While most workplaces are generally safe environments, employees should be aware of potential security threats and prevention tactics. Security threats in the workplace can include theft of physical property and information, cyber security threats such as hacking and phishing, and even threats of physical violence or destruction of property. Many work environments may face unique security threats, but generally, these threats can be grouped into three categories. These categories are personnel security considerations, physical security considerations, and digital security considerations. Facilities should train all employees on different security threats and the specific policies used to counteract these threats.
Personnel Security Considerations
Personnel security considerations refer to rules about who can enter a facility, what areas of the facility they can enter, when they can enter the facility and who they can bring with them. For example, it may be appropriate to issue some workers special badges or keys that allow them access into the building after normal working hours if they frequently work during off-hours. It would not be appropriate to issue everyone, including vendors or contractors, that same badge or key. Common ways to control for personnel security considerations include:
- Safeguarding entrances to facility, including locks, keycards, alarm systems and security guards
- Installing video surveillance equipment
- Designating safeguarded entrances into facility
- Issuing employee identification cards
- Prohibiting visitors from entering sensitive areas of the facility
Physical Safety Considerations
Physical security considerations refer to considerations about company grounds, facilities, and property. Many safeguards used to address personnel security considerations will also help with physical security considerations. For example, locks and alarm systems will both deter unauthorized people from entering your facility and help prevent the theft of company or personal property. Common ways to address physical security considerations include:
- Securing valuables in lockers or other storage areas
- Keeping filing cabinets and supply closets closed and locked
- Reporting any suspicious packages to facility security
- Reporting any missing or damaged company property to facility security
- Using secure recycling bins or document shredders for papers with personally identifiable or other sensitive information
Digital Security Considerations
Even if a company doesn’t handle sensitive digital information, a hacking or phishing attack could have devastating consequences. Hackers may infiltrate HR software and obtain employees’ social security numbers and other personal information. Phishers may obtain passwords used to protect company bank accounts.
Many people think that digital security only matters for important accounts, such as banks or online payment portals. However, this isn’t true. A hacker could access someone’s social media account. While this may seem like an inconvenience at worst, they could glean important information from it—such as birthdays, children’s names, and other things that may be used to answer security questions. They could then call that person’s bank and use the seemingly harmless information from an inadequately protected social media account to gain access to the bank account. Employers should take care to train employees on proper digital safety procedures so that they don’t unknowingly give a hacker access to sensitive company information.
Fortunately, there are several safety measures that can be taken to counteract digital security breaches:
- Always completely erase storage devices before disposing of them
- When possible, avoid storing sensitive data on shared drives
- Perform regular updates and security scans on all company computers and mobile devices
- Shut down computers at the end of the day so that they cannot be remotely accessed
- Make strong, unique passwords and don’t reuse them for multiple websites
- Change passwords regularly
- Never click suspicious links or open unfamiliar emails
- Never insert suspicious or unknown storage devices into your computer
Summary
Many companies face personnel, physical and digital security considerations. The best way to keep a company protected from these attacks is to properly train employees on facility safety procedures. Employees should always report unattended or suspicious visitors, lock and store valuables according to company policy and use strong passwords and good digital common-sense practices.
For more information, click the following links:
SafetySkills covers these topics and more in its Security Threat Awareness Course. For more information, click here.
