Maintaining keyed security, particularly as a large, multi-site organization, involves keeping track of a lot of moving pieces. With many facilities, employees, products, and stakeholders, security is a complicated endeavor. While technology continues to enhance the way that much of our day-to-day business functions, the foundation of your security and loss prevention/asset protection remains in the physical realm with locks and keys.
Every facility within your company depends on physical keys to keep your products, employees, and company secure. Whether your organization maintains dark store facilities or customer-facing retail locations, the simplest and most cost-effective way to protect your products and people is with brass keys. Keys grant employees designated access to your organization. Which makes the key control practices you implement within your company the bricks that establish the strength of your security foundation.
As key control experts, we know a thing or two about best practices. As we help multi-site organizations determine how to improve their programs, there are three best practices that are consistently missing from key control programs and we recommend implementing them right away for improved keyed security and cost-savings.
We talk about restricted keys often. In almost every article on our website about enhancing keyed security, we include a section or mention of restricted keys. This is because implementing restricted keys within your organization is one of the most effective ways to maintain your company’s physical key security. Restricted keys are made with patented key blanks that aren’t sold on the open market. This means that keys cannot be duplicated and additional keys cannot be made without authorization.
Having non-duplicatable keys is the most important practice to implement for your keyed security. Restricted keys can be confidently tracked and accounted for. When an employee leaves your company, you can be confident that the key returned is the only key they had. This enhances security and eliminates the need to change the locks (rekey) after the employee departs, which saves money on rekeying costs.
Establish and Enforce Key Control Policies
After ensuring that your key creation and distribution is secure, it’s time to focus on the next potential security threat: key holders.
Locks and keys are designed to give people access to the areas necessary for their job function, daily responsibilities, and shared company spaces. Unfortunately, keys are frequently lost, stolen or otherwise unaccounted for – because key holders are humans, and humans make mistakes. Unless you have a single administrator giving employees access every day and locking up when everyone has gone home, (which would be a very inefficient process) you must accept that your security may be affected by key holders. In order to minimize the security risks of having many key holders, your organization should educate employees about the security practices and expectations around their keys that your company can enforce to mitigate security risks.
Key Holder Onboarding
When a new employee joins your organization or when an existing employee gains a new level of access, incorporate your key control policy education into onboarding and employee education programs. This can be in written form, an informational video, or in-person. Include expectations about key policies: how an employee should keep track of their key, requirements around reporting a lost or stolen key, and any other security or legal information necessary. Solidify the training and expectations by having key holders sign key receipts for keys issued.
Consider training all employees on the basics of loss prevention/asset protection. Reducing shrink is everyone’s responsibility and the best LP/AP often starts with proactive customer service and adherence to security protocols.
Key Holder Off-boarding & Addressing Security Breaches
Similar to onboarding, whenever an employee leaves your organization, having established key control policies around off-boarding can help you ensure that you aren’t losing keys or allowing for unintentional security breaches to occur. Ensure that every employee who leaves your organization returns your key, and that you track its return. If they do not have a key to return, you can consider the key lost, and address the situation by rekeying affected access points. If the restricted key best practice is in place, and all keys are returned, you can save a lot of money on lock changes by avoiding them altogether.
Creating key control policies for when a security breach occurs can also help streamline your response time and effectiveness. If a break-in or lost key occurs, your employees should be familiar with rekeying protocol (who to call, when to call, etc.) and key issuing process that occurs after a rekey. Having established and communicated policies makes the day-to-day responsibilities of your facilities managers and/or LP/AP team easier and more secure.
After implementing restricted keys and educating employees about key control policies, the last practice we will cover is tracking the keys you issue. Your ability to accurately track keys across the organization is foundational to key control. If you are not keeping accurate records of who has access to what at each facility, you are opening the organization up to potential shrink. Accurate key tracking is the only way to ensure that no one aside from your key holders have access to your products and facilities, during and after hours.
There are many ways to track keys to key holders. We recommend avoiding paper. While physical copies can give you an accurate look into the key security of a single site, sharing information across an organization with paper copies is inefficient. The same problem exists for stand-alone software. Sure, you won’t be managing paper records, but sharing information across the organization is still a challenge. Cloud-based key tracking software is a more effective solution to keep track of keys at an organizational level (or by district, region, etc.). It’s important to have a depth of data available to quickly and accurately address a keyed security breach immediately.
Complete Key Control With InstaKey
Here at InstaKey, we bring our security expertise to our lock and key products to provide multi-site organizations (like Retail and Grocery) with complete Key Control that saves around 80% on rekeying costs (compared to locksmith callouts). From restricted keys to the software to track them, InstaKey can support your organization in implementing a well-managed Key Control Program.