Office security


Keeping safe on your premises


Even without direct contact, the determined fraudster can find ways to obtain a significant volume of information about your company and its activities.

The fraudster’s approach is to gather a range of seemingly innocuous pieces of information from a wide range of sources, building up an accurate picture of your business.

Once they’ve done this, they can target your company. To counteract this threat, it’s necessary to start at the front line in every organisation’s defences – the office.


At any given time, there could be a number of non-employees, such as visitors, contractors or cleaners, with access to your premises.

It’s important to review what controls are in place to manage this access. For example, are all visitors escorted while they are on the premises? Are more stringent controls in place to manage public access to sensitive areas, such as warehouses or your accounts department?

The key question to keep in mind therefore is: With all these people moving around, could they have undesirable access to confidential or valuable information?

Control sensitive documents and data

  • If not already in place, consider introducing security passes to control access to sensitive areas or high risk buildings.
  • Follow a clearly articulated and strictly enforced clear desk policy. At night, ensure that desks are cleared and that all desks and cabinets are locked. Shred or destroy all confidential waste.
  • Keep cheques in a secure place at all times – separate from the bank mandate – and consider keeping them under dual control.
  • Never leave cheques lying around unattended in public areas during the day. Always account for spoiled cheques and destroy them.
  • Consider what procedures should be in place for staff taking sensitive material out of the office.
  • If you regularly back up computer information to be held elsewhere, ensure that this data is subject to appropriate security controls.

Shield customer information

  • While it's important to keep your own information secure, it's even more vital to guard the confidentiality of your customer's information. Failure to do so is likely to lead to both reputational damage and potential loss of business.
  • When dealing with customer information, remember you also have legal obligations under the Data Protection Act.

You'll find full details of your data protection responsibilities at the Businesslink website.

Password best practice

Ensure that all staff adopt the following sensible working practices:

  • Keep your account and password details private – never share these details with anyone or allow them to use your account.
  • Only use your own logon ID and password – never use another person's account.
  • Choose a password that is easy to remember but impossible for anyone else to guess – combining random numbers, letters and other characters.
  • Lock your computer screen whenever you leave your desk – or logoff completely.
  • Don't use the same password for more than one application.
  • Change passwords regularly.

Continue checking for lapses

  • Constantly re-emphasise to staff that no one should expect them to disclose their password. If anyone asks them to reveal it – whether colleagues, managers or IT helpdesk staff – they should simply refuse and report it.
  • To ensure good practice is embedded in your business, you should carry out ad hoc checks and regular reviews of systems and processes.

More information

back to top

Get in touch


New customers
Existing customers