What your business can learn from airlines' precautions
Nobody likes standing in line at the airport waiting to go through the security screening, but look behind the scenes at airports and there is a lot to be learned about security.
Airports are the focus of some of the most extreme security pressures faced by any business. They are high profile targets. People's lives are at stake. They have to keep the airlines and the passengers happy. I fly light aircraft in my spare time so I've seen behind the scenes at many airports: from international hubs like Amsterdam Schiphol to small grass strips in the middle of nowhere.
Having just researched an article for a security magazine about aviation security I have even more respect for airport IT and security managers. It occurred to me that they might have some lessons for small businesses.
Last year I got a chance to see how a major airline gets its planes ready for a transatlantic trip. Their PR manager took me through the employees' security check at Heathrow. Everyone, from cleaners to senior managers, has to go through the same checks that face the travelling public. At the departure gate, she needed a swipe card to open the door to the jetway and before we could go on board the aircraft there was someone there to check our documents again. It's good to know that they take so much care.
I'm not proposing that you frisk your staff every day, but reviewing physical access to your building makes sense. Can visitors get in without identifying themselves? Do you need extra access control for your server room or the finance department? Is there a back door that's kept open in the summer for ventilation? Would a stranger be challenged by staff? Do visitors need escorts inside your building? Do you check workmen's identification before allowing them in? Do you vet your cleaners?
Keep your eyes open
I talked to the managing director of a CCTV company. They sell digital cameras to airports. They can plug into a regular computer network and store images on a central server. Security staff can monitor the images anywhere in the building using a wireless network and the images are stored digitally so they can be reviewed any time.
Again, I'm not suggesting 24/7 video surveillance of your staff (which in any case is subject to legal restrictions) but you could use a network-connected webcam to monitor your reception area or server room. At Microsoft's head office, there are webcams at reception so employees can see when their visitors have arrived and what they look like.
At one regional airport I visited, the IT manager explained to me that they had laid multiple fibre-optic links between the server room and the control tower so that the controllers would stay connected even if one line was cut.
Are there ways you can provide greater redundancy for your IT? For example, having duplicate servers or contracts with IT equipment hire companies to replace stolen PCs within 24 hours? If your broadband internet connection stops working, can you still connect to the internet using a phone line? Will you still get email? Are there any bottlenecks in your network where a single failure could bring down the whole network?
In the control tower at my home airfield, they still use a telex machine to receive incoming flight plan confirmations. Why? Because it works, it's secure and it does the job. At the regional airport, they have a more sophisticated computer system that is linked to the NATS air traffic control network. However, it is subject to similar regulations and change control as aircraft engines and other critical aviation systems. Upgrades are tested carefully before being installed. Checks and routine maintenance are carried on a strict schedule - they don't just wait for it to break.
Are there critical systems in your office that should have a regular maintenance routine? Do you ever yearn to 'upgrade' something that is actually working fine? Do you need to institute a change control procedure on, say, your server?