Office security can be broken down into two main areas: 1) protecting your office and employees from vandalism, theft, and personal attacks; and 2) protecting your office from corporate sabotage, both from inside the company and out. The first area deals more with the actual office itself—its layout, the use of security guards, alarm systems, and so on. The second area is primarily concerned with protecting a firm's intellectual property through the introduction and utilization of such measures as shredders, computer security, and employee surveillance.
PHYSICAL SECURITY: PROTECTING THE OFFICE AND EMPLOYEES
Office security is an issue for every business, no matter the size. There are many steps that can be taken to improve security, many of which require relatively inexpensive outlays. To find out what is best for his or her company, a small business owner should hire a security consultant to visit the business premises and conduct a thorough security analysis. This review can identify weak spots and provide a clear plan for upgrading security.
The best place to start when examining office security is the physical layout of the office itself, or the layout of the larger building of which the office is a part. Office design should stress wide, open areas with clear sight lines. Hallways and offices should be open and have no nooks or crannies where an intruder could hide in the shadows. All areas should be well lit, especially after hours when employees might be working alone or in small groups. Mirrors in stairwells and inside and outside of elevators allow employees to see around corners or past obstructions.
Doors and windows are the most obvious access points to an office and should be secure. Avoid double doors because they are easily hinged open. Ideally, entranceway doors—particularly those used for deliveries, etc.—should be steel, or steel-sheathed. This helps with security and also aids in fire prevention. Door hinges should face inward whenever possible; use non-removable pins and screws if it is not possible. Simply upgrading hinges and door locks is one of the cheapest and most effective security steps a business can take. Deadbolt locks are best, whether they are electronically controlled or manual in nature. Combination locks on washrooms and other common areas are also an excellent option. Employees don't have to carry keys and the combination can be changed frequently. All windows should use key locks, and windows near the ground level or fire escapes should have steel bars or lockable gates that meet local fire codes.
INCREASED USE OF ELECTRONICS
Improvements in electronics, computers, and other high-tech security features have given business owners new tools to fight crime in recent years. Perhaps the most common electronic tools are closed-circuit surveillance systems and access-control systems.
Closed-circuit surveillance systems use television cameras to monitor specific areas of a company's workspace. Signals from the cameras are fed back to a central monitoring post, where a security guard or company employee watches for signs of abnormal activity. These systems are effective both during business hours and after hours. But while video technologies can be an effective deterrent and investigative tool, a closed-circuit system only works as well as the people monitoring it. The guard or employee must give the video monitors his or her complete attention.
Access-control systems start with establishing "point of control" access over an office. That means that all tenants and guests are routed through a control area before admittance is authorized. The control point can be as low-tech as a sign-in sheet or as high-tech as an elaborate system to scan the fingerprints or retinas of visitors (most security experts understandably cite the former as an inadequate measure, in and of itself). Most common is the use of access cards, or "swipe" cards. These cards are electronic "keys"—the user passes a part of the card through an electronic reader stationed outside a door, and, if the person is authorized to enter, the door is unlocked. Newer versions of the swipe cards include video imaging. A central computer stores a photo of the employee and as much pertinent information as the company desires, including work hours, emergency contact numbers, license plate numbers and make of car, and other information. Electronic cards are preferable to metal keys because an electronic key can be deactivated at a moment's notice if an employee is fired or deemed a security risk. If metal keys are used, every lock in the building has to be replaced if a security breach is suspected.
Other electronic systems that are being used by security-conscious firms include tiny hidden cameras, panic buttons that summon security when pressed, and electronic door chimes that make it easy to tell when someone has entered a workspace. The tiny cameras are perhaps the most popular innovation. They are small enough to be hidden in a clock face or a heating vent, yet provide a powerful tool for monitoring employees in areas where employee theft is suspected. Use of the cameras only works if their existence is kept a secret from the employees that are under suspicion.
Finally, identification tag systems are an increasingly popular tool in many businesses. Laminated photo identification cards are inexpensive to produce and update, and they can instantly identify employees and the department from which they hail. These photo ID cards can be particularly useful for larger, diversified enterprises in which employees may not know or interact with every other member of the workforce.
Alarm systems are another popular office security tool. There are two primary types of alarm systems: those that sound a loud siren or other noise when a break-in is detected, and those that send a silent alarm directly to a security company or to the police, who then respond to the alarm. The type of alarm chosen depends in large part on where the business is located. Loud alarms work well in small towns or in low-crime areas, but businesses located in urban or high-crime areas have found that nearby residents have often become so used to alarms going off that they ignore them. In that case, a silent system linked directly to the police may be preferable.
Systems can range in complexity and price. However, any alarm system must cover all the doors and windows into a business to be effective. Most common are motion sensors that detect movement where it is not supposed to be occurring, or window glass bugs that are activated when glass is broken. Examples of advanced systems include combined audio and video alert systems that are triggered by noise. When the sounds of a break-in are detected, the security company is alerted and can listen in to what is occurring at the site. The security company can then activate video monitors to see what is happening at the site, or the cameras can be set up to begin recording automatically when the first sound is detected.
As with the closed-circuit television systems, the key to a good alarm system is that it must be monitored at all times. If an alarm goes off and no one is there to notice, or if it is ignored, then office security has not been enhanced at all. In fact, the alarm may have provided a false sense of security that kept a company from pursuing other security measures.
Using security guards is an increasingly popular form of office security. Guards can be used in two ways: to monitor the front desk of a company or building (the access control point); or, to patrol the grounds of a larger company or office complex.
The old image of the security guard—an elderly gentleman who slept as much as he monitored the grounds—is a thing of the past. Today's guards, especially those who monitor building access, should have good communication skills and be able to handle many roles. Guards often act as concierges and goodwill ambassadors, greeting the public as they come into a company and answering questions and providing directions. Ideally, they should present a positive public image for the company and/or building that employs them. With this in mind, traditional uniforms have given way to a casual but professional wardrobe of blazers and trousers at many security firms. Guards are almost never armed—the practice has come to be regarded as just too danger-ous—and they are primarily expected to do four things at all times: deter, detect, observe, and report. Today's guards can also be expected to help out by arranging for building maintenance or even assisting in life-threatening situations.
The other type of security guard—the type that patrols the grounds of a larger company or an office park—receive conflicting marks from security experts. Some feel that simply driving or walking by each part of an office complex every hour or half-hour does little to prevent crime because such measures still leave large windows of time for criminal activity to occur. Others argue the very presence of the guards is enough to deter all but the most professional or determined criminals. The question of whether to use such guards is one that each company will have to answer for itself.
Small business owners should know that using security guards is not cheap. Round-the-clock coverage by a team of guards can cost upwards of $100,000 annually. Additionally, theft by the guards themselves has been a definite problem for some businesses. Many security firms pay minimum wage, so turnover is high, and background checks are not always thorough. To ensure that you are really hiring the best firm possible, screen prospective choices carefully. Look for firms that perform thorough background checks, pay better than minimum wage, and have low turnover. Fellow members of the local business community can be a valuable resource in this regard.
THE ROLE OF EMPLOYEES
It is common knowledge that a security system is only as secure as its weakest link. In many cases, that weak link is the company's employees. Untrained in security measures and prone to the attitude that "it can't happen to me," many employees are their own worst enemies when it comes to security. When a company installs a new security system, it should take the time to bring in a security consultant to speak to employees about what they can do to increase their own safety and improve the company's security. Among the measures the consultant will advise are:
- Do not leave valuables unattended.
- Lock doors after hours.
- Do not go into poorly lighted areas after dark.
- Bolt down or secure equipment if possible.
- Engrave identification numbers on office equipment and keep a list of serial numbers to give to the police and insurance companies in case of theft.
- Provide each employee with a drawer that locks.
- Verify identification and purpose of visit before letting non-employees into office space.
- Deposit checks and cash daily.
- Never leave visitors unsupervised.
- Try to leave with at least one other employee if working late.
- Do not advertise vacation plans.
- Keep emergency numbers posted at every phone.
- Make sure confidential files are secured when the office is closed.
CORPORATE SABOTAGE AND PROTECTING INTELLECTUAL PROPERTY
As computers have become an everyday part of almost every business, companies have found it harder and harder to protect their proprietary information and their money. (Only failed attempts at espionage lead to arrests and quantifying the problem is difficult.) According to the Federal Bureau of Investigation, espionage and espionage-related matters cost the nation an estimated $100 billion per year. This does not include the estimated $250 billion American companies lose to copyright piracy annually. Much of that theft occurs electronically.
Unfortunately for most companies, the greatest risk of theft or sabotage (conventional or computer), often comes from the firm's employees themselves. In fact, many experts believe that a significant percentage of small business failures are directly related to internal theft of money, property, information, and time. Few occurrences are as potentially destructive to a business as employee theft, embezzlement, or misappropriation of company funds.
Business security experts warn that employee theft can take many forms. Examples include:
- Forgery of company checks for personal gain.
- Using a "ghost payroll," which occurs when one or more employees create "phantom" employees, submit time cards for those employees, and then cash their paychecks themselves.
- Outright theft of cash from a register drawer.
- "Sweethearting," at the cash register, which can mean granting a friend or other person a discount at the register when they pay, undercharging them, or ringing up fewer items than the person has actually bought.
Internal computer theft has become one of the most common forms of employee theft now that computers have become more common in nearly every industry sector. Indeed, employees often are more computer literate than their supervisors, which may strengthen the temptation to abscond with proprietary information or otherwise engage in illicit activities. Computer theft can take many forms, including false data entry, which is almost impossible to track; slicing off small amounts of data or money that add up over time; superzapping, which occurs when a computer network security bypass code falls into the wrong hands; and scanning, or using a high-speed computer to locate data that would be impossible to find by hand, then using that data for illegal purposes.
Sabotage, which can also cost millions, almost always involves disgruntled current or former employees and can take almost any form, from defacing company property to deleting or altering important company data. As mentioned above, using access-control cards for employees that can be easily deactivated makes it easier to keep ex-employees out of the workplace and track the activities of current employees.
Because employee theft is so prevalent and so costly to businesses, a business owner needs to take every precaution and use every means possible to stop employee theft. Some of the steps that can be taken include:
- Making sure that security starts at the top. Executives must set a good and honest example. Establish a clear policy on theft and security and distribute it to all employees.
- Install a security program that meets your company's needs.
- Follow up on references provided by prospective new hires.
- Keep checkbooks locked up.
- Control cash flow and have good documentation on where money is spent.
- Do not leave bookkeeping to just one person without checks and balances.
- Audit internal financial documents frequently using independent auditors.
- Only allow a few people to have authority to sign checks.
- Check all invoices to make sure they match what was delivered.
Mackenzie, Kate. "Big Danger Lurks in Small Things Portable Memory Devices: Portable mass storage devices contain huge threats to security." The Financial Times. 9 November 2005.
Marshall, Jeffrey, and Ellen M. Heffes. "Small business: security issues rise as automation gains." Financial Executive. October 2005.
"Office Building Security Getting Smarter." Access Control & Security Systems Integration. 20 March 2006.
U.S. Department of Commerce. StopFakes.gov. "What's New In StopFakes." Available from http://www.stopfakes.gov/ Retrieved on 28 April 2006.
U.S. Department of Justice. Federal Bureau of Investigation. "FQA—Why do we so seldom hear about arrests for espionage?" Available from http://www.fbi.gov/aboutus/faqs/faqsone.htm. Retrieved on 28 April 2006.