 to someone right away, the recipient should contact their superior by phone before doing it. Replying to the email encourages a scammer to make their lies even more elaborate to convince a doubtful person.
4. Consider Investing in a Security System
A security system could prove instrumental in helping you reach your physical security goals. Motion sensors and burglar alarms are great for unoccupied buildings because they give peace of mind outside of business hours. You might also use a key fob or swipe card for access control, ensuring that the system only lets authorized parties into designated areas. Video surveillance systems also enable seeing 24/7 live footage of the premises.
Take your time to learn about the available options and determine which one is best for your needs. Most security systems also have accompanying apps, letting you view video clips and get alerts on your smartphone.
5. Protect and Encrypt Data on Company Laptops
Data protection is a crucial part of cybersecurity. Perhaps you’ve invested in endpoint detection tools, malware scanners and penetration tests to keep your online infrastructure as safe as possible. Those are excellent strategies, but you should also stay mindful of what would happen if a person takes a company laptop home or travels with it, and the gadget gets lost or stolen.
The easiest protective measure to take is to have the user set a strong system password. However, your company should also encrypt the data on the laptop. That way, if the computer does fall into the wrong hands, people won’t have open access to whatever it contains.
6. Keep Your Premises Well-Lit
Outdoor lighting is more important to physical security than you may think. A poorly lit parking lot may make workers feel unsafe while walking to and from their cars, especially if starting shifts early in the morning or late at night. Not having enough lighting also makes it more difficult for people to notice identifying characteristics of trespassers.
Start by investigating all existing lighting, and look for problems like burned-out or broken bulbs. Then, assess whether installing more lights — or a different, brighter type — would make your workplace exterior safer and more inviting.
7. Implement Automatic Software Updates
Outdated software often has security flaws that make it easier for malicious outside parties to gain access. Companies roll out patches after receiving notifications of those problems, but users can’t avail of them if they still use the old versions.
According to a 2019 study, 70.5% of respondents reported that their workplaces had old software. More than 50% said they used moderately or completely outdated technological resources at work.
A simple way to prevent that issue is to activate automatic software updates. Most programs have settings you can tweak to make new content transfer to the computer over Wi-Fi. Tech teams can also specify that the latest versions should only arrive outside business hours so they don’t affect productivity.
8. Set and Change Access Controls as Appropriate
The ideal situation happens when a person has precisely the amount of access needed to do their jobs. For example, not being able to see files associated with an assigned task affects productivity. However, if a company provides too many privileges, it increases the possibility of people exploiting them.
Beyond setting the parameters, don’t forget to alter them when a person’s role changes or becomes irrelevant. If a promotion puts them in a new department, they likely need different access capabilities. Similarly, you’ll need to revoke privileges when individuals leave. Fortunately, many companies providing access-related solutions let authorized parties make those alterations from a centralized dashboard.
9. Create a Security-Centered Culture
It’s much easier to have top-notch physical and cybersecurity when all employees realize they play a crucial role in upholding those ideals. Some people especially show skepticism toward online security. However, you can change their attitudes in several worthwhile ways. A security team that’s approachable and uses positive language when framing cybersecurity can help tremendously.
Use a similar approach with physical security. Keeping people and property safe is a serious matter, but remain upbeat if you can. Instead of expecting people to make quick changes that last, aim to help them gradually view security as an integral part of everything they do at work. Avoid baseless accusations or assumptions, too. If people feel nervous about reporting issues, they’ll stay quiet.
10. Operating a Safe Business Promotes Resilience
Both online attacks and those at your building can be devastating to finances, morale and reputation. However, if you remain proactive by applying these tips and others, you’re already on the path to having a stronger, more successful company.
Lexie is a digital nomad and graphic designer. If she’s not traveling to various parts of the country, you can find her at the local flea markets or hiking with her goldendoodle. Check out her design blog, Design Roast, and connect with her on Twitter @lexieludesigner.