At most facilities, janitorial crews are often neither seen nor heard, starting their work shifts after most employees have gone home. This level of freedom has the potential to cause security problems related to more than just incidents of theft. Workers in these jobs may be poorly screened or not background-checked by the firms who hire them, mostly because the cleaning company owners are often desperate to fill a part-time job that offers no benefits and involves late evening work hours.
Certainly only a small number of cleaning company employees steal from the facilities where they work. But because they work alone at night or are only slightly supervised, the temptation is there.
Employees can get complacent in their offices, leaving their desks and file cabinets unlocked, keeping expensive personal items on their desks, not storing away sensitive, proprietary, or fiduciary data, and failing to log off their computers.
These security lapses can encourage some cleaning employees to steal personal property or misuse company resources, like making lots of copies from office copiers for their side business, or using postage from postage meters.
Security administrators need to conduct occasional spot checks and surprise inspections on cleaning crews, whether they are in-house employees or are provided from a vendor.
These on-site audits may reveal that cleaning crews are not disposing of shredded material correctly; sleeping on the job; using company telephones to make long-distance calls; using office equipment; getting unauthorized access to the Internet; or even not locking the doors of the facility and resetting the alarm codes when they leave for the night.
This last issue was a surprising concern for a California city, when government employees arrived at their offices each morning at 8:00 a.m. found homeless people sitting at their desks, eating their food out of the break room, and sleeping in the hallways. As the police continued to chase these trespassers out each morning, no one could figure out how they were getting in, since there were no signs of forced entry.
It turned out that the cleaning crew cleaned the offices every morning from 4:30 a.m. to 7:30 a.m. and left the building unlocked and unalarmed, thinking that no one would enter it during the 30 minutes after they left and the city employees arrived.
Security practitioners need to participate in the request for proposal (RFP) or selection process for cleaning vendors, helping their firms select companies that are reputable, properly bonded and insured, and can demonstrate that they actually conduct valid background checks of their new hires.
Janitors and cleaning people often have access to full sets of hard keys for the building or all-access key cards, along with knowledge of the alarm codes. The loss or misuse of these can be devastating to a firm.
Each cleaning employee must be given a specific alarm code so security can identify who is coming and going, or not rearming the system, and when. It may be necessary to deny access to the janitors to some parts of the building after hours, including the offices of senior executives and IT server rooms.
These areas may require a specific cleaning plan by time of day or only when supervised by security personnel.