Maintaining the physical security of your company is an enormous responsibility with a number of components. There’s the simplest form of security: who can get in and out of the building. But that can be broken down into who has access to each floor and what equipment. When it comes to physical access to computers, hardware, networks, and equipment facilities, physical access can quickly cause data security breaches. These concerns span many departments, all of which need to coordinate in order for the company’s security to be sound. It can be hard to decipher the main person who is responsible for physical security. Depending on the unique organization of a company, there may be no one single answer.
Physical Security Planning is the responsibility of...
In most companies, many aspects of physical security planning are the responsibility of designated security personnel. These employees oversee the flow of people coming in and out of the building and monitor and assess security threats. They’re the people who might greet you when you enter the building or who you call should someone become hostile. These are some of the aspects of physical security they might handle.
So the answer is yes! You will have to designate some of your employees to be the security personnel. You could vote for that or simply ask for volunteers. Let's see what are the tasks that these employees should undertake.
- External Perimeter Security: Fences, Gates, Turnstiles
Physical barriers are the first defense against intruders and security threats. Requiring a code, key card, or ID to enter the building will control who can get in. It’s the first step to making your building more physically secure.
One of the most common and effective ways to monitor the activity within a company building is through a closed circuit television system (or CCTV).
- Alarm system
Alarm systems are standard in most large corporate buildings. They help alert the responsible person for physical security when an area has been accessed without authorization, and can even be set to alert the police. They set emergency procedures in motion, which can be helpful in situations prone to panic.
- Limiting Access to Certain Areas to Authorized Personnel
It goes without saying that areas containing certain sensitive information should have a carefully vetted list of employees who can access it.
- Keep Utility/Electrical Closets Locked
It’s better to have a locked closet than to allow just anyone to wander in and adjust controls.
- Key Card Access For Each Floor
This creates another level of security that can slow down or stop an intruder and mitigate the risk of an internal security breach that might occur when an employee goes snooping where they’re not needed.
- Keep Master Key Locked In Secure Office
A master key grants access that you don’t want falling into the wrong hands. Keep it locked in a secure place at all times, and don’t let anyone know about it that doesn’t need to know.
- Empty Trash Often
This may seem like a small thing, but security risks can arise when sensitive information is thrown in the trash which is left accessible to wandering eyes. Ensuring each trash receptacle is emptied at the end of the workday can mitigate this risk. If trash cans are empty when employees stay late to work alone, there’s less opportunity for searching.
- Keep the Server Room Secure
Having a server room that isn’t highly restricted leaves you open to hacks that can bring down your entire network. Server rooms should have restricted access granted only to very limited authorized personnel with key card access, an alarm system, and no windows.
These actions must be taken care of after having designated the security roles within the employees. This planning has to be done by HR, together with the role assignation.
The Role of HR
- Vetting Prospective Employees
A human resources representative will be responsible for doing a background check and taking other measures to make sure prospective employees won’t be a risk to the company.
- Incorporating Security Training Into the Onboarding Process
“I didn’t know” should never be an excuse. Before an employee is granted access to any sensitive information, they should be trained extensively in how to handle it, policies regarding confidentiality, the importance of keeping sensitive information private, and how to properly destroy it. New employees should sign an agreement stating that they’ve been trained as well.
- Dealing With Disciplinary Action
HR will also deal with the aftermath of security breaches.
- Collaboration With IT department
The human resources department should work closely with the IT department to develop procedures regarding the physical security of computers, hard drives, server rooms, and other tools that contain sensitive information.
- Information Security Policy: Instructions on use, handling, storage and destruction of sensitive info
Every company should have a standardized policy (that all employees are trained in) for the handling of sensitive information. There should be a chain of command for who signs off on authorizing new people to access to certain information. There should be procedures for destroying different types of information, such as shredding documents or clearing computers of former employees.
- Security Awareness Training
Each human resources department may not have the technical knowledge to develop adequate procedures for
- Physical Security Planning and Choosing Security Personnel
- Securing Data on the Move
HR and IT departments should work closely to develop procedures for keeping sensitive information secure when in transit between clients, offices or employees.
- Implementing a two or three-factor identification system for email and other services
This is a widely accepted practice that heightens the security of email systems, computers and other high-value targets.
- Procedures for Changing Code
Again there should be a chain of command and documentation of procedures done whenever developers want to make changes to software.