Kevin Ian Schmidt

Understanding of Real Risks

Photo Courtesy: Nick Carter/Flickr
Photo Courtesy: Nick Carter/Flickr

To anyone who has an understanding of real risks, some of the most unnerving stories about security involve facilities where nothing bad has happened — at least not yet. These are facilities where vulnerabilities exist but haven’t been discovered or addressed yet.

Case in point: the headquarters of a large health care company. A security review determined that anyone in the lobby could go straight into the rest of the building without being stopped. But the audit recommendations to address that problem languished in the hands of company executives. Six months later, the company found itself embroiled in tense collective bargaining negotiations. One day, a group of people barged in through the front door, raced through the lobby and disappeared into the heart of the building. The stunned receptionist could do nothing but call the police and hope that nothing happened until they arrived.

Think that a security breach like that — involving an obvious vulnerability — is an isolated case? Look around many facilities, and it’s not difficult to spot security risks: a door propped open, poor lighting in the parking lot, a window cracked open or an unlocked gate. And obvious risks like those are only the beginning. Facilities face a wide range of potential threats. The real question is, which vulnerabilities are most likely to be exploited?

There are plenty of excuses not to address that question. An office building may be deemed too small to require a detailed security audit. Or its out-of-the-way suburban location may be judged safe because it does not face obvious, high-profile risks. Cost is often an obstacle. So is the lack of an on-site person who is directly responsible for security.

Excuses aside, experts agree that conducting an audit is paramount to making sure that everyone and everything in a building is as safe as possible.

In order to really do anything from a security standpoint, you have to know what your risks are, how can you make security decisions if you don’t have a clear understanding of what your problems are?

Some buildings are clearly high-risk and therefore demand that special attention be paid to security. A good example is a nuclear power plant, the security level requires special attention to detail. The Nuclear Regulatory Commission has specific guidelines for how those facilities should be secured, and it’s not just the release of nuclear material into the air that has to be addressed. Many of those plants, for example, have regularly scheduled deliveries of chemicals via truck or rail. That schedule requires evaluations on which roads leading to the plants have the most risks. Moreover, the possibility that someone may try to sabotage the truck or train delivering the chemicals should also be considered, Benne says.

The definition of what constitutes a high-risk building has changed over time. For example, the threat of terrorism has created a demand for specialized research buildings to study and respond to a biological event.

The federal government is looking closely at the security of those biological labs. Two types of assessments are typically conducted on those labs: a bio-risk assessment that focuses on handling and containing biological agents, and a more traditional security assessment that addresses outside threats, such as someone trying to enter the facility.

If you’re designing a facility with agents that are lethal, the community wants to know what you’re doing to protect it, it’s a sensitivity and not just a process.

But for every building that is closely scrutinized because it is clearly at high risk, there are many more facilities where risks have never been adequately identified. And a building need not be a landmark to face significant risks. A good example is a branch bank located near the entrance ramp to a highway. Someone who understands risk assessment sees that a financial institution has branches located where other financial institutions have had robberies. Those (new) branches will then be seen as high-risk and added security measures would be put in place.

Time for Action

Formal security audits should be done on a regular basis, noting that there are three occasions in particular when they should be conducted. The first is when a site is being considered for a new building. There are commercial and consumer crime statistics companies available that conduct threat and risk assessments based on geographical location. Their assessments detail what the crime and murder rates are for a specific address and compare those rates to those of the city and county.

Many times you’ll find that the differences are miniscule, but if one location has a greater crime rate, it may have an impact on the decision.

A security audit should also be conducted when a significant change has been made to an existing facility, such as an addition, and when there’s been a serious incident. In the latter, the goal is to find out why an incident occurred and how it can be avoided in the future.

A security audit is a three-step process: first, where do you stand today? What are your policies? Procedures? Equipment? Second, where do you need to be? Third, if there’s a significant gap between where you are and where you need to be, how do you fill that gap?

Risk assessment can go beyond a security audit and try to determine how survivable a business is if something catastrophic occurs. A number of companies went out of business after the World Trade Center collapsed on Sept. 11, while others survived but got “a big wake-up call.” You can’t, for example, put all the data in one location. You need redundancy. Companies have to ask how they’ll continue operating if they want to keep the doors open after an emergency.

Check Out: How to Complete a Risk Assessment

Excuses, Excuses

Despite the benefits of security audits, many companies don’t do them because of the expense, the average in-depth security audit costs between $10,000 and $50,000.

It’s often not easy for a security director to justify spending money on a security audit when nothing bad has happened in or around a building. Recommending that an audit be conducted is much like making a sales pitch to management. The reason? A security director is competing with others on the staff who want money to be spent on new computers or the replacement of a compressor.

Audits also aren’t conducted because there hasn’t been an incident in or near a building and so no one feels the need to look for weaknesses. That misses the point of doing a security audit. The goal is to be proactive in organizing a plan to handle different types of threats and reduce liabilities.

Having a plan could pay off when partnering with an insurance company, if you can show them that you’ve done an audit, an insurance company may lower your premium, so there are some benefits that are outside of just mitigating risk.

Another reason security audits are neglected is because it is assumed that the risks facing the facility are so clear, and the appropriate countermeasures so straightforward, that a detailed analysis of security risks seems superfluous. For example, administrators at a school that has several open perimeter doors may decide to lock all those doors in a reaction to violence at another school. And while the doors may stay locked for the next several months, at some point security typically becomes lax once again if another incident doesn’t occur. An audit can help structure and focus to security efforts.

This isn’t to say that security incidents at a similar type of building, or strategies used by comparable facilities, aren’t important parts of the security decision-making process.

Piece of the Puzzle

Clearly, a review of strategies used by comparable facilities is an essential component of a security plan. A facility executive responsible for K-12 schools, for example, should be aware that other schools have put an increasing focus on perimeter security, so that no one has unchallenged access. So when someone walks in, they can get to a certain point and then they have to be vetted by signing in, showing credentials and being checked out before they can progress further into the building. At most schools, and this is slowly changing, you can just come in and wander around. Knowing how other schools are addressing security risks can help educational facility executives make decisions about their own buildings, but knowledge of industry trends is no replacement for a security audit.

An audit is especially important when the installation of security systems is being considered. Facility executives may decide to add video cameras because a similar building did so. But if there are no provisions for monitoring the cameras, they won’t achieve the goal of improving security. Organizations make short-term changes that lack the thoroughness of a well-thought-out plan, often costing money without a return of investment in improved security.

Organizations that don’t conduct security audits often end up with knee-jerk reactions to incidents. Suppose a company is having its products stolen but it’s unclear exactly how that’s occurring. Feeling the need to take some action, the company’s management might decide to put cameras throughout the facilities. However, if the products are being put in briefcases, cameras won’t spot the thefts.

Although getting input from the local police department may be useful in the audit, simply asking the police for advice about ways to improve security is no substitute for an audit. Police focus on law enforcement, which is different than securing a building. Law enforcement responds to criminal activity and security is designed to mitigate criminal activity.

Check Out: Basics of a Security Risk Assessment

Taking Action

Some organizations have a security audit conducted and then fail to act on its recommendations. Taking that approach, however, opens management to liability because there’s an obligation to fix the items that the audit found. An audit is likely to find more problems than there are dollars to address them. At that point management needs to set priorities, determining what situations and events are possible, what their probabilities are, and whether their impacts would be catastrophic, minor or something between the two. These are tough decisions, how do you invest money in things that might never happen?

Of course, if audit recommendations are ignored, and an incident occurs, the company must deal with the effects of the incident as well as the cost of countermeasures, which will surely be taken. In the case of the health care company that ignored the audit recommendation to improve lobby security, the intruders wound up in the office of a facility manager, who called the security manager demanding to know how the breach could have occurred. The security manager pulled out the audit report, which had warned of the risk of such an incident. Companies don’t fully understand the cost associated with the risk. As a result of the incident, the lobby was compartmentalized to preclude the possibility of a similar event in the future.

What facility executives and security directors need to remember is that there is no way to prevent all security incidents. If a security breach occurs, there will often be recriminations, with people saying that management and others involved in security should have seen it coming. But there’s a huge list of things that can happen, the goal from a security standpoint is to identify things most likely to occur and take reasonable steps to prevent them.

5 Common Ways Employees Steal

Small-business owners aim to hire trustworthy workers, but companies must be aware that theft will occur. Understanding common ways employees steal requires that you look at the type of items thieves go after and the methods used to take them. Theft can have a significant impact on a small business and can even result in your business failing. Knowing the five most common ways employees steal can help you develop methods to combat the problem.

5 Common Ways Employees Steal

Cash

Unethical practices by employees that result in financial losses for a business can manifest in various ways. One common method involves the misappropriation of funds during sales transactions. Employees may discreetly transfer money from cash registers into their pockets, exploiting their position at the point of sale. This covert activity can lead to a direct and immediate impact on the company’s revenue.

Furthermore, another avenue for potential theft is the unauthorized access to open or unsecured safes, petty cash drawers, or cash boxes. Employees may exploit vulnerabilities in the security system, taking advantage of lax protocols to pilfer funds. This type of theft can occur gradually over time, making it challenging to detect until substantial losses have accumulated.

In addition to physical theft, there’s a subtler form of financial misconduct that involves quoting customers inflated purchase amounts. Employees may intentionally communicate a price higher than the actual cost of an item during a transaction, pocketing the excess funds. This manipulation can go unnoticed in the hustle and bustle of daily operations, making it a deceptive yet effective method of embezzlement.

Once an employee has successfully obtained cash through these illicit means, they may exit the business premises at the end of their shift without raising suspicion. This method allows them to evade immediate detection, making it imperative for businesses to implement robust internal controls and monitoring mechanisms.

Merchandise

The challenge of inventory loss or shrinkage stemming from theft poses a significant concern within the merchandise distribution process. This issue is pervasive and manifests at various stages, affecting the overall integrity of a business’s inventory management.

One prevalent scenario unfolds on the sales floor, where employees, unfortunately, engage in deceptive practices. This may involve the discreet concealment of merchandise within apron pockets or strategically placing items behind others on shelves. The intention is often to retrieve these hidden items at the conclusion of their shifts, contributing to a decline in available inventory and potential financial losses for the business.

Beyond the sales floor, the issue extends to the pre-public availability phase. Employees, seeking to exploit vulnerabilities in the system, may pilfer items directly from warehouse shelves or intercept newly arrived merchandise before it is officially scanned into the inventory software. This early-stage theft not only impacts inventory accuracy but also disrupts the seamless flow of merchandise from distribution to retail.

In more audacious instances, employees have been known to resort to grander schemes, such as stealing entire shipping trucks. These acts involve the unauthorized acquisition of vehicles laden with merchandise meant for their employer’s business. The repercussions of such actions extend beyond inventory loss, encompassing operational disruptions, financial ramifications, and potential damage to the business’s reputation.

Addressing this multifaceted challenge requires a comprehensive approach. Businesses must invest in robust security measures, both on the sales floor and within distribution channels, to deter potential theft. Implementing advanced surveillance systems, access controls, and stringent inventory tracking protocols can fortify defenses against deceptive practices.

Check Out: Using Social Media for Investigations

Supplies

Certain employees engage in pilfering small items, like pens, staples, or scissors, incrementally over time, exhibiting a pattern of repeated theft. Alternatively, individuals may opt for a bolder approach by taking such items on the day they decide to quit, often before formally submitting their resignation. On the other end of the spectrum, more audacious theft involves the pilferage of pricier items, including furniture or equipment. This type of theft tends to occur during after-hours periods when employees work unsupervised overtime or gain unauthorized access to the business premises after it has closed for the day. Both forms of theft, whether gradual or more immediate, necessitate vigilant oversight and security measures to safeguard a company’s assets.

Payroll

Instances of employee misconduct may involve the falsification of records or the execution of actions leading to payment for work that was not performed. In some cases, employees may engage in deceptive practices, seeking reimbursement for travel or other expenses unrelated to work. This can include submitting reimbursement requests for personal meals disguised as business lunches.

Another form of deceit involves the manipulation of time-related records. Employees may submit falsified time sheets, claiming hours they did not work or neglecting to deduct time taken for extra breaks. This misrepresentation of work hours can contribute to financial losses for the employer.

Furthermore, theft can manifest in less tangible ways, such as time theft. Employees may divert work hours by engaging in personal phone calls, extended conversations with co-workers, or spending excessive time surfing the Internet instead of fulfilling work responsibilities. These actions not only compromise productivity but also lead to an overall decrease in the quality and quantity of work completed.

Informationemployee-stealing

Instances of deliberate information theft by employees pose a serious threat to the confidentiality and intellectual property of their employers. Motivated by personal gain or, at times, by a desire to benefit competitors, these individuals engage in activities that compromise sensitive company data. The purloined information spans various categories, encompassing customer lists, internal memos, and proprietary details related to products, services, or other critical facets of the business.

This illicit activity often takes shape through modern communication channels, with employees utilizing email as a conduit for transmitting sensitive information externally. In some cases, individuals employ more traditional methods, such as printing out confidential documents, copying them onto portable storage devices like flash drives or cellphones, and physically carrying the information away from the business premises. The ease with which information can be transferred in our interconnected world underscores the need for robust security measures and vigilant oversight.

In the digital realm, information theft via email requires businesses to implement stringent access controls and monitoring systems. Proactive measures should include educating employees on the ethical and legal implications of misusing company information, emphasizing the importance of maintaining data confidentiality.

Additionally, the more tangible act of physically removing printed documents or electronic storage devices demands a comprehensive approach to security within the workplace. Access control systems, surveillance measures, and employee training on the responsible handling of company information all play crucial roles in mitigating the risk of information theft.

Read: Tips to Identify Internal Theft

Mitigating Common Ways Employees Steal: Proactive Measures

Countering the five most prevalent avenues of employee theft requires a strategic approach. Several preventive measures can significantly reduce the impact of such incidents on your business. One effective strategy is to regularly reconcile physical inventory with shipment and sales records, ensuring accuracy and promptly identifying any discrepancies. Conducting comprehensive audits, including cash, payroll, and computer usage assessments, serves as another valuable tool to detect irregularities and address potential areas of vulnerability.

To enhance security measures, consider implementing sophisticated systems such as time-tracking devices and surveillance cameras. These technologies can help monitor employee activity, providing an additional layer of protection against theft. Regularly reviewing the data collected by these systems enables proactive identification and response to any suspicious behavior.

Employee training plays a crucial role in preventing theft. Educate your staff on recognizing common behavior patterns exhibited by potential thieves. This may include repeated requests for outside breaks, unsupervised overtime, or expressing a desire to be transferred to a stockroom or cashier position. By fostering awareness and vigilance among employees, you create a more secure and vigilant work environment.

By adopting a multifaceted approach that combines regular audits, advanced security technologies, and employee education, businesses can significantly reduce the risk of employee theft and safeguard their assets.

 

5 Non-Verbal Indicators in Interviews

When setting up a room for conducting an investigation interview, there are a few basic rules the investigator should keep in mind. Aside from making the interviewee feel as comfortable as possible, the interview room should also facilitate clear communication, including non-verbal. This means that there should be no physical barriers between the interviewee and subject that might block the interviewer’s view of the subject.

There are good reasons for this. Firstly, a physical barrier, such as a table, can act as a psychological barrier. In a situation in which open communication is sought, putting up barriers obviously goes against the goal.

Another reason to keep furniture out of the way is to provide the investigators with a full-body view of the subject. This is important when assessing the subject’s body language, or non-verbal clues, when he or she is answering questions and providing detail about the incident in question.

There have been many articles, books, even television shows, written about how to detect deception in investigation interviews, and there are as many theories as there are theorists. But there are a few fairly well researched and generally acknowledged non-verbal indicators in interviews that may indicate that a speaker is being deceitful. As long as the investigator is experienced enough to know that one sign does not make the subject a liar, these clues can be considered as part of an overall strategy to assess the credibility of the interviewee.

5 Non-Verbal Indicators

Illustrators

hand manipulatorThese are hand motions a person makes when talking. They are normal and often used to illustrate a point. During times of low stress, a person uses illustrators at one rate, but when the stress level increases the subject’s use of illustrators may increase or decrease. A change in the use of illustrators, therefore, may be taken as a possible clue to deception.

Manipulators

Like illustrators, manipulators are hand motions. But rather than illustrating a point, they are used to displace nervousness. Examples of manipulators are playing with jewelry, picking lint off clothing or clasping and unclasping the hands.

Full-Body Positioning

A person who is engaged in a conversation and being honest will often lean toward the person they are talking to as the questions get more serious. A dishonest person might lean away from the interviewer, changing his or her posture completely.

Check Out: Guidelines for Investigation Interviews

Fleeing the Interview

Similarly, a subject who is being dishonest might actually arrange his or her body in a position that suggests fleeing the room. While the person’s upper body is facing the interviewer, his or her legs may be facing the door, as if in an unconscious effort to leave.

Covering the Mouth

And while it seems too symbolic to be true, liars will sometimes place their fingers or hands over their mouths, as if to contain the lies before they escape, just as they did as children.

 

 

The Basics of Body Language:

Your primary goal when reading body language is to determine their comfort level in their current situation. There is a process of combining verbal cues and body language to determine this.

Positive body language:

  • Moving or leaning closer to you
  • Relaxed, uncrossed limbs
  • Long periods of eye contact
  • Looking down and away out of shyness
  • Genuine Smiles

Negative body language:

  • Moving or leaning away from you
  • Crossed arms or legs
  • Looking away to the side
  • Feet pointed away from you, or towards an exit
  • Rubbing/scratching their nose, eyes, or the back of their neck

A single cue can be misleading so it’s essential to pay attention to multiple behavioral cues.

Check Out: Effective Communication Skills: LISTENING

Reading the Non-verbal Clues

One thing to keep in mind is that non-verbal clues mean nothing in isolation. Some people exhibit these characteristics when they are not stressed, and some people are stressed all the time, whether they are being deceptive or not. So it’s important for investigators to treat clues as insight into where to probe further, rather than as proof of deception.

Investigators should also be careful to assess the state of mind of a subject as part of assessing credibility. Subjects who are mentally unstable or who are inebriated or under the influence of drugs do not exhibit reliable clues. In fact, it’s not a good idea to interview these people at all.

PEACE Method of Investigative Interviews- Overview

A number of police forces through the world are using a model of investigative interviews that is more information gathering as compared to obtaining a confession from a suspect. As we in the safety world are concerned with gathering information following an accident I thought the technique might be of interest to readers. The method incorporated is what I’ve been teaching for years, but the use of the mnemonic PEACE brings all the ideas together nicely.

P – Preparation and planning
E – Engage and explain
A – Account
C – Closure
E – Evaluate

I’ve deleted some police/legal concepts from the web based material and added a few comments of my own.

P – Preparation & Planning

Crucial elements of good planning and preparation for an interview situation include:

  • Understanding the purpose of the interview;
  • Defining the aims and objectives of the interview;
  • Understanding and recognizing the points to prove or to clarify;
  • Assessing what evidence is available and from where it can be obtained;
  • Assessing what evidence is needed and how it can be obtained;
  • Preparing the mechanics of the interview (stationery, exhibits, location etc).

E – Engage & Explain

PEACE interviewsThese two terms also known as ‘Interview Preamble’ refers to early phases within the actual interview and is defined as follows:

The essential element of engagement is an introduction appropriate to the circumstances of the interview. It is desirable that a proper relationship is formed between the interviewer and interviewee. This requires, for example, that the interviewer develops an awareness of, and is able to respond to, the welfare needs of the interviewee and any particular fears and expectations.

The engage phase is followed by the explanation phase in which the investigator should outline the reasons for the interview and explain what kinds of action will be followed during the interview, particularly the routines.

Check Out: Effective Communication Skills – NONVERBAL

A – Account

This term describes the stage in which the interviewee’s recollection of the events of interest is obtained. This stage is directed at obtaining the fullest possible account from the suspect. There are two accepted approaches of inducing recollection known as:

  • The Cognitive approach;
  • Conversation management.

Different techniques for assisting recollection are associated with each method. With the cognitive method, the interviewee is asked to think back and mentally relive the event, initially with minimal interference from the interviewing officer. The interviewer does not interrupt, makes effective use of pauses and avoids leading questions. The interviewee is then encouraged to recall the event again using a different chronological order, or from a different perspective.

When the conversation management method is used, the interviewee is asked first to say what happened and the interviewer then subdivides the account into a number of individual parts which are enquired about in turn for further details.

The cognitive method provides the interviewee with greater control over the way the interview develops, whereas conversation management attributes more authority to the interviewer. This basic difference between the two approaches broadly defines when each is most appropriately used. For example, conversation management may be more appropriate for reluctant interviewees than the cognitive method.

C – Closure

To avoid immediate or future problems with the relationship formed between the interviewer and interviewee, investigators should ensure that, at the end of an interview:

  • interviewees are thanked before leaving;
  • everyone understands what has happened during the interview;
  • everyone understands what will happen in the future.

Closure should also include elements such as giving the interviewee the opportunity to ask any questions. It is crucial that the interviewer always ensures that there is a planned closure, rather than an impromptu end, to the interview. The interviewer should summarize and check back as to what the witness has said.

E – Evaluate

After each interview is completed, the event and the material that came from it should be evaluated fully. The first consideration is whether the objectives of the interview were achieved. Decisions must then be made about whether any further interview is required or whether other inquiries need to be made. Evaluation can also help interviewers to improve their interviewing skills. To this end, they should take the opportunity to reflect on their personal performance and identify areas for future development or improvement.

 

When conducting an investigative interview, you also need to be aware of the non-verbal indicators.

Understanding the PEACE Method is an important part of an investigative interview, but know the Factors to consider in an investigative interview is equally important in being successful when using the PEACE Method.

Questions to Ask Yourself BEFORE Security Risk Assessment

Before you hire me as a consultant for a security risk assessment, I advise you to review your business by asking yourself the following questions. Conducting this self assessment before paying for a security risk assessment, will save you money.

  • Are physical controls documented?
  • Are secure areas controlled?
  • Are review and maintenance of access controls taking place?
  • Are there non-standard entry points to secure areas?
  • Are these non-standard entry points secured and/or monitored?
  • Are visitors required to have supervision at the institution?
  • Are visitors allowed within secure areas?
  • If your organization shares access to your facility, does it have proper controls to segregate access?
  • Is sharing physical access to the institution by other organizations documented?
  • Are there contracts or agreements with the organization regarding this physical access?
    • Has a physical penetration test been performed?
  • Are magnetic media stored in accordance with regulatory requirements and manufacturers’ suggested standards?
  • Do guards at entrances and exits randomly check briefcases, boxes or portable PCs to prevent unauthorized items from coming in or leaving?
  • Do guards allow visitors to bring laptop computers into the institution without proper signoff or authorization?
  • Are fire detectors and an automatic extinguishing system installed on the ceiling, below the raised flooring and above dropped ceilings in computer rooms and tape/disk libraries?
  • Are documents containing sensitive information not discarded in whole, readable form? Are they shredded, burned or otherwise mutilated?
  • Are DVD and CDs containing sensitive information not discarded in whole, readable form? Are they “shredded” or mutilated with no restoration possible? (This also should be asked of hard drives and other data storage technology prior to disposal).
  • Are data center and server center activity monitored and recorded on closed-circuit TV and displayed on a bank of real-time monitors?
  • Does access to a controlled area prevent “Tail-gating” by unauthorized people who attempt to follow authorized personnel into the area?

Common Security Vulnerabilities

The more involved type of security study, often called a threat vulnerability risk assessment (RVRA), will typically describe the common security vulnerabilities uncovered and ways to mitigate them, and offer a prioritization so that the organization can fiscally manage its security improvements. A Security Study can discover potential vulnerabilities such as a flood risk to a building, weak infrastructure, location of a building along an airport’s flight path, or that the building may be near a railroad line that carries industrial chemicals.

 

Being aware of the common security vulnerabilities your facility faces, is important, and a quality consultant can help you identify them if needed. You can contact me to schedule an initial consultation if a service like this interests you.

What are common workplace security breaches?

Security can be compromised through physical as well as digital types of security breaches. The physical Common Security Vulnerabilitiessecurity breaches can deepen the impact of any other types of security breaches in the workplace. So, let’s expand upon the major physical security breaches in the workplace.

  • Casual Attitude  
      • The casual attitude of employees or management toward security awareness can lead to the disastrous results. There should be strict rules to follow the procedures without any exceptions.
  • Unattended Assets & Areas
      • Any valuable data or equipment at the workplace should not be left unattended at all. Meanwhile, leaving a critical workplace area unattended or unlocked is another critical component that can add huge risk to the physical security breaches in your workplace.
  • Exceptions in Physical Access Rules
      • The physical security is the first circle of a powerful security mechanism at your workplace. So, always keep it strict and follow the physical security procedures in real sense. Always avoid any kind of exceptions in allowing access to the internal or external peoples to the restricted areas.
  • Rogue Employees
      • It has been observed in the many security breaches that the disgruntled employees of the company played the main role in major security breaches in the workplace. The example of Sony’s data breach is one such kind of workplace security breach.
  • Eavesdropping over Sensitive Information
      • Eavesdropping has been a fundamental breach in the data security as well as in the physical security. The overhearing of the lock codes, pins, and security passwords is a big breach, which can lead to the disastrous outcomes. So, always take care to avoid any kind of eavesdropping in your surroundings.
Check Out: Layered Security

How do you go about preventing these security breaches?

To prevent any security breach at the workplace, take the following steps:

  • Review and restrict physical access as per security policy
  • Review and change the access passwords and keys
  • Review and monitor the egress and ingress points
  • Aware the concerned people to handle any uneven situation
  • Identify and secure critical information
  • Check and renew the network security and firewall settings
  • Change security keys after every employee leaves the company
  • Change the guards (human), if any

Tips to Identify Internal Theft

Retail theft Chart
Retail Loss Chart

Whether it’s downloading and sharing company confidential information (a hot topic these days), manipulating expense reports, or stealing merchandise- employee theft and fraud is a serious issue for business owners. In fact, studies show that occupational fraud now results in the loss of five percent of an organization’s annual revenue.

Here are some tips for preventing and managing employee theft or occupational fraud.

  1. Use Pre-Employment Background Checks Wisely

One of the first steps to preventing fraudulent employee behavior is to make the right hiring decision. Basic pre-employment background checks are a good business practice for any employer, especially for those employees who will be handling cash, high-value merchandise, or have access to sensitive customer or financial data.

This Guide to Pre-Employment Background Checks outlines the types of information that you can consult as part of a pre-employment check, and the laws that govern their use. I’s worth noting, that the law varies from state to state on whether a private employer can consider an applicant’s criminal history in making hiring decisions. Check with your local EEOC office for the laws in your area before going down this path.

  1. Check Candidate References

I’m always surprised how very few employers reach out to check candidate references’ often assuming that a reference will never be anything but glowing. However, it’s good practice to check references’ particularly those of former employers or supervisors. If your candidate has a history of fraudulent behavior’ then you’ll want to know about it, before you hand them a job offer.

  1. Proactively Communicate Conduct Guidelines

Every business needs an employee code of ethics and conduct – while it won’t prevent criminal or fraudulent behavior, the standards it outlines will set a clear benchmark for employee behavior and guidelines on how to do business based on a series of principles that promote ethical and lawful conduct.

Once developed, the code of conduct should be documented and agreed to by all new employees (and existing employees if you haven’t put a code in place yet). You can find many templates for basic codes of conduct on the Internet, but as a rule of thumb you should include policies that cover the protection of company data, the avoidance of conflict of interests, and of course, obeying the law.

Use employee orientation as an opportunity to go over the code of conduct and explain any areas that are unclear.

Then, revisit the code each year and be sure to add any new considerations that may have materialized – for example, if you do business with certain suppliers, contractors, or government agencies who require you and your employers to agree to new codes of conduct as part of your business relationship.

  1. Don’t be Afraid to Audit

Auditing always has a big brother feel, and in a small business environment this is especially true. However, conducting regular audits can help you detect theft and fraud. Audits can also be a significant deterrent to fraud or criminal activity because many perpetrators of workplace fraud seize opportunity where weak internal controls exist.

As a rule of thumb, identify high risk areas for your business and audit for violations on a 6-12 month basis – these could include business expense reports, cash and sales reconciliation, vacation and sick day reports, violations of email/social media or Web-use policies, and so on.

 

  1. Recognize the Signs

Studies show that perpetrators of workplace crime or fraud do so because they are either under pressure, feel under-appreciated, or perceive that management behavior is unethical or unfair, and rationalize their behavior based on the fact that they feel they are owed something or deserve it.

With this in mind, some of the potential red flags to look out for include:

  • Not taking vacations – many violations are discovered while the perpetrator is on vacation
  • Being overly-protective or exclusive about their workspace
  • Prefers to be unsupervised by working after hours or taking work home
  • Financial records sometimes disappearing
  • Unexplained debt
  • Unexpected change in behavior
Have you read: 5 Common ways employees steal
  1. Set the Right Management Tone

One of the best techniques for preventing and combating employee theft or fraud is to create and communicate a business climate that shows that you take it seriously . Here are some simple steps you can take to keep your finger on the pulse:

  • Reconcile statements on regular basis for fraudulent activity
  • Hold regular one-on-one review meetings with employees
  • Offer to assist employees who are experiencing stress or difficult times
  • Encourage open-door policies giving employees the opportunity to speak freely and share their concerns about potential violations
  • Create strong internal controls
  • Require employees to take vacations
  • Treat unusual transactions with suspicion
  • Trust your instincts

How have you encountered workplace theft or fraud? How did you deal with it or what preventative measures do you use? Leave a comment below.

S.M.A.R.T. Goals Guide

smart goals 2

SMART goal setting brings structure and trackability into your goals and objectives. Instead of vague resolutions, SMART goal setting creates verifiable trajectories towards a certain objective, with clear milestones and an estimation of the goal’s attainability. Every goal or objective, from intermediary step to overarching objective, can be made S.M.A.R.T. and as such, brought closer to reality.

In corporate life, SMART goal setting is one of the most effective and yet least used tools for achieving goals. Once you’ve charted to outlines of your project, it’s time to set specific intermediary goals. With the SMART checklist, you can evaluate your objectives. SMART goal setting also creates transparency throughout the company. It clarifies the way goals came into existence, and the criteria their realization will conform to.

Understanding SMART Goals

Specific goal

Specific goals are able to be accomplished easier than a general goal.

A good way to set a specific goals is to answer the six “W”s: Who, What, Where, Which, When, Why.

  • Who: Who is involved in completion of the goal?
  • What: What is it I want to accomplish?
  • Where: Where am I accomplishing this goal?
  • Which: Identify the requirements and potential constraints
  • When: When is it going to be accomplished?
  • Why: Why am I setting this goal?

 

measurable goal

A measurable goal is a specific concrete criterion towards attaining your goal. Measuring progress is a good way to track progress towards completion, and experience the sense of accomplishment as you hit each goal mark.

An easy way to make a goal measurable is to ask yourself questions like:

  • how many;
  • how much;
  • how will I know when it is accomplished?

 

achieveable goal

An achievable goal  are realistic and also attainable. While an achievable goal may stretch your understandings in order to achieve it, the goal is not extreme. That is, the goals are neither out of reach nor below standard performance, since these may be considered meaningless. You develop the attitudes, abilities, skills and financial capacity to reach them. The theory states that an achievable goal may cause goal-setters to identify previously overlooked opportunities to bring themselves closer to the achievement of their goals.

An achievable goal will usually answer the question How?

  • How can the goal be accomplished?
  • How realistic is the goal based on other constraints?

 

relevant goals

Relevant goals stress the importance of choosing goals that matter and are impactful. A clothing store manager’s goal to “To cook 20 pieces of chicken by 2pm” may be specific, measurable, attainable and time-bound but lacks relevance. Many times you will need support to accomplish a goal: resources, a leading voice, someone to knock down obstacles. Goals that are relevant to your boss, your team, your organization, yourself, will receive that needed support.

A goal that supports or is in alignment with other goals would be considered a relevant goal.

A relevant goal can answer yes to these questions:

  • Does this seem worthwhile?
  • Is this the right time?
  • Does this match our other efforts/needs?
  • Are you the right person?

 

time based goals

A Time-Based goal stresses the importance of grounding goals within a time-frame, giving them a target date. A commitment to a deadline helps people focus their efforts on completion of the goal on or before the due date. This part of the SMART goal criteria is intended to prevent goals from being overtaken by the day-to-day crises that invariably arise in an organization. A time-based goal is intended to establish a sense of urgency.

A time-based goal will usually answer the question

  • When?
  • What can I do six months from now?
  • What can I do six weeks from now?
  • What can I do today?
Check Out: The 7 Secrets of Effective Leaders

So, now you understand SMART Goals, at least a little better.  It is optimal to start setting SMART goals for yourself both within your job and for professional development.

When doing that, there are a few considerations while building the goals for optimal performance.

Align your SMART goals to organizational objectives

Before you set your goals, you should review your company’s and department’s objectives and justify what you can do to contribute to them. Your efforts will only pay of if you know why you are setting the SMART goals and you align them to the wider goals of the company you work for.

This is obviously good for a departmental SMART goal, but is also powerful for a professional development goal. Say your company is lagging in a specific area, that you recognize, and you can develop the skills or knowledge to address it. This is a goal alignment that allows for you to position yourself better professionally, while also helping your department/company.

Ask yourself;

  • Is the goal specific?
  • What am I going to measure whether or not it is achieved?
  • Is this goal truly achievable?
  • Is this goal relevant to the organizational strategy and your job?
  • Did you set a clear deadline for your goal?

Be clear on what success looks like

Do you want your organization to be setting Smart Goals that are very safe and achievable, or do you expect them to be reaching with Stretch Goals? By establishing a clear expectation of what Success looks like within the organization, leaders can actively encourage people to reach for ambitious goals. For example, a clear message that ‘We expect you to achieve 70% of your goals and that is what success looks like. Achieving 100% of your goals is failure and means you set the bar too low.’ is a very strong message.

Continually review and adjust each goal

Things change. Therefore, it is important you regularly revisit your goals and adjust them as you go.

 

Here are the reasons why you should use  SMART goal setting for your personal development:

o Lead you to the right direction
Many people fail to achieve their aspirations in life because they lack the guide. They don’t have something to remind them or lead them to the right path. Once you use SMART goals, you will have a guardian with you that will guide you every single step of the way. Make sure you have simple, measurable, attainable, realistic, and timely goals so that you will get exactly what you want in this life.

o Help you stay motivated
It is only normal for one to encounter problems along the way to success. Challenges and problems are parts of our lives as humans and they will not go away. However, there is something you can do about them. SMART goal setting will help you face these obstacles head on. Once you fix your eyes on your goals, you will never go astray. You will know exactly what you want to achieve and have the drive to reach them. You will stay motivated despite the troubles that will come your way.

Check Out: Budgeting for Training

SMART Goal Setting Tips

In order to get you on the right track for setting SMART goals, consider implementing some of the following tips to make your journey towards success much easier:

1. Being specific with your goal setting is seen through the strong statements you make about your objectives. An example of setting a challenging, yet motivating goal is to exclaim, “I will move to California by the end of the year to pursue acting,” instead of “I want to be in a movie.”

2. Phrasing your SMART goals in the present tense helps pull you closer towards achieving success. Get out of the habit of saying “I want to” and start saying, “I will.” This will help you approach your objectives in a manner that is more susceptible to accomplishment.

3. Writing down your SMART goals is a great way to clarify your objectives and create a better visualization of the outcome. Some individuals will jot down each goal on a separate index card, which they then review on a daily basis. This serves as a motivating reminder.

4. When you list the benefits you expect to receive out of achieving a SMART goal, this helps to keep you steadfast in your intentions; increases focus; and makes obstacles much easier to overcome. For instance, a person listing the benefits for losing weight may review the positive aspects when they feel a weakness to binge on sweets. The more advantages you are able to come up with – the more motivating the goals will become.

Out of Office Series: Calendar App: Business Calendar

business calendar

As part of my Out of Office Series, I am searching for a great calendar app, one that can replace my trusty Dayplanner (yes, one of those). I often find myself out of the office, getting  calls and needing to coordinate schedules, or setting up a task for a later date, or about 1,000 other things. A good calendar is the base for a proper time management plan, and a great calendar makes it easier to follow the plan.
As a break in this series, I won’t be reviewing multiple apps, instead just highlighting the one I have already found.

Business Calendar meets all of my needs, is easy to use, and has some really nice features; let’s check it out.

Some of the features of business calendar are as follows:

  • Log-in: This app connects with your Google account, syncing to your Google Calendar. This is great, as you can then access your calendar from phone, tablet, or computer. You can connect multiple Gmail accounts to this app, allowing for different events to be set to different accounts. So your personal events can be run through your personal Gmail account, and your business run through your business Gmail: then just a quick toggle view allows you to see all your calendar events or just specific ones linked to an account. You can also make a local calendar in place of setting a separate account, or in addition to. This level of customization allows for strong organization and time management.
  • Homepage widget: This app offers a highly customized homepage widget, you can set it to Month, Week, Day, Agenda or Tasks only view. You can then set the color theme, the colors of the background/labels/titles/times/buttons, adjust font sizes, the transparency and even the visibility of different functions. This allows for you to have a widget that looks great on your homepage.
  • Events: Events are easily added from the homepage widget. You can color code from 11 different colors, to group events together visibly. Events can be location set, so if you have to travel it will allow for distance/time accounting. Reminders, repeating events, location tagging, attendees, and event description are all easily filled in. If you find yourself often making similar events, you can make preloaded templates, that will autofill much of this information for you.
  • Location tagging: This feature of an event needed it’s own section. If you set a location to an event, Business Calendar will use your current location to alert you when it is time to leave for an event.
  • Tasks: This app syncs with Business tasks, and posts the tasks to your calendar. You can add tasks from the calendar, you can complete them off the calendar.

 

I do have a few wishes for what Business Calendar could do, but none of these are shortcomings, just things I wish a calendar app offered:

  • Picture uploading: I would like the ability to upload a picture to an event.
  • Document tagging: The ability to tag a document to an event, like the PowerPoint to the event reminder.
  • Direct dial: The ability to add a phone number to an event and just clicking it would connect the call.
  • Email events: When you create events and add the email addresses of attendees, it will auto-email the event details to them as well.

This app is in no way shorted by not having these extra features, in fact I would have been shocked to find them all.

Business Calendar Homepage

Business Calendar: Google Play

Business Calendar Pro: Google Play

Business Calendar 2: Google Play

*UPDATE* Business Calendar has released an update called Business Calendar 2: there are extra features, updated functions, and additional features. Please check out their website for a detailed list of the new features.

business calendar 2 business calendar 3b2 4 business calendar 4 business calendar 5

Productivity: Apps I use

So, I have talked about some of the apps I use, now it seems like time to talk about how I use them and how they help my productivity and time management.

At first glance it may seem like I am using redundant apps, but each has different strengths and weaknesses, so I use them each differently. This works to speed up my productivity and better manage my time management, it may not work for you, if not then just grab the best app to help you.

 

onenotegoogle keepskitchevernote

OneNote: I use this as my notebook, I plan and prep my meetings, store my meeting notes, record my meetings, share my projects with coworkers, and am slowly going paperless with quick notes.

Google Keep: I use this to store my photos. If I am doing an audit and find something wrong or a great example, I photograph it and run it through Skitch to make notes, highlight area, post arrows, whatever is needed later for my post-audit presentation.

Evernote: I use this as my catchall. I kick an email over here if I need to save it for later review, I screen grab articles for later or to research for presentations, and for just about anything else I need to make sure I remember.

Using each as a different function, allows me to keep them clean and organized.

 

business calendarB2business tasks

Business Calendar(Business Calendar 2 now): I use Business Calendar 2 pro, since it links up to Google account and calendar. It keeps all my meetings, presentations, and tasks in one easy convenient place. The level of customization makes my calendar easily viewed, and the homescreen widget allows me to easily see my upcoming commitments.

Business Tasks: I love this app, it is easy to use, it allows for quick task adding, it has great subtask organization, and is all around just a powerhouse task list manager. This app syncs to my Google account and tasks as just an extra benefit. The fact that it posts on my calendar allows for me to see my tasks and complete them quickly.

Having my calendar sync with my task list makes for a quick simple view. With a highly customizable calendar, you can not just keep your work commitments organized, but also easily track your personal commitments, like Dr visits or important family functions. Life is easier and more productive with some organization. This quick access allows for great time management, and an organized calendar is the base of a proper plan.

 

mailboxboxer

Mailbox: I use Mailbox for my Gmail account, it allows me to easily swipe my way down to mailbox zero. I can snooze emails until later, then they repost into my inbox when I can spend the appropriate amount of time on it. I can easily swipe them over into the appropriate list.

Boxer: I use Boxer for my exchange email account. Boxer is nice because I can kick emails over to Evernote, put them as part of a task list to be read later, or even send a quick “thanks, I got the email” reply as easy as a simple swipe.

Either app would handle both my accounts, but I prefer different apps for different accounts, so I can easily keep track of my emails and deal with them appropriately.

 

dropboxgoogle drive  onedriveamazon cloud

Dropbox: I use Dropbox as my cloud office. I print from Dropbox to my home printer, I share files with co-workers, I use it to launch my computer for remote access

Google Drive: I use Google Drive as my need it now storage. If I need a document for a presentation or for a meeting, I drop it into Google Drive, so I can access it easily from my tablet, phone or computer. I make folders and subfolders to organize my week in advance, and easily add/remove files as things change.

Onedrive: I use Onedrive to store all my Microsoft documents, for access from any computer, phone, tablet or to email out.

Amazon Cloud Drive: I have Amazon Prime, so I use Amazon Cloud Drive to backup my photos. I can upload photos I take, photos others send me, or photos I have run through Skitch for cloud backup. I can access them from anywhere, I can pull them to my phone, tablet or computer as needed.

By keeping my cloud storage organized separately I never have to fumble during a presentation or meeting for the right file, I never have to search hundreds of folders for various files, I know where each file is stored and can quickly access it.

 

Google Sheets Google slidesGoogle Docs

Google Sheets: I use this to process my Excel spreadsheets on my phone and tablet. It seamlessly pulls them from Google Drive as needed.

Google Slides: This program is great for working on PowerPoint presentations from my phone and tablet. It seamlessly syncs to Google Drive for document retrieval as needed.

Google Docs: I work on my phone and tablet with Word documents using this app, with it pulling my documents from Google Drive as needed.

The apps also work directly out of Google Drive if you are working from your computer. The syncing is seamless, it works great across platforms and devices, making these an invaluable tool in your arsenal.

 

Chrome desktop remote

Chrome Remote Desktop: I only have this loaded onto my tablet and computer. I don’t often need a remote desktop viewer, but when I do need it it is handy to have access easily. I most often use this when I am giving a PowerPoint presentation so I can roam the room freely while still looking at the notes for each slide and control the pace of the presentation.

 

These are the apps I use on my phone, tablet and/or computer to aid my productivity and time management. I have provided links to all of them if you would like to check them out.