Honest employees, who don’t want to work alongside thieves, substance abusers and other unsavory types, will oftentimes not come forward because they’re fearful about getting dragged into a potentially uncomfortable or even dangerous situation.

This fear factor is not completely unfounded. In fact, there is an actual term for it: “whistleblower syndrome”. There have been hundreds of cases of employees receiving threats, having their property damaged and even being assaulted after informing management about a dishonest coworker.

However, companies cannot afford to be naive and unaware about illegal and unethical activity taking place. White and blue collar employees who commit fraud, embezzlement or inventory theft, as well as harassment or discrimination can easily cost their companies six and even seven figures.

Workplace substance abuse can be equally costly. One distributor was sued for over two million dollars after a worker who tested positive for cocaine caused a serious injury to a coworker with a forklift. Prior to trial, statements were taken from an array of employees who testified that drugs were widely used and sold inside the distribution center. Fearful of the consequences, the distributor agreed to a significant settlement with the injured worker rather than go to court.

Confronted with these realities, it’s imperative that management open up a line of communication with their workforce. To be effective however, this communication line must make the employees feel safe and secure. Otherwise, it will not be nearly as effective as it needs to be.

Following these 4 guidelines will dramatically increase the success of your hotline program:

• Offer Callers Total Anonymity, Not Just Confidentiality. The difference is that offering confidentiality means callers have to trust that you won’t reveal their identity. However, if you provide anonymity, i.e., you never require callers to provide their names, you’re giving them the security that they want and therefore increasing the odds of getting them to tell you what they know.
• Outsource. It’s a proven fact that employees feel far more comfortable speaking with someone who won’t recognize their voice, speech pattern or accent. Additionally, callers prefer to speak with experienced professionals who routinely deal with these types of security related problems.
• Promote It Positively and Consistently. You can avoid the “Big Brother” syndrome if you carefully word your posters and handout materials so they emphasize the benefits (which are many) of working in a theft-free, drug-free environment.
• Talk About the Program As Often As Possible. During new employee orientations and communication meetings take some time to explain how the program operates. The more employees understand how the program works, the more likely they’ll be to use it when they become aware of illegal or unethical activity.

In one confidential survey, nearly 25% of the companies responding revealed that they had been victimized by some type of fraud within the last 12 months. Thefts of intellectual property are on the rise as well. An estimate from one study puts that loss alone at more than $60 billion.

The old axiom that crime doesn’t pay has been repeatedly proven wrong. The truth of the matter is that crime does pay, and it pays quite well. To add insult to injury, the culprits oftentimes don’t pay any taxes like legitimate wage earners.

Theft of proprietary information, embezzlement, the misappropriation of company funds and vendor kickbacks are only some of the ways that white-collar criminals strike today.

It’s always difficult for top management to accept the idea that a high level colleague could be bilking their company. While it’s understandably difficult to face this reality, executives who go through denial oftentimes pay a high price for not at least considering the possibility that there could be a problem and looking into it.

Many CEO’s assume that their firms are protected from fraud because their financial professionals will uncover any type of impropriety. This however, is typically not the case. Accountants and auditors can only examine so much quantitative data. Additionally, financial experts are usually kept busy making sure that tax obligations are met, reports are prepared on time and bottom line numbers are balanced. If the white-collar criminal camouflages the fraud so it appears to be standard operating procedure, the chances of being caught are not very good.

This is best illustrated by one individual who had defrauded his company out of several hundred thousand dollars via a simple, yet effective scheme.

In his position, he had responsibility for approving invoices from an array of vendors for various goods and services. Once an invoice left his desk with his initials, it was processed for payment. His first step in the fraud was to set up a “shell,” i.e., a nonfunctioning company whose sole purpose was to be used for the scam. Next, he rented a mailing address in another city and established a local telephone number that forwarded calls to an answering machine at his home. The next step was to print up legitimate looking company invoices and envelopes.

He began forwarding invoices to his company for nonexistent financial and insurance consulting services. Initially, he treaded lightly, keeping the invoices relatively modest. However, after seeing that no one questioned the bills, he began increasing the amounts and sending them with greater frequency. Within 3 months, he was defrauding his firm out of more than $5,000 a week. This went on for more than two years before anyone even remotely suspected a problem.

Unfortunately, the opportunity to score big creates a great deal of temptation. These crimes occur more frequently than most realize. However, make no mistake. Companies are being victimized with alarming frequency and experts expect the problem to get worse.

Don’t Be Too Hasty to Make Accusations

Never confront a suspect unless you have strong evidence that they’ve committed the crime. Although the first inclination on the part of some CEO’s and CFO’s is to speak one on one with the co-worker, this is definitely not a good idea.

One senior vice president admitted that one of the biggest mistakes he ever made was to think that he’d elicit a remorseful confession from a purchasing executive by giving him the opportunity to cleanse his soul. After explaining why he suspected that the executive was guilty of accepting kickbacks, the senior vice president was shocked when the co-worker vehemently denied any wrongdoing. While the senior vice president had strong circumstantial evidence, he had not conducted a proper investigation and his facts were not complete or conclusive. The purchasing manager’s aggressive response forced the senior vice president to back pedal.

The company was subsequently unable to take decisive action because the senior vice president had decided to short cut the investigative process and prematurely confront the suspect. To make matters worse, the purchasing executive was then able to destroy evidence of his wrongdoing once he learned he was under suspicion.

When there are indications of fraud, conduct a thorough investigation. The objective is to develop enough factual evidence so that an unbiased determination can be made as to whether there was unethical and/or illegal conduct. Always keep in mind that the burden of proof is on the company to show guilt, not on an employee to prove their innocence.

Cybercrime can literally be launched from any place on the globe. Unauthorized entries into corporate servers and networks can result in fraud, the theft of proprietary information, the misappropriation of company funds, as well as highly destructive and costly sabotage.

There are generally three categories of those who illicitly seek to penetrate corporate computer systems.

One group, which has grown significantly, is motivated by political or philosophical beliefs. They have vendettas against certain corporations or industries. You’ve seen groups such as these staging protests at national and international economic summits. Taking their beliefs to an extreme justifies their efforts to sabotage networks and data communications.

Another group of hackers, sometimes referred to as “script kiddies”,  are predominantly driven by mischief. Hacking into servers and websites, and then defacing them, is in essence cyber-vandalism. To many, it has become a game of matching wits – theirs against corporate or government IT experts who are entrusted with protecting networks.

A third category of attackers is driven by greed, and in certain respects can be the most dangerous form of hacker. In many cases, they are highly sophisticated, well financed and have successfully stolen classified data from government, organizational and corporate websites and networks. In fact, there are international crime organizations specializing in cybercrime as well as solo “cyber guns-for-hire” who will attempt to penetrate a corporation’s network for the right price.

With the downturn in the economy, company employees have become another area of risk. One investigation involved a company executive who became vindictive as he witnessed the value of his stock options plummet. As a personal vendetta directed at senior management, he accessed highly confidential files, including customer lists and marketing plans, and sent them to a competitor.

Experts fear that for every cyber related fraud, theft and embezzlement that is uncovered, there could be as many as 80-100 crimes that go completely undetected.

Cyber Crime Risk Assessment

Here’s a basic diagnostic self-evaluation that can help you evaluate just how vulnerable your server, network, proprietary data and internal communications may be:

• Do you, at least once per month, verify that your data is actually being backed up the way you think it is?
• Are passwords used by your employees a minimum number of characters and numbers (or are they relatively easy to crack because they consist of nicknames, birthdays, etc.)?
• Are employees automatically required to change their passwords at least three times per year?
• Does your company regularly update your operating system and software packages with the most up-to-date patches?
• In the last 12 months, have you had experts perform a penetration test where they attempt to deliberately circumvent your firewalls and hack into your servers?
• Is all company e-mail encrypted?
• Does your company utilize effective intrusion detection products that will help detect, identify and stop unauthorized access?
• Have you analyzed your network architecture to identify vulnerable points of entry for viruses?
• Is your server in a highly secured room, protected by controlled access electronics, alarms (intrusion and temperature) and video equipment? If so, are the security clearances periodically reviewed to determine whether modifications are needed?
• Do you have the ability to uncover employees sending damaging information from your company’s e-mail systems?
• Does your company’s disaster recovery plan incorporate storing backed up data at an off-site location and making contingency plans for employees to work elsewhere if they can’t get to company offices?
• Are employees given orientation and training regarding protecting company networks and following established security policies?
• Are comprehensive background investigations performed on candidates and employees who will have access to classified data?
• Are there follow-up background investigations conducted when employees are transferred or promoted into high security positions?
• Is there a confidential 800 number available and effectively promoted for employees to anonymously call if they suspect or know of illegal or unauthorized activity by a co-worker, vendor or contractor?

If you haven’t answered yes to at least ten of these questions, your company may well be an easy victim, and it’s probably time to take  action.

 Most wholesalers, consolidators, freight forwarders and distributors that find themselves victimized by internal theft share a common denominator: They have usually committed one or more of what I refer to as The 7 Deadly Sins of Logistics Security.

 Is your company guilty of making any of these costly mistakes?

 1.  Are you relying on safeguards that simply don’t work?

 Ask most executives how they protect their inventory and they’ll answer “alarms, guards and closed circuit television.” If these security solutions are effective, then why is it that so many companies that sustain loss have these controls in place?

 Alarms are designed to protect against break and entry, not theft committed by insiders – which is how inventory loss usually occurs. Most uniformed guards are not adequately trained to recognize internal theft and collusion. Closed circuit television will only be effective if it has been strategically designed and consistently monitored, which is typically not the case.

 2.  Do you make it easy for dock personnel to work in collusion with truckers?

 Because they don’t know how to prevent internal theft, many companies inadvertently make it too easy for drivers to work in unison with shippers, receivers, checkers and loaders. These theft schemes are silent, with no bells or whistles going off to alert anyone that they are taking place, which is why they oftentimes add up to a small fortune.

 3.  Is your company too reactive?

 A large percentage of companies that incur shrinkage do little to prevent it from happening in the first place. By the time they decide to take action, they’ve already incurred a substantial loss and the missing inventory is never recovered.

 It’s been repeatedly proven that preventing loss is far less expensive then reacting to it.

 4.  Do you have an efficient way for concerned employees to report security problems?

 A confidential hotline can be an invaluable tool to learn about individual theft, collusion, fraud, workplace substance abuse, arson, product tampering, harassment or discrimination. Yet, many companies still rely on methods of communication that don’t work for security sensitive issues like these, such as open door policies or in-house tiplines. As a result, employees who become aware of unethical or illegal activity tend to remain silent.

In order for a tipline program to be successful it should be outsourced so workers can speak to people who won’t recognize their voices. Employees are more likely to confide in someone outside their company, rather than using an in-house system for tips.

 Equally important, callers should never have to provide their name. The best response comes when you offer complete anonymity. The way we accomplish this with the Danbee Hotline for example, is to provide every caller with a code number, which is one reason why we’ve received information that has exposed millions of dollars of losses.

 5.  Are you  checking your checkers?

 Too many companies have made the mistake of not keeping their checkers accountable. Because of this lack of oversight, a percentage of checkers become negligent or dishonest over time, and that’s when companies can rack up substantial losses.

 One effective way to control the accuracy and integrity of your checkers is by having loss prevention audits regularly performed. These can be done numerous ways.

 One method would be to have a security representative arrive (without any advance notification) during the time your trucks are being loaded, select one (or several) and reconcile the product found on the trucks to the shipping manifests.

 Another technique would be having surprise audits performed on your trucks as drivers begin their route deliveries. We refer to these as non-covert surveillances. By having an investigator meet a driver at their first stop and performing a verification of each piece delivered throughout the course of the day, you will uncover product that has been over-loaded.

 Both of these security techniques are excellent ways to not only detect collusion or gross negligence, but they will also prevent it from taking place. 

 6.  Does your company effectively weed out on-the-job substance abusers and distributors?

 Nearly 90% of all employee drug users either deal or steal to support their addiction. As many distribution executives have learned, if you have a drug problem inside your company, you can expect to have a theft problem as well.

 Two of the best ways to identify drug users and distributors on your payroll is through the use of a tipline program or by inserting an undercover investigator into your operation.

7.  Do you provide meaningful training for your key personnel?

 All too often, losses occur because managers and supervisors are not educated on how to recognize the subtle, ingenious ways that theft takes place in a distribution center. Keep in mind that much of this theft and collusion looks exactly like standard operating procedure. The reality is that if your key people don’t know what they’re looking for, they probably won’t see it.

In order for companies to effectively safeguard their assets, it’s beneficial to understand the critical mistakes made by corporations that have been victimized. After 30 years of performing white collar crime investigations, we’ve become all too familiar with the most common pitfalls that typically accompany fraud. 

 1.    A Lack of Awareness

Most executives prefer to believe that their management team would never embezzle funds, take kickbacks or sell highly confidential or proprietary information to competitors.  Understandably, it’s disconcerting to even consider the possibility that one of their trusted executives would be willing to commit a crime. 

However, as we’ve all learned, white collar crime does occur, and can have devastating financial and legal consequences.  Additionally, it’s commonplace to find that the perpetrators are long-term, highly trusted individuals.

  2.   An Over-Reliance on Accountants to Uncover Fraud

Many CEO’s feel that their companies are protected from fraud because they wrongfully assume that their accountants will detect most forms of white collar crime.  Unfortunately, this is a dangerous assumption to make and one that has proven extremely costly for many companies.

Accountants are typically concerned about making sure that tax obligations are met, financial reports are prepared on time, and bottom line numbers are balanced.  If the corporate criminal is devious and subtle in their endeavors, the odds of an accountant uncovering the theft are quite remote.

In one investigation, we found that the CFO had been fraudulently billing his employer over $180,000 a year.  He incorporated a “dummy” company, printed invoices, rented a mailing address, then forwarded and approved the bills when they arrived each month.  This went on for eight years before anyone suspected a problem, and it was not detected by accounting personnel.

Had the CFO done something blatant, like diverting company funds to his personal account or writing checks to his own name, I’m sure the accountants would have noticed it.  However, when fraud is committed within the system, it tends to look exactly like standard operating practices and won’t typically be red flagged.

  3.   Inadequate Policies and Procedures

Most companies that incur fraud-related loss don’t do enough to deter it from happening in the first place.  It’s important to remember that a good percentage of employees become dishonest after being exposed to the loopholes and opportunities that exist in their respective companies.  This blatant opportunity, combined with the temptation of pocketing a good deal of [tax free] money, oftentimes causes marginally honest employees to become company thieves.

From the standpoint of preventing employees from going bad, as well as having legal remedies available after a crime is uncovered, it’s prudent to adopt formal company policies and procedures regarding:

 •           Employee integrity and ethics.

 •           Soliciting or receiving gifts, gratuities or incentives.

 •           The proper safeguarding of  proprietary information.

 •           Working for a competitor while employed

 4.    Failing to Perform Comprehensive Background Investigations

One investigation that illustrates the importance of conducting comprehensive background investigations involved a purchasing executive who was shaking down vendors and receiving upwards of $300,000 a year in cash and gifts.  We caught him by setting up a sting operation, where one of our investigators posed as a vendor and documented the purchasing executive asking for an 8% kickback on each order he placed. 

When we confronted him with our evidence, the executive confessed.  During the interrogation, the purchasing agent admitted to falsifying his résumé and omitting several facts, including a previous employer that had terminated him for taking kickbacks.  The executive also admitted that he owed over $40,000 in credit card debt and had declared personal bankruptcy just two years before accepting his current position.

All factors considered, this was certainly not the type of individual you’d want in a responsible position.  However, none of these facts ever came to light prior to him being caught because the company neglected to conduct a comprehensive background investigation.  If they did, they would have uncovered some, if not all, of these relevant facts and certainly would not have hired him. 

Playing fast and loose with the information contained on résumés is not unusual.  We find that between 12% – 15% of the white collar candidates we perform background investigations on have deliberately falsified or deleted critical information from their resumes. 

 5.    Lack of an Effective Way for Employees to Report Illegal Activity

When it comes to uncovering internal theft, this is perhaps one of the most effective, yet overlooked solutions available to corporations today.

Have you ever wondered why law enforcement agencies almost always set up a confidential 800 number after a serious crime has been committed? Because a high percentage of cases are successfully concluded after confidential tips are phoned in by informed sources.

The same holds true for the private sector.  Our 800 Hotline number for example, has received calls regarding dozens of cases of white collar crime, that otherwise would not have been detected for months or even years.  In fact, some of our clients, after being notified about a fraud, instinctively reacted with shock and disbelief.  Only after checking out the information did they come to the painful realization that the caller’s tips were right on the money.

The reason an employee tipline is so effective is because it’s almost impossible to keep illegal activity a secret from co-workers.  There are always others who know, or at least have good reason to suspect, that another employee is committing a fraud.  The problem arises when the employees who possess this information fail to come forward because of an inherent fear of being exposed and having the culprits seek revenge.

That’s why a successful tipline program will offer callers anonymity, therefore guaranteeing them that their identities will never be revealed.  Additionally, callers should be able to speak with experienced security professionals, not switchboard operators, who will know how to fully debrief them, i.e., asking all the right questions, as well as developing a rapport, so callers feel comfortable providing the information. 

One caveat however:  no one should ever be punished or rewarded based solely on a call.  The information should be corroborated before any action is taken, so no one could use the tipline as a means to perform a character assassination on a co-worker they dislike.

During a recent trip to mainland China, I inspected the security at a large manufacturing complex on behalf of a client. Prior to my arrival, I had been advised by one of their U.S. based Vice Presidents that he was confident I would not find anything lacking because they had just undergone “an official” supply chain security audit by a local compliance company who gave them an outstanding evaluation.

After conducting my assessment of this facility, I advised their on site management team that their security policies, procedures and technology were not even close to being C-TPAT compliant. I explained for example, that their personnel were not conducting proper container inspections prior to loading exports destined for the States, and that their finished goods department (which consisted of a building without doors), had product staged for hours at a time with no monitoring of any kind. They also were not bothering to place security seals on their loaded export containers until they reached the Hong Kong border (a two hour trip from their site). Consequently, their U.S. bound shipments, as well as the containers they used, had no real chain of custody.

They asked me to read the report they had received from this compliance company and give them my thoughts. I pointed out an array of observations and conclusions in the report that were factually inaccurate. They agreed that the report had limited value and admitted that the people who conducted the audit didn’t appear to know much about supply chain security. The weaknesses I had uncovered they said, were not examined or discussed during that audit. Yet, they were advised that they were successfully meeting C-TPAT criteria and awarded with an excellent numerical rating.

Is this an uncommon occurrence? Unfortunately, it’s not. After the C-TPAT program came into existence, it didn’t take long for a number of companies with little or no core competency in asset protection to magically transform themselves into supply chain security experts overnight. Despite the fact that they possessed scant knowledge of security technology and many had never conducted investigations into inventory theft, cargo crime, sabotage, fraud, smuggling or workplace substance abuse, these “experts” began aggressively advertising to overseas companies, promising them C-TPAT complaint security programs. 

Some have even taken it a step further. During an audit at a Hong Kong consolidator, the general manager took me into his private office and proudly displayed their C-TPAT membership certificate hanging on the wall. When I asked if his company had any presence in the United States he replied no. Upon closer examination of his certificate, it was apparent that the certificate had not been produced by U.S. Customs and Border Protection.

I then proceeded to review their physical and procedural security safeguards and found them deficient in a number of areas. I explained that his loss prevention program required a good deal of improvement, and began discussing needed remedial action. He replied that if his security was inadequate, why was it that he was granted C-TPAT certification? At that point, I broke the bad news that his certificate was not legitimate and that his business entity wasn’t even eligible for C-TPAT membership. He was clearly shaken and replied, “But I paid over $6000 U.S. to this firm to become a member!”

Motivated by the opportunity to turn a quick dollar, a number of firms continue to prey on uninformed companies who have a sincere desire to either join the C-TPAT program or become C-TPAT compliant.

This problem transcends how I personally regard the ethics of these firms guilty of misrepresentation. Far more important are the significant risks that are created by companies that are performing superficial audits and providing bogus certifications.

Experts agree that the most vulnerable links in the supply chain are usually found on foreign soil. These are the likely places where terrorists will attempt to smuggle a chemical, biological or nuclear weapon inside a carton, pallet, container or trailer, which will then be sent to the United States. This is why Customs and Border Protection sends out C-TPAT Supply Chain Security Specialists who perform foreign validations every three years.

While these formal validations serve an important purpose, they typically only provide CBP with a very limited glimpse of an importer’s supply chain. The C-TPAT representatives may only have the opportunity to evaluate less than 10% of an importers entire network.

As previously stated, these validations only take place once every three years, a time frame where a company’s security program can easily develop gaping holes.

Plus, the C-TPAT validation team will always provide advance notice when they will be arriving and what facilities they intend to inspect. Consequently, when they are on site they may not be seeing a true representation of how the protective safeguards really operate on a day to day basis.

This is why CBP mandates that C-TPAT certified companies must conduct comprehensive self assessments of their supply chain security. These audits should identify weaknesses, recommend solutions to strengthen those areas that are vulnerable, as well as provide awareness training for key personnel. These audits should also result in detailed action plans, complete with time tables for completion of the needed remedial work.

However, when these audits consist of little more than individuals with questionable experience and expertise merely “pencil-whipping” generic checklists, this process becomes little more than a meaningless exercise.

Despite having significant vulnerabilities in their asset protection controls, after receiving these superficial audit reports and bogus certifications, foreign companies oftentimes then operate under the assumption that their supply chains are extremely secure. This false sense of security can be compared to wearing a defective bullet proof vest that won’t stop a 38 caliber round. While you may feel well protected, when actually tested the consequences could prove catastrophic.

U.S. importers cannot afford to rely on cosmetic, ineffective security programs. The first time their supply chain is victimized may not only lead to the suspension or revocation of C-TPAT membership, but could also result in significant financial loss, irreparable harm to their reputation, and most concerning, the opportunity for another major act of terrorism inside the United States. As we reflect on 9/11, let us remain committed to never allowing history to repeat itself.

Our organization is frequently called upon to investigate white and blue collar crime by executives who wrongfully assumed that their companies were well protected. All too often, our investigations reveal that while may of these firms have allocated resources to protecting their assets, when tested; their safeguards did little to prevent them from being victimized.

In a large percentage of these cases, the companies that have incurred six or seven figure losses were guilty of making one or both of these two costly mistakes:

Being reactive rather than proactive

While some firms have learned that prevention is far less costly than apprehension, there are still many companies that haven’t gotten the message.

An example of this involved one distributor that experienced an ongoing drop in gross profit and an increase in inventory shrinkage. They had historically evaluated the success of their security program by how many individuals they caught stealing and arrested each year. However, despite the fact that they had apprehended a number of employees, their inventory shortages became worse over time.

What they failed to understand was that they were not plugging up the holes that allowed the theft to take place, i.e., not addressing the root cause of the problem. Consequently, new employees soon learned how easy it was to exploit the company’s controls. For every dishonest worker they terminated for theft, they were being replaced by new employees who learned that the risk of being caught stealing inventory was extremely low.

However, once this distributor began focusing on preventing theft, their losses dramatically declined and their bottom line improved. They learned to judge the effectiveness of their security program by how many employees remained honest, not by the number who was apprehended in the act of theft.

Becoming complacent

If you haven’t objectively evaluated your security and looked for ways to improve your loss prevention controls, there’s a high probability that your safeguards could be exploited.

All too often, companies mistake being lucky with having effective safeguards in place, only to find out how vulnerable they really were after their controls were compromised.

Prior to 09/11, there were many who attributed the absence of domestic terrorism to the effectiveness of U.S. airport security measures. As we painfully learned, many of those alleged safeguards were far more cosmetic than meaningful, and relatively easy for the terrorists to circumvent.

One way to avoid having a false sense of security is to have your physical, procedural, and electronic safeguards periodically audited and tested. While the results may be disturbing, you’re better off finding out where the weaknesses in your security program are before others have the opportunity to exploit them.

 Here are two reasons why supply chain security should be taken seriously:

 1. If your safeguards look considerably better on paper than they work in reality, your company faces the risk of having illegal narcotics or a weapon of mass destruction smuggled into the United States via one of your shipments.

 2. The other risk you face is that when C-TPAT inspectors validate your foreign suppliers and logistics providers, they may find your controls woefully inadequate and lower your tier level or even remove you from the C-TPAT program.

If you want to protect your import shipments from theft, smuggling and terrorism, you’ll need to have a diligent auditing process in place. Aside from it being a C-TPAT requirement, it’s also one of the most critical components of your security program.

One of the primary objectives when performing a comprehensive security audit is to separate fact from fiction.

Prior to conducting one of our C-TPAT compliance audits at a foreign distribution center, we had been assured that all their security controls were being diligently followed and our client’s product was extremely well protected.

Prior to our arrival, this consolidator had informed us that they had complete video coverage throughout their facility, tight control over inbound and outbound goods and that our clients’ product was always kept in a highly secured segregated area.

What we observed however was quiet different. Not only were the CCTV camera views providing terrible clarity, but our client’s goods were not being monitored from the time they were taken off an inbound truck to the time they were eventually reloaded for transport to the Hong Kong seaport. There were numerous “blind spots” where our client’s product could have been tampered with and completely avoided observation by their video system

We found that their digital hard drive was much too small, only archiving recorded video for 7 days – an inadequate period of time in the event that a post event investigation was required in the future.

We also exposed loopholes with their cargo handling practices. Inbound truck security seals for example, were being removed by anyone working on the receiving dock rather than by more senior personnel (which is what their policy called for). Consequently, we found that many workers did not take the time to verify that the seal number on an arriving truck matched the manifest (another major policy violation).

We also found that the seals used on outbound trucks were left exposed in an open box on the shipping dock, fully accessible to all employees, vendors and outside truckers. Because the shipping crew didn’t use seals in numerical sequence, these exposed seals could have been stolen and then reattached to a truck’s cargo doors after a driver left their facility.

Insofar as our client’s product being segregated “in a highly secured area”, we observed that the fencing was only 8’ high and had no ceiling to protect against employees simply climbing over it. We also found that  the keypad code to this area hadn’t been changed in nearly nine months and was known to most of the workforce (including those without clearance to this area). Additionally, we determined that the alarm system was only being armed at the end of each workday, even when there was no work being performed in this area for hours at a time.

These issues, as well as an array of other security loopholes that were exposed, were promptly addressed and remedied. However, had this audit not been performed, our client’s risk factor would have remained unnecessarily high.

Training is another important component, yet it’s frequently not provided when an on site assessment is performed. During a recent C-TPAT training program we conducted for a foreign manufacturer, we asked if anyone knew whether bolt seals could be circumvented. Ninety percent of those in attendance responded that it was impossible to manipulate them. The problem here is that bolt seals can in fact be circumvented a number of ways and if those responsible for seal integrity think they’re foolproof, they’ll never recognize and expose breaches when they do occur.

When evaluating the quality of a foreign site’s security program, it’s’ also important to avoid “getting lost in the translation.” Because C-TPAT focuses on imports, working with foreign companies is commonplace.

Cultural differences and language barriers can result in misleading responses and faulty conclusions. It’s for this reason that we deliberately ask the same questions several times (although they are worded differently) in our supply chain security questionnaires sent out to foreign suppliers and logistics providers. When respondents answer yes on page one and no on page five to the same question, we know that they either didn’t understand what we were asking or weren’t providing us with accurate responses.

It’s also a good idea to confirm questionnaire responses through follow up e-mails and conference calls. More often than not, we receive feedback that differs from many of the original answers that were provided to us.

Is it a case of some foreign firms wanting to look more secure than they really are for their U.S. based customers? Or, did the respondents have different interpretations of words or phrases, resulting in inaccurate feedback?

Whatever the reason, you can’t afford to be inadvertently or deliberately misled if you want to know that your supply chain is in fact as secure as it needs to be.

While it’s tempting to become impressed with state-of-the-art asset protection technology, it can prove costly to be lulled into a false sense of security. With internal theft and cargo crime spiking, the last thing that any company can afford is to be blindsided by a six or seven figure loss. However, that’s exactly what’s been happening to companies throughout the country that have placed too much confidence in the security technology they’ve acquired.

Security technology can certainly be beneficial, however there are also weaknesses in these systems that are being exploited by dishonest employees. Here are some examples:

CCTV – Although some overzealous sales people would like you to believe that the existence of a few dozen cameras throughout your facility will virtually guarantee a theft-free environment, this is simply not true. In fact, more than 90% of the companies contacting us to investigate significant theft-related loss already have video systems in place. If closed circuit television effectively deterred dishonesty, these companies wouldn’t be missing large quantities of their inventory.

Why doesn’t CCTV prevent or expose insider theft? One of the primary reasons is that fraud and collusion look exactly like standard operating procedure. There are no bells or whistles going off when employees steal product through the shipping, receiving, customer pick-up, transfer or return functions – and these are the areas where large scale theft regularly occurs in the typical distribution center.

Another reason why video systems oftentimes fail to protect companies from theft is because few executives have the time, patience or inclination to watch live or archived activity. Unfortunately, dishonest workers are well aware of this fact. In this respect, a video system is no different than a piece of exercise equipment. Simply purchasing it won’t provide any benefit. Unless it’s regularly used, it provides little or no return on your investment.

RFID – A recent DC Velocity article referenced a survey of companies using radio frequency identification systems, where nearly half of the respondents had problems, such as signal disruptions, integration issues and unit failure.

Beyond the technical glitches, it’s important to keep in mind that RFID was never intended to protect against internal theft. Designed as an operational tracking tool, it is not immune from manipulation by employees who have access to the devices. Dishonest workers intent on concealing their theft activity can defeat RFID tags and readers a number of ways, at which point the tracking capability is completely neutralized.

Bar code scanning– The forerunner of RFID is still used by many companies today. Like RFID, it provides many operational benefits. However, it won’t stop internal theft.

If, for example, a devious selector or loader wants to place four extra cases of inventory onto the truck of a driver he’s working in collusion with, he simply won’t scan the extra boxes. It’s that simple.

A similar scenario can also take place in the receiving function. We’ve caught  receivers who were paid thousands of dollars from dishonest drivers because they allowed the truckers to keep a percentage of the product they were supposed to deliver. The receivers concealed their theft by scanning the same cases multiple times, which was possible because many manufacturers don’t assign personalized bar codes for the same SKU’s.

GPS– Many companies initially invested in global positioning satellite technology when it was introduced because they thought they would be able to put a stop to trucker theft. Although GPS has been effective at exposing drivers who extend their breaks, it has been repeatedly defeated by dishonest drivers selling product off their trucks.

Dishonest drivers can have their trucks overloaded with product by warehouse personnel working in unison with them, thereby creating extra inventory that can be subsequently sold for cash.

Drivers can also prey on customers that don’t carefully check in their shipments and deliberately short them on their deliveries, which results in extra cases that could then be illegally sold.

In order to avoid detection via GPS tracking when they illegally transact the product for cash, dishonest drivers will meet  their accomplices and offload the stolen product during their authorized break periods at diners or rest stops, rather than going off route. In other cases, drivers will stay under the radar by selling the hot goods in proximity of their authorized delivery locations, claiming they were waiting for an available door to make their delivery. Consequently, drivers looking to profit at their employer’s expense are not intimated by having GPS in their vehicles.

Technology can add significant value to a loss prevention program. However, it’s not a cure-all. Carefully selecting and integrating the right technology with Best Security Practices, has provento be the most effective way to protect against internal theft.

It’s no secret that the warehousing and transportation industry has been hit hard with rising costs and shrinking profit margins. With experts projecting an extended economic recovery, logistics executives are struggling with  some difficult financial decisions.

The knee jerk reaction of some when it comes to asset protection  has been to arbitrarily cut spending.  However, many companies have learned a painful lesson, which is this:  in tough economic times, security risks can be significantly higher than in normal times.

Because employees are now faced with the harsh realities of wage freezes, overtime elimination, benefit reductions, and possible job cuts, a percentage adopt the mindset that puts them in an adversarial position with their companies. When faced with rising personal expenses and reduced income, many look for an alternative means of financial support.

Employees can become resentful and sometimes even vindictive as they perceive management’s cost cutting initiatives not as a financial necessity, but as a personal attack. A percentage of the workforce may then adopt the mindset of “I’m going to do it to them before they do it to me.”  Consequently, many companies have experienced an increase in both the number of security related problems they’ve incurred as well as an escalation in inventory theft.

One distributor that recently contacted us had experienced their highest single spike in inventory shrinkage in the last 15 years.  Another company was recently victimized for over $240,000 in theft related losses by a group of long term employees who admitted they had never resorted to dishonesty prior to the last six months.

What oftentimes enables these types of crimes to take place are the reductions that some companies have made to their loss prevention programs, which have created new opportunities for individual theft, fraud and collusion, not to mention product tampering and sabotage.

Many senior executives have  asked me the best way to balance  the pressures of making needed cost reductions and the increased risk of security threats that many companies find themselves facing.  My response to this question is to search for innovative ways to reduce their security expenditures without increasing their exposure to security threats.

One  illustration of how this can be accomplished involves a company that has eight locations and one new facility on the drawing board. After carefully analyzing their security expenditures, we questioned why they intended to spend the sum they budgeted for the proposed video system in their new distribution system.

The cost for the CCTV system was, in our opinion, approximately $32,000 more than we thought it needed to be. As it turned out, this cost factor was being driven by their desire for pan/tilt/zoom (P/T/Z) cameras. When we questioned why they thought they needed them, rather than using fixed position cameras, it became apparent that there was not a well thought out reason for their selection.  Essentially they were going in this direction because that’s what they had in their existing facilities.

We pointed out the inadequacies of using Pan/Tilt/Zoom cameras in their type of operating logistics. After listening to our rational, they agreed with our logic. We also explained that fixed cameras were not only a fraction of the cost, but how they would actually provide them with a higher level of security.  Avoiding P/T/Z cameras would also save them money on repairs, being that fixed cameras have fewer moving parts and require far less service.

By utilizing the cameras we recommended, as well as substituting the type of digital video recorders their vendor had proposed with a model that we knew was of equal quality (but without some bells and whistles that we considered unnecessary), we were able to cut their capital investment by more than 52%.

Another illustration involved a company that was spending in excess of $2.8 million dollars a year in guard service  for their facilities in North America. After a study of their operating logistics and visiting several of their sites, we explained that all their facilities could be effectively protected and monitored from one central location if they utilized the right technology and security practices. The savings, even with the investment needed for the new technology, will exceed $1 million in the first year alone.

In a difficult economy, necessity does demand innovation. Rather than arbitrarily cutting budgets with a broad ax, which can end up costing far more, savvy  executives have learned that there are oftentimes ways to strategically reduce expense without increasing risk.