In the late 1980s my father bought his first office computer. It was a huge grey monolith, resplendent with glowing brown screen and amber lettering.
This testament to early adoption and high-technology sat pride of place in an open-plan architectural office in inner-suburban Melbourne. It was a warehouse conversion with impossibly high ceilings and tonnes of natural light flooding in from massive glass panels in the roof.

One Friday night, a team of three burglars donned balaclavas and dark clothing and carefully scaled the fire escape of the building next door. They shuffled across onto the architectural office ceiling, smashed a skylight panel and absailed down. What they didn’t realise at the time was the business owners had installed reinforced steel doorplates only a few weeks earlier. When the ratty team of would-be thieves were discovered on Monday morning and the police were called to attend they had spent two days trapped and seemed almost relieved to be led away in handcuffs.
When you’re running a business, you’re probably focused on bills, inventory, staffing, and, more often than not, protecting against online threats.

But what many people forget is that even in today’s world of cyber-criminality, the old fashioned kind is still your biggest menace. Burglary was the most common crime reported by small business owners in 2010, according to a study by electronic security firm ADT. Over 62% of the burglary victims surveyed had suffered more than one breach.

“Specific risks vary between businesses,” says Daniel Lewkovitz, chief security consultant at Calamity. “However, it is common for most modern companies to have a large amount of transportable valuables, such as laptops, mobile phones, employee wallets and keys, all of which represent an attractive target to thieves.”

Bryan de Caires, chief executive for the Australian Security Industry Association (ASIAL), explains that a lot of small businesses neglect their physical security needs because they think it won’t happen to them.

“The fact of the matter is small businesses are often the target of criminals and losses can run into the thousands of dollars,” he says.

As such, security needs to be as normal a part of a business as the water cooler or photocopier, according to Calamity’s Lewkovitz.

“Too many small businesses address security only after they’ve suffered loss. Effective security is about preventing tomorrow’s loss, not yesterday’s,” he says.

But it’s important to remember also that where there’s a will, there is a way. David Edwards had only been the CEO of Ballarat-based non-profit training company BGT for three weeks when the organisation suffered not one, but two break-ins over a single weekend.

“Because I was new to the role it would naturally have been difficult for me to do any assessment of the potential pitfalls of our security at that stage. I was focused on so many other operational aspects of [the business], rather than ‘second tier’ stuff,” he quips.

Besides, the business had a security firm in place to respond to this kind of incident within about a minute of the perimeter being breached, either by phoning the person in charge or attending the scene themselves.

But while technical counter-measures such as alarms and cameras are important, they are not infallible – a lesson Edwards learnt the hard way.

“Someone had to have cased the building earlier in the day on Friday. They then broke into my office later that night by leveraging a window, leant in, grabbed my brand new laptop and took off with it,” he explains.

The incident was reported, police involved and fingerprints dusted. But the mini-crime wave wasn’t over yet. They came back the next night and jimmied a glass door, ran in, and ripped two data projectors mounted in the organisation’s training rooms right out of the ceiling.

Altogether the financial loss came to thousands of dollars, luckily covered by insurance, but Edwards says the real loss was one of morale, productivity and potentially sensitive data.

“Fortunately our IT company had everything stored on a server so everything was able to be replicated and brought up and running within an hour,” he says. “That’s really important. The downtime with that could have been horrific.”

In the end, BGT lost the use of their main training rooms for two weeks while repairs were made and they used the violations to help them patch holes in their security with deadbolts on the windows and safety gates.

“It certainly gives you an insight into where you’re vulnerable,” Edwards says.
To ASIAL’s de Ciares, it’s a situation business owners can try to avoid altogether by recruiting a qualified risk assessment consultant to try and patch holes before they lead to a loss.

“The important point for small business owners when it comes to security is that one size does not always fit all,” he says. “It is important to conduct a risk assessment of the business to understand what the risk factors are. For example, is cash stored on site? Is the business on an arterial road? Are a range of goods or materials on display? Do customers select goods and pay at a point of sale? Has the business suffered from fraudulent transactions over the past four years? Is morale high?”

By considering all these factors and more, problems can be anticipated and dealt with before an incident occurs. But then again, sometimes the most effective strategies are the simplest and the cheapest.

Think about the security measures taken by other businesses in your area. If your neighbours and competitors are hard targets, you need to start thinking harder about it. It’s a major risk to small business, but there’s lots that can be done to prevent it happening.