For tips, tools and guidance on all things risk management, just search for a topic you’re interested in or use the below pods.
These days there are few commercial premises that do not have at least one computer present, and in most large organisations computers, and their related communications networks, are now commonplace.
In the early days of widespread computer ownership/use, theft of computers and their memory chips was a major problem. Nowadays this seems to have died down, but other malicious/criminal activity relating to computers has seemingly increased over time, e.g. hacking and data theft, etc.
When it comes to hardware, thieves can be attracted by the portability, value and general anonymity of many items of equipment, e.g. laptops and tablets are still ‘popular' items; and high specification network/web servers also remain attractive to professional gangs of thieves, who on occasion seem prepared to use extreme force to obtain them.
On the software front hackers or disgruntled staff may see malicious interference with systems as a challenge or be attracted to the (criminal resale) value of personal information contained within them.
Note. Whilst this "hardfacts" outlines some basic computer security measures, protection against data theft/interference is a complex topic beyond it's scope. Readers should therefore take specialist advice on this matter, but those wishing to obtain a greater insight/overview of the topic are recommended to download an insurance industry (RISCAuthority) publication on "Cyber Crime" - see Sources of Further Information for details.
The necessity for computer security measures should always be determined after considering the impact on your organisation of possible computer crime, for example:
Computer security measures can be considered under several broad headings, e.g. procedural, physical, electronic or item specific, all possibly supplemented by manned guarding; but when doing so bear in mind that the best security is usually achieved by adopting a range of complementary measures.
When reviewing your computer related security measures, don't forget to check whether any interested party, e.g. your insurer or a leasing company, has any specific requirements.
Procedural Security Measures
Options to consider include:
Physical Security Measures - Premises
A well secured perimeter, either to the building or an area within, but ideally both, will provide major benefits. The perimeter protection should take account of the nature of the buildings and their location, ease of access, hours of occupancy and the type (theft attraction) of the computer equipment present within.
IT/Server rooms in particular often contain concentrations of expensive or critical equipment. Ensure these are robustly built, sited away from outside walls (ideally on upper floors) and good quality doors and locks are fitted.
Space precludes the provision of information here; but ‘Hardfacts' information sheets on Perimeter Security, Door and Window Security and Locks & Lock Standards are available in the ‘Knowledge Store'.
Electronic Security Measures - Premises
Given sufficient attraction, thieves will often go to the trouble of overcoming physical security measures. In such circumstances electronic security devices can usefully supplement physical and procedural measures, with options including the installation of:
Security Measures - Equipment
Good procedural, physical and electronic security measures at premises can provide a robust line of defence, but security measures applied to particular pieces of equipment can provide very effective additional security.
Security Measures - Manned Guarding
At some premises the values at risk, or the effect of a loss, may suggest that in addition to some or all of the foregoing, a manned guarding presence is appropriate, either during or outside business hours, or both.
When choosing a guarding company, National Security Inspectorate (NSI) listing is one of the best indicators of full compliance (supported by external auditing) with UK manned guard licensing rules and good security practice, e.g. adherence to recognised British Standards; but membership of the Security Industry Authority (SIA) Approved Contractor Scheme (ACS) is also indicative of good standards.
Although it may conflict with operational convenience, at high risk sites care should be taken to ensure that guards are suitably protected against duress, i.e. they cannot be forced to unset alarms/unlock doors, etc. This is best done by stationing guards outside of any building they are guarding, and not permitting them to hold keys &/or codes/unsetting devices for electronic security systems, etc.
Key Action Steps
Effective security is usually achieved only after considering the various risks faced and then implementing an appropriate set of complementary security measures, so:
Sources of further information
For computer entrapment manufacturers/suppliers:
For access control, CCTV, intruder alarms and manned guarding:
For forensic and other marking systems:
British Security Industry Association (BSIA). Tel 0845 389 3889 or see www.bsia.co.uk
MLA (Master Locksmiths Association). Tel 01327 262255 or see www.locksmiths.co.uk
This document contains general information and guidance and is not and should not be relied on as specific advice. The document may not cover every risk, exposure or hazard that may arise and Aviva recommend that you obtain specific advice relevant to the circumstances. AVIVA accepts no responsibility or liability towards any person who may rely upon this document.
Was this helpful to you?
Call 0345 366 6666 to speak to our qualified advisers for help and advice.