Ah, a beautiful Sunday morning here in the western burns in Chicago, just one more day to go until the official start of summer. Over here at my apartment building, the tradition has always been to open up the swimming pool, and open up the Cabanas as well so that people can enjoy the long, warm summer evenings as they cook out and enjoy the relationships of family and friends.
But with the COVID19, unfortunately that probably will not happen this year, but perhaps once again in 2021.
But overall, as I get myself outside more and more, people seem to be much more optimistic than they were about a month ago. They are looking forward to having things open up yet once again, but of course in a phased in approach so that nobody gets sick or infected.
Some of these folks are actually excited about getting back into an office setting, where they hope that they will be more productive in their work environments.
But as it relates to COVID19, some of my past few blogs have brought up issues that are related to it, but have been sort of back burnered with the news headlines of WFH, Zoombombing, the political drama in DC, blah, blah, etc.
Some of these topics have been related to about the need now for businesses in Corporate America to full come to grips with the need for a Business Continuity Plan, how to protect your Smartphone better, etc. Well, there is yet another issue that has come about as businesses start to open their doors once again.
And you many be wondering, what that is? Well, it comes to building security for your business. Yes, this goes out for those organizations that rely upon maintaining a true brick and mortar presence for their employees to work in. In these last few months, this has been a totally forgotten about issue, as everybody has been WFH.
The main concern at this point was how to work digitally with as much security layered onto it so that mission critical information and data cannot be intercepted by a malicious third party, such as that of a Cyberattacker. But as mentioned earlier, as the business owners start to wipe the dust that has collected over their doorknobs, now is the time to rethink your security posture not only from the digital perspective, but also from the physical point as well.
Building security is probably something in fact, that you have never thought of before. After all, you probably rent your office space out with others in a much larger building, so therefore, you primarily rely upon your landlord and building owners to provide the security that is needed.
This is true to a certain extent, but keep in mind, all they can do pretty much is to install the CCTV cameras and provide the keys to your office and building doors.
After that, it is up to you to decide how much more physical security you want to implement. In a remarkably similar fashion, this is just like using Cloud resources from the AWS or Azure. While these Cloud providers can provide the security layers that are needed on their end, ultimately it is up to you to make sure that you have the extra layers added on, because in the end, you will be responsible for all of the confidential information and data that are stored on those respective platforms.
So, you might be scratching your head at this point, and wondering, how do you even start thinking about physical security for your business? Well, here are four fundamental places where you can start thinking to put together your plan:
*Take a look at how your business is situated in front of the public eye:
This may seem a little drastic, but in today’s times, nothing can be taken for granted. In this regard, you really need to pay very careful attention as to how eyes from the outside can look inside your business. For example, do your office windows provide a huge glimpse to what is happening inside? While obviously nobody is going to look through your windows during normal business hours, this is a key area of concern after you close your doors for the evening. While this may not be a huge risk if you are perhaps located on the third or fourth floor of your office building, this certainly does merit a very strong level of concern if you are on the first floor. Perhaps you should consider using thick layer curtains, or perhaps even specially tinted glass so that your employees can still look outside while nobody can look in. You should also ask your landlord about CCTV cameras, if they are even deployed at all, and if they are, if you have access to them in a quick manner in case you have any type of suspicion that is running across your mind.
*Need to look at cost:
While Cybersecurity tools and technologies may be affordable to procure and deploy, building security is not. For example, if you decide you want to add on more layers of physical access security, it will probably mean that you will have to gut out the entire system that you have in place, and put in an entirely brand new one, that meets your updated security requirements. Or maybe, if you have not opened up your doors in the last two months or so, perhaps now is the time to even move the physical presence of your office. Not only will this provide a fresh change and positive change for employees that will be emerging back from WFH but getting a rather affordable lease is actually a pretty easy thing to do right now. At least here in the western burbs of Chi Town, there are a ton of advertisements trying to get people to move into new vacated office spaces. Perhaps you should contact a real estate agent to learn more. If you do decide to move into a brand-new location, now would be the time to actually draw up the plans for extra physical security before you actually start moving in the desks and computers. By doing it this way, you will have be in a much better position to negotiate with your landlord to implement those security controls that you think are important, at a lower cost, or perhaps even include them as part of the terms of your new lease. In this aspect, it will be the responsibility of the building owner to deploy those security mechanisms, and this will come out of their own pocket. If you do this after the fact, then all of this will come out of your bottom line.
*Make sure that it does not look too obvious:
As you deploy your new physical access entry tools, you have to make extra sure that they blend well into your office atmosphere, and most importantly, you don’t want your employees to feel that they are being watched on, especially given today’s environment. What I am trying to get at is if you decide to install a CCTV camera or two, do not have it point directly at the cubicles of your employees. Rather, have them blend into the ceiling, and perhaps hide them behind some overhead mirrors, like what you would find at a large retail store and even a bank. The bottom line is that your employees should feel very comfortable and safe by the new gadgets you have implemented, and not further intimated by them, as this could greatly reduce the level of productivity.
*Make sure that you have the support that you need:
In Cybersecurity, we can count on the support of our vendors and IT Security staff to make sure that all systems are still running at an optimal level, and to make sure that employees are receiving the needed training on a regular basis. But when it comes to physical security, the only person you can really depend upon is your landlord. And do not count on them to do all of this, they will simply say that it is your responsibility. Obviously, being the business owner, you will not have the time to this, so therefore, it is always best to make use of a physical security consultant to help you out in this regard. In fact, you should even engage with one even before you start putting together your plan. That way, you can build up a professional working relationship with them, as they will start to know your security needs the best and can work with you in the long term.
My Thoughts On This
Really, as mentioned, as you start to migrate back into a much more normal work lifestyle, now is the time to be rethinking about both your physical as well as your Cybersecurity plans going forward. You may not have done it before, but now seize upon this time to do this.
For example, many business owners now understand the need to have a concrete Business Continuity Plan. After all, if another pandemic or natural disaster strikes, you do not ever want to face this kind of situation ever again.
But it is also important to keep in mind that just as much as external physical security is of paramount importance, so is the internal one as well. For instance, if you still maintain client files on paper and manila folders, you need to make sure that they are stored in a secure area, like a secondary room.
A great security mechanism that you can implement here is the use of Biometrics, such as either Hand Geometry Recognition or Fingerprint Recognition. Heck, you can use Iris Recognition just as well also.
Finally, keep in mind that the Cyberattacker is now looking for all venues to prey upon your business, even your physical presence. They realize that people will still be in a vulnerable state of mind as they make this new transition, and will take every effort to seize upon it, by making use of Social Engineering tactics.
Also, the threat of Insider Attacks could likely be on the rise, so now is the time to act to further protect your business.