The FM Professional

Why Facilities Managers are Responsible for Information Security

David Spence
December 17th, 2013

Protecting Data With the IT Department

Shredding Paper Documents

Paper shredders can ensure that no confidential information leaks out of the office. For workers whose departments that handle large volumes of confidential information, such as HR and legal, consider purchasing individual shredders they can keep at their desks. For everyone else, a shredder placed in a central location should work just fine. While using paper shredding companies is always an option, for maximum security, in-office shredding is the best route.

In many cases, facilities managers are responsible for securing the contracts with 3rd-party organizations that dispose of sensitive papers. Ensure that your contract places the burden to protect information on your contractor, and that you can’t be held responsible for information that leaks once it’s in the hands of the 3rd-party.

Training Employees On Smart Security

Take the time to train employees on protecting sensitive information. Employees should not to leave loose papers in printers, fax machines, or conference rooms. Documents containing sales reports, customer details, and personal information should be treated as confidential. All doors and file cabinets should be locked at the end of the day to avoid theft and info leaks.

Implementing a culture that encourages and perhaps even rewards whistleblowing can be crucial to ensuring your employees follow these security guidelines.

Enforcing Electronic Security

Passwords should changed regularly and committed to memory, not written down on paper. Computers users should log off of their accounts of at the end of the day. Each system should have the latest anti-virus software, and wireless networks should be well-protected. To keep documents secure among a mobile workforce, files should be stored using cloud-based software. (And while employees should know better than to discuss company information on social media networks, take the time to create a social media policy outlining what is not appropriate for sharing.)

Destroying Old Computers

When it’s time to replace old computers, destroying the hard drive is an absolute must. According to The Denver Post, while special software can replace the computer’s information with random data, some experts say that the replacement process must occur three times to be effective. As with paper shredding, you can also hire outside services to destroy your hardware. The safest thing, however, may just be to take a hammer to the hard drive yourself.

 Avoiding the Master Key

While master keys are convenient, they do pose a security risk. Picklocks can use a technique called “rights amplification” to make a copy of the key—a major risk for areas holding server rooms. To protect against break-ins, FacilitiesNet writer Lynn Proctor Windle suggests purchasing locks with “high-security cylinders,” which are not available for sale to the general public. Another good practice when choosing lock systems is to check its UL 437 rating, which ranks the lock’s ability to withstand security breaches.  

Sometimes it can seem unclear whether a security issue should fall under facilities or IT. This is all the more reason to establish a culture of mutual accountability. If one department thinks that the other will take care of the matter, then neither may end up attending to it at all.

the essential office relocation checklist ebook

image credit: victor habbick/