These days cybersecurity is often headline news, especially when a “big-enough-to-know-better” company ends up being the victim of a cyberattack which exploited weaknesses in their own security. Additionally, while GDPR is no longer the main topic of discussion in the business media, it still pops up on a regular basis.
While both cybersecurity and data privacy is, of course, very important, the fact still remains that, for the average business, real-world security remains at least as important, with that in mind here are some tips on how to implement it in a way which is both effective and cost-effective – and the good news is, many of these tips will help to improve health and safety too.
Be seen and be safe
This tip is often heard in the context of road safety, but it applies in other situations too. First of all, it applies to the approach to your premises. You need to be able to see who is coming in your direction and legitimate visitors need to be able to find their way safely to your door. This means that effective lighting is one of the cornerstones of robust security. Secondly, it applies to being able to see, at a glance, which people (or vehicles) have the right of access to which places. Depending on the context, this could mean something as simple as having staff wear some kind of uniform, even if it’s as basic as a cap or tabard, or something more sophisticated such as ID/access cards for staff and visitor passes for visitors.
Secure your perimeter(s)
Ideally, your security will start some distance away from your premises, but how feasible this will be in practice will depend on what kind of business you have. If you work in a niche where the public, in general, need to have access to part of your building, which could be anything from a small reception area to a food-eating area or shop floor, then you need to ensure that there is some form of clear delineation between the public areas and the private ones, ideally with some kind of barrier, although this depends on the environment and on how much inconvenience it would be to staff. If staff are regularly passing between public and private areas (as is often the case in both food and retail), a compromise might be to have a visual delineation supplemented by a physical barrier they could use if they felt the need.
Remember that anything empty and/or ignored can be a security threat
This statement works from the lowest levels to the highest levels. At the lowest levels, containers which are empty and ignored can be anything from a fire risk (cardboard boxes) to a tripping hazard (basically anything) to a genuine security threat (also basically anything, but especially large containers such as bins and skips). Areas of your premises which are empty and ignored can be easy points of entry for intruders and can also provide a convenient way for people (and/or physical items) to exit the building, which can also be very undesirable. Dealing with empty and unattended physical objects can be as simple as just implementing effective policies regarding their storage/disposal. Dealing with unattended areas can require more “high-tech” security measures such as alarms (preferably actual proper monitored ones) and CCTV.
For the sake of completeness, please note that CCTV is covered by GDPR because it captures recognizable images of people. This means it must be implemented in a proportionate manner and the data it captures must be processed in line with the letter and spirit of GDPR. While this may sound ominous, this is usually perfectly easy to achieve in practice with a bit of awareness and thought.