33 questions to ask about your company’s security

When’s the last time you took a walking tour of your company?

Do you have the right security measures in place at each stop?

Here’s a reminder of where to look (and what you might find) when you get out of your office and into corners of the organization.

Point of sale

Cash, cards, inventory and customer data intersect at the point of sale.

Are your registers, networks and procedures up to snuff?

Cash-handling processes documented?

Wireless communications locked down?

Employees trained (and appropriately monitored)?

Call centers

For many companies, call centers are the heartbeat of the business.

You’ll need a balance of physical and digital security measures to protect customers and employees alike.

Do your terminals and applications display only the necessary customer information?

Is the facility well lit for employee safety, including the parking lot?

Is physical access control in place and correctly used?

Data center

Have your defenses kept up with new technical developments in virtualization and private clouds?

In addition to your IT security measures – of course! – you also need to check on securing the facility itself.

Are doors, walls and windows appropriately resilient?

Would strategically placed bollards and/or landscaping improve the building’s security?

(Find more defensive measures in 19 ways to build physical security into your data center.)

Parking lots

Access control, fencing, lighting, call boxes, cameras, patrols – there are many security measures available. The question is, what’s the risk profile of each parking area?

And what’s in the surrounding area?

What are the hours of operation, including outliers?

So what level of protection is appropriate?

(Also good and bad parking lot design features.)

HVAC

What are the consequences of a physical disruption to the HVAC system?

Can the system be used as a means of access to your facility?

To what degree are your HVAC controls remotely/digitally accessible, and what new risks might that create?

Loading docks

Goods flow into and out of your company at the loading dock.

Do you have a visual record of each delivery and associated personnel?

What credentials are required for inbound drivers?

Are restrooms for visitors *outside* of secured areas?

Is the loading dock area ever left unattended (during breaks, for example)?

Can security systems be connected to inventory systems in any ways that increase efficiency?

Mailroom

Are your employees trained to recognize a suspicious package?

Do you have a protocol for this contingency?

Multitenant buildings

Have offices or stores in shared space? When you’re colocated with other businesses, good neighbors make good fences.

What is the risk profile of neighboring businesses? (It might be higher than your own.) How should that affect your security measures?

What facility employees have access to your space? How are they vetted? How are keys and access cards secured and managed?

Are common areas appropriately secured?

Headquarters and mahogany row

Everything from facility design to badge policies plays a role in keeping your buildings secure.

And of course, you should take a hard look at your employees:

Are they trained to prevent social engineering?

And can they pass the clean desk test?

Offsite data or paper record storage

Are ALL records appropriately encrypted, locked up, and otherwise protected?

How are records secured in transit to the storage facility?

Is the chain-of-custody documented reliably?

Are your data destruction procedures up-to-date with regulatory, business, and security requirements?