The complete workplace security playbook: preparing for 2023 and beyond

Workplace security has always been an important issue for businesses. It’s the defensive shield that every organization needs to scale and survive. Without protection, you risk everything–from sensitive data leaks, to fire hazards, to the very safety of your physical workforce.

In today’s world, the state of security is no longer a predictable set of tactics and plays. Threats have evolved and attacks have become smarter. Organizations and their security leaders must be proactive with the measures they put in place. Adaptability is key. Best practices can change quickly, and what was required yesterday might not be the case today.

Workplace security isn’t a single state or final destination. Instead, workplace security needs continual attention and regular improvement. It can feel hard to know where to start, but don’t worry! We have your back. Enter: your 2023 workplace security playbook.

This playbook explores 3 crucial pillars of security: physical security, digital security, and people security. Physical security relates to how you can secure your offices and keep your employees, visitors, and equipment safe. Digital speaks to everything data and infrastructure, like cybersecurity, firewalls, access control, and VPNs. And people security explores how you can implement regular training to help avoid breaches and keep people working together in a compliant manner.

Keeping your business safe and secure doesn’t have to be difficult and complicated, but it is an ongoing process. One that needs your attention, focus, and the right playbook to stay on track.

Keep on reading to learn:

How to protect your physical workplace (and everyone inside)
How to secure your business with powerful digital security
5 ways to empower your people to protect your organization

How to protect your physical workplace (and everyone inside)

Physical security doesn’t just mean surveillance and alarms. Physical security encompasses everything that keeps your people, buildings, and assets safe. Without a physical workplace security system, you open your business to new threats and can jeopardize the future of your organization. In this chapter, we’ll explore physical security in detail, including what it entails and how to improve it for next year and beyond.

What is physical workplace security?

Physical workplace security relates to the security of your people, buildings, and assets. It’s often the first line of defense for employee safety. It keeps your people safe through measures like fire prevention and visitor and employee tracking systems. Physical security also keeps your workplaces secure through technology like access control, ID verification, and alarms and surveillance. Finally, physical workplace security protects your physical assets in the office, including laptops, monitors, desks, and more.

A step-by-step guide to assessing your current physical security

No matter the type of organization you are, looking at what you have with an eye for improvement is always necessary. When it comes to physical security, you need to know where your security standards need improvement. That’s where a physical security assessment can help. It will paint a picture of your current state of security and reveal gaps and vulnerabilities that you might otherwise have missed. You can conduct a physical security assessment in 5 straightforward steps.



  1. Choose your assessment team. Firstly, choose the right team for the job. Most organizations will have an external security team conduct their physical security assessment. Some of this assessment may fall into compliance, while other parts may cover the safety of your offices and processes. When you choose your team, think about who the right people would be for each section of your assessment. For example, if you want to assess your building security first, ensure you have people who specialize in property and building management ready.
  2. Identify stakeholders. Once you have your team in place, it’s time to identify your stakeholders. This includes any cross-functional partners who can help provide important data points before, during, and after your physical security assessment. They will work with your assessment team, and could include anyone in your organization–although common folks include HR, IT, and executive leadership.
  3. Follow a scoring system. With the right people in place, it’s time to begin your assessment. Follow a scoring system to evaluate your security across all of your pillars (physical, digital, and people). If you don’t have a system of your own, you can use this assessment template to help you. This matrix categorizes different security threats and helps you assess the risk across each location. Follow the instructions and give yourself a grade on where you see the strongest and weakest levels of security.
  4. Address vulnerabilities and plan to optimize.  Once you’ve completed the assessment, your scoring system will help you spot any vulnerabilities in your physical security. With this insight, you can then jump into action mode. Improving your physical workplace security might involve different approaches depending on the severity of the threat. For example, you might want to simply hold a training session for certain teams in your office. Or you might want to invest in smarter technology to improve areas of physical security where manpower won’t help.
  5. Conduct regular security assessments. A final step is to always conduct security assessments on a regular basis to mitigate risk of workplace threats. You may choose to assess your physical workplace security bi-annually. Or before launching new programs or processes. Whatever you decide, regularly assessing your security ensures business continuity and prepares you to withstand threats in the future.

What organizations must focus on to improve physical security in 2023

Keeping one eye on the security today will help keep your business safe. However, it’s crucial to also keep one eye closely on the future if you want to be prepared as an organization. Here are a few security aspects to focus on in 2023 and beyond.

Scalability

A natural part of growth is more. More employees. More customers. More workplaces. So it makes sense that the same goes for your physical workplace security. The more you scale, the more your physical security must be able to keep up with the pace.

Aligning your physical security to scale alongside your business takes work. You must set up systems and processes that can grow with you and your workforce. This might be onboarding and training programs for security teams across different office locations. It could also be security playbooks like this one that you roll out at new facilities when you open them.

Technology also plays a crucial role in enabling scalability. The days of installing one physical security solution in individual workplaces are long gone. Nowadays, a workplace platform can help you monitor security in every location, all the time. That means that when you open new offices, change, or downsize, you’ll still have everything secured in one, centralized system.

The right technology

There are hundreds of technologies out there to ensure the physical security of your business. And while it’s impossible to implement every piece of security tech out there, it is important to choose the right tech for your organization. Here are three important tools to secure your organization and provide you with the safety measures you need to keep your employees, offices, and assets secure.

  1. Access control
    Access control is a security feature that keeps your workplaces and employees safe. You’ve likely interacted with access control before. It can come in different forms, such as badges, QR codes, facial recognition, or touch ID.
  2. Access control is, in essence, permission of entry. Whether that’s a device, restaurant, or workplace. For workplaces, access control is an important feature of building security. You can control who enters your workplace and with what level of permission. For example, if you have a contractor coming onsite to fix some office doors, you can permit entry and provide “guest” access throughout the building. Access control provides you with peace of mind that the right people are in your workplace at all times, and your employees and property are always protected.
  3. Visitor management
    Employees are back at work, and visitor traffic is up by 84% in the last year alone. With such a spike in people coming in and out of your workplace again, it’s important to keep track of who enters and leaves your building.
  4. Track, screen, and report who comes into your workplace with a visitor registration solution. This allows you to get visibility on who’s onsite and when. To avoid security breaches, you can use your visitor registration solution to screen people before they get to your office. Features like blocklists and ID verification help notify teams if an uninvited guest tries to sign-in. Utilize your visitor registration solution to keep everyone onsite safe and create a great visitor experience for folks who visit your workplace. An ultimate security win.
  5. Surveillance and alarms
    In a digital age, surveillance and alarms are critical to your overall security system. Surveillance can be used to detect intruders and deter them. Alarms are critical for alerting you and authorities in case of an emergency.
  6. Make sure you consistently update your security cameras with the latest software and hardware upgrades. This will capture clear images of your office at all times of the day and during all weather conditions. If you want to go one step further, you can upgrade your security cameras to have facial recognition, allowing you to rely on technology to identify anyone that could be a threat.

Automation

Automation offers a host of benefits to organizations–particularly through a workplace security lens. It keeps organizations safe and competitive. It allows businesses to streamline processes and improve the efficiency of their security programs at scale. Automation also saves businesses money. In fact, security automation can save organizations more than 80% of the cost they would normally spend on manual security!

Automation also generates alerts during events or incidents, in real time. For example, if a visitor supplies the wrong documents, your visitor registration system will automatically flag this and alert your workplace manager. If someone opens a door without the right authorization, you can automatically trigger an alarm to alert security personnel. Automation saves you time and is a key component in how technology can uplevel your physical workplace security.

"Across our industry, we have known bad actors or people who could pose a threat. Now that security is tied to their sign-in, we can automatically detect that person and stop them from entering. I’ve had security incidents abated because I had an unwelcome person attempting to sign-in that Envoy helps surface."

JULIA GOLDBERG
SVP of Global Real Estate, Office Services and Security, Buzzfeed

Read the case study

Key takeaways

  1. Physical security refers to the security of your physical office locations and assets. It is often the first line of defense for employee safety.
  2. Security automation can save organizations more than 80% of the cost they would normally spend on manual security.
  3. Conducting regular security assessments will help you spot vulnerabilities and prepare you to withstand threats in the future.
  4. Improving your physical security requires the right technology and the ability to automate and scale.

Building your own playbook to ensure the physical security of your workplace is a significant endeavor. But it’s not one you have to undergo alone. Start by working with your security assessment team. Evaluate your strengths and vulnerabilities. Map out how you’ll improve in the future. Then focus on those areas as you head into 2023.

Remember, it’s not only about having the right technology to protect your property, people, and assets. It’s also about having tools and processes that will scale and save you time. Getting this right is key before we move on to the next pillar of workplace security: digital security.

How to secure your business with powerful digital security

While physical security protects your property, people, and assets, it isn’t the only type of security you need to keep your business safe. Digital security is a key pillar in your workplace security playbook. It protects your data, information, and revenue from more hidden threats. Both are integral parts of your workplace security.

In this chapter, we’ll dive into the world of digital security and how you can improve it for the years to come. First though, let’s cover what digital security actually means.

What is digital security?

Digital security can be broken down into two parts: cybersecurity and infrastructure security. Cybersecurity protects you against any breach of your organization’s company data, including hackers, phishing, insider attacks, and more. Infrastructure security safeguards your business from service disruptions and external threats. It should cover security measures like virtual private networks (VPN), firewalls, and WiFi.

Painting a picture of the digital security landscape today

Cracks in your digital security are costly. In 2022 so far, the average cost of a data breach has risen to an all-time high of $4.35 million, an increase of 2.6% from 2021. For SMBs, parting with this amount of cash can be devastating. In fact, the average cost of a data breach sits at around $108,000 for small businesses today. Let’s take a deeper look at why that is and explore the digital security landscape now.

Threats and attacks are on the rise

Cyber crime today is increasing and becoming more sophisticated than ever. The more advanced technology becomes, the more attackers can use it at their disposal. Here are a few statistics that show how digital threats and attacks are on the rise, for all organizations and industries.

  • Cyber attacks have affected more than 89% of US organizations over a 1-year period, while ransomware attacks have impacted 78% of US organizations.
  • Organizations adopting remote work have had to pay an average of $1 million more in data breaches than organizations with hybrid or 100% in-office requirements.
  • Phishing is the most common cyber attack for organizations today, affecting 83% of UK businesses and 75% of US businesses last year alone.
  • Half of cyber attacks target small businesses due to the sufficient lack of data protection. Again, phishing is the most common and impacts 38% of small businesses.

Different industries are more vulnerable than others

It’s clear to see the severe impact cybersecurity can have on all organizations. Cyber attacks are often targeted at smaller businesses due to a lack of sturdier protection. But it isn’t just size–attackers often target certain industries more so than others.

According to Upguard in 2022, healthcare is the most targeted industry for data breaches. While this has been the ongoing trend for the last 12 years, the cost of a data breach has been steadily increasing. For healthcare now, the cost of a data breach sits at a whopping $10.10 million. The next two industries behind healthcare are the finance sector, followed by technology, including start-ups and bigger technology organizations.

Regulation and compliance laws are changing

As cyber attacks continue to rise, the regulations and laws that protect organizations must also adapt and change. One of the most well-known, recent changes has been in compliance laws, where big updates in legislation now protect people’s privacy and company data. And it doesn’t stop there. Gartner reports that this type of regulation is only going to increase, especially as the amount of data and personal information also rises.

By the end of 2023, modern data privacy laws will cover 75% of the world’s personal information. For small to medium-sized businesses, that means big process changes and stricter audits to abide by these tighter regulations in the future.


How to improve your digital security for 2023 and beyond

Improving your digital security is necessary for the future of your business. Technology continues to shape the world and the way we do things. Being proactive and prepared will help your business reduce costs caused by cyber attacks. Here are 4 ways to improve your digital security for 2023 and beyond.

1. Conduct regular audits and risk assessments

Just like the physical security of your organization, it’s important to conduct regular assessments of your digital security too. That means internal audits and cybersecurity risk assessments. But how do you do it, and how often? Assessing your vulnerability can take time and practice. Use this calculation by Upguard to help you: cyber risk = threat x vulnerability x information value.

2. Dedicate a budget to your IT security

According to Gartner, organizations that adopt a cybersecurity network architecture by 2024 can reduce the cost of security incidents by 90%.

Saving cost means investment in cost-saving tools. Businesses today must increase their IT security budgets to address digital threats. But it can be tricky to spread a limited money pot across all areas, especially for SMBs. Security and IT teams often find themselves losing a budget battle to other departments for investment.

In 2023, it’s even more crucial to dedicate an IT security budget to build a stronger cyber defense strategy. You should consider keeping this budget separate. This allows you to spot areas where you’re more vulnerable to attacks, as well as track where you spend to ensure all elements of security have investment.

3. Document your IT security policy and procedure

Your IT security policy should protect your organization against any breach of your critical company data. It is designed for everyone to follow, and includes important processes to protect data stored across devices, networks, and the cloud. This includes safety measures like two-factor authentication, encryption, and backups.

It’s important that your IT security policy doesn’t just cover cybersecurity. It must also include infrastructure policies to safeguard your business against service disruptions and external threats. That includes areas like web application firewalls (WAF), virtual private networks (VPNs), application programming interface security (API), intrusion prevention systems (IPS), and wireless security.

When done right, your IT policy and procedures will arm your employees with the know-how and help them deal with security situations accordingly, without putting your organization or others at risk. Ensure your policy is regularly updated and shared with the organization.

4. Utilize technology for ultimate digital security

What’s the right policy, budget, or audits without the right tools to help combat any cyber threats? To improve your digital security in 2023, it’s important to invest and utilize the right technology.

Over 60% of all corporate data around the world is now stored in the cloud. So it makes sense to keep your cloud security tight. This might be through security apps like Okta or Authenticator, which helps keep your accounts secure. It might also be a unique WiFi password provider like Aruba Central or Cisco ISE–something that’s important if you’re operating a hybrid work model.

A workplace platform also keeps your digital security sound across all locations. It records the names and information of everyone who enters your spaces, and stores their data securely. It also integrates well with other security features you might have, like access control.


Key takeaways

  1. Digital security is a key pillar that protects your data, information, and revenue from more hidden threats like cyber attackers.
  2. Organizations adopting remote work have had to pay an average of $1 million more in data breaches than organizations with hybrid or 100% in-office requirements.
  3. Every organization and industry needs digital security. However, some industries are targeted more than others, with healthcare taking the top spot, followed by the financial and technology sectors.
  4. Phishing is the most common cyber attack on organizations today, affecting 83% of UK businesses and 75% of US businesses last year alone.

Protecting your organization against digital threats can be challenging. This chapter outlines how the current digital security landscape has seen attacks become more common and sophisticated. For SMBs in particular, attacks happen more often because smaller businesses tend to have lower levels of digital security.

But it’s not all doom and gloom! Building your own playbook to ensure your organization’s digital security is possible–and not that hard! Awareness is the first, crucial step in your digital security journey. Next, auditing your current digital defense is important to understand where your gaps and vulnerabilities lie.

Remember technology is your secret superpower when it comes to digital security. Invest in what your business needs and ensure you have the right tools and processes that can adapt. With physical and digital security now complete, it’s time to move onto the final pillar of workplace security: people security.


5 ways to empower your people to protect your organization

Your employees know your business better than anyone. They also often have a personal stake in its success. Yet, while your people are your greatest source of strength, they are often the victims that can put your organization in harm’s way. According to a Verizon report, 82% of data breaches involved a human element in 2021, while 14% of those were mistakes made by human error.

It’s no use having the best IT and security team in the world when your people aren’t trained on how to keep general security threats at bay. It can be challenging though. It’s easy to get complacent about security until something bad happens.

It’s important to think about security as an on-going process rather than a one-time event. There are a number of ways your people can keep your business safe. Here are just a few things you can do to help.

1. Create effective onboarding programs

25% of new employees lost their jobs due to cyber security mistakes according to Forbes. What’s more, over one-third (36%) of employees admit to compromising security, with fewer reporting their mistakes to IT out of fear.

This causes a huge problem for businesses, specifically IT and security teams. It can be difficult to track where issues first came from. One effective way of combating this problem is to ensure new employees learn security processes and procedures when they first start during onboarding. This will help them avoid creating bad habits and keep your business safe.

2. Provide security awareness training

Consider this: phishing is the most common form of cyber attacks for all organizations, but only 52% of people know what phishing is.

Teaching your employees how to keep your business safe and secure is the best preventative measure you can take. Teach your team about the dangers of weak passwords, phishing scams, and letting an unregistered visitor onto the premises. When your employees have a better understanding of the types of attacks and why they happen, they can put their learnings into practice to avoid them.

3. Ensure leadership set good examples

According to a 2022 report, nearly half (49%) of C-suite executives report that they have requested to bypass one or more security measures in the last year. Pressure from the top can have detrimental ripple effects throughout your organization. Your employees and wider teams may view security as less important, and may start to cut corners themselves where digital security is concerned. It’s impossible for IT and security teams to monitor everyone. Ensure your leadership set a good example of security measures for their employees to follow.

4. Consider merging IT and security teams

Your physical and digital security work in equal measure to keep your company, people, and data safe. Without one, the other is compromised. For some organizations, particularly smaller businesses, it might make sense to merge your IT and security functions. This will not only give you a more consolidated view of your security, but it’ll also help both parties communicate more effectively together.

5. Invest in technology that your people can use easily

According to a 2021 report from NordPass, over 100 million people around the world use the password “123456”. It is the most popular choice of password, and it takes one second for hackers to crack.

Use technology to good use when it comes to digital security. Passwords account for 80% of all hacking-related attacks. With a simple password protection tool, your people can rely on technology to generate safe passwords for them.  

Of course, passwords are only a small snippet of security tools that people can use to protect their information and your organization. Look out for technology tools that your employees can understand and use easily and without fuss.

Key takeaways

  1. Your people can be your greatest defense when it comes to workplace security if they are aware, trained, and able to communicate with others.
  2. 82% of data breaches involved a human element in 2021, while 14% of those were mistakes made by human error.
  3. Creating effective onboarding programs will help avoid human-related errors, as 25% of new employees lost their jobs due to cyber security mistakes.
  4. 36% of employees admit to compromising security, with fewer reporting their mistakes to IT out of fear.

The world of security is changing fast, and it’s easy to sometimes let it slip down the priority list-especially when so many other things need attention. But being proactive and preventative is a million times better than being too late.

Your employees have the ability to be your best line of defense, as long as they are properly trained and aware of security threats. Follow the 5 ways above and consider adding or changing some to suit the needs of your business.