From Cyber to Physical: A Small-Business Guide to Security

There’s a lot that’s worth knowing about security today — both the physical and the digital kind. With all the relentless talk of malware, ransomware, data theft and other kinds of tampering going on, it can easy to forget about robust physical security for your business. However, both are essential for forming comprehensive and cohesive security protocols. Here’s a quick guide to small-business security.

Secure Your Workstations and Devices

In addition to the rest of your infrastructure, the workstations throughout your company represent a security risk all their own — and so do the rest of the devices you rely on in an average business day. Here’s how to secure some of the most potentially vulnerable machines in your company:

  • Computer workstations: Employees should have password protection for their desktop machines and should be trained as a matter of course to return to the lock screen when they’re away from their desks and to shut down the computer overnight. Although PC and even smartphone theft is in decline, past years have seen stolen computers number in the millions. That means potentially valuable IP going missing.
  • Employee and visitor devices: Maybe your company offers Wi-Fi access to employees, customers or guests. Anytime you’re inviting potentially unknown traffic into your midst, ensure such networks are segregated from the ones that traffic your company’s digital assets and high-value documents.

There are many good moral and productivity benefits to introducing a “bring your own device” policy to your workplace. This is not for everybody. It comes with some security challenges you can’t afford to ignore, like requirements for good password hygiene and the presence of antivirus and antimalware software on each device on your network.

Secure Your Online Information Flow

Data is everything these days. For the small business, data can be your key to useful customer insights, more robust market and competitor research, and more clear-eyed forecasting. How do you go about securing all your company’s data — both at rest and in transit?

Any company that relies on significant digital infrastructure to do its work would do well to invest in a VPN solution for business. In some cases, it can help anonymize your own traffic and help keep would-be snoopers at bay. In other use cases, VPN applications can help your remote teams exchange files and resources securely, over a distance, using your existing, in-house network storage. Employees effectively “tunnel in” safely, instead of sending documents over email, which is not as secure as you’d probably like to think.

Secure Your Property

The property your business sits upon is almost certainly its most valuable asset — not just because of the facility and the land, but also because of the people, intellectual property and profitable ideas within.

There are multiple fronts on which you’ll want to tackle the problem of physical property and facility security:

  • Access control: “Access control” refers to your chosen methods and technologies for facilitating authorized entry into and throughout your building — or for keeping unwanted visitors outside your gate. Many companies today accomplish this with RFID-equipped key fobs or, even better, RFID photo IDs. For large or growing companies, employee photos on entry badges add another layer of peace of mind.
  • Building security and surveillance: Home and business security is set to change dramatically in 2019 and beyond thanks to the addition of artificial intelligence and automation. Some of the newest video cameras for commercial properties boast pattern recognition and onboard intelligence that can learn patterns and automatically flag authorities and business owners when an unauthorized presence is detected.
  • Have a plan: We don’t have to like it, but every workplace these days needs a plan — one that’s been posted, discussed and is understood by everybody — in the event that a natural or manmade disaster comes to pass. Routes for leaving the building should be clearly marked. Your company should have already identified a rally point in case harm should come to the building or people inside, and the team has to vacate while the situation is investigated and becomes better understood.

Every employer owes the people under their roof an environment where they can feel safe and sound — and empowered to give their best effort each day.

Secure the Internet of Things

The Industrial Internet of Things (IoT) is a new enough development that lots of businesses haven’t taken full advantage of it yet, despite there being several attractive enterprise-level solutions on the market. Nevertheless, even some of the established names in this industry haven’t had a full reckoning with the IoT’s inherent security weaknesses.

Many of those weaknesses have to do with lax security protocols. Maybe your company relies on a smart HVAC system, overhead lighting or even connected manufacturing equipment. In all these cases, it’s important to apply the newest security patches — automatically or immediately after they’re made available. You’d also do well to isolate your in-house network of IoT devices to their own network, the way you’ve (hopefully) already slowed traffic on your Wi-Fi network.

There were 120,000 IoT-based malware attacks in the first half of 2018 alone, for threefold growth those quarters. That indicates a vast and ever-larger surface of attack.

As we’ve seen, though, emerging technologies are far from the only security threat you’ll face. The physical variety can be easy to overlook, but it’s just as vital.