Despite not being a priority for many businesses, security needs to be a part of every small business’s identity. With crimes against small businesses costing an estimated £12 billion a year and fraud claims on the rise, it’s the smaller firms that suffer the biggest hits if they don’t protect themselves.
Companies have always been at threat from business break-ins and white-collar crime. But despite 88% of UK businesses facing a security breach within the last 12 months, many business owners still don’t look for solutions until it’s too late.
With small businesses, there is more of a responsibility on individuals to help prevent company breaches. Director at Keys 4 U, Izzy Schulman, looks at how employers can take a proactive approach before the worst happens and nurture a culture of security.
Promoting security protocol
The first step for any business looking to tighten up its security is to begin changing the mindset of its employees from that of security as an afterthought, to a top priority.
Put security at the forefront of your company ethos by handing responsibility to employees. Responsibility is generally positive for employees, building mutual trust and allowing them to meet and exceed challenges.
Like with all new company policies, delivery is key. Instead of sending an email to employees, try organizing an informal meeting in which you let the team know security is a team effort and giving examples of how simple daily changes can have a much wider positive impact on the business.
This behavior must be seen coming from the top down to achieve the level of buy-in needed for effective security. It’s the responsibility of directors, managers, and supervisors to be seen to be actively putting company safety protocol in place to instill a culture, as opposed to simply barking orders.
Keep it simple
One of the most common challenges with updating security protocols for employees is how it’s seen as a distraction or an extra responsibility on top of their existing workload.
You should make it as easy as possible for employees to add security best practices into their daily routine, without disrupting them.
Start by identifying the key risks in your industry and which employees are most likely to face them, for example, those working online will likely face cybersecurity threats.
Set up short, regular training sessions with employees to cover key risks and best practices for avoiding them.
Simple tips like how to identify and avoid the latest phishing scam emails and avoiding malware can all be learned in a quick training session. Depending on how your employees prefer to learn, you can choose from a variety of seminars, online courses or private companies to train your team.
Give employees extra peace of mind by installing the latest antivirus/malware software and firewalls to keep them protected against cyber threats. With a growing trend of ransomware attacks, it’s also good practice to keep reminders around the office about regularly backing up your data.
Recognize and reward
Employees need to feel appreciated in their jobs. It’s an indicator of job satisfaction. However, a recent study found fewer than 64 percent of employees are satisfied with their job.
Show you value employees who buy into office security by offering rewards. One way is using gamification methods. They help to create a competitive atmosphere among employees to take on security training and offer the opportunity to incentivize participants with rewards. These can range from individual tokens to whole team outings for completing security courses.
Risk assessments
Risk assessments are vital for identifying potential weaknesses in the business – both physically and online. Separate assessments should be regularly carried out in all company departments. Keep a log of all assessments to help you track security progress and see costs.
A thorough strong risk assessment includes:
You should begin by assessing the office or building, before moving on to inspecting employees and how they carry out daily tasks. Make sure all feedback and any company-wide changes are communicated clearly to relevant employees in a way they find engaging, for example by email or in a face-to-face meeting.
Taking responsibility
A thorough office security plan also includes going back to basics and improving physical office security. This can often be overlooked in today’s tech-focused workforce.
It’s important to assign roles to the team, for example, those in charge of locking up the office, fire marshals and first aiders. The latter may be offered to volunteers who may see it as a positive responsibility to add to their CV, however locking up and manning alarms should typically be trusted to more senior employees.
About the author: Izzy Schulman, Director at Keys4U and Plumbers4U, has a passion for delivering affordable locksmith and plumbing solutions to those in need. Being an experienced contractor himself and a business director for just under 10 years, he is always keen to share his experience with businesses and help those in the industry.