Why Facilities Managers are Responsible for Information Security
Protecting Data With the IT Department
Installing CAFM software isn’t the only time when facilities management and IT should collaborate. When it comes to keeping confidential information secure, both teams will be needed to train employees and keep the workplace protected. Physical and environmental security, business continuity planning, and incident response all require the subject matter expertise of a facility manager at large organizations. Whether your company has formal information security programs in place or you're still moving towards a security committee, we've listed some suggestions below.
Shredding Paper Documents
Paper shredders can ensure that no confidential information leaks out of the office. For workers whose departments that handle large volumes of confidential information, such as HR and legal, consider purchasing individual shredders they can keep at their desks. For everyone else, a shredder placed in a central location should work just fine. While using paper shredding companies is always an option, for maximum security, in-office shredding is the best route.
In many cases, facilities managers are responsible for securing the contracts with 3rd-party organizations that dispose of sensitive papers. Ensure that your contract places the burden to protect information on your contractor, and that you can't be held responsible for information that leaks once it's in the hands of the 3rd-party.
Training Employees On Smart Security
Take the time to train employees on protecting sensitive information. Employees should not to leave loose papers in printers, fax machines, or conference rooms. Documents containing sales reports, customer details, and personal information should be treated as confidential. All doors and file cabinets should be locked at the end of the day to avoid theft and info leaks.
Implementing a culture that encourages and perhaps even rewards whistleblowing can be crucial to ensuring your employees follow these security guidelines.
Enforcing Electronic Security
Passwords should changed regularly and committed to memory, not written down on paper. Computers users should log off of their accounts of at the end of the day. Each system should have the latest anti-virus software, and wireless networks should be well-protected. To keep documents secure among a mobile workforce, files should be stored using cloud-based software. (And while employees should know better than to discuss company information on social media networks, take the time to create a social media policy outlining what is not appropriate for sharing.)
Destroying Old Computers
When it’s time to replace old computers, destroying the hard drive is an absolute must. According to The Denver Post, while special software can replace the computer’s information with random data, some experts say that the replacement process must occur three times to be effective. As with paper shredding, you can also hire outside services to destroy your hardware. The safest thing, however, may just be to take a hammer to the hard drive yourself.
Avoiding the Master Key
While master keys are convenient, they do pose a security risk. Picklocks can use a technique called “rights amplification” to make a copy of the key—a major risk for areas holding server rooms. To protect against break-ins, FacilitiesNet writer Lynn Proctor Windle suggests purchasing locks with “high-security cylinders,” which are not available for sale to the general public. Another good practice when choosing lock systems is to check its UL 437 rating, which ranks the lock’s ability to withstand security breaches.
Sometimes it can seem unclear whether a security issue should fall under facilities or IT. This is all the more reason to establish a culture of mutual accountability. If one department thinks that the other will take care of the matter, then neither may end up attending to it at all.
image credit: victor habbick/freedigitalphotos.net