Instituting the proper workplace security measures and planning for disasters coupled with the right insurance coverage, are vital components in minimizing the risks to your business.
Running a business means you learn to expect the unexpected. However, when events that are totally out of the ordinary course of business occur, if you don’t have a plan in place, the resulting damage to your business can be catastrophic. We’re talking about Identity theft, Security vulnerabilities, security breaches, Ddos attacks, forgery, computer piracy. It’s a fact of life that Mother Nature sometimes strikes, accidents happen, and some people steal things.
No doubt you’re thinking “I can’t control the weather or other people’s behavior.” True, but what you can and must do is take steps to minimize these sorts of risks to your business. How? Well, in addition to obtaining the proper types and amounts of insurance for your business and your assets, you should consider:
- Implementing security measures.The proper security measures can protect your business from burglary, theft, embezzlement and other crimes.
- Disaster planning.Developing a disaster contingency plan allow you to manage the impact of natural forces such as hurricanes and earthquakes, on your business.
Using Security Measures to Protect Your Business
Crimes against people and crimes against property can significantly add to your cost of doing business for many types of small businesses. Shoplifting and theft of business property are all too common and costly. Crimes against business owners, employees, customers, and others who enter the premises are less common, but can be more tragic and traumatic when they occur.
While you’ll never be completely free from the effects of crimes against your business, there are decisions that you can make about your facility that can lessen the likelihood and impact of crime on your business. Primarily, these decisions concern facility location and building security.
Site selection. Where you decide to locate the facility can have a great effect on the security needs of your business. If you locate in a high-crime area, you’ll likely need to invest in more facility security features than if you locate in a low-crime area. This could lead a prospective business owner to say, “So I’ll only think about putting my facility in the most crime-free area that I can find.” However, remember that higher-crime areas are usually significantly cheaper in terms of rent, and if you can save 60 percent of the cost of your rent, you can buy a very nice security system and still come out ahead.
Another consideration is that higher-crime areas are often under served in terms of retailers and other businesses. Some small business owners have found they can make a good living by accepting the risks of an operating in a particular neighborhood where there’s little or no competition.
Building security features. What kind of security features you’ll need will depend on what kind of business you operate, and on how severe you think the crime threat to be? Common building security features include:
- steel security doors, particularly in areas of the building that are away from public view
- folding metal security gates that cover storefront areas (but many business owners don’t like to use them unless necessary, because of the negative image that it may give the area)
- security alarm systems: motion sensors, breaking glass detectors, window and door alarms — all of which may or may not be hooked up to security monitoring services or the local police department
- external lighting on all points of access into the building, the dock facility, and parking lots.
- Consider timers that turn lights on at certain intervals to keep thieves guessing as to whether or not anyone is in your place of business. You may also want to have motion-sensitive lighting installed near doors and windows. It serves a dual purpose; when thieves approach your building, lights may surprise and deter them, and when you or your employees’ approach in the dark, it lights your way and makes your entry safer.
- fenced, limited access parking lot and company vehicle storage areas
- security cameras, hooked up to a video recording system or monitored by an on-site security guard, and trained on each point of building access and on areas where theft may be most likely occurred, such as the sales floor and the loading docks
- one-way mirror security “blinds”
- lockable cash offices, equipped with secure safes
- bullet-proof security glass (needed in high-threat areas, and where large quantities of cash or extremely valuable products are kept)
Choosing Effective Security Measures
Depending on the severity of security threats your business faces, you may find it advisable to augment your workplace security features by using security guards. You can either employ such guards directly, or contract with private security service companies for them. Although you can have a guard stationed at the site around the clock, most small businesses that use security services opt for a guard that periodically checks the facility after hours. Leaving trained guard dogs to roam the locked facility after closing is another alternative.
Tip
Before you decide to use security guards on your business premises, ask your insurance agent about how this affects your liability coverage. You should be particularly careful about this if your guards will be armed, or if you will be using unattended guard dogs. The last thing you want is to end up paying a legal judgment to a burglar!
Locks and key control may seem like an obvious way to increase security, but you’d surprised to know that many business owners don’t take full advantage of this type of security measure. The use of dead bolt locks, where appropriate, and the use of double cylinder dead locks, requiring that a key be used to open the door from either side, can go a long way in discouraging burglary of tempting theft targets. But locks don’t help if you don’t remember to use them!
Be sure all doors and windows have locks and that those locks are sturdy and, above all, used. Get into the habit of checking all the doors and windows before you lock up and leave for the night. Don’t assume that because a door was locked yesterday — and because you didn’t see anyone use the door — it is still locked. Be safe rather than sorry.
Tip
As an additional bonus, an adequately locked-up facility may make you eligible for discounts from your insurer.
After proper locks are installed, key control is also essential to making sure that the property remains secure. To make sure keys don’t fall into the wrong hands:
- Issue as few keys as possible.
- Establish specific rules regarding the “loaning-out” of keys by those to whom they are issued.
- Take a periodic inventory of keys.
- Get keys that say “do not duplicate.”
- Control who can make duplicate keys.
Remember, too, that locks aren’t just for doors. There are window locks, desk locks, file cabinet locks, and even computer hard drive locks. Make sure you have keys and key control for all of them.
Creating a Written Security Policy
As part of your security program, you may choose to write up your security rules and give them to your employees. You may want to include your security rules in your employee handbook, if you have one.
Security is a broad issue, and you may choose to keep the focus of your policy narrow, or you may choose to address many different aspects of security in your policy. What are some of the topics that you might include? Consider including the following:
- guards and security
- your security program/committee
- areas of limited access
- restrictions on visitors
- statements regarding the removal of company property
- escort services to cars, if you provide it
Taking Steps to Recognize and Prevent Employee Theft
Embezzlement or employee theft, is an equal opportunity problem for businesses of all sizes. The best way to prevent embezzlement is to recognize the warning signs that it’s taking place and implementing an internal system of controls.
Embezzlement has been defined as “the fraudulent appropriation of property by a person to whom it has been entrusted.” This is a fancy way of describing your employees stealing from you. Embezzlement doesn’t happen only to bigger money-making businesses that you read about in the news. It happens every day to the small business owner. Small businesses are also less likely to take the precautions necessary to prevent embezzlement. Unfortunately, it’s a fact that small businesses can’t afford to ignore.
What can you do about this very real problem? The best ways to combat embezzlement are by recognizing the warning signs, establishing internal audit controls, and perhaps bonding employees where appropriate.
Signs Signaling Employee Theft
The following are some warning signs that embezzlement may be taking place in your business:
- Increase in overall sales returns might represent a concealment of accounts receivable payments.
- Unusual bad-debt write-offs could be covering up a fraudulent scheme; a decline or unusually small increase in cash or credit sales could mean that some sales are not being recorded.
- Bounced business checks could indicate that funds are being siphoned out of your bank account.
- Inventory shortages could indicate fictitious purchases, unrecorded sales, or employee pilferage.
- Profit declines and increases in expenses could be a sign that cash is being siphoned off illegitimately.
- Slow collections can be a device to mask embezzlement.
Establishing Internal Controls
If you suspect there’s a problem with employee theft (better yet, before it occurs!), there are basic actions that you can take in implementing an internal system of controls, including the following:
- Screen applicants before they are hired.
- Periodically examine bank accounts to see if there is anything unusual.
- Take precautions in preparing payroll: have more than one person prepare it, have several different people prepare it, or oversee it yourself.
- Have two people sign off on checks.
Creating an environment that discourages dishonesty. While there is no foolproof system of accounting or internal control that will absolutely prevent employee dishonesty losses, an environment can be created where employee pilfering is discouraged.
The first step is to review every area where potential dishonesty problems could arise, including:
- inventory control
- data processing
- purchasing
- receiving
- bookkeeping
- cash disbursements
The next step would entail setting the mechanisms in place to remove the temptations that could make an otherwise honest employee dishonest.
In setting up an internal audit system, it’s common procedurally for most companies to divide financial responsibilities and functions so that no one employee controls all aspects of a transaction. To expand on the idea of requiring two signatures on a check, insurers and consultants recommend the following:
- Require checks to be countersigned by two responsible officials.
- Limit the endorsement of checks, by anyone other than the owner, to deposits for credit only.
- Delegate the responsibility for receiving checks and cash to someone other than the person who records incoming funds.
- Mail statements to outside accounts directly at least monthly.
- Examine payroll records periodically to prevent padding.
- Make sure that employees responsible for ordering goods and supplies are not the same ones responsible for receiving them or paying for them.
- Do not give the person who has the authority to write off bad debts the authority to make a credit sale or loan.
- If someone else does payroll, make sure you have access to payroll data on the computer and that no one changes the passwords or access requirements for that data.
Taking inventory and outside audits. Dividing financial responsibilities and functions is not enough, though. Take an inventory of your merchandise at least annually and have an outside public accountant audit your cash and accounts annually.
Warning
An employee who never takes a vacation could be concealing acts of dishonesty. All employees, but especially the ones who have access to your business records, should be required to take some time-off.
Bonding Employees
Even if you have an internal auditing system that makes embezzlement difficult, the danger of collusion still exists. Consequently, some companies protect themselves from employee dishonesty by bonding their employees.
Bonding is the process by which an employer can be indemnified for the loss of money or other property sustained through dishonest acts of a “bonded” employee. It can cover many types of fraudulent or dishonest acts committed by an employee, alone or in collusion with others, including:
- larceny
- theft
- embezzlement
- forgery
- misappropriation
- wrongful abstraction
- willful misapplication
Planning for Disasters
It seems lately that natural disasters are occurring with more frequency and intensity. In the past few years, in particular, floods, earthquakes, fires, mudslides, tornadoes, and hurricanes have caused millions of dollars in damages to the homes and businesses they strike. While you can’t prevent a natural disaster from occurring, you can help minimize its impact on your business by being prepared if disaster strikes. In order to be prepared, you need to develop a contingency plan in case of an emergency, as well as emergency procedures.
Taking Action Before Disaster Strikes
Think you don’t need to worry? Ask yourself — can all or part of your work site cease to exist for one day or permanently? Would you survive the financial disaster? If the answer is probably not, it underscores how important fire, disaster recovery, and contingency planning are. The following sample plans assume that all or a part of your business has ceased to exist in the location it is in for a period of time. How you continue and recreate your business are the goals of these plans.
If you have trouble getting motivated to do it, think of how much better shape your business will be in if you do. After a disaster occurs, you may be the only business of your kind standing and ready to go. Think of how much business you could do!
Each business’s plan is unique, yet the process of developing the plan has many similarities. To help prepare for a disaster you should develop a contingency plan and emergency procedures.
Developing a Contingency Plan for Emergencies
Think of your contingency plan as a fire drill. While you may never have a fire, it’s good to know what to do if there is one. Approach general contingency planning the same way. Use these steps to get started:
- Get organized.Establish a task force composed of a few employees, if you have them. If you choose not to lead the charge, name a key person with authority to get the plan done. Support that plan.
- Assume the worst.Assume that the physical facility that houses the business and all of its contents has been permanently destroyed. From that scenario, list each item that would be important to the business if salvaged and what must be recreated from scratch in order to continue. Typically, the most critical items are business records. Furniture, materials, and manuals usually can be replaced and are insured for their value.
- Try to prevent the loss.Of those items on the list that should be salvaged, or must be recreated, determine if there are any alternatives that could have been pursued before the disaster to avoid a total loss. Alternatives may include:
- keeping duplicate records at a different site
- keeping backup equipment necessary to continue basic operations at a location other than the work site (perhaps a storage facility or, if possible, in your home)
- storing critical information such as accounts receivable, client information, or outstanding billings in a safe and secure place such as a bank vault
- Sweat the small stuff.In addition to planning alternatives, you should include the following in your plans:
- Determine the adequacy of fire and disaster insurance.
- Complete emergency evacuation planning, including periodic drills, emergency plans, special considerations for any employees with disabilities, and coordination with local emergency and fire authorities.
- Establish a plan for an alternate work site during the emergency, including records, staff, and support such as telephone, equipment, and related support.
- Specify under what circumstances a facility will be closed (such as bad weather), who makes the decision, how the decision is communicated, and whether the employees are compensated.
- If your company operates 24 hours a day or provides a critical service, determine the plan for alternative electricity, water storage, and other routine public services.
- Plan a public relations spokesperson’s responsibilities carefully and thoroughly (usually, that means you).
- Have individuals with key responsibilities keep copies of the emergency plan at their homes in the event of an emergency.
- Update the plan at least annually.
- Determine if there are any local (usually industry-specific) groups that offer consulting, training, and reciprocal support in the area of disaster planning.
- Train any employees periodically on fire prevention. There should be a minimum of two fire drills a year and frequent on-site self-inspection and review.
- Train at least one employee in emergency medical steps (such as CPR).
Developing Emergency Procedures
If you have any employees, post instructions in the work areas concerning what to do in case of a fire, earthquake, or other disaster and make sure that your employees are familiar with those instructions. You may want to conduct drills to reinforce the instructions.
Picking Up the Pieces
Even the best laid plans should have provisions for when all else fails. The most important thing to remember is that you don’t have to go through the recovery process alone (even though it may feel like that to you at the time).
In addition to various state and local economic development programs, the federal government offers relief to disaster victims, including small business owners, through various sources. Be sure to consult the InfoSec department for any questions related to security, policies and how to prevent the bad things which are being discovered by any employee, which has the mandatory duty to report this asap to InfoSec.