Security should be a top priority for any business. However, with attacks against UK small businesses costing an estimated £21.5 billion per year in damages, it’s the smaller companies that have more to lose when it comes to breaches. Business break-ins, cybercrime and white-collar crime are all on the rise, and small businesses will be the first to suffer if they don’t put the proper foundations in place to protect themselves.
Many small businesses don’t think about security until the worst happens. That’s why Izzy Schulman at Keys4U wants to encourage employers to take a proactive approach and nurture a culture in which business security is every employee’s responsibility.
Start from the top
Small businesses don’t have the same security budgets as their larger competitors. Where medium and large businesses may be able to employ dedicated cybersecurity experts and security staff to work on reception, in smaller businesses it’s often down to each employee to play their part in making their workplace safe and secure.
However, this doesn’t mean just running a single cybersecurity course or asking employees to lock up occasionally. The key is making security a part of every employee’s role expectations. It's important that any change in culture starts from the top. This means employers, managers and senior staff should lead by example.
Organize informal chats with employees where you share how senior employees are changing their daily habits to promote better security – such as having an employee who takes responsibility for making sure no equipment is left running before staff leave for the weekend. Employees who see senior staff make time in their busy schedules to take on extra responsibilities are more likely to make an effort to play their part, too.
Keeping it simple
For many employees, the biggest challenge to becoming more security-conscious is time. Employees in small businesses often have packed schedules and simply can’t find the time to add extra tasks to their daily routine. Show them you understand that asking them to take on security training or extra tasks may be inconvenient, and discuss how they can help out without disrupting their schedule.
Also, ask them how they prefer to learn. If they learn best through online courses, handing out information brochures will seem like more of a chore. If they see going off-site as unproductive, consider bringing an expert into the office for an informal seminar on how to improve their security knowledge. Make it as effortless as possible for employees to pitch in. This may also include investing in a fob alarm or installing a more modern locking system on doors that’s intuitive for employees to use.
Recognize and reward
It’s important to acknowledge that company security is not the main priority for busy employees and those who pitch in are going the extra mile for the business. One way to show your appreciation is by rewarding those who make an extra effort. Create a culture that celebrates employees’ who go above and beyond. It doesn’t have to mean singling them out in a staff email, but instead simply acknowledging staff who have performed well that month in an informal gathering on the office floor.
Reward schemes can also be used as extra inspiration. Again, it doesn’t have to be a significant investment, but things like small gift vouchers show your appreciation and act as a motivation for high-performing employees to keep up the good work. If you’re running a workshop or training session for the whole business, consider organising a team meal afterwards where you can celebrate the team effort and show your appreciation for everyone buying into company goals.
Assessing the risks
While it’s important to encourage general security best practice, most of your security training should be around the specific threats facing your business. Employees will be more likely to respond to security risks when they can relate them to their daily duties.
The best way to identify weak links in your business’ security setup is to carry out a thorough risk assessment. This involves going around the office and recording every possible physical hazard and noting them along with who could be at risk and putting together a comprehensive plan of how to deal with each danger.
Keeping a log of all potential risks and a clear, step-by-step plan of how to deal with them makes life easier for employees. When a hazard arises, employees can quickly refer to the handbook and follow the instructions.
Creating a culture of security means all employees are aware of the dangers your business faces and understand how to prevent them. Important tasks like locking up the office at the end of the day and being responsible for your company’s online security should be given to individuals or groups of employees who are provided with the right training to carry out the jobs properly.
This can often be mutually beneficial – allowing employees to assume additional responsibilities, for example becoming the office fire marshal, to help build up their CV. Offer the opportunity for employees to volunteer for certain roles and let them know of the benefits on offer, for example providing full first aid training on the company or offering more flexible working hours for those who open the office in the morning or lock up at night.
Security in small businesses is never ‘done’. There will always be new threats – especially as companies continue to move more of their information and projects online – so it’s important to nurture a security culture that encourages employees to keep learning and stay on top of new threats.
About the Author
Izzy Schulman is the Director of Keys4U. In 2010, following service with the Israel Defense Forces' Navy Seals and a successful stint at a hi-tech locksmith in the US, Izzy Schulman moved to the UK. Since then, he’s taken Keys4U from its launch, to becoming a renowned, nationwide company which employs 50 people. Izzy specializes in business development and managing growing franchises and start-ups which, along with a wealth of expertise in his field, ensures Keys4U is in safe hands.