Running a small business is full of exciting and, sometimes less exciting challenges, and sometimes a year or two can go by before you know it. While some things, like getting your taxes done, have to fit into those annual cycles, other more self imposed annual tasks can get forgotten. Sadly, security audits can often fall into this category.
Every business should have a security strategy in place and a set of policies and measures to protect the people, assets and data belonging to the organization. To make sure that your strategy has grown with your business, and that standards haven’t slipped, it is advisable to perform a security audit at least once a year. If your business hasn’t had one in a while, or worse, doesn’t even have a security strategy; then now is the time to do a full audit of your IT and physical security.
Review Policies, and Check They Are Being Adhered To
If you don’t have any formally documented policies, now is the time to write some, however you can consider things that are simply ‘done’ as current policy. If, for example, only one person has access to the key to the supply closet and another person deputizes when they are not there, this can be considered policy even if it has never been formally written down.
Every year, your audit should include checking that your policies are complete, and that they are adequate. Your business may have taken on a lot of new people, or bought a lot of new hardware in the last year, and you need to be sure that the strategy to take care of all of these resources isn’t lacking anything. If your strategy has grown organically with your business, take the time now to update your written policies – this will help if there is ever a dispute, and also make it easier to quickly inform new people how things are done.
Also check that everyone is aware of policies. If you have a policy of shredding all papers every week, check that this actually happens. If you have a policy of staff locking their laptops and other gear in their desks and taking the keys when they go home, check that they do.
If you have any kind of formal business security system then the annual audit is a good time to archive old CCTV footage, and review things like camera placement and the policies around setting alarms and other measures.
Check and Update Records
One major part of your business’ security plan should be keeping a log of all of the company’s assets. This doesn’t just mean any stock you have to sell, if you are a retail business, but also your own hardware, tools and equipment. Whatever kind of small business you own, you probably have some valuable tools, even if it is just some computers and printers. These should be updated all year round as any gear is retired, replaced or purchased, but when you do your annual audit you should check that your records do indeed match what you have within your business.
Today’s featured contributor, Kate Harris, is a security expert at AAA Satellite, one of the leading manufacturers of business security cameras in KS. She likes to share her expertise on business security systems through blog articles.