Offices around the UK need to step up their security game, according to the most recent statistics. There has been a 145% rise in incidents of malware and DDoS attacks to commercial servers across all sectors, and the London Chamber of Commerce and Industry noted that 47% of London businesses have been victim of some form of crime in the past year.
Yet when it comes to both cybersecurity and physical security for offices, many employees don’t actually know what their rights are. Despite workplace monitoring of internet use being perfectly legal, a recent Broadband Genie survey showed that only 21% of workers were aware of this fact. Likewise, the presence of CCTV cameras in workplaces can lead to a Big Brother mentality amongst staff. This is especially fostered with the increasingly common use of bullet cameras which, as Bridger Security notes “discouraged vandalism and criminality simply by the[ir] presence”—useful in open spaces, but hardly conducive to a work environment where employees feel trusted.
So where is the line when it comes to office security? How can employers ensure their staff are safe, and what rights do staff have to their office privacy?
What are the most common office security measures?
Office security can be split into two categories: physical security and cyber security. The former concerns the safety of members of staff themselves, while cyber security relates to the information on computers, and data transmitted across an office’s internet network.
When it comes to physical security, features such as an audio or video access control system for the main door are essential, particularly for staff working in tall office blocks, while key fobs or swipe cards are extremely common when it comes to security at internal doors. Yet CCTV seems to be the most frequently employed security measure for offices, with a ratio of seven privately-owned cameras for every publicly-owned one.
Cyber security is a less cut-and-dry issue; when it comes to data privacy, both internal and external data protection often leaves a lot to be desired, as the recent Dixons Carphone and NHS software hacks have demonstrated. Yet internally, as mentioned above, bosses are legally entitled to monitor all activity on staff computers, including reading emails, viewing staff browser histories and even recording phonecalls using automated software.
What rights do workers have when it comes to office privacy?
Whilst these are all perfectly legal methods of surveilling staff, this is only the case if staff are informed that it is taking place—a measure very few offices actually do. The Broadband Genie survey also noted that only 29% of respondents responded positively about this level of intrusion. One solicitor told IT Portal that “it’s up to [staff] to show caution in their profession” when it comes to engaging in non-work related activity on office computers. However, on an ethical level, there is a level of trust between employer and employee which can be easily lost when these measures are taken.
Of the common physical office security measures, CCTV is the main source of anxiety when it comes to potentially invading staff privacy; however, there are far more stringent laws around video surveillance of staff than online surveillance. The most recent workplace CCTV practices, published in 2015, state that “staff must be informed that they may be recorded and where cameras are located”, with signs placed around the office. Staff also have the right to review any footage taken within 40 days.
With this in mind, it is ultimately only in matters of cybersecurity where privacy lines could be crossed. Companies should make absolutely sure they have virus and firewall protection in place to protect from outside threats. When it comes to monitoring staff computer use, a company social media and internet policy should be created and shared with staff in order to ensure full transparency and engender trust between employer and employees.