In its 16 years of business, DataServ Solutions has relocated five times. That makes David Berndt, CIO at the document-digitization and process-automation company in St. Louis, Mo., something of an expert on the topic of securing corporate moves. "By now, we've got a good process," he says. In the most recent move this past February, nothing was lost or damaged. "We shut down the office at about 2:30 on Friday, and we were up 100 percent on Monday, with no disruption for our clients and no service levels missed."
But with all the planning involved in ensuring your most valuable data and other corporate assets get from one location to the next without incident, it takes a few relocations, he says, before you can feel confident you've got it right. Topping his list of lessons learned: Create a cross-departmental moving team, start shredding unneeded documents months ahead of time and, during the move, never take your eyes off the movers themselves. "You have to be very granular in your planning," he says.
Also see 'The 7 deadly sins of building security'
Here, then, are a collection of tips for ensuring the security of your next corporate move.
Start planning your move early
When it comes to planning a move, time is only your friend when you have lots of it, says Alan Nutes, security manager at the Department of Watershed Management for the city of Atlanta. With a good head start, you can make note of specific assets that may require heightened security: blank check stock, any controlled substances or hazardous materials, physical keys and so on depending on your business. You can also create a records-management program for taking inventory of all your sensitive data, both physical and digital, and plan a robust backup strategy, including storing copies offsite. "Unfortunately, security is drawn in as a last resort most of the time," he says. "It's on us as the security team to sell our programs to get to the forefront during the planning stages."
Create a move team
Two months before DataServ's move, Berndt formed a project move team, made up of staff from all seven of the company's business departments. The group met once a week and, over time, formed smaller subgroups dedicated to specific tasks. It used project-management software to track its progress in a way visible to everyone. Beyond the move team, it's also important to consistently update the rest of the company on the status of the moving plan, says Hugo Valldejuli, CIO at Dacor, a luxury kitchen appliance designer and manufacturer. Dacor has endured three corporate moves in the last 30 years, most recently an in-state relocation from Diamond Bar, Calif., to Costa Mesa. "We did a weekly update in our corporate meetings so everyone knew what was going on," he says.
Minimize what you need to move
The fewer things you need to move, the fewer boxes you'll have to track, so this is a good time to purge old, unneeded documents. But disposal needs to be a managed effort, Berndt says. For DataServ's move, he organized a shredding campaign that he began publicizing about six weeks before the move. Employees were told to identify unneeded documents and each week the move team distributed 50-gallon plastic tubs to collect documents for secure shredding and disposal. Berndt educated department managers on the cleanup process to ensure it was followed correctly. "We had to start early to make it successful," he says.
Nutes agrees that with the threat of dumpster divers intent on industrial espionage, it's best to let the security team take charge of throwing away documents--even once they're shredded. He recalls a time at one of his previous employers, Drexel Burnham Lambert in Manhattan, when workers at competitor Kidder Peabody joined in the fun of a ticker tape parade by throwing print-outs out the windows. "Our salespeople were catching them, because some were customer portfolios," he says. "It's important to have centralized shredding locations."
Some businesses take advantage of the opportunity to shred hard drives as well, and dispose of other outdated computer and office equipment. The less you move, the less you spend on trucks and manpower, and the easier it will be to organize in the new space and get up and running.
Choose your movers carefully
Even though Berndt was satisfied with a moving company he had hired for an earlier move, he did not automatically reward that firm with more work. "We interviewed movers, had them give us bids and asked how they'd approach the job," he says. "It wasn't just a dollars-and-cents decision."
Even after contracting again with his former mover, Berndt had DataServ's own infrastructure staff move the company's servers and a high-end scanner. The company's primary data center is not located at its headquarters, so it was only moving its test environment and e-mail servers--about a rack and a half worth of equipment, plus the scanner, he says.
"We've had a negative experience where we lost a fairly expensive piece of equipment," he says. For moving computers, he says, it's usually best to hire a company that specializes in electronics. But in this case, given the small volume and short distance--just 1.5 miles--Berndt decided it wasn't worth the extra cost.
For sensitive hard-copy documents, Dacor's Valldejuli turns to specialized movers like Iron Mountain. (For a detailed look at Iron Mountain's secure document transport process, see How to secure the paper chain.) As an added measure of protection against loss, he had the financial staff audit the documents and he conducted a before-and-after inventory.
Like DataServ, Dacor no longer concentrates its primary computing equipment at headquarters. As for the storage equipment and servers it did move, Valldejuli divided them into two separate trucks to avoid losing everything in the event of a traffic accident. "If we lost one set completely, we could limp along on the remaining set," he says. "Plus we had servers in [our manufacturing facility] as a third backup. It was painstaking to plan."
When making a final decision on a mover, Nutes adds, it's important to do a background check. At one point in his consulting career, he says, he was doing due diligence on a trucking company and discovered it had ties to a criminal organization.
Seal boxes securely
For those who think taping boxes is just a mindless task, think again. The tape you use can show you whether any boxes were opened during the move. It's worthwhile, therefore, to invest in evidence sealing tape rather than traditional packing tape, because it allows you to see whether the seal has been broken or even tampered with. If you do use regular tape, Nutes says, have the person sealing the boxes write his or her name across the tape so you can see if it's been cut and resealed.
To make inventory easy, says retired FBI special agent Peter Yachmetz, you should also label each box "1 of 30, 2 of 30" and so on, so you can quickly track them.
Whether you empty file cabinets or move them with documents still inside will probably depend on the requirements of your mover, Nutes says. If the cabinets are full, don't rely on their locks, as most can easily be picked with a paper clip, he says. Instead, put evidence sealing tape over each drawer to ensure no one has tried to break in.
Put all eyes on deck
No matter how much you trust your moving company, Berndt warns, you should form an oversight team that watches every move the movers make--from picking up the boxes at the old location, through loading and unloading the truck, to putting them down in the new building. Team members should be given specific assignments in individual areas or departments and trained to watch for suspicious behavior.
"We assigned people in shifts to watch the movers and make sure they were just carrying things out and not getting into them," he says. "Everything we moved, employee personnel were watching. Could we keep an eye on absolutely everything at all times? No. But we never had people unattended when the equipment was in place on either side or when they were with anything that would be of a secure nature."
Another reason to keep watch is to look for physical damage, Berndt says. "You can't come back a week later and say, 'This desk was damaged,'" he says. "You have to do it the first day."
Yachmetz says oversight at the FBI went even further. Agents, not movers, pushed carts full of boxes out to the truck, accompanied by a security escort. Additional agents watched the truck as boxes were loaded, then were stationed in the back of the truck and the cab for the drive to the new location. Security escorts both followed and led the truck. At the new destination, the process was repeated in reverse.
Create a chain of custody
Creating a chain of custody ensures that if anything does turn up missing, you can go back through the inventory lists and checklists you've created to see who was the last to have ownership of each box.
As soon as boxes and file cabinets are sealed, Nutes says, they should be placed in a secure area, ideally with a security officer assigned to it. The officer should sign for each box that is brought to the area, and he or she should have a list of anyone who is permitted into that area, including the names of all movers involved.
In the new location, personnel should be assigned to monitor each area where boxes will be delivered, verify that their seals are intact, and sign for each box. During FBI moves, Yachmetz says, inventory is also taken when unloading the truck. Each agent has a list of numbers representing boxes that he or she packed and is responsible for recording whether those boxes come off the truck.
At Dacor, boxes were marked with the name of the person to whom it belonged. At the new building, maps were posted showing the location of each person's office.
Avoid stranger danger
Moving day itself can be chaotic, with doors propped open and movers walking the hallways. Extra precautions need to be taken to ensure would-be thieves are not taking advantage of this situation. "With industrial and corporate espionage, it's not unheard of that a competing company would have their employees get hired by the moving company to sneak into the facility," Nutes says. Not to mention, in a multi-tenant building, you could have other companies' trucks at the loading dock. If you're on a public street, passersby could also have easy access.
Dacor's Valldejuli says he trained employees to ask for identification when they encountered anyone they didn't recognize and couldn't identify as a mover. "Doors were open and boxes were flying back and forth," he says. "Plus, in the year before the move, we lost three laptops in what we believed to be a very secure building, so our eyes were open."
Another precaution is to designate just one area for boxes to be moved out of, such as the loading dock or front entrance, and prominently position a security guard there with list of who is allowed in, Nutes says. Everyone on the access list should be given some form of identification, he says, such as a visitor's badge.
Secure the truck in transit
Before the truck rolls away, Nutes says, you should map out a route with the moving company. That way you'll know how long the drive should take and, if it takes too long, can figure out whether they stopped along the way. Another precaution is to place a numbered security seal on the truck door locks to ensure you'll know if they were opened.
Valldejuli even assigned someone to follow the truck, since it was just a 45-minute drive.
Don't advertise your relocation plans
Although some companies might think of a corporate relocation as a chance for positive public relations, it's better to publicize the move after the event, not before, especially if you're in an industry with valuable intellectual property, Yachmetz says. This is especially true if you're moving into a brand-new building, where construction workers could plant listening devices in the walls. "You should keep it close to the vest for as long as you can," he says. In fact, when it was building a new office, the FBI ran a background check on everyone involved in its construction. "If they found anything unacceptable, they were not allowed to be part of the building crew," Yachmetz says.
Move during off-peak times of the year and day
Summer is the busiest time for moving companies, so to avoid capacity constraints and slow customer service, try to move at another time of year. According to a study by J.D. Powers in 2007, the least busy time to move is in the first quarter.
Time of day can also improve your security outlook. At DataServ, Berndt says, they exited the old building around 2:30 and entered the new one at about 5:00. "That reduced the number of people running around in the hallways because it was an after-hours move," he says.
Celebrate
Moving is stressful, whether it's a corporate or personal move. That's why Berndt says you shouldn't forget to celebrate when it's all finished. "We had a mandatory Saturday that people had to come in and ensure we'd be up and running for Monday," he says. "But we made sure everyone was well fed, and when we were finished, we had some beverages."
CSO
