Crimes against a business can cause significant damage, can waste time and increase costs through rising insurance premiums – not to mention the amount of admin involved in sorting things out from replacing lost or damaged equipment or stock and then spending additional resources to provide reassurance that something bad isn’t going to happen again.

With 2018 only a few weeks old, now would be a good time to consider what you need to do in order to ensure that crimes and incidents against your business are even less likely to occur than they were last year.  Take a look at my eight points for committing to make making a good start to 2018.

  1. Conduct regular risk assessments. Things change, both within a business and also externally, so it’s important to carry out regular reviews of your situation and assess where any vulnerabilities are, which can appear at any time so don’t make this a one-off exercise.  When any of the 4 Ps (Process, Policy, Personnel, Products) significantly change, consider conducting a new risk assessment.
  1. Secure valuable items, which includes physical equipment/stock and information. Has it become a habit of convenience to leave valuable things out in the open because they are used regularly?  You are just asking for them to walk off or be copied and potentially distributed elsewhere.  Get into the routine of ensuring that the import stuff is locked away when not in use.
  1. Vet your new employees. Too many organisations take everything that’s written on a CV or contained in references at face value.  Of course, we like to trust people, but very few organisations take the time to validate qualifications and experience or conduct criminal records checks, only to fall foul of this lack of attention to detail some months or even years later.  Offer a contract of employment based on a successful due diligence check.  Once word gets out that you are thorough, you are less likely to have people attempt to pull the wool over your eyes. How many of your current employees have been thoroughly vetted?
  1. Information theft and cyber risks are very real, but many organisations only pay heed once they have suffered a breach. Keep your policies up to date, have controls in place that allow access on a ‘need to know’ basis so that your business, client and supplier information are limited to those that require it in order to carry out their role.  Ensure that your systems are up to date with the latest security software and procedures.
  1. Properly shred unwanted documents. By properly, I mean a shredder that cuts across as well as lengthways, so that documents end up as tiny pieces of paper rather than strips.  There’s little chance of piecing together 800 small squares of an A4 piece of paper. Don’t take unnecessary risks by throwing documents in the bin for anyone to recover and make use of.  It will of course help if the more important documents are marked, recorded and controlled, commensurate with their level of sensitivity.
  1. Seek the advice of professionals who can help with your security. We all have a role within our organisation and we aren’t expected to know everything beyond carrying out our own regular tasks, so if you are not an expect in security and you do not employ a full-time security expert, avail yourself of the services of one.  A few one-off daily rates to pay for advice can save you a lot of heartache in the future.
  1. Look after your people (and the rest will take care of itself). One of the most important things you can do in business, if not the most important, is to look after your people.  This not only means developing them and meeting their welfare needs, but it also means looking after their safety and security.  Your most valuable assets are not easily replaced and their absence from work, as you probably know, causes additional demands to be placed on the remaining staff and systems.  Remain aware, at all times, of what your employees have to do in order to be effective in their role and ensure that they are able to carry it out safely and securely.  Regular reviews around the protection of your people from internal and external threats and health & safety related issues will pay off in the long run.  It will also be motivating for your employees to know that you have their best interests at heart.
  1. Be proactive not reactive. You see it all the time in the news – there’s a major incident or event that causes a lot of heartache to a lot of people, and the solution to prevent it from happening again is such a simple one, often costing little or next to nothing to implement. A prime example of this was the loss of Germanwings flight 9525 on 24th March 2015.  It wasn’t perceived as an obvious risk to allow one person to be alone in the cabin of a passenger jet UNTIL that one person decided to bring down the aircraft.  The solution of ensuring that two members of crew are, at all times, present in the cabin, was simple and effective and cost literally nothing to implement.  As you look around your organisation, try to scenario-plan the things that could happen and the damage that it could cause for all concerned, and be proactive in managing out those risks and concerns.  Don’t be someone who reacts after the wheel falls off, be someone who stops it from falling off in the first place.

Written by Mark Corder, Security Consultant, Cognitious Ltd (January 2018)