Go to services

If not for the word “security”, you’d be forgiven for thinking that physical and cybersecurity have little in common. But that’s not the case – physical and virtual security are very much interconnected and having good physical security procedures in place can be one of the best defences against cybersecurity threats.



Physical security is more than security guards. It includes CCTV surveillance, protective barriers, locks and access control. Because the physical theft of computers, laptops, portable electronic devices, electronic media and paper files is one of the most common data security breaches, having good physical security practices in place can often be all that’s standing between your business and a major data breach.

Not so long ago the U.S. Department of Veterans Affairs hit the headlines when it emerged that sensitive unencrypted data pertaining to 26.5 million discharged veterans and their families had gone missing. The data was stolen from an employee who had taken it home even though he did not have permission to do so. The cost of preventing and covering losses from the data breach was estimated to be between $100 million and $500 million.

Unfortunately, this story is not a one-off. Employee-related data breaches are on the rise. Intentional employee data theft or data destruction is one of the biggest cybersecurity threats, and usually takes place in the run up or just after an employee’s contract has been terminated. Unintentional employee-related data breaches, such as the Veterans Affairs breach, are also common and are the result of careless or reckless behaviour. And, though less common, people outside of your business – competitors, activists and criminals – may also stand to benefit from stealing your data.

The responsibility of businesses to maintain security over client data is high. Here is an overview of some of the responsibilities from the Information Commissioner’s Office.


  • The UK GDPR introduced a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
  • You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
  • You must also keep a record of any personal data breaches, regardless of whether you are required to notify.


Good physical security practice will reduce the possibility of data security breaches occurring. Businesses dealing with sensitive data should:

  • Ensure proper physical security of electronic and physical restricted data.
  • Lockdown workstations and laptops.
  • Secure your work environment, files and equipment when unattended.
  • Conceal sensitive papers, computers and other electronic devices when left in an empty office.
  • Encrypt all data.
  • Shred paper records when they’re no longer needed.
  • Lock laptops in or to something permanent when unattended.
  • Delete personal identity information and other restricted data when it is no longer needed.
  • Report any suspected data breaches to the ICO.


If your organisation regularly deals with sensitive data, you may want to consider professional corporate security or office security. Having uniformed guards on-site to monitor CCTV, manage access control and rapidly respond to any security issues will not only deter criminals but will also increase the likelihood of any breaches being disrupted if/when they occur. A good security provider will integrate with your organisation’s culture and work in tandem with any existing security procedures to keep data maximally protected.


Churchill Security is a leading cross-industry security company supplying professional and comprehensive security solutions to organisations seeking expert Security GuardsCCTV & Event SecurityKey Holding & Alarm ResponseMobile Patrols and Thermal Imaging & People Flow.

To find out more about how Churchill Security can protect your business, contact us today.


Back To News

John Melling is a Director for Churchill Security Ltd. John is a highly motivated, determined and decisive security industry professional. Drawing on his extensive experience gained within the security industry whilst working on the coalface John has operated at all levels within the industry. He has a proven track record for motivating and leading high performance teams and has helped mentor and develop many people at Churchill who now hold key or senior positions within the business. John is committed to delivering only the finest services, exercising compelling leadership, maintaining good internal morale and striving to resolve any challenges efficiently and effectively.