The 6 Biggest Hidden Security Risks Threatening Your Business
Every business today, no matter its size or type, faces very real security risks. Risks that can cost you time, money and even legal problems. While most companies are aware of cybersecurity issues, there are other real threats, many of them hidden, that must be considered when planning your corporate security initiatives. These include not only the obvious ones like workplace violence, but physical security, health and other hidden hazards, and even work stoppage issues like political upheavals or localized violence. All are very real risks that should not be overlooked.
- Employee and Personnel Security
In today’s workplace, it is important to take measures to protect your employees from other employees, as well as from external threats. Employee violence in the workplace is a growing concern and one that must be addressed in every business. However, don’t overlook internal threats from disgruntled employees. You can take some prevention measures to try and avoid issues. These include thoroughly screening prospective employees; staying on top of any employee drug or alcohol abuse issues; and being aware of highly stressful personal issues like a divorce or custody problem. Try to be aware of any credit or money issues your employees may be dealing with as well.
- Physical Security
Physical security is one of the first and most important steps to keeping your company and your employees safe, both from workplace violence as well as other risks. All buildings should have access controls which can include security guards, electronic badges, alarms, good premises lighting, security cameras, keypads, etc. The size and nature of your business will help determine how much and what kind of controls are needed. Be sure to also include fire prevention controls when determining your physical security needs. And don’t forget to change passwords or disable badges if an employee leaves your business due to being fired or for any other reason.
- Hidden Hazards
There are hidden threats and issues you may have never considered. If your business is involved with chemicals or hazardous materials, you probably already take security measures to protect your facility and your personnel. However if you don’t, please consider protecting everyone by doing simple things like checking your wiring, making sure your building structure is sound and up to code, and even check the cleanliness of your bathrooms. A simple water spill or leak can result in an employee slipping and hurting themselves, not to mention expensive worker’s compensation issues that could arise from an incident like this one.
Other hidden hazards include work stoppage due to weather issues, political upheaval or even local violence. Imagine if you couldn’t get your needed supplies or couldn’t get your finished product to market due to a government overthrow in a foreign country. How much would this cost you in both time and money?
Always have contingency and crisis plans in place. These can be as simple as defining ways to get your employees to work if there are riots nearby or roads are closed. Develop plans for alternate methods of obtaining supplies in the event of natural disasters or political upheavals. Planning ahead is paramount here. Think of all possible emergency situations and develop plans to deal with them. Include communication plans for employees and in the event you may need to speak to the media. You will probably never need to use them, but you will have them in the unfortunate event that you do need them.
- Employee Theft
This is a big one. Employee theft and fraud are huge issues for any business. Are you encouraging this by having lax business practices? Employee theft can range from a simple stealing of office supplies to outright embezzlement. Make sure you always have deterrents in place and use them! These can include locked cabinets, a two person verification system for all checks that need to be issued, regular audits and maybe even cameras in areas where cash is kept or transacted.
- Disgruntled or Careless Employees
While this is a close cousin to employee theft, it can result in much worse damage! Disgruntled employees can deliberately sabotage your business in many ways including having access to your sensitive data and networks, personnel and HR files, and more. They can disrupt your business by making sensitive information public or worse by compromising or selling it, costing you incredible amounts of time and money.
Careless employees can also put your company at great risk by leaving phones or computers in places that could be stolen or hacked by prying eyes (think coffee shops). They could also leave sensitive information on their desks or other places that could also be seen by unwanted eyes. Careless employees could also put others at physical risk through their careless actions such as not cleaning up chemical or water spills, or by leaving hazardous materials out in the open.
Make sure your employee training and policies on these issues are up-to-date and that you enforce any breaches. Train employees in the use of strong, secure passwords for all electronic devices; enforce rules about turning devices off when they leave work; and use encryption when necessary.
- Electronic Devices
Do you have policies relating to employees bringing their own smartphones or tablets to work? If not, you should.
What about policies on the use of company electronic devices? A recent survey stated that employees said they uploaded sensitive information to cloud apps intending to share the information outside the company; one in five of the surveyed employees said they would sell their passwords to someone outside the company; and the majority of respondents, around 65%, admitted to using a single password across applications and another 33% reported sharing passwords with their co-workers. This is a potential threat for any business.
Bluetooth has a discoverability features that allow hackers to compromise the device and access all the information stored on it, which could include sensitive work information. Be sure to have all employees use password protection or enable remote wiping features to protect your sensitive information. And if you allow employees to use personal devices, make sure they utilize these protections on their devices as well.
All businesses should implement security measures for their networks and use encryption on databases containing sensitive information, such as credit card or social security numbers. Unfortunately, data breaches often stem from internal fraud, so you need to employ strict limits on the number of people with user access to databases, as well as physical security measures to limit access to the machines holding the information. This is especially important if you are in the medical or insurance fields. Failure to provide adequate security to private data can open you up to civil litigation and governmental fines.
While nothing can completely eliminate all risks, be smart by implementing precautions and utilizing best practices that will go a long way to protecting your company, your employees and your premises.
This article discusses issues of general interest and does not give any specific legal or business advice pertaining to any specific circumstances. Before acting upon any of its information, you should obtain appropriate advice from a lawyer or other qualified professional.
This article may not be duplicated, altered, distributed, saved, incorporated into another document or website, or otherwise modified without the permission of TASA.