This blog post is part of a series on Security for Startups. The full list of posts is shown below:
- Securing your Applications
- Securing your Cloud Infrastructure
- Securing your Employees
- Securing your Endpoints
- Securing your Office
Security is not necessarily the first priority in an up-and-coming startup.
New organizations are so busy creating their product, trying to raise money, or delivering for customers, it can be difficult to find the time and personnel to secure their systems. Additionally, it is typically not yet a specific employee’s responsibility until an IT admin is hired and often that does not happen until much later. But that’s really not ideal because there are multiple levels of security that a startup needs to pay attention to from the beginning.
Unfortunately many of these security measures are often overlooked. In this installment, we’ll discuss how to protect your physical office and what safeguards you can take.
Even Cloud-Forward Startups Need Office Safeguards
Even though many startups are shifting a great deal of their IT infrastructure to the cloud, that doesn’t mean that security in the office isn’t integral to the growth and well-being of the business.
Most startups today are in either shared office spaces or have open floor plans. This makes it easier to have things stolen or to have access to the system compromised.
There are a few simple steps that one can take in order to protect the organization’s sensitive material that will ensure the company’s data isn’t an easy target for anyone interested in infiltrating the system.
Below are some suggestions to increase the security of your office.
Five Steps to Better Security at Your Startup
Control Physical Access and Monitor
Most offices are likely have some sort of physical access control either through a key, a fob, or card access system. But after the staff goes home for the night, there are a number of other people that may have access to the facility. The landlord, their workers, the cleaning crew, and countless others could access your office.
Having a digital solution in place with regular logging of who enters and exits is a great first step in controlling access. It is also wise to have a few video cameras in your facility. Having cameras in place can be a simple way to ensure that your equipment and materials are safe. There are a number of cloud services that can assist in monitoring the office.
Internet Connection Security
The internet connection coming into your office needs to be secured as well. There should be, at a minimum, a next generation firewall at the connection that is ensuring that malicious traffic cannot get through. Investing in more security such as content filtering or intrusion detection technology is a great improvement, but having a strong firewall is required.
Generally the Internet connection is hooked up to the organization’s WiFi network. WiFi security should not just be an SSID and passphrase. That level of security is simply too easy to compromise.
Users should have unique access to the WiFi network which means that the WiFi infrastructure will need to be connected to the user directory. Since it is likely cloud based, take a look at our Directory-as-a-Service® platform to help your organization with WiFi authentication. Another critical step in securing the WiFi is to separate the guest network from the production network. Ensure that any visitors using WiFi are not using the internal network.
Locked Server Closet
Most offices have a small server closet or telecom closet that may house the router, the firewall, and perhaps even a server or two. The best practice is to ensure that it is in a locked area and that access to the systems is limited to only a few members of the staff. While it isn’t always possible to remove every piece of equipment from the premises, control over who has physical (and logical) access to that infrastructure is paramount.
Finally, spend time adequately training your staff. In order to have a secure facility, ensure that the staff knows that anybody who looks unfamiliar should be asked if they can be helped or who they are there to see. Being direct and upfront with guests will make them more comfortable and also could make someone with bad intentions uncomfortable. It may not seem like it, but asking polite questions can help thwart a security breach.
Ideally, your staff will be tight knit and know each other quite well, so somebody that looks out of place will be recognized immediately as someone who should be contacted.
Better Office Security is Critical for Startups
The office is an important part of any startup’s overall infrastructure. Even though your company may leverage the cloud extensively, it’s no excuse to have weak security on-premises. Take a little time and effort to put a smart plan in place and hopefully you’ll never need to experience a security issue.
Drop us a note if we can be helpful as you start to think about securing your startup. As a company focused on controlling access to digital assets, we know how important it is to keep organizations secure. Learn more about JumpCloud’s cloud-based directory here.
You can find more information on Security for Startups in the below video, where we discuss the topic in the DevOps world. Additionally, check out our ebook that gives expert recommendations and best practices in DevSecOps.