1. Have a written code of conduct. Writing down rules and repercussions for poor behavior is the best way to make sure your employees know what’s expected of them, as well as the consequences for risky or inappropriate behavior. Offer a copy of the code to new hires, and whenever changes are made, provide updated copies to all employees. Also be sure to review it frequently so it can evolve as your company grows.
2. Maintain ample office security. Make sure to install adequate locks on doors, windows, desks, file cabinets and individual rooms in your office, and keep a close eye on keys. Make sure employees change passwords frequently and adhere to your company’s BYOD policy (you do have one, right?). Install cameras and motion detectors as needed, and be sure to use adequate lighting in all areas, especially near entrances and exits.
3. Schedule regular security audits. Make time to regularly check documents in your employees’ possession, both at their work station and on their computers. The idea is not to penalize employees, but rather to identify risky behaviors or practices where your company can improve its overall security. Once areas in need of improvement have been identified, devise and implement strategies to overcome these weaknesses ASAP.
4. Shred monthly — or weekly. Pretty self-explanatory; don’t leave sensitive documents around. This includes not only your company information, but information provided by your customers. Put a shredding day on your calendar every month or week, and then be sure to stick to it.
5. Restrict computer access. While all your employees may need to access computers to do their jobs, they probably don’t all have to be able to reach every document or file you have stored on your computer network or in your company cloud. Designating clearance levels lets you decide who has access to what, and can be a powerful step in reducing the risk of security breaches and inadvertent — or intentional — information leaks.
6. Have an emergency plan in place. You and your employees should know what to in case of a fire, theft, natural disaster or other emergency situation to avoid unintentional security breaches. Like the code of conduct, you plan needs to be written down and provided to all employees. Review it at staff meetings to make sure it’s understood.