Securing Keys, Assets & People - Blog

5 Steps to Create a Business Theft Prevention Plan

Written by Jay Palter | Jul 21, 2020

Every business eventually has to deal with theft. You shouldn’t feel overwhelmed about this, though; it’s a manageable problem.

For many businesses, the security focus in recent years has largely been on network security, but physical security measures shouldn’t be completely ignored.

Although the specific nature of the theft is going to look different at each business, the solution is often going to be the same. You’ll need to develop a comprehensive business theft prevention plan.

How do you go about making one?

Understand the Types of Theft You Face

To develop a good theft prevention plan, you first need to understand the threats you might face. For planning purposes, security experts break theft into two broad categories: external and internal:

External Theft

These are thefts committed by people outside of your organization. These thefts could be robberies, shoplifting from retail businesses, or fraud, like fraudulent retail returns.

Internal Theft

These are thefts by people inside your organization. This includes thefts perpetrated by vendors and contractors. A business theft prevention plan needs to account for potential bad actors among all of the personnel authorized to be in your facility.

Internal thefts can be straightforward, like larceny (the outright theft of property), but there are also more subtle forms of internal theft. These include:

  • Fraud: The business is deceived into wrongfully diverting funds or its inventory, such as in a vendor billing scheme or in false expense reports.
  • Embezzlement: Staff divert business resources for personal use, such as by skimming off petty cash or redirecting shipping and receiving orders themselves.

The Actual Costs of Internal Theft

There are often a lot of intangible costs that come with internal theft, which makes it hard to quantify. For example, how much does the loss of your customers’ trust cost you?

There are some figures available, though. Hiscox Business Insurance conducts a biennial study of embezzlement and has found that the average amount embezzled per incident is $357,650 USD.

However, when thinking about the costs of internal theft, you need to consider more than just these direct costs. You also need to factor in the work hours spent on investigations and remediation, and the costs of rising insurance premiums. Plus, there are intangible costs, like future business opportunities lost due to broken trust or bad PR.



5 Steps to Creating a Business Theft Prevention Plan

Developing a theft prevention plan takes time, but the cost of proper planning will always be less than the cost of ongoing theft in the long run.

  1. Understand the Principles of Theft Prevention
  2. Plan Your Theft Prevention Program
  3. Document Policies
  4. Implement Controls
  5. Audit and Adapt Your Systems

1. Understand the Principles of Theft Prevention

There are a few basic principles you need to keep in mind as you develop your business theft prevention plan:

Balance Security Against Productivity

There is a tipping point beyond which excess security measures will eat into your revenue and productivity. An overly burdensome plan might be rejected by leadership when you approach them with a purchasing proposal. Instead, focus on policies and solutions that are cost-effective.

People Both Help and Hurt Security

Security experts call this the human factor. People are both your greatest security asset and your greatest vulnerability. Your program should aim to maximize how people can help, and minimize the opportunities for them to hurt your organization.

Defense in Depth

Don’t pin all of your hopes on just one idea or one technology. Use layers of defenses that complement each other. If a threat bypasses one layer, the next layer should be designed to catch it in a different way.

Be Realistic

No business theft prevention plan will ever be one hundred percent effective. Aim to get as close as you can to perfect, but be realistic about what your particular business can hope to achieve.

2. Plan Your Theft Prevention Program

Once you have an understanding of what theft prevention objectives make sense for your business, you can get down to actual program planning. Start by determining what your vulnerable points are. Your organization’s vulnerable points are often areas or activities where staff are left unsupervised. Sometimes, all you need to do to reduce theft is rearrange the physical layout of your facility to improve oversight and visibility.

Your goal should be to create checks and balances to protect against external and internal theft. To trot out an old security phrase, “Trust but verify.”

You need to trust your people to carry out their work with access to your business’s resources, but there should still be checks in place to verify that trustworthiness. Don’t leave one individual with complete end-to-end control over finances or other resources in your business.

Break up responsibility so different teams or individuals are responsible at different stages. This will make it difficult for any one bad actor to hide what they’re doing. Then, decide how your organization can use the three main resources available for theft prevention: people, technology, and data.

People

Reducing the risk of theft starts with your hiring process. You may want your business’s theft prevention plan to specify certain hiring practices, such as background checks or screening questions to be asked during interviews.

Additionally, plan how your business can coordinate with people outside your organization to prevent theft, such as with local law enforcement, other local businesses, and community groups. Co-sponsoring local tips hotlines or a rewards program for returned stolen assets can be particularly cost-effective strategies.

Technology

Many different security technologies are available that can protect or better manage your personnel, physical assets, and your facility. However, to be effective, most solutions need to be adapted to your business’s particular theft prevention needs.

Make sure to evaluate different solutions to see how they will actually fit into your business theft prevention plan. This could mean assessing how easy they will be for your people to use, how each technology fits into your physical premises and on your IT network, and whether its performance is truly going to be cost-effective.

Data

Good data is one of your best tools against theft, especially internal theft. Internal theft is hard to identify if you don't have access control logs or financial records that you can use to detect trends over time.

Data is also a valuable aid in recovery efforts after a theft occurs. Law enforcement’s job is significantly easier when you can hand them complete access logs or the serial numbers of every single item stolen.

Thieves know the data you collect is valuable, so publicizing your collection measures can act as a further deterrent to theft. A disgruntled warehouse worker will think twice about walking off with a company tablet if they know their signout was accurately recorded.

3. Document Policies

Everyone in your business needs to understand what their roles and responsibilities are, and what procedures they need to follow in order to prevent theft. All of these responsibilities need to be outlined in an easy-to-follow policy.

Seek input from different departments within your business while developing your policy. This allows coworkers with different perspectives to confirm whether the policy will be effective in their area. It also demonstrates to everyone that you’re invested in creating a transparent policy that considers their department’s interests.

A policy is only good if it is effectively applied, so one of the most important things you need to do once you have a finalized theft prevention policy is secure buy-in from the top. At a small business, that might just mean getting the owner’s OK. At a larger organization, that might mean getting formal approval at an executive or board meeting.

4. Implement Controls

Once you’ve defined your goals, researched which components you need, and written your policy, it is time to start implementing your business theft prevention controls. Controls could include changes to your facility’s layout that improve visibility, which will deter both internal and external thieves. Physical barriers like fences or more locks are other cost-effective ways to disrupt external thieves.

This is also the time to deploy any of the technologies that you identified as good fits for your business. These systems could include asset lockers for securing and managing access to valuables, like electronics, firearms, and documents. It might also mean deploying a key control system, which manages access to the keys for all the secured locations and locked containers in your facility.

Last but certainly not least, you need to train your personnel on how to follow your theft prevention program. Small, team-specific training sessions work best, if you’re able to arrange them.

5. Audit and Adapt Your Systems

Once your plan is in place, make sure to use the data collection tools you’ve deployed to monitor its performance. Electronic asset lockers and key control systems are excellent tools for generating access and transaction data.

Monitor inventory loss trends. Look for warning signs in your transaction logs, like late key or equipment returns. Some asset and key management systems should also be able to automatically alert you of late returns or changes in transaction patterns.

Put a reporting system in place for employees to notify you of internal issues. Make management accountable for responding to those reports. People are much more likely to adopt a new system if they feel like their voices are being heard.

You Have a Solid Foundation

We’ve just scratched the surface of good business theft prevention planning. Even so, you should be in a good position to improve security at your organization. We have plenty of other resources available to assist with your planning.