Workplace security is critical to everyone in an organization, impacting everything from employee well being to productivity.
That’s not to mention the potential losses—economic and otherwise—that rise from cyber attacks and data breaches.
And of course, you can’t put a price tag on preventing workplace violence.
In short, workplace security impacts everyone, all the time. Therefore, it requires proper vigilance and the right policies to keep all workers and assets safe. This is becoming an increasingly complex task. Especially because workers and assets are now more likely to be spread out across multiple locations.
In this article, we explore how to maintain and improve workplace security in any office, including policies and easy-to-implement strategies that make hybrid work and other new work environment types much safer. We’re focusing primarily on office space security, although most of these strategies are broadly applicable across many worksites.
Workplace security is about a lot more than simply protecting your office building from break-ins.
Specifically, workplace security is about continually protecting workers, both in-office and remote, along with all assets, data, and networks, including the building automation system.
Today, business owners and facility managers (FMs) also need to contend with cybersecurity, information security, and asset security.
Moreover, dealing with a hybrid office or one that is fully remote introduces new security risks. Especially when hybrid workers are dealing with sensitive data. Popular new flexible seating arrangements, where employees share desks, can also introduce vulnerabilities.
And as we quickly learned from the pandemic, workplace security needs can change overnight.
For all these reasons, companies need robust workplace security policies and procedures in place. This helps to protect themselves from existing, emerging, or potential risks.
As we’ll cover below, this typically requires continual risk assessment, well-planned security procedures, and enhanced workplace visibility.
There are all the obvious reasons why workplace security is important.
Not only do businesses have an inherent duty to keep their people safe—along with legal responsibilities thanks to the Occupational Safety and Health Administration (OSHA). There are also financial reasons to improve physical security. Namely, the potential huge costs and downtime that come from any security breaches.
Beyond this, improving workplace security dovetails with more contemporary workplace concerns like improving health and wellness. This is, of course, along with enhancing workplace experience and even employee empowerment. Prioritizing workplace security is also about prioritizing workers, who will appreciate (and excel in) environments that safeguard their well-being.
Critically, a 2022 State of Employee Safety Report found that 97% of American workers consider feeling safe to be an important factor in determining where to work. And 89% consider workplace safety more important than ever before.
Coupled with the fact that 83% of respondents reported having encountered at least one case of emergency in their careers, a picture starts to emerge. Employees both need and are demanding better workplace security. And employers that neglect it do so at their own peril, in more ways than one.
It’s clear that workplace safety has a powerful influence over organizations’ ability to attract and retain talentAlex Vaccaro, Chief Marketing Officer for AlertMedia
It’s clear that workplace safety has a powerful influence over organizations’ ability to attract and retain talent
The first step in maintaining security in the workplace is also the most important: makinging workplace security a top priority.
“I believe that security comes from the top down,” says David Brunsdon, Certified Ethical Hacker (CEH) and Cybersecurity Analyst and Consultant at Dark Ivy Consulting. “The number one thing a facility manager can do is influence policy.”
In other words, leadership can’t simply install some security cameras and call it a day.
Instead, they need to develop a complete security plan that includes regular risk assessment and continually stressing the importance of office security. This should include properly training all staff around any security program or procedures.
Specifically, companies can and should implement the following eight steps to keep their office and their people safe.
One of the best ways to enhance workplace security is also one of the easiest: installing a badge system that regulates who has access to what in any physical spaces.
With a badge system, employees (and sometimes visitors) have key cards or use their phone or an ID badge to gain physical access to whatever spaces or resources they need.
By the same token, this system can also restrict physical access as necessary.
Badges can be basic, just letting people into or out of the parking garage or their building, or they can be complex, controlling access to specific departments, floors, private rooms, or other assets.
A good system can ensure that any sensitive information is only available to those with authorized access.
Better still, badgers can be part of a control system that can be used to keep out any potential security threats—i.e.: security guards can create a list of blocked individuals who should always be denied access.
Moreover, when they integrate with space management software, badges can provide real-time data into how employees are actually using the office, which can then lead to improvements in space utilization and help improve any new flexible working efforts.
This system can also provide better visibility, so that all concerned parties (including those monitoring security) have better insight into who is in the office, when.
For this reason, implementing a badge system is a great way to both reduce potential threats, while making the office easier to navigate in the process.
Badge systems work best when they are part of complete smart buildings: IoT. When it comes to workplace security, IoT sensors can help automatically keep track of where everyone is—especially if they’re not supposed to be there.
This can and should be coupled with an enhanced employee alarm system, that IT and FM departments set up together and regularly test (ideally as part of a facility checklist that ensures all aspects of the office are running smoothly).
Just as important, employees need to know what to do should the alarm sound.
Note, too, that this type of training is not typically ‘one and done.’ Instead, employees should go through this preparedness training on an on-going basis. It should be a part of on-boarding efforts as well.
While employee security will always be the primary focus, business assets also need to be protected. That’s why asset tracking should be part of the same workplace management software that handles these other systems.
For example, OfficesSpace offers asset tracking that makes it easy to track not just people, but any valuables, big or small. This lets businesses track everything from printers and Sit/Stand desks to laptops or even the first aid kit.
Again, not only does this help prevent property theft. It also enhances visibility to make life easier for anyone using the office. This is especially important for hybrid or fully remote offices, where people and assets can be far flung and otherwise hard (and very frustrating) to locate.
Finally, it’s important to note that thanks to the rise in remote work, more and more employees will be using laptops or other hybrid workplace technology that they may carry from place to place.
The onus is therefore on companies to ensure they give employees anything that can help with security, such as locks or laptop cases.
Employees can also be given guidelines for using company property (i.e.: don’t leave your laptop on the front seat of an unlocked car, for example), to help protect assets.
Of course, companies can do a lot more to help employees protect assets than simply giving them a good laptop case.
Specifically, employees should be able to easily encrypt critical data (coupled with good encryption policies, which we’ll explore further below).
All employees should also be using antivirus software and password protection tools. Ideally, this will include strict guidelines on creating secure passwords, along with two-factor authentication (2FA) or multi-factor authentication (MFA).
And IT teams should ensure that remote workers have a safe and reliable Internet connection, along with a good VPN.
Meanwhile, they should work with HR to ensure that employees have the right rules and guidance to understand how and why to use all these critical tools.
Password protection, VPNs, and similar steps all have the same goal: data protection.
As we all know, along with the benefits of the digital workspace come the associated risks. Namely, if we’re online, we’re vulnerable to hackers.
Today, even small companies are no longer safe from bad actors—in fact, given their often laxer security, many hackers will see them as easy targets.
For this reason, companies need good collaboration in the workplace between IT and FM, so that both teams can work together to address security issues.
This should include monitoring and protecting easy access points (such as the building automation system, or BAS, like we’ll cover below).
It should also include working with the HR department to ensure employees understand any security politics, as well as the importance of following them.
It’s also critical to create—and communicate—guidelines around access control and how and when data should be shared..
A chain is only as strong as its weakest link. And when it comes to workplace security, the weakest link is often human error.
That’s why employees need to be aware of security issues, and how to prevent them.
For example, they should be trained about how to spot subtle phishing attempts. Intruders often easily use impersonations or distractions to gain false credentials and access.
“I believe anyone can get tricked into clicking the wrong link,” says Brundson.
Again, employees need to have clear guidelines, along with training sessions on common manipulation tactics. It’s only when armed with the right technology, rules, and training that they can employees properly help keep the workplace safe.
Another weak link in the office security chain often comes from that lack of adequate security in building automation systems. The BAS is the integrated system that manages everything in the building from HVAC to security systems. It’s separate from the corporate network, but it’s still on the Internet. That means it’s vulnerable to hackers—often more so, because these systems are often older and not as closely monitored.
The first step to shoring up security in a BAS is to do a penetration test. This is where you hire an ethical hacker to identify weak spots. From there, you can create the right security measures for your system. Brundson and other BAS experts also recommend using the BACnet communication protocol.
Everyone in the company also needs to understand that they should never, under any circumstances, use the BAS to check their email. Email should only ever be accessed on the corporate network.
Finally, it’s important to note that the BAS is managed either by the building owners themselves, or by outside contractors. In other words, your IT department does not manage it. And they may not know about the security issues pertaining to it.
Therefore, one of the major roles and responsibilities of a facilities manager is to bring in the right people to test the BAS and train the appropriate people on how to better protect it.
Last but not least, don’t forget that old-school physical security is still incredibly important for workplace security. That’s why part of a risk assessment should always be to find and address potential access points. Especially weak ones, such as doors, windows, and unresistant walls.
So while IoT sensors have their place, so do heavy locks and durable barricades, and, quite frequently, security cameras.
Note that not only do cameras need to observe—they also need to record.
And since these recordings need to be backed up with software, they introduce their own security risks.
Therefore, FMs and IT will again need to work together to create a system to record securely. This is often by deploying cameras behind firewalls or by restricting access to only trusted IP addresses.
Ultimately, the best way to maintain workplace security is to make it a priority. Also, to ensure workers have the guidelines, tools, and training they need to help keep their workplace safe. Coupled with the right workplace software, this can lead to offices that are safer, of course, but also more collaborative and productive.
Get a personalized demo and create a
hybrid workplace that works for everyone
Photos: guvendemir, Ignatiev, guvendemir