A guide to security planning and operations for commercial premises

Strengthening your premises’ security across all aspects of the business ensures everything runs as smoothly as possible. Without the right security measures in place, the risks and negative impacts on your premises increase accordingly. Whether it’s cyber crime or physical damage and abuse, safeguarding the business is essential.

To provide some insights and advice on the subject, we’ve created this handy guide to all things security-related when it comes to your premises. From IT and data protection to physical security and ensuring only authorised people are permitted on site, we’ll detail the approaches and precautions you should take to make sure your premises are as secure as they can be.

We have also included operational considerations to ensure your commercial premises are secured against all possible threats.

IT security

With technology such an integral part of most workplaces, it’s essential that you stay protected from cyber attacks. Familiarise yourself with today’s cyber security threats; data breaches are responsible for lost files, software, system corruption and even loss of assets of intellectual property.

Ensure your data is protected from any leaks by limiting the amount of personal information available in the public domain. Consider setting up a ‘burner email’, a dummy email account that businesses can use when signing up for a site or service. Any replies are forwarded automatically to the business’ real address, without that address also being shared around.

Ransomware is another large threat to IT security. A type of malware that encrypts a business’ data and is only unlockable after paying a sizable fee, they have risen in prominence of late thanks to data stored through cloud services. Luckily, security software is adapting in a way to cope with these threats. Just make sure you invest in antivirus software that can cope with ransomware, as not all of them can properly protect against it.

Phishing, a process of fraudulently attempting to gain an individual’s information to exploit account data, is another cyber threat you’ll need to protect yourself from. Watch out for any unexpected emails asking for personal information, no matter how legitimate they may look.

 

A brief word on GDPR compliance and data protection

Though closely linked, GDPR compliance is not the same as security. There are important distinctions that mean the two terms should not be confused or ignored. Data that is compliant with GDPR regulations doesn’t necessarily equate to it being secure; though it protects the rights of individuals over the use of their personal data, it actually applies very little to securing said data.

GDPR compliance doesn’t automatically safeguard your business’ data security. In ensuring consent, you must know what the data covers and where it’s held. Risk-based security over this data allows for a process of evaluating data sensitivity, system vulnerability and the likelihood of threats. The security safeguards here also strengthen GDPR-compliance.

Electronic security

Following on from physical security, an extra measure that’s particularly potent against intruders is the use of electronic security. Intruder alarms and CCTV are particularly effective, but be sure to discuss with your insurers what measures you should consider. There is a vast range of alarms available, so it’s important to compare specifications and quotes from a number of suppliers.

Additionally, it might also be worth buying, as opposed to leasing, an alarm system. Leasing an alarm means you’ll have to use the same firm to maintain it; if they’re unreliable then this can cause problems. Since audible-only alarms have limited benefits in commercial premises, then an instant response service – connected to an Alarm Receiving Centre – can help improve their efficacy. When the alarm is activated, the police will be sent to your premises, though a key holder will still have to let them in.

Likewise, monitored CCTV can be an effective means of discouraging employee theft. You will have to explain to employees why you are introducing CCTV; they may not like the idea of being watched, so it’s important to allay any worries before installing it. Similarly, it must not impact on privacy; compliance with data protection regulations is therefore essential.

 

Operational considerations

There are a number of ongoing operational practices you can implement to improve security within your business premises.

Firstly, a robust HR system which ensures that only authorised personnel have access to selected areas, data and information, can provide protection and assurance. A process of continually reviewing the access levels will ensure it is up-to-date, and can protect against physical or data security breaches. Allocating physical and digital passes to all employees and site visitors, based upon their level of clearance, can ensure they only have access to the location and information they need.

Regular meetings amongst various department heads and on-site security personnel can help keep everyone informed about potential security and operational issues. Face-to-face meetings, where possible, are preferable – this allows the different teams to share problems and air grievances they may have.

A clear record of security measures implemented by the business is also hugely beneficial, as it can allow management access to historic solutions to previous issues, providing guidance to resolve current problems. Furthermore, a security record is helpful if an investigation into historical practice is ever requested.

Finally, regular training for all employees is perhaps the easiest operational step which can be taken to ensure greater security across all departments and elements of the business. From spotting fake emails and identifying criminal behaviour to correct cash handling and the safe use of IT systems – full training can help protect the business at every level.