Security From The Inside, Out: Focussing your security on outsider threats isn’t enough

Working together

 

It’s more and more common for us, here at Farsight, to come across security breaches that have occurred from within an organisation. Of course, our specialty is protecting businesses and sites from intruders – and more often than not those intruders are outsiders to the business. They are simply criminals who target a site that they consider to be a lucrative job for them.

However, we believe that we have been witness to several incidents that have been the result of an ‘insider job’. We won’t name names and we are continually transparent so we know when there is a fault on our part. That means we know if something strange has been happening.

Security threat - intruderWe know something suspicious has happened when a security system has worked perfectly right up until a break-in, or a security system that didn’t alarm during an incident suddenly seems to be working perfectly once the damage has been caused. Please feel reassured that we aren’t pointing any fingers here – instead, we want to flag up to employers, facilities managers and site owners that they need to aware threats from the inside happen too. And we wanted to give a few tips to help make sure it doesn’t happen to your business and put your security at risk.

1. Change codes and passwords regularly

Many of us are guilty of using the same password and codes for several devices. Perhaps, for the sake of ease, you even have the same four-digit PIN code for your phone as you do your security system. It’s often just as bad to leave your codes and passwords unchanged for a long period of time. Even though we know it’s a pain – having to remember what seems like hundreds of different codes – it is hugely important that your security system’s passwords and alarm codes are unique and changed at least once every six months.

By adopting this technique you will be making sure that only the necessary people have access to codes that could disable your security system or provide unauthorised access to intruders.

2. Provide key holders and staff with different passwords and codes

This one can be a little trickier to implement but it is, without a doubt, worth it’s while for your security. By developing and installing a system that allows different staff members and key holders to have different passcodes when an incident happens you will be able to drill down to whose passcode was entered to gain unauthorised access.

Of course, be well aware that if an individual’s passcode is used it does not mean they are instantly to blame. Someone may have stolen the passcode from him or her, for example.

3. Quickly disable access for previous employees

Every business has a flow of employees coming and going. Amongst the work of having to find a replacement for a staff member, it is essential that you remember to disable their access to security systems and the building – along with access to the intranet (if applicable) and email systems.

Leaving an old employee with access to your site puts your security at immediate risk – they have access, may have a grudge against the company and will probably know the site well.

4. Complete background checks on employees

Many businesses will be familiar with this already, as they often need to complete background checks on employees as a lawful requirement. Indeed, we at Farsight complete rigorous background checks on our employees including police certified checks.

Completing a background check on employees will allow you to gage the employee’s previous behaviour and whether there any links to inside jobs in the past. Of course, this route isn’t for every employer – it is costly and can Police crime sceneoften slow down the recruitment process.

5. Have a circle of trust

This is perhaps the most important point of all. It’s not a necessity for everyone in your business to know certain passwords and codes – especially ones that control your security systems.

Have a small group of team members who need to know passcodes to security systems and make sure that information does not go beyond those team members. By limiting the number of people who have access to your security systems, you immediately limit the risk of an inside job happening to your company.

We developed these tips from our experience, knowledge of security systems and expertise in remote monitoring – together they hopefully form a list of tips that you can easily action within your business.

Leave us a comment below and let us know about your experiences of ‘insider jobs’ – whether you’re the remote monitoring station, security systems installer or end-user.