Top security concerns for small businesses

When we meet with businesses, we're often asked for our top tips to ensure a business remains safe and secure, particularly small businesses with little or no budget to invest in state-of-the-art security technology.

State of the art technology won't protect any business fully. While CCTV cameras, anti-theft devices and savvy products are helpful, they're costly and not within budget for many. In the following article, we'll look at the most common physical security risks and how to protect your business against them on a budget.

Risk 1: Tailgating

Most workplaces are secured by access control, whether this be a locked door or a swipe-card access point. Unfortunately, these physical security measures are easily overcome by a determined attacker who simply follows an authorised person into a secure area of your property.

Tailgating naturally happens in multi-tenancy properties as multiple people pass through doors. Only the front must present identification or a swipe card. The people following behind will simply follow through - making it easy for any unauthorised person to get in.

The expensive option is to install anti-tailgating doors, which makes it virtually impossible to follow someone in. The cheaper and most cost-efficient measure is to provide physical security training for your employees. Whilst it's somewhat less reliable, guidance such as not holding doors open to people they don't recognise is pretty simple. You should also encourage employees to actively report any tailgating attempts they witness to security personnel, preventing the opportunist from returning.

Risk 2: Theft of documents/equipment

Whilst many businesses now store documents online, some will still have physical papers lying around throughout their office. Sensitive documents can quickly become unaccounted for - and fall into the wrong hands. Even if they are not taken from the office, visitors could see confidential information. Once a picture or video is taken – there's no going back.

We recommend maintaining a clear-desk policy to prevent accidental theft or loss of documents or equipment, ensuring that all desks are cleared at the end of the workday. This will make it less likely that items are left in vulnerable locations meaning that should an intruder enter, you're a lot less likely to find misplacing documents or leaking information..

Risk 3: Unaccounted visitors

If you don't know who is in your workplace at any specific time it is highly challenging to maintain  a high level of physical security. Unaccounted visitors pose a severe risk, as you won’t know if they were present if an incident occurs. 

While a simple lock and key are far more cost-efficient, access control with swipe-card-access or ID doors are essential for business security. You should also ensure that all visitors are accounted for by supplying them with visitor passes. This way, you will always know if a person within your promises is authorised to be there. Furthermore, keep a log of entry to later verify when a person was within your premises.

If the above is outside of your budget, we would recommend that only core staff are supplied with an office key and the remaining employees should only be present in the office within core working hours, therefore reducing the risk of a security threat.

Risk 4: Stolen identification

An access control system only works if everyone uses their own identification. If people are going in and out of your premises using someone else's identification, the result is the same as if you had no access control at all.

We recommend educating employees on protecting their IDs or access cards. Without training, employees will often share or lend each other their cards, making it hard to adequately monitor access. Employees may also be careless with their IDs unless the importance of protecting them is explained.

Risk 5: Social engineering

Social engineering attacks rely on manipulating your employees, often using information they have managed to gain to impersonate someone else such as an employee sent to read the gas or water metre. 

A classic example of social engineering is the ''coffee trick'', which involves a person holding a cup of coffee in each hand and walking towards an office door. An unsuspecting team member passing through the door or nearby will keep the door open out of courtesy, thus letting an unauthorised person into the premises.

Social engineering is quickly resolved by implementing a security badge process which means all staff are required to display one whilst on the premises.

Whilst these measures are cost-efficient, they will in no way fully protect your business from opportunists, and therefore, we recommend a thorough security audit to ensure each security risk is addressed. For a free, no obligation quote or advice, please contact the team at