Business
Risk assessment: How to plan and execute a security audit as a small business
By Izzy Schulman, Director at Keys 4 U
Despite the current global coronavirus pandemic and the uncertainty it has placed on the modern workplace, businesses cannot afford to relax their attitude towards security. Especially as there have been reports of increased break-ins and cyberattacks among the crisis.
Conducting a thorough security audit could be the key to improving employee awareness and identifying weak points in the business to avoid breaches.
Starting from scratch
The first step in an effective business security audit is a risk assessment – reviewing the workplace and all business processes to identify every risk.
No stone should be left unturned. This means conducting a physical inspection of the office, plus breaking down all employee tasks and demands and even reviewing how employees are working from home amid the current pandemic.
It’s important all risks are identified, so relevant and proportionate measures can be put in place – from heavy lifting to ensuring a comfortable office temperature.
At this stage, it’s also important to get employees to buy-in to security policy. Everyone needs to play their part to ensure complete safety.
Let employees know you understand they’re busy with their role but everyone needs to pull together to stay secure.
Offering incentives like employee recognition emails or even small rewards like gift vouchers may incentivise employees to go the extra mile.
Assessing the workplace
The average small business break-in sees around £2,000 lost in stolen property – not to mention the cost of disruption as a result of lost or damaged equipment.
Office security audits should begin with entry points, checking potential break-in spots like doors – and windows if you’re on a low floor – are monitored by alarms and cameras. Make sure these are visible, as this is known to deter potential intruders from trying their luck.
The workplace must also be protected against fire risks. Not only do fires threaten to destroy property and disrupt businesses, but hefty fines can be issued for failing to meet fire safety standards.
Carry out a thorough fire risk assessment, including nominating and clearly signing fire exits, establishing an emergency procedure and educating staff on its steps.
Safety audits should also highlight any trip hazards or danger of falling objects, plus any electrical or flooding risks.
Plus, this year has brought its own health and safety risks, with the coronavirus pandemic demanding new hygiene and social distancing measures.
For businesses with over five employees, the government has put together a specialised risk assessment for a COVID-19 compliant workplace, including advice on handwash stations and staggering shifts to avoid contact.
The online threat
The cost of cyberattacks to UK businesses is estimated at around £34 million a year – from the theft of intellectual property and the cost of recovering from the attack.
However, the coronavirus pandemic has only increased the risk, with many employees encouraged to work remotely, away from employers and IT managers.
A combination of technical IT solutions and educating employees on cybersecurity best practices can help businesses navigate these uncertain times.
For example, multi-factor authentication technology means employees are prompted to enter multiple login credentials to confirm their identity – typically their standard password plus a one-time code sent to their phone.
Even if their password is stolen, the attacker is still unable to log in to the company network without the additional code.
Managing permissions by employee case adds an extra layer of security, with individuals only able to access the data they need. If an employee’s device is breached, it limits the amount of data available to the attacker.
Keeping the company network secure is a team responsibility. Arrange calls in small groups in which IT professionals can explain new remote working protocols in detail and emphasise the importance of adherence, as well as answering employee questions.
Look ahead
Investing time and budget into identifying and addressing threats now, places businesses in a stronger position to maintain high standards of security in the future.
All information gathered from the security audit should be recorded, laying the foundations for a security framework and annual security audits. Log each hazard, along with the status of the risk and measures taken to prevent it.
The idea is to create a clear and structured audit process, which is intuitive to follow if personnel changes occur, or in an emergency. Include a priority checklist with the most significant risks, along with key dates for renewals or updates of any key equipment or facilities.
Update the file year-round, with all new information which may impact business or employee security. Any physical changes to the office should be recorded, along with new or updated equipment and machinery and any significant IT updates. Include key contacts and manufacturer information in the notes to speed things up in case of an emergency.
-
Top Stories4 days ago
French shipping company CMA CGM commits to buy BFM-owner Altice Media
-
Top Stories4 days ago
Stock rally pauses as US inflation douses rate cut hopes
-
Top Stories4 days ago
Nissan and Honda consider partnership on EVs, AI
-
Top Stories4 days ago
Vonovia shares drop as $7 billion loss lays bare German property crisis