Secure Your Property
Today’s thieves are high-tech. Your business security should be, too.
It’s hard enough running a business these days without having to worry about security, but thieves are constantly working to deprive you of your livelihood. And let’s face it. A guard dog and a locked door are hardly sufficient to protect your expensive office equipment and priceless data these days. Today’s crooks are more sophisticated than ever.
The numbers are telling. In Florida, office theft is a multi-million dollar “occupation.” According to Florida Department of Law Enforcement statistics, office equipment theft rose in value from $81 million in 2007 to $123 million in 2009. It went down in 2010 to $83 million, and $67 million in 2011, before going back up in 2012 to $71 million. That’s just the value of physical property stolen in one state alone. The theft of intellectual property — the theft of ideas, classified information, inventions, trade secrets, proprietary information, software, music, movies and more — costs U.S. businesses millions (if not billions) of dollars a year and puts the entire economy at risk, according to the Federal Bureau of Investigation and communications giant Verizon.
The threat of theft lurks in every corner, from anonymous hackers in foreign lands to nefarious burglars and even the employees in your own office. While it may not be possible to lock down every single aspect of your business, there are various methods and new technologies available to combat theft of both intellectual property and physical property.
Before committing large sums of cash to any security system, you should ask yourself some pointed questions about your business, its property and its data. For example, what are your vulnerabilities? If you’re concerned about a break-in, are the doors and windows strong enough to withstand attack? Is there enough lighting inside and out? Is the employee parking space well secured and safe? Regarding the company’s intellectual property, how secure are your server and backups? Who has access to what? How secure are the Internet sites and links used for research? How tightly do you control employees’ computer usage?
With an inventory of need in hand the next question you should ask is: What are my critical objectives for guarding the premises and important data? What level of security do I need, and how much can I afford?
For many years, business owners of all kinds have guarded their premises with security cameras. And for a long time the storage medium (videotape or CD) was stored on-site, and only reviewed after an incident or after theft had occurred.
This arrangement isn’t very optimal because there needs to be a certain amount of storage space to keep the tapes or CDs on file. Also, the tapes themselves could be the targets of theft. That problem is all but solved using wireless control technology, real-time video monitoring and “cloud” storage. Smartphone apps provide the user with instant access to what’s happening back at the office, and integrated systems allow for unprecedented control of not only security systems but energy management and environmental control as well. So it is now possible to be in another part of the country and not only see what’s happening at the office but remotely control all aspects of the building’s systems.
But property security is only half of the equation. Employees must feel secure, too. Brief them on security measures, fire escape plans and what to do if there’s an intruder during work hours. Establish an employee code of conduct defining acceptable and inappropriate office behavior — particularly in the usage of company property — and the consequences of straying from those rules.
Intellectual Property, or IP, is perhaps more vulnerable to attack than the office you’re sitting in. The nature of modern business is all about electronic data and communication, and your employees expose your company to potential threats with every email and website link. Worse yet, certain employees within your company might pose an active threat as players in some form of corporate spying. In other words, companies make it easy for outsiders to break in and steal their IP. Verizon’s 2013 Data Breach Investigations Report, a global risk assessment issued last fall, suggests that 78 percent of IP theft intrusions took “little or no specialist skills or resources” to pull off. Seventy-six percent of all network intrusions exploited weak or stolen credentials and 29 percent of attacks were made using email, social media and even phone calls to gather information. The report concludes that no company is immune from IP theft, attackers are smart and the volume and variety of threats is growing.
So, guarding your IP becomes a matter of constant vigilance and control. Verizon’s DBIR offers eight key recommendations to counter the problem:
1. Eliminate unnecessary data and keep track of what remains.
2. Perform regular checks to make sure essential control is maintained.
3. Collect, analyze and share incident data to create a base of information on which to study the effectiveness of security programs.
4. Collect, analyze and share information regarding tactical threats and indicators of compromise.
5. Focus on better and faster detection using people, processes and technology.
6. Measure the number of compromised systems on a regular basis and the amount of time it takes to detect intrusions.
7. Evaluate the threats, and don’t buy into a “one size fits all” approach to security.
8. Don’t underestimate the tenacity of the attackers.
These suggestions take a “50,000-foot perspective” approach to dealing with IP theft, but don’t forget that little things can make a difference, as well. These include setting strong passwords and codes; updating and patching software when necessary; scanning for viruses and malware on a regular basis; warning your employees about the dangers of clicking on unknown links or websites; making sure employees recognize phishing schemes, scams and phony email; restricting administrative connections and not giving users more network access privileges than they need. Additionally, potential employees should be screened carefully for behavior that might cause trouble later.