Marianna Perry, CPP, a security consultant with Loss Prevention and Safety Management, LLC, discusses how companies can prevent employee theft of digital and physical assets.
Q. What steps can employers take to prevent employee theft?
A. One of the major things that employers can do is hire the right people—honest employees. That sounds very simple, but many times corners are cut during the hiring process. In addition to more than one interview, employers should conduct thorough background investigations, which may include checking criminal records, references, and education. Personality tests can indicate whether the applicant is a good fit for the company. Every employer should have clear policies to deter theft, and employees should know that if they steal, they will be prosecuted. It’s also a good idea to have a hotline where employees can anonymously report suspicious behavior or theft by another employee.
Q. What about security best practices?
A. Retailers have traditionally used common practices such as comparing physical inventory against receiving and sales records, auditing cash and payroll records, locking emergency exit doors, installing video surveillance systems, and using security devices to tag inventory. Training employees to recognize common behavior characteristics of thieves is also critical to deterring theft. Business policies and procedures need to be reevaluated on a regular basis and communicated to employees. Best practices include daily bank deposits made by two employees, audits of shipping and receiving records, inventory conducted by an outside firm, verifying time worked against payroll records, auditing cash bank deposits against daily cash receipts, and reconciling the monthly bank statement.
Q. How can employers prevent personal information from being tampered with by an insider?
A. A risk assessment may help identify potential vulnerabilities in the IT system, whether it’s theft from employees who are well aware of their access to the goldmine of personally identifiable information (PII) or an inadvertent theft that may be caused by a bring-your-own-device policy. Many employees can access PII with no evidence of intrusion in the company data systems. High turnover and employees that do not undergo effective vetting processes increase the likelihood of insider theft. Access to data files should be restricted and controls and tracking should be in place. Senior management should have current login information and passwords of all employees. Businesses need to have a holistic approach to security by integrating IT security and physical security.
Q. Should a manager confront an employee about stealing? Are there any legal concerns?
A. If an employee is confronted with theft, ensure that you have the evidence to support your suspicions. Entrapment techniques should never be used to entice an employee to steal. It’s important not to threaten the employee under suspicion and have a witness present—preferably, a member of management—while you are talking with the employee. Ask the employee to explain how the theft occurred, if other employees are involved, and if the money or company property can be returned. Every theft that occurs should be reported to law enforcement with supporting documentation from the business.