How to Evaluate Your Physical Security
Business IT Self-Assessment – Part 7

We briefly touched on the issue of physical security for your small business in our last post. Today we’ll go in-depth into how to assess your businesses’ vulnerability to theft, malicious intruders, and other threats. 

We’ll also dive into how to create a business recovery plan in the event of a physical or digital data breach.

Office Space Physical Security

Last year a RiotGlass article reported that there are 6.5 million burglaries a year in the U.S. with 34% of break ins happening to small businesses, but only 13% of those burglaries being resolved by the police.

When it comes to physical security, it takes more than just putting a lock on the front door and calling it a day. If your office has multiple points of entry, or it shares an entryway with other businesses, there are additional steps you should take to ensure that the physical items in your office stay secure.

An example that illustrates this well comes from my days as a student intern for a nonprofit office. If I was the supervisor on duty for the call center, I was required to collect all the paper slips that held credit card information for donations we received that night. Because the call center closed later than the main office, it was my responsibility to lock up the folder with credit card information, lock the call center, and the next morning go back to retrieve the folder so that I could deliver it to the main office by 9am. (It goes without saying that this was in the days before our call center went automated with online gift processing!) And I couldn’t just drop off the folder at the front desk! I had to check in at the front desk and then walk the folder over and hand it directly to the person who processed credit card gifts. There were multiple measures in place to ensure that valuable financial information from our donors didn’t get left lying around. 

The first step is to locate the access points that a malicious intruder could take. As mentioned, if you have more than one entryway into your office, you are going to need to install security systems on all doors. A close circuit camera increases both the physical security of your office, but also the digital security. (You don’t want someone hacking into your video system and gathering information about your comings and goings that could make it easier for them to break in!)

Do your external doors have a standard locking mechanism, as in, it is unlocked during work hours and accessible by anyone? Consider installing a swipe card access system, which allows only your employees to enter and exit the building during normal working hours. 

If your office has a high-volume of clients, you can communicate to them that these enhanced security measures are also for their benefit, and consider installing an intercom or phone number for them to call so that a staff member can physically let them (and no one else!) into your office for appointments. You could also choose to install the card access system between your reception area and your main office space, if you don’t like the idea of clients being left waiting outside.

Even internal doors in your office should be reviewed. Is your server behind a locked door, and is it monitored by a video camera? Does each office door have it’s own lock? Is it best practice to ensure that all doors, not just the outer building doors, are locked at the end of the work day?

Update your office protocol to ensure that everyone is following best practice when closing the office. Having those multiple points of security is the best way to ensure that even if a break-in does occur, there will be more roadblocks (literally!) to a criminal accessing your server, laptops, and other costly items. 

This does get more complicated in the case of an open floor plan or a shared entryway or reception area with other small businesses. You’ll need to add your own additional safety measures if there are areas where you do not have full control of the physical space. 

Equipment Physical Security

Laptops and other vital pieces of portable equipment should be locked in a drawer or taken home after business hours. This is especially important in the case of a reception area that, for reasons mentioned above, could be easy to access by anyone walking in off the street or through a neighboring business’ entryway.

Laptops should have anti theft systems installed and passwords updated regularly so that in the event that one is stolen, you can slow down a criminals’ access to any small business information stored on that device. 

Even during office hours it is important to stay vigilant. If your office has a mail room and regular deliveries, are the delivery people allowed unsupervised access to the mail room and other internal spaces past the reception area? Can visitors and guests see directly from the reception area into your working office space? Do you require all visitors and delivery people to sign in at the front desk before they access the office?

These are all things you need to consider throughout your work day, because it is far too easy to see a uniform and think “Oh, of course that person has a right to be in XYZ space.” It’s also far too easy for someone to order a believable delivery uniform online, bustle into your reception with arms full of packages, and be waved back into the mail room where they can then walk around looking for empty offices with equipment left out to steal.

How to Create a Business Recovery Plan

So what happens when a physical breach does happen? Ideally, you would have a business recovery plan in place that will address both the replacement of lost items and data and business continuity in the meantime. Having a plan of action can help you feel confident that even if your office is broken into, you can continue to run your business, serve your clients, and restore your information. That peace of mind goes a long way in helping you run your business successfully.

Whether you have a continuity plan in place or you need to create one from scratch, here are important things to consider.

• What does your day-to-day look like under normal circumstances, and how might a physical threat affect that?
• What are your critical business functions and how will you plan to continue them in the case of any of the above threats? 
• Can your business services operate remotely without access to your physical office?
• How would the theft of a laptop affect your small business? How would a data breach or cyber criminal hack affect you? 
• How quickly can you replace lost or compromised items? 
• Do you have a crisis communications plan in place and a designated person who will run your recovery plan?
• What is your process for backing up and restoring critical data?
• What does your insurance policy cover and are there adjustments you should make to the policy?

Obviously the answers to these questions will look different based on your unique industry, service, and the type of security breach. It’s not fun to think about the worst-case scenario, much less multiple types of worst-case scenarios. But planning for the worst ensures that you’ll be prepared, no matter what type of business recovery plan you have to deploy. 

Tech Masters can review your business recovery and continuity plan, or help you create one. We work with the top security firms to ensure your critical business systems have the highest level of protection. Contact us for a free business technology assessment and learn more about how we can support your physical security.