Access and Security in the Workplace
Managing security in the workplace and accessibility is vital for the smooth operation of your business. It determines how vulnerable your property is to theft as well as how safe your members of staff are in their place of work.
The risk of theft applies to property such as personal belongings, equipment and perhaps also cash. However, it’s also relevant to the illegal taking of sensitive information, whether from portable devices such as laptops or tablets or from a centrally held virtual server.
Good, well-managed security measures will keep your business safe from intruders and hackers and keep your insurance premiums low. Poor security will leave your business vulnerable and, should you suffer from a crime, will most likely cost you a lot of money as well as sending your insurance premiums sky high.
Crime statistics
According to the Office for National Statistics (ONS), in 2015 there were 4.9 million crimes committed against businesses. Approximately 91 per cent of these were property related. The following year, the 2016 Commercial Victimisation Survey (CVS) covering England and Wales reported that the highest level of crime was in the wholesale and retail sector – 5.2 million incidents.
During the period April 2016 to March 2017, there were 205,667 cases of non-domestic burglary, where an intruder entered premises without permission. There were also 6,004 instances of robbery of a business property – for example, the taking of commercial property from a person without their permission.
Add to this the figures for theft of vehicles, shoplifting and cybercrimes and it’s clear that security is a major issue for commercial operations today.
Online security
In addition to burglary and robbery, cybercrime is prevalent. There are some simple steps that you can take that will help you protect your business from online security threats. Pay special attention to cyber security measures that guard your customer data, intellectual property and financial information. The Government endorses the use of Cyber Essentials documents, which are free to download from the Government website and take you through a stage-by-stage process to set up improved cyber security. When you have successfully done so, you can display a badge on your website to give your customers confidence in your online stability and security. Among the other resources available to you are:
- Straightforward advice to help your business stay safe (Cyber Aware).
- A short guide offering further practical security advice (Small businesses: what you need to know about Cyber Security).
- An e-learning module (60 minutes free online basic training).
- Additional information on a free e-learning course developed by the Open University and FutureLearn to help you and your staff protect themselves online (Introduction to Cyber Security).
Reporting cybercrime
You can contact Action Fraud, the UK’s national fraud and internet crime reporting centre, to report online fraud or cybercrime to the police. This is an online tool, and you can also access Get Safe Online, which provides a wide range of expert advice that is free.
The Government publishes a list of companies that can assist you if your business has experienced a cyber-attack (Find IT and cyber security companies in the UK).
The website also has a special section for larger businesses where additional help, advice and resources are available. This includes Certified Cyber Consultancy and the new National Cyber Security Centre, which produces a comprehensive range of useful guides on all areas of cyber security. If you are concerned about secure passwords or issues with Bring Your Own Device (BYOD) and network encryption, you will find helpful information and guidance on these and other topics including:
- Cloud computing security.
- Denial of service (DOS) attacks.
- Patch management.
- Social engineering.
It’s worth taking the time and trouble to tighten up cyber security for your business, as otherwise you will find that it is uncomfortably open to attacks and fraud.
People access management
People access management should be regarded as an essential part of both your business health and safety procedures and your security arrangements. Employers have a duty of care to keep employees as well as visitors safe on their business premises or site. It’s important to make sure that you are aware of who is in the workplace at any given time.
You should also give plenty of thought to who should have access to which areas in terms of their personal safety – for example, authorising specific individuals with appropriate training, skills and experience to access hazardous substances, but warning other unqualified personnel to stay away.
As a responsible business, you will also want to protect sensitive commercial information. You can do this by introducing security protocols for online connection with the business that allows individuals access according to their organisational status.
Getting it right
To achieve a healthy balance between accessibility, safety and security, create a management strategy that builds on your organisation’s strengths, mitigates any weaknesses, and allows your team to do their job without compromising their ability to do so.
When making decisions about access, bear in mind the Equality Act 2010 Section 39 (2b), which makes it illegal for an employer (A) to discriminate against an employee (B):
“in the way A affords B access, or by not affording B access, to opportunities for promotion, transfer or training or for receiving any other benefit, facility or service;”
In other words, denying access to information necessary for an employee to do their job is against the law. Another point of law to bear in mind is that while it is important for businesses to manage the security of their facilities and access to them, it is also a legal obligation to ensure that employees and visitors have easy access to an evacuation route in the case of an emergency. Failure to follow fire safety regulations is a major offence and could result in being faced with a fine of up to £5,000 for minor breaches or up to two years in prison for major offences.
Access management and fire evacuation
You’re responsible for fire safety in business or other non-domestic premises if you’re:
- An employer.
- A landlord.
- An occupier or employee.
- An owner.
Most employers in larger businesses also designate certain employees as Fire Wardens. These individuals receive appropriate training and are generally involved in drawing up the organisation’s Fire Evacuation Plan (FEP). Normally, anyone else with control of the premises shares responsibility for drawing up the FEP and for working together with Fire Wardens to manage emergency evacuations. This might include, for example, a building manager, facilities manager, managing agent or risk assessor.
Employers and designated staff should carry out a fire risk assessment of the premises and review it regularly. They must tell employees about the risks that they’ve identified and put in place, and maintain appropriate fire safety measures. You should also plan for an emergency and make sure that your staff have all the relevant information and that they have received appropriate fire safety instruction and training.
Fire risk assessment
Setting up a fire risk assessment is straightforward: the aim is to identify what needs to be done to prevent a fire and keep everyone on your premises safe. Once in place, the assessment should be reviewed on a regular basis. If the business employs five or more people, this assessment must be put in writing.
The key steps to take for an assessment are:
- Identify the fire hazards and where they are located.
- Identify those people deemed to be at risk, including vulnerable people.
- Evaluate, remove or substantially reduce the risks.
- Record your findings and use them as the basis for an emergency plan.
- Provide appropriate fire safety training for staff.
- Review and update the fire risk assessment regularly.
Pay special attention to:
- Access to emergency routes and exits.
- Systems to detect fire and warn employees.
- The regular inspection and maintenance of firefighting equipment.
- The removal or safe storage of hazardous substances.
- Providing accurate information to staff and visitors to the premises.
Fire safety drills, equipment and training
Carry out a minimum of one fire drill every year and record the results each time. Keeping the results will provide you with a record of how effective your fire evacuation plan is. Depending on the business premises and the work that is carried out there, you may need to install different types of detectors. Always train new staff in safety procedures when they start work, and tell all employees about any new fire risks.
As with detectors, the types of equipment that you need depend on the nature of your business premises. Make sure that all equipment has been properly installed, tested and maintained by professionals. Train your employees to use the equipment if necessary.
When planning maintenance and testing schedules, carry out regular checks to make sure that:
- All escape routes are clear of any obstruction.
- Automatic fire doors close as they should.
- Fire alarm systems are working.
- Fire escape doors are easy to open.
- Fire exit signs are positioned correctly.
- Emergency lighting is working.
- The floor of escape routes is in good condition.
It’s important to record any faults in systems and equipment and to have them rechecked and repaired or replaced.