Every business should have security plans and systems in place to prevent crime, workplace violence, and data breaches—and to minimize losses if problems occur.

By Judy Dahl

“So many business owners don’t understand that security is an everyday standard operating procedure,” laments Jim Mankowski, president of JBM Patrol & Protection Corp. “Too often it’s an afterthought.”

He cites a company with a very expensive security system. “Only one person knew how to operate it, and when that person left, they elected not to use it. Or businesses don’t lock their doors. It’s casual things people don’t think about until they’re victims.”

Or organizations may have what Jim Zirbel, principal at Capital Fire & Security, Inc., calls “headless horsemen.”  These are security systems—alarms, video, or building-access controls—that don’t mesh with a company’s culture, lifestyle and policies.

Physical security
“Our job is to reinforce organizations’ policies,” he says. “Without knowing what you want to protect and how, it’s hard for us to implement systems that will work for you. What are your hours? Who has keys? Without knowing your policies, a contractor might put in electronics that won’t get used.”

Businesses need to create security rules, he says. “Many are simple: Who gets access to secure areas at off hours? Write down which people allowed in and what you want to secure, whether it’s against theft or to protect people in the business while they’re working. Think about it thoroughly, then bring in contractors like us to electronically enforce your policies—it’s checks and balances.”

Fearing’s Audio‐Video‐Security helps businesses identify their business objectives from a security standpoint. “Our principle is assess, plan, design, implement, and measure,” explains Harry Kaminsky, executive vice president. “We lead a discussion to assess an organization, and then plan and design a solution to enhance the current security environment or initiate a new one.”

His company uses a “Customer Success Wheel” approach. “After the assessment and design phases, we put together a procure model that it makes it easy for businesses to work with Fearing to acquire equipment. Then we have a 20-point model to ensure it’s installed correctly the first time.

“It’s a ‘Total Source Solution’ that incorporates service before, during and after installation,” he continues. “There’s our ‘Tech Source’ intellectual capital (design experts); ‘Tech Share,’ maintenance and repair; and ‘Copilot Services’ after-sales training and/or hosting of security systems.”

Businesses want integrated technology they can monitor via smart phones, TVs or computers, Kaminsky indicates. “That’s where the world is going,” he says.

Zirbel agrees. “Convergence of the basic ‘food groups’ we use today—alarms, access control, video—makes tons of sense,” he says. “Convergence of multiple technologies, including data from systems they interface with, creates security with teeth. It’s actionable data that tells real violations from false alarms.”

He describes some integrated elements of Capital Fire & Security’s solutions. “For access control—keeping internal people honest while allowing employees to go where they’re supposed to—you can use video that works in concert with other systems to provide verification. Or if you have card access, we often install intercom systems to authorize visitors at businesses that may not have a receptionist. With efficiency pushes, many businesses are going to automated receptionists.”

Test your systems
To know if your systems are working properly, you have to test them, he reminds. “If you have access control, you need to be sure that when your business closes at 5 p.m., not every employee can walk through the door.”

He recommends testing alarm systems monthly to see if particular devices trigger them. “Be sure to call and let us know you’re doing it so we know it’s a test,” he says.

“With video, look at your archive,” Zirbel advises. “Many times we go to client sites and find they’ve turned off the recorder. Then when they need to see an event, they don’t have it, so make sure you’re recording.”

His company now installs video systems with “heartbeats” that allow his staff to know if clients’ systems are operating correctly. “If your system stops working, you get an email from us telling you,” he says. “It’s revolutionary. I’ve been asking the industry for it for the last six years.”

Data security
Equally important is the security of your data and records, especially when you replace equipment. “Companies are investing quite a bit of money protecting data access to their equipment while it’s online—like firewalls and virus scanning—but when they take it offline, the data is still there and a recycler may not remove it,” says Neil Peters‐Michaud, CEO of Cascade Asset Management, LLC, which provides information technology retirement solutions.

“Businesspeople get excited about new computers when they get them, but they might leave the old ones in a hallway,” he adds. “You have to have a process wipe the data. Computers have showed up on eBay with corporate data still on them. A computer with Wisconsin Child Protective Services data was purchased at a Nigerian bazaar.”

His company takes charge of IT equipment businesses no longer need. “It could be anything—desktop or laptop computers, smart phones, servers. We do different types of data removal and recycle, or refurbish, repair and resell the equipment,” he says. “We provide Department Of Defense-standard data overrides, and if we can’t sanitize a computer, we have a shredder that pulverizes the hard drive.”

Sanitizing equipment is getting more complicated, Peters‐Michaud notes. “Newer equipment has flash drives, solid state drives—that’s typical on smart phones—not the spinning drives computers have had. As you destroy data, newer drives try to recover it and self-heal. We have to research each type of equipment and do forensic work and test to make sure the data is gone.”

Retail programs called “Kill Disk” are effective for some drives. “We have that type of tool plus audit controls that discover the serial numbers of destroyed drives, how they were wiped, and if it was successful,” says Peters‐Michaud. “That eliminates the human error that can occur, especially if you’re trying to wipe multiple computers at once. We take over the liability for data security.”

Privacy regulations
In many industries, most notably finance, insurance and health care, privacy regulations require strict data security. “The health care industry’s HIPAA regulation has provisions requiring anybody who touches personal health information, such as hospitals or insurance companies, to have audited processes demonstrating destruction of all health records,” Peters‐Michaud explains.

That includes paper records as well as electronic ones. “We don’t work with paper, but we see a lot of sensitive documents or letterhead left in printers and copiers, or sensitive papers thrown in recycle bins,” he reports. “We work with Pellitteri Waste Systems to shred paper—we can’t shred paper and they can’t shred hard drives.”

Some regulations require security training for companies’ employees, and it’s a good idea for any business to establish security policies and then educate employees about disposing of old computers and handling sensitive data or documents. “A loss of data can have very serious impacts in terms of civil and criminal litigation. There have been fines for data breaches,” says Peters‐Michaud.

“A data security policy should say how an organization meets regulations. Companies should train employees to the policies, and should also have good vendor contracts in place specifying methods for data destruction,” he adds. “Contracts should include a defined process for breach notification if there’s a data loss.”

Fortunately there are many tools available to assist businesses. The federal Department of Health & Human Services (hhs.gov) has templates for developing policies and training programs, and the National Association for Information Destruction (naidonline.org) offers training and resource guides.

"We and other document destruction companies can also train clients," observes Peters-Michaud.  "It's so important to had good processes in place."

About The Writer:

Judy Dahl has been a member of the Madison business community for more than 25 years. She started her freelance writing and editing business, JKD Communications LLC, in 2003, where she develops newsletters, press releases, newspaper and magazine articles, marketing materials, and other communications for business clients including CUNA & Affiliates, Madison Magazine, Greater Madison Chamber of Commerce, EZ Office Products, AIDS Network, Cygnus Business Media, and the Wisconsin Technology Network. Before starting JKD Communications, Judy worked as corporate communications director for CUNA and Affiliates, Equifax Inc. and Certegy Inc. She holds a Master’s degree in business administration from the University of Phoenix and a Bachelor’s degree in French from the University of Wisconsin – Madison. Judy serves on the GMCC’s Small Business Advisory Council and previously served on the Middleton Chamber of Commerce board of directors and its business expo and annual meeting committees. She chaired the membership committee, where she co-developed the Get Moving Middleton monthly breakfast meeting series and implemented the chamber ambassador program. Reach her at judydahl@charter.net.