7 Internal Threats and Countermeasures

A threat is a serious, impending or recurring event that can result in loss, and it must be dealt with immediately. Internal loss prevention focuses on threats from inside an organization. Crimes, fires, and accidents are major internal loss problems. Examples of internal threats include violence in the workplace, theft of proprietary information, sabotage, infiltration by gangs or organized crime, and terrorism. Losses can result from full-time, part-time, and temporary employees; contractors; vendors; and other groups who have access to the worksite both physically and remotely. Productivity losses also illustrate the range of internal losses. Such losses can result from poor plant layout or substance abuse by employees. Other productivity losses result from employees who loaf, arrive at work late, leave early, abuse coffee breaks, socialize excessively, use the Internet for nonwork-related activities, and prolong work to create overtime; these abuses are called theft of time. Faulty measuring devices, which may or may not be known to employees, are another cause of losses. Scales or dispensing devices that measure things ranging from truck weight to copper wire length are examples.

We can see that the spectrum of internal threats is broad. Although this chapter focuses on internal theft and associated countermeasures, the strategies covered also apply to many internal and external (e.g., burglary and robbery) threats.

Universal IT Threats

Although the media often concentrate on a few high-profile cyberattacks from outside organizations, the greatest threat to corporate information technology systems is from within (i.e., from employees). Because news of many insider attacks is not released to the public, the frequency of the following scenario is impossible to gauge: A systems administrator in one hospital learned that she was about to be fired, so she arranged for a “severance package” for herself by encrypting a critical patient database. Her supervisor feared the worst and loss of his job, so in exchange for the decryption key, the manager arranged for a termination “bonus” and an agreement that the hospital would not prosecute (Shaw et al., 2000: 62).

The dilemma facing the hospital, as to whether to meet the offender’s demands or prosecute, can produce interesting debate. How long could the hospital function without the critical patient database? How much time would be required by the criminal justice system to resolve the case? As we know from previous chapters, there are several procedural steps to a criminal case, and the decision to prosecute has its advantages and disadvantages.

From a loss prevention perspective, the following methods would have placed the hospital in an improved position: maintain strict confidentiality about the impending firing of the employee, follow established policies and procedures pertaining to firing employees, exercise extreme caution, block the employee’s access to the IT system and other vulnerable locations and systems, and always back up data. Technical solutions alone are not the answer because internal attacks are a “people problem” requiring personnel security solutions. The challenges include the expense of money and time for increased security. Conviction checks may be ineffective with IT personnel because their misdeeds are likely to be unrecorded and, as in the case of the hospital systems administrator, unreported. At-risk behaviors, however, can lead to exposure by supervisors and coworkers. Examples include personnel who avoid procedures and hack into a system to fix problems, curious individuals who explore the system while violating security policies, and individuals who cause outages to facilitate their own travel or advancement.

A growing threat is the insider who steals proprietary or confidential information such as customer identifying information and financial information. These losses can also result from accidental losses of data or attacks by hackers.

Two additional concerns are the growing remote workforce and the devices used to work away from the traditional worksite. Laptop and handheld computers, high-speed Internet, wireless networks, and smart cell phones have facilitated telework (i.e., working away from the traditional worksite by transmitting information via communication technology). Many other devices also aid the mobile workforce, including personal digital assistants (PDAs), digital cameras, and USB memory sticks—all of which are high-capacity storage devices. Because of telework, traditional internal threats are also becoming external threats. For instance, an employee working off-site may have his company laptop computer stolen from his home or while traveling. He may also be victimized by hacking while working off-site. Furthermore, because of technology, an employee can cause losses (e.g., embezzlement or theft of proprietary information) for an organization while off the premises as well as when on the premises. Differentiating internal from external threats is becoming increasingly difficult and blurred, especially because we have entered the era of universal threats. In other words, employees and organizations face the same threats whether work is accomplished on or off the premises.

Jordon (2006: 16) writes that both public and private sectors are increasingly embracing telework because of efforts to ensure continuity of operations when a disaster strikes. He refers to the Federal Telework Survey that showed that 41% of responding federal employees indicated that they telework, up from 19% the previous year. The research also showed that federal IT professionals expanded their support for telework initiatives. Jordan’s article adds that telework is not just a technological issue, it is also an organizational and cultural change issue, and agencies must share best practices. From a security perspective, it is also a socialization issue to prevent losses.

The U.S. Department of Homeland Security, Science and Technology Directorate and the Executive Office of the President, Office of Science and Technology Policy (2004: 42) warned that the greatest threat to critical infrastructure (e.g., food, water, electricity) is from the insider who performs actions that could destroy or degrade systems and services. Insider threats develop from individuals who have authorization to access information and infrastructure resources. These threats are difficult to guard against because the offenders are on the inside and trusted. They exploit vulnerabilities and have advantages over outsiders in choosing the time, place, and method of attack. The Science and Technology Directorate and the Office of Science and Technology Policy (2004: 42–44) offer research directions for protection against insider threats:

Intent Detection: This involves examining combinations of observations, actions, relationships, and history to sense possible offending behavior. Various methods are used to support this approach, including surveillance, cataloging, pattern recognition, and computational analysis. These methods are applicable to the physical and cyber domains.

Detection and Monitoring: Detection should draw attention to early recognition of a pattern of action that is erratic or outside the norm. Computer models are necessary to distinguish between random behavior and behavior indicative of a possible internal threat. Then computer systems must monitor the possible problem.

Protection and Prevention: This includes security measures that are overt or covert. Examples are incremental access, job-specific access controls, and repetitive checking. These measures and others require research to build solutions to internal threats.

Taylor et al. (2006: 7) write that vulnerability from within an organization is the most dangerous and serious threat. They report that 73% of the risk to computer security is from internal sources, while 23% is attributable to external sources. In comparison to outsiders, Taylor et al. note that insiders find it easier to circumvent IT security because they are familiar with the system; in many instances breaches from within are not detected; an internal cybercrime can be covered up by using a special program; and detection may not surface in an audit. Computer industry research shows the average internal attack costs a company $2.7 million, compared with $57,000 for an external attack (Shaw et al., 2000: 62–66). Randazzo et al. (2004: 2) write that estimates of internal attacks are difficult to formulate because of under-reporting to law enforcement authorities and organization fear of negative publicity and increased liability. They point to statistics that vary on the prevalence of internal and external cyberattacks, the methodological problems of annual surveys and in-depth case studies, and the importance of examining incidents from both behavioral and technical perspectives simultaneously. These research problems make it difficult to gauge internal and external threats to IT systems. Examples of two surveys are the FBI (2005) Computer Crime Survey and the Computer Security Institute/FBI (2005) CSI/FBI Computer Crime and Security Survey. Both surveys depend on organizations to report their victimizations. In the former survey, 44% of respondents had experienced intrusions from within their organizations. In the latter survey, respondents compared internal and external IT security incidents in their respective organizations, and they reported that there were more security incidents from external sources; however, more respondents did not know the number of internal incidents when compared to the number of incidents from external sources (44% versus 35%). In a subsequent survey (Computer Security Institute/FBI, 2006: 11–12), CSI/FBI Computer Crime and Security Survey, some questions and reporting on internal versus external threats were changed from the earlier survey, which made comparisons difficult. The 2006 report stated that most respondents do not see insiders as responsible for most of their organization’s cyber losses; however, a significant number of respondents believe that insiders are responsible for substantial losses. In addition, for all categories of attacks or misuse, a trend shows the detection of such attacks appears to be decreasing. Interestingly, the dollar amount of losses resulting from security breaches decreased substantially from 2004 to 2005 due to a drop in the number of respondents. Negative publicity from reporting computer crime to police is a major concern of organizations.

To personalize the information presented in this chapter, three businesses are described: a retail lumber business (see Figure 7-1), a clothing manufacturing plant (see Figure 7-2), and a research facility (see Figure 7-3). Suppose you are a loss prevention specialist working for a corporation that has just purchased these three businesses. Your supervisor informs you that you are responsible for recommending modifications at these facilities to improve internal loss prevention. First, read this chapter and then proceed to the case problem pertaining to these businesses at the end of the chapter.

FIGURE 7-1 Woody’s Lumber Company. Woody’s Lumber Company has suffered declining profits in recent years. A recently hired manager quickly hired six people to replace the previous crew, which was fired for internal theft. Four additional people were quickly hired for part-time work. The process for conducting business is to have customers park their cars in the front of the store, walk to the sales counter to pay for the desired lumber, receivea pink receipt, drive to the rear of the store, pick up the lumber with the assistance of the yard crew, and then depart through the rear auto exit. At the lumber company, loss prevention is of minimal concern. An inoperable burglar alarm and two fire extinguishers are on the premises.

FIGURE 7-2 Smith Shirt Manufacturing Plant. In the past two years, the Smith plant has shown declining profits. During this time, managers believed that employee theft might be the cause, but they were unsure of what to do and were worried about additional costs. Employees work one shift from 8 A.M. to 5 P.M. five days per week and are permitted to go to their cars to eat lunch from noon to 1 P.M. A total of 425 employees are divided as follows: 350 sewing machine operators, 15 maintenance personnel, 20 material handlers, 20 miscellaneous workers, 2 retail salespeople, 5 managers, and 13 clerical support staff members. A contract cleanup crew works from 6 to 8 A.M. and from 5 to 7 P.M. on Monday, Wednesday, and Friday; Sunday cleanup is from 1 to 4 P.M. The crewmembers have their own keys. Garbage dumpster pickup is 7 A.M. and 7 P.M. Monday, Wednesday, and Friday. The plant contains a fire alarm system and four fire extinguishers. One physical inventory is conducted each year.

FIGURE 7-3 Compulab Corporation. Compulab Corporation is a research business with tremendous potential. However, it seems that whenever it produces innovative research results, a competitor claims similar results soon afterward. Compulab employs 33 people, including a research director, 2 assistants, 10 scientist-researchers, 8 computer specialists, and an assortment of office staff. The facility is open 24 hours a day, 7 days per week, and employees work a mixture of shifts each month and remotely from their homes and other locations. Almost every employee has his or her own key for entrance into the building.

INTERNAL THEFT

How Serious Is the Problem?

Internal theft also is referred to as employee theft, pilferage, embezzlement, stealing, peculation, and defalcation. Employee theft is stealing by employees from their employers. Pilferage is stealing in small quantities. Embezzlement occurs when a person takes money or property that has been entrusted to his or her care; a breach of trust occurs. Peculation and defalcation are synonyms for embezzlement. Whatever term is used, this problem is an insidious menace to the survival of businesses, institutions, and organizations. This threat is so severe in many workplaces that employees steal anything that is not “nailed down.”

The total estimated cost of employee theft varies from one source to another, mainly because theft is defined and data are collected in so many different ways. An often-cited statistic, from The U.S. Chamber of Commerce, is that 30% of business failures result from employee theft. The National White Collar Crime Center reports that losses due to employee theft range from $20 to $90 billion annually to upwards of $240 billion annually when intellectual property theft is included (National Association of Credit Management, 2005). The Association of Certified Fraud Examiners (2006: 8) conducted research that found that the typical organization loses 5% of its revenues to occupational fraud, defined as follows: “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” They claim that if this figure were multiplied by the U.S. Gross Domestic Product, which in 2006 was about $13 trillion, the losses would translate to about $652 billion in annual fraud losses. These figures may be higher when direct and indirect costs are combined. Indirect costs can include a slowing of production or an insurance premium hike after a claim. Research by Baker and Westin (1987: 12) mentions employee morale and damage to public image as expensive indirect costs following major internal crimes.

Why Do Employees Steal?

There is no one reason why employees steal from their employers. However, two major causes of employee theft are employee personal problems and the environment. Employee personal problems often affect behavior on the job. Financial troubles, domestic discord, drug abuse, and excessive gambling can contribute to theft. It is inappropriate to state that every employee who has such problems will steal, but during trying times, the pressure to steal may be greater. A wise employer should be alert to troubled employees and suggest referral to an Employee Assistance Program (see Chapter 18).

The environment is perhaps the strongest factor behind internal theft. Politicians, corporate executives, and other “pillars of society” are constantly being found guilty of some form of crime. Inadequate socialization results. In other words, poor examples are set: employees may observe managerial illegalities and then act similarly. In many businesses, because so many people are stealing, those who do not steal are the deviants and outcasts; theft becomes normal and honesty becomes abnormal. Some managers believe that employee theft improves morale and makes boring jobs exciting. In many workplaces, employees are actually instructed to be dishonest. This can be seen when receiving department workers are told by their supervisor to accept overages during truck deliveries without notifying the vendor.

“Let’s Not Fire Him for Stealing—He’s a Good Employee”

An undercover investigation at Smith’s lumberyard #7 revealed that the yard boss, Joe Crate, was stealing. The undercover investigator, Jimmy Wilson, worked at yard #7 and found that Joe was stealing about $80 worth of building products per week. Each evening Joe would hide merchandise near the back gate, and when it was time to close up and lock the gate, he would quickly load his vehicle, which was conveniently parked nearby.

Before Jimmy was assigned to another yard, he met with a vice president and the manager of yard #7 at company headquarters. During the meeting, Jimmy asked, “Are you going to fire Joe Crate?” The VP stated, “Let’s not fire him for stealing—he’s a good employee.” Then the VP explained: “Joe’s salary is $10 per hour, which is equal to $400 per week. If Joe steals about $80 per week, then Joe’s salary is about equal to $480 per week. If we hired a carpenter to build the lumber sheds that Joe is building at yard #7, it would cost us almost twice as much.” Jimmy could not believe what he was hearing, especially from the VP. He did not say a word and listened to instructions for his next assignment.

What are your views of the way in which internal theft was handled at Smith’s lumberyard #7 in the preceding box?

When employees steal, a hodgepodge of rationalizations (excuses) are mentally reviewed to relieve guilt feelings. Some of these rationalizations are “Everybody does it,” “It’s a fringe benefit,” and “They aren’t paying me enough.”

Donald R. Cressey analyzed thousands of offenders to ascertain common factors associated with inside thievery (Lary, 1988: 81). He found three characteristics that must be present before theft would be committed. Cressey’s employee theft formula is

Motivation + Opportunity + Rationalization = Theft

Motivation develops from a need for money to finance a debt or a drug problem or to win approval from others. Opportunity occurs at many unprotected locations, such as a loading dock. Rationalizations relieve guilt, as stated already. This formula illustrates the need for security and an honest environment.

Edwin Sutherland, a noted criminologist, offered his theory of differential association to explain crime. Simply put, criminal behavior is learned during interaction with others, and a person commits crime because of an excess of definitions favorable to violation of law over definitions unfavorable to violation of law. The implication of this theory for the workplace is that superiors and colleagues in a company are probably a more important determinant of crime than is the personality of the individual. Conklin (2001: 278–279) writes in his criminology textbook that a former head of the Securities and Exchange Commission’s Division of Enforcement stated bluntly: “Our largest corporations have trained some of our brightest young people to be dishonest.”

A study of college student knowledge of how to commit computer crimes found that threat of punishment had little influence on their misdeeds. In this study, the strongest predictor of computer crime was differential association with others who presented definitions favorable to violation of the law (Skinner and Fream, 1997: 495–518).

The implications for security from differential association theory point to the importance of ethical conduct by top management, who should set a good example in the socialization of all employees. In addition, since criminal laws can be impotent, preventive security strategies are essential.

How Do Employees Steal?

The methods used to steal from employers are limited by employee imagination. Typically, employees pilfer items by hiding them under their clothing before leaving the workplace. Methods that are more sophisticated involve the careful manipulation of accounting records. Collusion among several employees (and outsiders) is common. The kinds of item to be taken (e.g., tools, a piano, cash) and the obstacles (e.g., loss prevention strategies) dictate the method of theft. A tool can be hidden in a person’s pocket or underwear, and a piano might be pilfered piece by piece over a year and then assembled in a home garage. Some employee theft methods follow:

1. Wearing manufactured items while leaving the workplace—for example, wearing pilfered underwear or wearing scrap lead that has been molded to one’s body contours

2. Smuggling out pilfered items by placing the item in a lunchbox, pocketbook, bundle of work clothes, umbrella, newspaper, hat, or even one’s hair

3. Hiding merchandise in garbage pails, dumpsters, or trash heaps to be retrieved later

4. Returning to the workplace after hours, with a pass key, and helping oneself to goods

5. Truck drivers turning in fictitious bills to employers for fuel and repairs and then splitting the money with truck stops

6. Collusion between truck drivers and receiving personnel

7. Executives padding expense accounts

8. Purchasing agents receiving kickbacks from vendors for buying high-priced goods

9. Retail employees pocketing money from cash sales and not recording the transaction

10. Padding payrolls as to hours and rate of pay

11. Maintaining nonexistent or fired employees on a payroll and then cashing the paychecks

12. Accounts payable employees paying fictitious bills to a bogus account and then cashing the checks for their own use

Possible Indicators of Theft

Certain factors may indicate that theft has occurred:

1. Inventory records and physical counts that differ

2. Inaccurate accounting records

3. Mistakes in the shipping and receiving of goods

4. Increasing amounts of raw materials needed to produce a specific quantity of goods

5. Merchandise missing from boxes (e.g., every pallet of 20 boxes of finished goods has at least two boxes short a few items)

6. Merchandise at inappropriate locations (e.g., finished goods hidden near exits)

7. Security devices found to be damaged or inoperable

8. Windows or doors unlocked when they should be locked

9. Workers (e.g., employees, truck drivers, repair personnel) in unauthorized areas

10. Employees who come in early and leave late

11. Employees who eat lunch at their desks and refuse to take vacations

12. Complaints by customers about not having their previous payments credited to their accounts

13. Customers who absolutely have to be served by a particular employee

14. An unsupervised, after-hours cleaning crew with their own keys

15. Employees who are sensitive about routine questions concerning their jobs

16. An employee who is living beyond his or her income level

17. Expense accounts that are outside the norm

Management Countermeasures

Management Support

Without management support, efforts to reduce losses are doomed. A good management team sets both a foundation for strategies and an atmosphere in which theft is not tolerated. Support for budget requests and appropriate policies and procedures are vital.

Effective Planning and Budgeting

Before measures are implemented against internal theft, a thorough analysis of the problem is necessary. What types of losses are occurring, where, by whom, when, and why?

Internal and External Relations

Good internal and external relations can play a role in preventing employee theft. Loss prevention practitioners who show appropriate courtesy, demeanor, and appearance are respected by employees. Prompt investigations of incidents indicate that losses are a major concern.

With a heightened prevention atmosphere within a workplace, an external reputation is sure to follow. Outside people with ulterior motives will think twice before applying for a job.

Job Applicant Screening and Employee Socialization

The screening of job applicants from full-time to part-time and temporary workers is a major theft-prevention technique. Whatever steps are taken, an atmosphere of loss prevention should exist from every applicant’s initial contact.

Accountability, Accounting, and Auditing

Accountability defines a responsibility for and a description of something. For example, John Smith is responsible (i.e., is held accountable) for all finished products in a plant, and he maintains accurate records (i.e., a description) of what is in stock. Accounting is concerned with recording, sorting, summarizing, reporting, and interpreting business data. Auditing is an examination or check of a system to uncover deviations. Personnel audit physical security by checking intrusion alarm systems, closed-circuit television (CCTV), and so on. An auditor audits the accounting records of a company to see if the records are reliable and to make sure embezzlement has not occurred.

Policy and Procedural Controls

Policy and procedural controls coincide with accountability, accounting, and auditing. In each of these three functions, policies and procedures are communicated to employees through manuals and memos. Policies are management tools that control employee decision making and reflect the goals and objectives of management. Procedures guide action to fulfill the requirements of policies.

As an example, a company policy states that, before trash is taken to outside dumpsters, a loss prevention officer must be present to check for stolen items. Procedures point out that, to conform to this policy, the head of the cleaning crew must call the loss prevention office and wait for an officer to arrive before transporting the trash outside.

Signs

Placing messages about loss prevention on the premises is another method. The message must be brief, to the point, and in languages for diverse readers. An example of a message is “Let’s all work together to reduce losses and save jobs.”

Loss Reporting and Reward System

Numerous organizations have established a toll-free number to facilitate ease of loss reporting. A company Web site and intranet are other avenues to facilitate loss reporting. A reward system is a strategy to reinforce reporting. One method employed is to provide the informant with a secret number that is required to pick up reward money at a bank at a time convenient to the caller, who is encouraged to send a substitute to strengthen anonymity.

The Sarbanes-Oxley (SOX) Act of 2002 requires publicly traded companies to provide a system of reporting anonymously, with penalties for noncompliance. Research shows that the best avenue to encourage reporting is through a confidential, 24-hour hotline operated by a third party (Greene, 2004).

Research by Scicchitano et al. (2004: 7–19) found that, among the large retailers they surveyed, management encouraged employees to report dishonesty that they observed in the workplace. In addition, companies use a variety of methods (e.g., posters, announcements) to promote peer reporting. All the respondents used a toll-free hotline and one-half used financial incentives. No clearly established methods of reporting were noted from the research. The researchers emphasized that corporate climate plays an important role in facilitating peer reporting.

Investigation

Employee thieves often are familiar with the ins and outs of an organization’s operation and can easily conceal theft. In addition, a thorough knowledge of the loss prevention program is common to employee thieves. Consequently, an undercover investigation is an effective method to outwit and expose crafty employee thieves and their conspirators.

Property Losses and Theft Detection

To remedy property losses within an organization, several strategies are applicable. Closed-circuit television (CCTV), both overt and covert, and Radio Frequency Identification (RFID) are popular methods discussed in other parts of this book. Here, an emphasis is placed on inventory system, marking property, and use of metal detectors. An inventory system maintains accountability for property and merchandise. For example, when employees borrow or use equipment or tools, a record is kept of the item, its serial number, the employee’s name, and the date. On return of the item, both the clerk and the user make a notation, including the date. Inventory also refers to merchandise for sale, raw materials, and unfinished goods. This topic will be covered at greater length in Chapter 11 on accounting, accountability, and auditing.

Marking property (e.g., tools, computers, furniture) serves several useful purposes. When property is marked with a serial number or a special substance, or a firm’s name is etched with an engraving tool, thieves are deterred because the property can be identified if the thief is caught. Publicizing the marking of property reinforces the deterrent effect.

Besides the popular use of a pinhole lens camera for covert surveillance to catch an offender, another investigative technique is to use fluorescent substances to mark property. An ultraviolet light (black light) is necessary to view these invisible marks, which emerge as a surprise to the offender. Organizations sometimes experience the theft of petty cash. To expose such theft, fluorescent substances, in the form of powder, crayon, or liquid, are used to mark money. The typical scenario involves a few suspects who are the only people with access to petty cash after hours. Before these after-hour employees arrive, the investigator handling the case places bills previously dusted with invisible fluorescent powder in envelopes at petty cash locations. The bills even can be written on with the invisible fluorescent crayon. Statements such as “marked money” can be used to identify the bills under ultraviolet light. Serial numbers from the bills are recorded and retained by the investigator. Before the employees are scheduled to leave, the “planted” bills are checked. If the bills are missing, then the employees’ hands are checked under an ultraviolet light. Glowing hands expose the thief, and identification of the marked money carried by the individual strengthens the case. The marked money must be placed in an envelope because the fluorescent powder may transfer to other objects and onto an honest person’s hands. A wrongful arrest can lead to a false-arrest suit. A check of a suspect’s bills, for the marked money, helps avoid this problem. Many cleaning fluids appear orange under an ultraviolet light. The investigator should analyze all cleaning fluids on the premises and select a fluorescent color that is different from the cleaning substances. Other items that may fluoresce include lotions, plastics, body fluids, and some drugs.

Another method of marking property is by applying microdots. Microdots contain a logo or ID number, and the dots are painted or sprayed on property. A microscope is used to view the dots that identify the owner of the property. As with other methods of marking property, the purpose is to reduce losses from internal and external sources of theft. One utility company, for example, suffered millions of dollars of losses from the theft of copper wire and equipment, so it applied the dots to copper assets to help identify company property during investigations and recovery (Canada.com, 2007).

Walk-through metal detectors, similar to those at airports, are useful at employee access points to deter thefts of metal objects and to identify employee thieves. Such detectors also uncover weapons being brought into an area. Handheld metal detectors are also helpful. It is important to note that metal detectors may be overrated because certain firearms, knives, and other weapons are made primarily of plastic. Consequently, scanners are an expensive option to identify contraband, as covered in the next chapter.

Insurance, Bonding

If insurance is the prime bulwark against losses, premiums are likely to skyrocket and become too expensive. For this reason, insurance is best utilized as a supplement to other methods of loss prevention that may fail. Fidelity bonding is a type of employee honesty insurance for employees who handle cash and perform other financial activities. Bonding deters job applicants and employees with evil motives. Some companies have employees complete bonding applications but do not actually obtain the bond.

Confrontation with the Employee Suspect

Care must be exercised when confronting an employee suspect. The following recommendations, in conjunction with good legal assistance, can produce a strong case. The list of steps presents a cautious approach. Many locations require approval of management before an arrest.

1. Never accuse anyone unless absolutely certain of the theft.

2. Theft should be observed by a reliable person. Do not rely on hearsay.

3. Make sure you can show intent: the item stolen is owned by the organization, and it was removed from the premises by the person confronted.

In steps 4 through 14, an arrest has not been made.

4. Ask the suspect to come to the office for an interview. Employees do not have a right to have an attorney present during one of these employment meetings. If the suspect is a union employee and requests a union representative, comply with the request.

5. Without accusing the employee, he or she can be told: “Some disturbing information has surfaced, and we want you to provide an explanation.”

6. Maintain accurate records of everything. These records may become an essential part of criminal or civil action.

7. Never threaten a suspect.

8. Never detain the suspect if the person wants to leave. Interview for less than one hour.

9. Never touch the suspect or reach into the suspect’s pockets.

10. Request permission to search the suspect’s belongings. If left alone in a room under surveillance, the suspect may take the item concealed on his or her person and hide it in the room. This approach avoids a search.

11. Have a witness present at all times. If the suspect is female and you are male, have another woman present.

12. If permissible under the Employee Polygraph Protection Act of 1988, ask the suspect to volunteer for a polygraph test and have the suspect sign a statement of voluntariness. Follow EPPA guidelines.

13. If a verbal admission or confession is made by the suspect, have him or her write it out, and have everyone present sign it.

14. Ask the suspect to sign a statement stipulating that no force or threats were applied.

15. For the uncooperative suspect, or if prosecution is favored, call the public police, but first be sure you have sound evidence as in step 3.

16. Do not accept payment for stolen property because it can be construed as a bribe and it may interfere with a bond. Let the court determine restitution.

17. Handle juveniles differently from adults; consult the public police.

18. When in doubt, consult an attorney.

Prosecution

Many feel strongly that prosecution is a deterrent, whereas others maintain that it hurts morale and public relations and is not cost effective. Whatever management decides, it is imperative that an incident of theft be given considerable attention so that employees realize that a serious act has taken place. Establish a written policy that is fair and applied uniformly.

Research

Although employee theft is a significant national problem, limited research is available. The Association of Certified Fraud Examiners (2006) periodically publishes a Report to the Nation on Occupational Fraud and Abuse. Some of its findings from research of actual cases are as follows:

1. Occupational fraud is very difficult to detect.

2. The fraud is more likely to be detected by a tip rather than an audit or internal controls.

3. Organizations that had an anonymous fraud hotline suffered lower losses.

4. Industries with the highest median losses per scheme were wholesale, construction, and manufacturing. Government and retailers were among those with the lowest median losses.

5. Small businesses suffer disproportionate fraud losses. The median loss at organizations with fewer than 100 employees was $190,000 per scheme, and the most common schemes were employees fraudulently writing company checks, skimming revenues, and processing fraudulent invoices.

6. Small businesses generally do a poor job of proactively detecting fraud.

7. The higher the position of the offender in the organization, the greater the losses.

8. Most of the cases of fraud in the study involved either employees in the accounting department or upper management.

9. Almost two-thirds of victimized organizations routinely conducted background checks on applicants; however, less than 8% of offenders had prior convictions. ACFE data show that although background checks are important, certain methods are vital for detecting fraud, such as fraud training, surprise audits, and anonymous reporting.

Another research project was conducted by the University of Minnesota and the American Management Association with funds from the U.S. Department of Justice (Clark and Hollinger, 1980: 106). Thirty-five corporations including 4,985 employee respondents anonymously provided data. Conclusions from this research report are listed next:

1. In the three industries studied (retail stores, electronic manufacturers, and hospitals), employees most likely to be involved in theft constitute a significant portion of the workforce: salespersons, engineers, and nurses.

2. The dissatisfied employee was found more frequently to be involved in theft.

3. The most consistent predictor of theft involvement was the employee’s perceived chance of being caught.

4. Theft decreased when a negative reaction by management and coworkers increased.

5. Informal coworker sanctions are twice as influential in changing behavior as formal management responses.

6. Prevention measures have an effect on theft.

7. Those companies with a clearly defined antitheft policy had a lower incidence of theft.

8. Theft can be lowered by communicating antitheft policies to employees (e.g., through signs or memos).

9. A lesser degree of theft was found in businesses that had theft-prevention strategies within the inventory system.

10. Pre-employment screening deters theft.

11. Lower levels of theft can be achieved by instituting several strategies at once.

Speed (2003: 31–48) writes that employee dishonesty is a complex problem, and management encounters difficulty when planning the most appropriate strategies to combat it. He focused his research on a major retailer in the United Kingdom to learn how loss prevention could be better targeted. Speed studied company records of employee offenders and surveyed attitudes of a sample of employees. He proposed a management strategy that divides employees into four groups, based on age and length of service, and then he designed loss prevention strategies for each group. The four groups and the strategies for each are summarized next:

• First group: Employees 20 years of age or younger, new to the company.

• Second group: Employees in their 20s, employed with the company for about two years.

• Third group: Employees with greater length of service and experience than the first two groups.

• Fourth group: Employees with considerably greater length of service or are much older.

Speed’s research shows that the first group presents great risk of theft because they are less likely to be deterred by disapproval by others or by losing their job. However, more of them fear being caught than the slightly more experienced employees. The first group commits the simplest types of offenses with the lowest values. Strategies for this group include restricted access to high-risk operations and ensuring they are complying with systems. The second group also presents great risk of theft because they are confident they will avoid detection. They commit high value offenses but are influenced more than the first group by the possibility of losing their job. The recommended strategy for this group is to portray the risks of criminality and the possibility of prosecution. Theft among the third group is less common, but more complex and less easy to detect. This group is more likely to be deterred by disapproval by others. Controls that remove opportunities are less likely to be successful with this group. A more successful strategy is to remind them of the status and benefits they maintain within the company and the financial impact of offending. The fourth group represents the lowest risk but the greatest confidence of not being caught. This group is similar to the third group on other characteristics.

Physical Security Countermeasures

Integration, Open Architecture, and Convergence

The physical security strategies covered in subsequent pages are being increasingly combined into what is called integrated systems. Keener (1994: 6) offers this definition: “An integrated system is the control and operation by a single operator of multiple systems whose perception is that only a single system is performing all functions.” These computer-based systems include access controls, alarm monitoring, CCTV, electronic article surveillance, fire protection and safety systems, HVAC, environmental monitoring, radio and video media, intercom, point-of-sale transactions, and inventory control. Traditionally, these functions existed separate from each other, but increasingly they are integrated and installed within facilities worldwide, controlled and monitored by operators and management at a centralized workstation or from remote locations.

The benefits of integrated systems include lower costs, a reduction in staff, improved efficiency, centralization, and reduced travel and time costs. For example, a manufacturing executive at corporate headquarters can monitor a branch plant’s operations, production, inventory, sales, and loss prevention. Likewise, a retail executive at headquarters can watch the sales floor, special displays, point-of-sale transactions, customer behavior, inventory, shrinkage, and loss prevention. These “visits” to worldwide locations are conducted without leaving the office!

Integration requires careful planning and clear answers to many questions, such as the following:

• Will the integrated system truly cost less and be easier to operate and maintain than separate systems? Obtain separate quotations on integrated and interconnected systems.

• Does the supplier truly have expertise across all the applications?

• Is the integration software listed or approved by a third-party testing agency such as Underwriters Laboratories?

• Do authorities prohibit integration of certain systems? Some fire departments prohibit integrating fire alarm systems with other systems.

Robert Pearson (2000: 20) writes

When attending a conference or trade show, it becomes obvious that every vendor and manufacturer claims to have the “total integrated solution.” It would appear that one would only need to place an order at any number of display booths and all the security problems at a user’s facility would simply vanish. The vendors and manufacturers freely use terms such as integrated systems, enterprise systems and digital solutions in an effort to convince end users to purchase systems and components.

Pearson goes on to describe a typical security alarm system as composed of sensors that connect to a data-gathering panel connected to a computer at a security control center. Integration would mean that sensors, card readers, and other functions would connect to the same data-gathering panel that reports to the same computer. Which multiple functions are integrated depends on the manufacturer. Some manufacturers began with energy management and added security alarm systems in later years; others began with security alarm systems and added access control. Pearson points out that integration is not easy to define because, for example, a question surfaces as to where separate functions come together. Different data-gathering units typically do not connect to a single computer; one reason for this is that there is no standard protocol among manufacturers’ data-gathering systems. Thus, integrating functions among different manufacturers via a single computer is often challenging and produces various approaches. However, integration firms exist that specialize in application-specific software that combines systems for a specific client.

Besides integration, another term used loosely in the security industry is open architecture. It refers to the building of hardware and software whose specifications are public (Webopedia, 2006). “This includes officially approved standards as well as privately designed architectures whose specifications are made public by the designers. The opposite of open is closed or proprietary. The great advantage of open architecture is that anyone can design add-on products for it. By making an architecture public, however, manufacturers allow others to duplicate its product.” To illustrate, Windows is closed and many lawsuits have been filed over clones. David Swartz (1999: 24) notes that the bottom line is that field security hardware is not interchangeable from one manufacturer to the next. As a result, most systems available today preclude the customer from (1) switching to more advanced products, (2) integrating products from other vendors, or (3) choosing the best product. However, Pearson (2001: 16) adds that if security systems used open architecture, safeguards would have to be added to prevent compromise. Today, standard operating systems, proprietary application programs, and data-gathering unit protocols that are proprietary combine to provide protection for the end user.

James Coleman (2000: 38–44) describes trends that help us to understand how physical security is developing. He sees standardizing on a common operating system, something often insisted upon by IT personnel to simplify support requirements. (This relates to the convergence of IT and physical security as discussed in Chapter 1.) Microsoft NT is the choice of many organizations. Coleman notes that every major access control manufacturer has responded to this trend by developing an NT-based product. Such products are becoming increasingly feature rich with improved performance with each new release and the capability to integrate new products, such as asset tracking. Another trend is how security devices communicate with each other. For many years, dedicated wiring has been used to connect security components. With computer networks becoming standard infrastructure in offices and plants, they are being used to connect portions of security systems.

As we know, convergence is characterized by the integrated security system residing on the organization’s network. Although this trend results in IT professionals asking many questions about how security systems will affect IT systems, the benefits of convergence include monitoring from almost anywhere, lower personnel costs, and less traveling.

Dean (2005: 30) provides other examples of the benefits of convergence: with the access system on the organization’s network, an employee needs only one access card to enter company facilities worldwide; and to enhance information security over documents, a card is required to be inserted into a reader attached to a printer.

Another trend, serving as a foundation for convergence, is the use of Internet Protocol (IP) technology to communicate between devices. IP-based products operate on a pre-existing network. An alternative to installing coaxial cable between system components, IP-based products can be connected to the existing LAN/WAN. LAN refers to local area networks that involve communication within a limited area. WAN refers to wide area networks for internal communication on a global scale (e.g., multinational corporate units).

Bernard (2006: 28–32) refers to another aspect of convergence known as identity management system (IDMS). It is used to manage identities and privileges of computer systems and people. Bernard touts the benefits of IDMS by explaining, for example, the following: “Physical security can leverage the HR enrollment of employees by integrating the physical access control system with the IDMS, so the access control privileges are managed automatically along with IT privileges as HR enrolls, re-assigns and terminates employees.”

Bernard notes that the federal government is aware of the importance of IDMS in its personal identity verification systems mandated by Homeland Security Presidential Directive (HSPD) 12. This mandate points to a single smart access card to be used for both physical and IT security among federal agencies. In response to HSPD-12, the National Institute of Standards and Technology (NIST) developed a new standard for secure identification: the Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) for federal employees and contractors. Examples of two requirements are a background check of individuals applying for a card, and the card must be a smart card. Besides government, the private sector is embracing the concept.

Bernard’s advice to physical security practitioners is to realize that IDMS requires much planning and coordination with IT; include physical security in the initial budget; and develop strategy, policy, and procedures in concert with IT.

Hunt (2006: 57–58) offers physical security specialists guidelines for convergence and working with the IT department:

• Connecting a security device to a network increases traffic across the network, so communicate bandwidth (i.e., communications capacity) needs to the IT department.

• When planning a new wireless access point, consider the impact on existing wireless networks.

• Ensure that physical security is part of the IT plan for backing up and restoring devices on the network.

• Since organizations take network segments offline periodically for maintenance, work with the IT department to ensure continuity of physical security.

• Read the IT manual on steps for approving changes to software or computers.

• Find out if the organization complies with IT security standards, such as Generally Accepted Information Security Principles or ISO: 17799.

• If physical security changes require entrance into a network closet, take digital before and after photos of the wiring or videotape the installation.

Access Controls

Access controls regulate people, vehicles, and items during movement into, out of, and within a building or facility. With regulation, assets are easier to protect. If a truck can enter a business facility easily, back up to the shipping dock so that the truck driver can load valuable cargo illegally, and then drive away, that business cannot last long. However, if the truck has to stop at the facility’s front gate, where a uniformed officer issues a pass and records the license and other information, and appropriate paperwork is exchanged at the shipping dock under the watchful eyes of another officer who restricts the driver’s access into the facility, then these controls can prevent losses.

Access controls are vital for the everyday movement of employees, customers, vendors, service people, contractors, and government inspectors. Any of these people can be someone who would steal. In addition to merchandise, proprietary information must be protected.

At one corporation, a security officer permitted two salespeople from another company to enter a restricted area involved in new product development. The officer was fired.

Access control varies from simple to complex. A simple setup includes locks and keys, officers checking identification badges, and written logs of entries and exits. More complex systems use an access card that, when placed at a card reader, records identifying information on the card and when access was granted, and then activates an electronic unlocking device while a CCTV system observes and records the entry. A prime factor influencing the kind of system employed is need. A research laboratory developing a new product requires strict access controls, whereas a retail business would require minimal controls.

Controlling Employee Traffic

The fewest entrances and exits are best for access control and lower costs. Officers can observe people entering and departing. If possible, employees should be routed to the entrance closest to the workplace away from valuable assets.

Unauthorized exits locked from within create a hazard in case of fire or other emergency. To ensure safety yet fewer losses, emergency exit alarms on each locked door are a worthwhile investment. These devices enable quick exit, or a short delay, when pressure is placed against a horizontal bar that is secured across the door. An alarm is sounded when these doors are activated, which discourages unauthorized use.

Searching Employees

Management can provide in the contract of employment that reasonable detentions are permissible; that reasonable searches may be made to protect people and company assets; and that searches may be made at any time of desks, lockers, containers carried by employees, and vehicles (Inbau et al., 1996: 47 and 68; Nemeth, 2005: 84). Case law has permitted an employer to use a duplicate key, known to the employee, to enter a locker at will. On the other hand, an employee who uses a personal lock has a greater expectation of privacy, barring a written condition of employment to the contrary that includes forced entry. When a desk is assigned to a specific employee, an expectation of privacy exists, unless a contract states otherwise. If employees jointly have access to a desk to obtain items, no privacy exists.

Policies and procedures on searches should consider input from management, an attorney, employees, and a union if on the premises. Also, consider business necessity, what is subject to search, signed authorization from each employee, signs at the perimeter and in the workplace, and searches of visitors and others.

Should management and security have the right to search employees and others on the premises? Why or why not?

Visitors

Visitors include customers, salespeople, vendors, service people, contractors, and government employees. A variety of techniques are applicable to visitor access control (Figure 7-4). An appointment system enables preparation for visitors. When visitors arrive without an appointment, the person at reception should lead him or her to a waiting room. Whatever the reason for the visit, the shortest route to specific destinations, away from valuable assets and dangerous conditions, can avert theft and injuries. Lending special equipment, such as a hardhat, may be necessary. A record or log of visits is wise. Relevant information would be name of the visitor, driver’s license number and state, date of visit, time entering and leaving, purpose, specific location visited, name of employee escorting visitor, and temporary badge number. These records aid investigators. Whenever possible, procedures should minimize employee–visitor contact. This is important, for instance, in the shipping and receiving department, where truck drivers may become friendly with employees and conspiracies may evolve. When telephones, restrooms, and vending machines are scattered throughout a plant, truck drivers and other visitors who are permitted easy access may actually steal the place blind. These services should be located at the shipping and receiving dock, and access to outsiders should be limited.

FIGURE 7-4 Interactive kiosk that manages a variety of visitors.Courtesy: Honeywell Security.

Controlling the Movement of Packages and Property

The movement of packages and property also must be subject to access controls. Some locations require precautions against packaged bombs, letter bombs, and other hazards. Clear policies and procedures are needed for incoming and outgoing items. To counter employee theft, outgoing items require both scrutiny and accountability. Uniformed officers can check outgoing items, while a property pass system serves the accountability function.

Employee Identification System

The use of an employee identification (card or badge) system will depend on the number of employees that must be accounted for and recognized by other employees. An ID system not only prevents unauthorized people from entering a facility, but also deters unauthorized employees from entering restricted areas. For the system to operate efficiently, clear policies should state the use of ID cards, where and when the cards are to be displayed on the person, who should collect cards from employees who quit or are fired, and the penalties for noncompliance. A lost or stolen card should be reported so that the proper information reaches all interested personnel. Sometimes ID systems become a joke and employees refuse to wear the badges, or they decorate them or wear them in odd locations on their persons. To sustain an ID system, proper socialization is essential.

Simple ID cards contain employer and employee names. A more complex system would include an array of information: name, signature, address, employee number, physical characteristics (e.g., height, weight, hair and eye colors), validation date, authorized signature, location of work assignment, thumbprint, and color photo. ID cards often serve as access cards.

Contractors, visitors, and other nonemployees require an ID card that should be clearly distinguishable from employee ID cards. Temporary ID badges can be printed with a chemical that causes the word void to appear after a set period.

Lamination discourages card tampering: if an attempt is made to alter the card, it will be disfigured. To laminate a card, a paper ID card is inserted into a plastic case and then placed in a laminating machine that bonds a clear plastic coating over the card.

Pearson (2005: 66) offers anticounterfeiting measures that include the following: holograms that are added to the clear overlay of the printed badge; ultraviolet printing that uses an ultraviolet ribbon to print UV-sensitive images or text and requires a black light to see it; invisible alphanumeric type viewed only by a laser; and secret symbols or letters on the badge.

The area where ID cards are prepared, and relevant equipment and supplies, must be secure. In addition, the equipment and software should be password protected.

Automatic Access Control

The Security Industry Association traces the development of access control systems as described next (D’Agostino, 2005: 1–2). Traditionally, access control systems have been at the center of electronic security systems at buildings that include access control, ID badges, alarm systems, and CCTV. Authentication (i.e., verifying identity) and authorization (i.e., verifying that the identified individual is allowed to enter) have typically occurred as a single-step process in access control. Depending on security needs, access control has been designed for 1-factor authentication (e.g., card or personal identification number or biometric), 2-factor authentication (e.g., card-plus-PIN or card-plus-biometric), or 3-factor authentication (e.g., card-plus-PIN and biometric).

Cryptography (i.e., the study of coded or secret writings to provide security for information) became part of access control systems with the use of encryption (i.e., hardware or software that scrambles data, rendering it unintelligible to an unauthorized person intercepting it) to protect passwords and other information. These methods continue in importance as Ethernet networks (i.e., a trademark for a system of communications between computers on a LAN) replace proprietary equipment connections and as security systems increasingly rely on IP messages and shared networks with other businesses. Traditionally, because no security standards existed for these systems, manufacturers applied their own designs. However, according to the Security Industry Association, change is required to establish standards because of the following drivers:

• The convergence of physical and IT security

• Common user provisioning that permits a single point of employee registration and dismissal (usually in a human resources system) with assignment of physical and IT privileges

• Large customers (e.g., the federal government) require their facilities to be interoperable (i.e., products or systems working with other products or systems)

• Enterprisewide access controls that involve technology and business processes and procedures enabling a single credential to be used across the boundaries of an enterprise (e.g., the federal government Personal Identity Verification program)

• Digital certificate systems, which are the electronic counterparts to driver licenses and other ID, are used to sign electronic information and serve as part of the foundation of secure e-commerce on the Web, and are essential for physical access control system integration with IT

The traditional lock-and-key method of access control has its limitations. For instance, keys are difficult to control and easy to duplicate. Because of these problems, the need for improved access control, and technological innovations, a huge market has been created for electronic card access control systems. These systems contain wired and wireless components. The benefits of these systems include the difficulty of duplicating cards and cost savings because security officers are not required at each access point. The card contains coded information “read” by the system for access or denial. These systems contain a central control enabling a variety of functions such as enrollment of ID and cards, monitoring of entry points and readers, logging of access and egress events, and voiding of lost or stolen cards. Stand-alone systems use battery power and are easy to install because there is no need for a power line or transmission of data, although the data collected at the lock can be gathered via a touring security officer or a wireless system.

Before an automatic access control system is implemented, several considerations are necessary. Safety must be a prime factor to ensure quick exit in case of emergency. Another consideration deals with the adaptability of the system to the type of door presently in use. Can the system accommodate all traffic requirements? How many entrances and exits must be controlled? Will there be an annoying waiting period for those who want to gain access? Are additions to the system possible? What if the system breaks down? Is a backup source of power available (e.g., generators)?

Tailgating and pass back are other concerns. Tailgating means an authorized user is followed by an unauthorized user. To thwart this problem, a security officer can be assigned to each access point, but this approach is expensive when compared to applying CCTV, revolving doors, and turnstiles. Revolving doors can be expensive initially, and they are not an approved fire exit. Optical turnstiles contain invisible infrared beams to count people entering and leaving to control tailgating and pass back. These sensors can be installed in a doorframe and connected to an alarm system and CCTV. Pass back refers to one person passing an opening and then passing back the credential so another person can pass through the opening.

A summary of cards used in card access systems follows:

• Smart cards contain an integrated circuit chip within the plastic that serves as a miniature computer as it records and stores information and personal identification codes in its large memory. Security is increased because information is held in the card, rather than the reader. These cards permit a host of activities from access control to making purchases, while almost eliminating the need for keys or cash. This type of card is growing in popularity as its applications expand.

• Proximity cards (also referred to as RFID) need not be inserted into a reader but placed in its “proximity.” A code is sent via radio frequency, magnetic field, or microchip-tuned circuit. This card is in wide use today.

• Contact Memory Buttons are stainless steel buttons that protect an enclosed computer chip used for access. The information in the button can be downloaded or updated with a reader like other systems. These buttons are known for their durability, serve to ensure accountability of security officers on patrol, and are applied as an asset tag. The buttons are used widely.

• Magnetic stripe cards are plastic, laminated cards (like credit cards) that have a magnetic stripe along one edge onto which a code is printed. When the card is inserted, the magnetically encoded data are compared to data stored in a computer and access is granted on verification. This card is in wide use today.

• Weigand cards employ a coded pattern on a magnetized wire within the card to generate a code number. To gain access, the card is passed through a sensing reader. Other technologies have reduced the popularity of this type of card.

• Bar-coded cards contain an array of tiny vertical lines that can be visible and vulnerable to photocopying, or invisible and read by an infrared reader. Other technologies have reduced the popularity of this type of card.

• Magnetic dot cards contain magnetic material, often barium ferrite, laminated between plastic layers. The dots create a magnetic pattern that activates internal sensors in a card reader. This card is rarely used.

Access card systems vary in terms of advantages, disadvantages, and costs. Each type of card can be duplicated with a sufficient amount of knowledge, time, and equipment. A magnetic stripe is easy to duplicate. A piece of cardboard with a properly encoded magnetic stripe functions with equal efficiency. Magnetic dot cards are vulnerable to deciphering. Although bar-coded cards also are easy to duplicate, they can be made more secure by covering the code with an opaque patch, which prevents photocopying. Many software programs are available that can generate bar codes, so fully concealing the code adds more security. Weigand and proximity cards are more difficult to duplicate but higher in cost. The Weigand card has the disadvantage of wear and tear on the card that passes through a slot for access. Proximity cards have the advantage of the sensing element being concealed in a wall, and the card typically can be read without removing it from a pocket. Smart cards are expensive, but they can be combined with other card systems; also, they are convenient because of the capability of loading and updating the card applications over the Web (Barry, 1993: 75; Garcia, 2006: 156–157; Gersh, 2000: 18; Toye, 1996: 23).

Biometric security systems have been praised as a major advance in access control because such systems link the event to a particular individual, whereas a key, card, personal identification number (PIN), or password may be used by an unauthorized individual. These systems verify an individual’s identity through fingerprint scan, hand scan (hand geometry) (see Figure 7-5), iris scan (the iris is the colored part around the pupil of the eye), retina scan (the retina is the sensory membrane lining the eye and receiving the image formed by the lens), voice patterns, physical action of writing, and facial scan. The biometric leaders are fingerprint, hand, iris, and face recognition (Piazza, 2005: 41–55). Research continues to improve biometrics. Voice and writing are being refined, and research is being conducted on gait, body odor, heartbeat, and inner ear bones. In the near term, we will not see facial scan pick a known terrorist out of a crowd, but the technology is evolving. Digitized photos shot at angles or in poor light can be flawed. The challenge with facial scan is identifying a person on the move (Philpott, 2005: 16–21).

FIGURE 7-5 Verifying identity through hand geometry.Courtesy: hid corporation.

Basically, biometric systems operate by storing identifying information (e.g., fingerprints, photos) in a computer to be compared with information presented by a subject requesting access. The applications are endless: doors, computers, vehicles, and so on. Although biometric systems have been touted as being invincible, no security is foolproof, as illustrated by terrorists who cut off the thumb of a bank manager to gain entry through a fingerprint-based access control system. In addition, researchers have constructed fake fingers by taking casts of real fingers and molding them into Play-Doh. The researchers developed a technique to check for moisture as a way to reduce this ploy (Aughton, 2005). Harowitz (2007: 48–50) writes that a biometric fingerprint system may also be subject to defeat by using a fingerprint from dusting a latent print with graphite powder and covering it with fingerprint tape. Again, checking for moisture reduces this problem. She also writes that although iris recognition systems are less likely to be spoofed than biometric fingerprint systems, “iris recognition systems have been spoofed with high-resolution photographs with an eyehole cut for the pupil and custom contact lenses with high-resolution iris patterns printed on them.” Research is being conducted to find vulnerabilities in biometric systems and correct them.

Access controls often use multiple technologies, such as smart card and biometrics. One location may require a card and a PIN (see Figure 7-6), whereas another requires scanning a finger and a PIN. Many systems feature a distress code that can be entered if someone is being victimized. Another feature is an alarm that sounds during unauthorized attempted entry. Access systems can be programmed to allow select access according to time, day, and location. The logging capabilities are another feature to ascertain personnel location by time, date, and the resources expended (e.g., computer time, parking space, cafeteria). These features provide information during investigations and emergencies.

FIGURE 7-6 Card reader and key pad.Courtesy: Diebold, Inc.

We are seeing an increasing merger of card access systems and biometric technology, and thus, missing or stolen cards are less of a concern. We will see more point-of-sale readers that accept biometric samples for check cashing, credit cards, and other transactions. The use of biometric systems will become universal—banking, correctional facilities, welfare control programs, and so forth.

Locks and Keys

The basic purpose of a lock-and-key system is to hinder unauthorized entry. Attempts to enter a secure location usually are made at a window or door to a building or at a door somewhere within a building. Consequently, locks deter unauthorized access from outsiders and insiders. Many see a lock only as a delaying device that is valued by the amount of time needed to defeat it. Zunkel (2003: 32) notes: “… it is important that designers know that a lock by itself is only part of a larger system that includes the door, the wall, the perimeter and a security plan.”

Standards related to locking systems include those from American National Standards Institute (ANSI), American Society for Testing and Materials (ASTM), Underwriters Laboratories (UL), and the Builders Hardware Manufacturers Association (BHMA). Local ordinances may specify requirements for locks.

Two general ways to classify locks are mechanical and electromechanical. Mechanical locks include the common keyed lock and the pushbutton lock that contains a keypad to enter an access code to release the lock. Electromechanical locks include an electronic keypad that is connected to an electric strike, lock, or magnetic lock. When the access code is entered, the strike or lock is released to open the door (Department of Defense, 2000: D-5).

There are many types of locks and locking systems that range from those that use simple, ancient methods to those that apply modern technology, including electricity, computers, and wireless components. Here, we begin with basic information as a foundation for understanding locks. Locking devices are often operated by a key, numerical combination, card, or electricity. Many locks (except padlocks) use a deadbolt and latch. The deadbolt (or bolt) extends from a door lock into a bolt receptacle within the doorframe. Authorized entry is made by using an appropriate key to manually move the bolt into the door lock. Latches are spring loaded and less secure than a deadbolt. They are cut on an angle to permit them to slide right into the strike when the door is closed (see Figure 7-7). Unless the latch is equipped with a locking bar (deadlatch), a knife can possibly be used to push the latch back to open the door.

FIGURE 7-7 Latch and door strike.

The cylinder part of a lock contains the keyway, pins, and other mechanisms that permit the deadbolt or latch to be moved by a key for access (see Figure 7-8). Double-cylinder locks, in which a cylinder is located on each side of a door, are a popular form of added security as compared to single-cylinder locks. Double-cylinder locks require a key for both sides; however, fire codes may prohibit such locks. With a single-cylinder lock, a thief may be able to break glass or remove a wood panel and then reach inside to turn the knob to release the lock. For safety’s sake, locations that use double-cylinder locks must prepare for emergency escape by having a key readily available.

FIGURE 7-8 Cylinder.

Key-in-knob locks are used universally but are being replaced by key-in-the-lever locks (see Figure 7-9) to be ADA compliant. As the name implies, the keyway is in the knob or lever. Most contain a keyway on the outside and a button on the inside for locking from within.

FIGURE 7-9 Mechanical lock with lever requiring no wiring, electronics, or batteries.Courtesy: Ilco Unican.

Entrances for Handicapped

The Internal Revenue Service offers a tax credit to eligible businesses that comply with provisions of the ADA to remove barriers and promote access for individuals with disabilities. The door hardware industry offers several products and solutions to aid the disabled (see Figure 7-10). Electrified door hardware such as magnetic locks and electromechanical locks retracts the latch when energized.

FIGURE 7-10 Entrances for handicapped.Courtesy: Von Duprin Division of Ingersoll-Rand Company.

Attacks and Hardware

There are several ways to attack locks. One technique, as stated earlier, is to force a knife between the doorframe (jamb) and the door near the lock to release the latch. However, when a deadlatch or deadbolt is part of the locking mechanism, more forceful methods are needed. In one method, called “springing the door,” a screwdriver or crowbar is placed between the door and the doorframe so that the bolt extending from the door lock into the bolt receptacle can be pried out, enabling the door to swing open (see Figure 7-11). A 1-inch bolt will hinder this attack.

FIGURE 7-11 Deadbolt and door frame.

In “jamb peeling,” another method of attack, a crowbar is used to peel at the doorframe near the bolt receptacle so that the door is not stopped from swinging open. Strong hardware for the doorframe is helpful. In “sawing the bolt,” a hacksaw is applied between the door and the doorframe, similar to the placement of the screwdriver in Figure 7-11. Here again, strong hardware, such as a metal bolt composed of an alloy capable of withstanding a saw blade, will impede attacks. Some offenders use the cylinder-pulling technique: the cylinder on the door is actually ripped out with a set of durable pliers or tongs. A circular steel guard surrounding the cylinder (see Figure 7-11) will frustrate the attacker. Offenders also are known to use automobile jacks to pressure doorframes away from a door.

Both high-quality hardware and construction will impede attacks, but the door itself must not be forgotten. If a wood door is only 1/4-inch thick, even though a strong lock is attached, the offender may simply break through the door. A solid wood door 1 3/4 inches thick or a metal door is a worthwhile investment. Wood doorframes at least 2 inches thick provide durable protection. When a hollow steel frame is used, the hollow area can be filled with cement to resist crushing near the bolt receptacle. An L-shaped piece of iron secured with one-way screws will deter attacks near the bolt receptacle for doors swinging in (see Figure 7-12). When a padlock is used in conjunction with a safety hasp, the hasp must be installed correctly so that the screws are not exposed (see Figure 7-13).

FIGURE 7-12 L-shaped plate.

FIGURE 7-13 safety hasp.

Many attacks are by forced entry, which is easier to detect than when the use of force is minimal. Lock picking is one technique needing a minimum amount of force. It is used infrequently because of the expertise required, although picks are available on the Internet. Lock picking is accomplished by inserting a tension wrench (an L-shaped piece of metal) into the cylinder and applying tension while using metal picks to align the pins in the cylinder as a key would to release the lock (see Figure 7-8). The greater the number of pins, the more difficult it is to align them. A cylinder should have at least six pins.

A more difficult attack utilizes a blank key, matches, and a file. The blank key is placed over a lighted match until carbon is produced on the key. Then the key is inserted into the cylinder. The locations where the pins have scraped away the carbon signify where to file. Needless to say, this method is time-consuming and calls for repeated trials. Offenders sometimes covertly borrow a key, quickly press it into a bar of soap or wax, return the key, and then file a copy on a blank key. This method illustrates the importance of key control.

After gaining access, an offender may employ some tricks to make sure nobody enters while he or she is busy. This is accomplished, for instance, by inserting a pin or obstacle in the keyway and locking the door from the inside.

Whatever hardware is used, the longer it takes to attack a lock, the greater is the danger for the offender. Six or more pins and pick-resistant, impression-resistant cylinders inhibit unauthorized access. One further point: most burglary insurance policies state that there must be visible signs of forced entry to support a claim.

Other methods of entry may be used by offenders. A thief may simply use a stolen key or a key (or access card) borrowed from another person. Unfortunately, intruders often enter restricted areas because somebody forgot to use a locking device. This mistake renders the most complex locks useless.

The methods of defeating lock-and-key systems do not stop here. Innovative thieves and various kinds of locks, keys, and access systems create a hodgepodge of methods that loss prevention practitioners should understand.

Types of Locks

Volumes have been written about locks. The following briefly summarizes simple and more complex locks:

• Warded (or skeleton key tumbler) lock: This older kind of lock is disengaged when a skeleton key makes direct contact with a bolt and slides it back into the door. It is an easy lock to pick. A strong piece of L-shaped metal can be inserted into the keyway to move the bolt. Warded locks are in use in older buildings and are recognized by a keyway that permits seeing through. Locks on handcuffs are of the warded kind and can be defeated by a knowledgeable offender.

• Disc tumbler (or wafer tumbler) lock: The use of this lock, originally designed for the automobile industry, has expanded to desks, cabinets, files, and padlocks. Its operation entails spring-loaded flat metal discs, instead of pins, that align when the proper key is used. These locks are mass produced, inexpensive, and have a short life expectancy. More security is offered than warded locks can provide, but disc tumbler locks are subject to defeat by improper keys or being jimmied.

• Pin tumbler lock: Invented by Linus Yale in 1844, the pin tumbler lock is used widely in industry and residences (see Figure 7-8). Its security surpasses that of the warded and disc tumbler kinds.

• Lever lock: Lever locks vary widely. Basically, these locks disengage when tumblers are aligned by the proper key. Those found in cabinets, chests, and desks often provide minimal security, whereas those found in bank safe deposit boxes are more complex and provide greater security. The better quality lever lock offers more security than the best pin tumbler lock.

• Combination lock: This lock requires manipulating a numbered dial(s) to gain access. Combination locks usually have three or four dials that must be aligned in the correct order for entrance. These locks provide greater security than key locks because a limited number of people probably will know the lock combination, keys are unnecessary, and lock picking is obviated. They are used for safes, bank vaults, and high-security filing cabinets. With older combination locks, skillful burglars are able actually to listen to the locking mechanism to open the lock; more advanced mechanisms have reduced this weakness. A serious vulnerability results when an offender watches the opening of a combination lock with either binoculars or a telescope. Retailers sometimes place combination safes near the front door for viewing by patrolling police; however, unless the retailer uses his or her body to block the dial from viewing, losses may result. This same weakness exists where access is permitted by typing a secret code into a keyboard for access to a parking lot, doorway, or secure area.

• Combination padlock: This lock is similar in operation to a combination lock. It is used on employee or student lockers and in conjunction with safety hasps or chains. Some of these locks have a keyway so they can be opened with a key.

• Padlock: Requiring a key, this lock is used on lockers or in conjunction with hasps or chains. Numerous kinds of construction are possible, each affording differing levels of protection. Low-security padlocks contain warded locks, whereas more secure ones have disc tumbler, pin tumbler, or lever characteristics. Serial numbers on padlocks are a security hazard similar to combination padlocks.

Other kinds of locks include devices that have a bolt that locks vertically instead of horizontally. Emergency exit locks with alarms or “panic alarms” enable quick exit in emergencies while deterring unauthorized door use. Sequence locking devices require locking the doors in a predetermined order; this ensures that all doors are locked because the outer doors will not lock until the inner doors are locked.

The use of interchangeable core locks is a method to deal with the theft, duplication, or loss of keys. Using a special control key, one core (that part containing the keyway) is simply replaced by another. A different key then is needed to operate the lock. This system, although more expensive initially, minimizes the need for a locksmith or the complete changing of locks.

Automatic locking and unlocking devices also are a part of the broad spectrum of methods to control access. Digital locking systems open doors when a particular numbered combination is typed. If the wrong number is typed, an alarm is sounded. Combinations can be changed when necessary. Electromagnetic locks use magnetism, electricity, and a metal plate around doors to hold doors closed. When the electricity is turned off, the door can be opened. Remote locks enable opening a door electronically from a remote location. Before releasing the door lock, an officer seated in front of a console identifies an individual at a door by use of CCTV and a two-way intercom. Backup power is essential for these systems.

Trends taking place with locks and keys include increasing use of electronics and microchip technology. For example, hybrids have been developed whereby a key can serve as a standard hardware key in one door and an electronic key in another door. “Smart locks” have grown in popularity. These locks combine traditional locks with electronic access control; read various types of access cards for access; use a tiny computer to perform multiple functions, including holding data (e.g., access events); and can be connected to an access control system for uploading and downloading data. Most contain a tiny battery; others are connected to a power supply.

Wireless locking systems and RF online locking systems make use of modern technology, although care must be exercised in the evaluation and purchasing process. A pilot project helps to ensure reliability. Signals are hindered by metallic materials (e.g., steel buildings). These systems avoid the use of wire between the lock and the access control panel. Since these locks are battery operated, a backup power source is essential. In one case, during an emergency, the locks of a building became useless when the battery power in the locks ran out. The American National Standards Institute (ANSI) and Underwriters Laboratories (UL) offer standards for locks that are followed by manufacturers.

Although card access systems are used universally, locks and keys are still used to protect a variety of assets.

Master Key Systems

In most instances, a lock accepts only one key that has been cut to fit it. A lock that has been altered to permit access by two or more keys has been master keyed. The master key system allows a number of locks to be opened by the master key. This system should be confined to high-quality hardware utilizing pin tumbler locks. A disadvantage of the master key system is that if the master key is lost or stolen, security is compromised. A change key fits one lock. A submaster key will open all locks in, for instance, a wing of a building. The master key opens locks covered by two or more submaster systems.

Key Control

Without adequate key control, locks are useless and losses are likely to climb. Accountability and proper records are necessary, as with access cards. Computerized record-keeping programs are available for key control. Keys should be marked with a code to identify the corresponding lock; the code is interpreted via a record stored in a safe place. A key should never be marked, “Key for room XYZ.” When not in use, keys should be positioned on hooks in a locked key cabinet or vault. The name of the employee, date, and key code are vital records to maintain when a key is issued. These records require continuous updating. Employee turnover is one reason why precise records are vital. Departing employees will return keys (and other valuables) if their final paycheck is withheld. Policies should state that reporting a lost key would not result in punitive action; an investigation and a report will strengthen key control. If key audits check periodically who has what key, control is further reinforced. To hinder duplication of keys, “do not duplicate” may be stamped on keys, and company policy can clearly state that key duplication will result in dismissal. Lock changes are wise every eight months and sometimes at shorter intervals on an irregular basis. Key control also is important for vehicles such as autos, trucks, and forklifts. These challenges and vulnerabilities of traditional lock and key systems have influenced organizations in switching to modern access control and biometric systems.

As a security manager, how do you solve the following problem? Because of employees who quit, were laid off, or fired, many keys are not being returned and remaining employees are expressing concern about their safety.

Intrusion Detection Systems

An intrusion detection system detects and reports an event or stimulus within its detection area. A response to resolve the reported problem is essential. The emphasis here is on interior sensors. Sensors appropriate for perimeter protection are stressed in Chapter 8.

What are the basic components of an intrusion detection system? Three fundamental components are sensor, control unit, and annunciator. Sensors detect intrusion by, for example, heat or movement of a human. The control unit receives the alarm notification from the sensor and then activates a silent alarm or annunciator (e.g., a light or siren), which usually produces a human response. There are a variety of intrusion detection systems, and they can be wired or wireless. Several standards exist for intrusion detection systems from UL, ISO, the Institute of Electrical and Electronics Engineers, and other groups. Types of interior sensors are explained next (Garcia, 2006: 104–122; Honey, 2003: 48–94).

Interior Sensors

A balanced magnetic switch consists of a switch mounted to a door (or window) frame and a magnet mounted to a moveable door or window. When the door is closed, the magnet holds the switch closed to complete a circuit. An alarm is triggered when the door is opened and the circuit is interrupted. An ordinary magnetic switch is similar to the balanced type, except that it is simpler, is less expensive, and provides a lower level of security. Switches provide good protection against opening a door; however, an offender may cut through a door or glass. (Chapter 8 provides illustrations of switch sensors.)

Mechanical contact switches contain a pushbutton-actuated switch that is recessed into a surface. An item is placed on it that depresses the switch, completing the alarm circuit. Lifting the item interrupts the circuit and signals an alarm.

Pressure-sensitive mats contain two layers of metal strips or screen wire separated by sections of foam rubber or other flexible material. When pressure is applied, as by a person walking on the mat, both layers meet and complete an electrical contact to signal an alarm. These mats are applied as internal traps at doors, windows, and main traffic points, as well as near valuable assets. The cost is low, and these mats are difficult to detect. If the mat is detected by the offender, he or she can walk around it.

Grid wire sensors are made of fine insulated wire attached to protected surfaces in a grid pattern consisting of two circuits, one running vertical, the other horizontal, and each overlapping the other. An interruption in either circuit signals an alarm. This type of sensor is applied to grill work, screens, walls, floors, ceilings, doors, and other locations. Although these sensors are difficult for an offender to spot, they are expensive to install, and an offender can jump the circuit.

Trip wire sensors use a spring-loaded switch attached to a wire stretched across a protected area. An intruder “trips” the alarm (i.e., opens the circuit) when the wire is pulled loose from the switch. These sensors are often applied to ducts but can be applied to other locations. If the sensor is spotted by an offender, he or she may be able to circumvent it.

Vibration sensors detect low-frequency energy resulting from the force applied in an attack on a structure (see Figure 7-14). These sensors are applied to walls, floors, and ceilings. Various sensor models require proper selection.

FIGURE 7-14 vibration sensor.

Capacitance sensors create an electrical field around metallic objects that, when disturbed, signals an alarm (see Figure 7-15). These sensors are applied to safes, file cabinets, grills at openings (e.g., windows), and other metal objects. One sensor can protect many objects; however, it is subject to defeat by using insulation (e.g., heavy gloves).

FIGURE 7-15 capacitance sensor.

Infrared photoelectric beam sensors activate an alarm when an invisible infrared beam of light is interrupted (see Figure 7-16). If the system is detected, an offender may jump over or crawl under the beam to defeat it. To reduce this vulnerability, tower enclosures can be used to stack sensors.

FIGURE 7-16 infrared photoelectric beam system.

Ultrasonic motion detectors create a pattern of inaudible sound waves that are transmitted into an area and monitored by a receiver. These detectors operate on the Doppler effect, which is the change in frequency that results from the motion of an intruder. These detectors are installed on walls or ceilings or used covertly (i.e., disguised within another object). They are subject to nuisance alarms from high-pitched noises or air currents and can be defeated by objects blocking the sensor or by fast or slow movement. The use of this detector is limited because of false alarms.

Microwave motion detectors operate on the Doppler frequency-shift principle. An energy field is transmitted into an area and monitored for a change in its pattern and frequency, which results in an alarm. Because microwave energy penetrates a variety of construction materials, care is required for placement and aiming. However, this can be an advantage in protecting multiple rooms and large areas with one sensor. These sensors can be defeated (like ultrasonic ones) by objects blocking the sensor or by fast or slow movement.

Passive infrared (PIR) intrusion sensors are passive in that they do not transmit a signal for an intruder to disturb. Rather, moving infrared radiation (from a person) is detected against the radiation environment of a room. When an intruder enters the room, the level of infrared energy changes, and an alarm is activated. Although the PIR is not subject to as many nuisance alarms as ultrasonic and microwave detectors, it should not be aimed at sources of heat or surfaces that can reflect energy. The PIR can be defeated by blocking the sensor so it cannot pick up heat.

Passive audio detectors listen for noise created by intruders. Various models filter out naturally occurring noises not indicating forced entry. These detectors can use public address system speakers in buildings, which can act as microphones to listen to intruders. The actual conversation of intruders can be picked up and recorded by these systems. To enhance this system, CCTV can provide visual verification of an alarm condition, video in real time, and still images digitally to security or police, and evidence. The audio also can be two-way, enabling security to warn the intruders. Such audiovisual systems must be applied with extreme care to protect privacy, confidentiality, and sensitive information, and to avoid violating state and federal wiretapping and electronic surveillance laws.

Fiber optics is used for intrusion detection and for transmission of alarm signals. It involves the transportation of information via guided light waves in an optical fiber. This sensor can be attached to or inserted in many things requiring protection. When stress is applied to the fiber optic cable, an infrared light pulsing through the cable reacts to the stress and signals an alarm.

Intrusion detection systems only detect and report an alarm condition. These systems do not stop or apprehend an intruder.

Trends

Two types of sensor technologies often are applied to a location to reduce false alarms, prevent defeat techniques, or fill unique needs. The combination of microwave and passive infrared sensors is a popular example of applying dual technologies (see Figure 7-17). Reporting can be designed so an alarm is signaled when both sensors detect an intrusion (to reduce false alarms) or when either sensor detects an intrusion. Sensors are also becoming “smarter” by sending sensor data to a control panel or computer, distinguishing between humans and animals, and activating a trouble output if the sensor lens is blocked. Supervised wireless sensors have become a major advancement because sensors can be placed at the best location without the expense of running a wire; these sensors are constantly monitored for integrity of the radio frequency link between the sensor and panel, status of the battery, and whether the sensor is functioning normally (Garcia, 2006: 104; O’Leary, 1999: 36–48).

FIGURE 7-17 commercial intrusion alarm system.

Operational Zoning

Operational zoning means that the building being protected has a segmented alarm system, whereby the alarm can be turned on and off within particular zones depending on usage. For example, if an early morning cleaning crew is in the north end of a plant, then that alarm is turned off while other zones still have the alarm on. Furthermore, zoning helps to pinpoint where an intrusion has occurred.

Alarm Monitoring

Today, many entities have an alarm system that is monitored by an in-house station (e.g., a console at a secure location) or from a central station (contract service) located off the premises. These services easily can supply reports of unusual openings and closings, as well as those of the regular routine. Chapter 8 covers alarm signaling systems.

Closed-Circuit Television

Closed-circuit television, or CCTV (see Figure 7-18), assists in deterrence, surveillance, apprehension, and prosecution. This technology is also helpful in civil cases to protect an organization’s interests. The applications go beyond security and justice. For instance, CCTV can serve as a tool to understand production problems or customer behavior. Although it may be costly initially, CCTV reduces personnel costs because it allows the viewing of multiple locations by one person. For instance, throughout a manufacturing plant, multiple cameras are installed, and one security officer in front of a console monitors the cameras. Accessories include pan (i.e., side-to-side movement), tilt (i.e., up-and-down movement), and zoom lenses, referred to as “PTZ” in the industry, which are mechanisms that permit viewing mobility and opportunities to obtain a close look at suspicious activity. Additional system capabilities include recording incidents and viewing when limited light is present. Modern technology has greatly altered CCTV capabilities, as described in subsequent paragraphs.

FIGURE 7-18 Closed-circuit television (CCTV) sign. Camera at top.

Standards for CCTV systems are from several sources. These include ANSI, SIA, National Electrical Manufacturers Association, American Public Transportation Association, government agencies, ISO/International Electrotechnical Commission, and the International Code Council. England and Australia are especially active preparing CCTV standards.

During the 1950s, CCTV began its development. The traditional CCTV system that came into greater use in the 1970s consisted of analog recording systems, solid-state cameras, and coaxial cable (Siemon Company, 2003; Suttell, 2006: 114). This older technology applied multiple cameras connected through cabling to a camera control unit and a multiplexer that fed several videocassette recorders (VCR) in a central control room. The images were viewed real time via several monitors. The disadvantages of this technology include the following: the control room is a single point of failure within the security infrastructure; if a camera is moved, cable is required for the connection; the use of VCRs results in numerous cassette tapes requiring storage space; and humans are necessary to change and store tapes.

Older technology, such as the VCR that could record for a limited number of hours, was followed by time-lapse recorders (i.e., single frames of video are stored at intervals over an extended period of time) with recording capabilities up to several hundred hours, plus an alarm mode in which the recorder reverts to real time when an alarm condition exists. Real-time setting records 30 frames a second; time-lapse video may record between one frame a second and one frame every eight seconds. Time-lapse recorder features included a quick search for alarm conditions during playback, the playing of recorded video frames according to the input of time by the user, and the interface with other security systems such as access controls to ensure a video record of all people entering and departing.

Advances in technology have improved the capabilities of CCTV systems. A new generation CCTV system developed with unshielded twisted-pair (UTP) cabling (i.e., a cable with multiple pairs of twisted insulated copper conductors in a single sheath) that enabled cameras to run on the existing infrastructure. Digital video recorders (DVR) were introduced in the mid-1990s, and with them, several advantages over analog, including recording on hard disk drives like a file is stored on a personal computer. Other advantages are avoiding tape storage, remote viewing, easy playback and searches, improved quality of images, and longer life of recordings. Another advance is digital recording in networking, which is referred to as network video recorder (NVR). Rather than many DVRs networked together, an NVR is the camera system. An NVR is digital cameras managed by specially designed computer operating software designed to manage video surveillance (Alten, 2005: 8).

Internet protocol (IP)-based network cameras permit IP networking of video to be shared where the network reaches, including offsite storage. IP video can be controlled and viewed from a PDA, phone, laptop computer, or other mobile device. It is also encrypted. IP-based CCTV systems, including IP cameras, IP video servers, and IP keyboards, can be located almost anywhere. In addition, the IP keyboard can control the PTZ and other management functions such as recording and searching. When the existing infrastructure in a building is used, a building can become automated on one cable system and include not only CCTV, but also access control, fire/safety systems, voice, network traffic, and other systems.

It is important to distinguish between the older analog technology and the newer digital technology. Analog signals are used in their original form and placed, for example, on a tape. Most earlier electronic devices use the analog format (e.g., televisions, record players, cassette tape recorders, and telephones). Analog technology is still applied today. With digital technology, the analog signals are sampled numerous times and turned into numbers and stored in a digital system. Today, many devices contain digital technology (e.g., high-definition TV, CDs, fiber-optic telephone lines, and digital telephones).

Even with the shift to IP-based network systems for CCTV, video is still transmitted over coaxial cable, twisted pair wire, fiber-optic cable, microwave, radio frequency, and telephone lines. What we have is the opportunity (as with other electronic security systems) for, say, an executive in New York to monitor inside a business in Hong Kong.

Wireless video transmission (e.g., RF or microwave) is an option under certain circumstances. Examples include flexible deployment whereby cameras must be moved periodically (e.g., changing exhibition hall), covert surveillance requiring quick and easy installation, at emergency sites, and historical buildings where a cable route is not possible. Careful planning is required prior to the installation of transmitters and receivers to prevent the radio signal from being blocked. Line of sight is an important issue. Interference can result from environmental conditions such as metallic buildings, aluminum siding, solar flares, lightning, heavy rain, snow, and high wind (Chan, 2005: 46–48).

When IT personnel are approached about including CCTV on a network, they are often concerned about how much bandwidth the video will use. To allay fears, one option at a multibuilding facility is to maintain a DVR at every building for storage of video so all video is not transmitted to the central computer.

For those end users using traditional analog technology while moving toward an IP-based retrofit, options include using “hybrid” products that accommodate both analog and IP-based signals. Lasky (2006: 38) advises against a full IP retrofit at this time because there are too many variables that are not standardized with IP cameras, a major one being the amount of bandwidth required on a network with numerous IP cameras.

Organizations that employ CCTV systems may consider streaming video surveillance from remote sites to regional centers. Although this approach can be challenging, it can also reduce plant and personnel costs. A key factor in this decision is compression because bandwidth limitations affect the amount of video that can be exchanged between transmitting and receiving sites. Similar to a roadway tunnel, only a certain number of vehicles can enter the tunnel at any one time. However, if the vehicles are made smaller, more can fit. Compression is the amount of redundant video that can be stripped out of an image before storage and transmission, and there are various compression techniques (Mellos, 2005: 34).

Another concern, as physical security personnel increasingly rely on a network, is access to the network for a variety of security-related information. In this case, the IT personnel have the option of placing such security information on a subnet to prevent access to the whole network.

Changing technology has brought about the charged coupled device (CCD) or “chip” camera, a small, photosensitive unit designed to replace the tube in the closed-circuit camera. CCD technology is found in camcorders. CCD cameras have certain advantages over tube cameras: CCD cameras are more adaptable to a variety of circumstances, they have a longer life expectancy, “ghosting” (i.e., people appearing transparent) is less of a problem, there is less intolerance to light, less power is required, and less heat is produced, thereby requiring less ventilation and permitting installation in more locations.

Another technology for capturing images digitally is the complementary metal oxide semiconductor (CMOS). This camera is less popular than the CCD camera and more complex. Both types of cameras convert light into electric charge and process it into electronic signals.

Digital cameras are replacing analog cameras. Although analog signals can be converted into digital signals for recording to a PC, quality may suffer. Digital cameras use digital signals that are saved directly to hard drive, but space on a hard drive is limited for video. Network cameras are analog or digital video cameras connected to the Internet with an IP address.

Increasing “intelligence” is being built into CCTV–computer-based systems. Multiplex means sending many signals over one communications channel. Video multiplex systems minimize the number of monitors security personnel must watch by allowing numerous cameras to be viewed at the same time on one video screen. The pictures are compressed, but a full view is seen of each picture. If an alarm occurs, a full screen can be brought up. The digital multiplex recorder enables users to record events directly to a hard drive, reducing storage space.

The prolonged watching of CCTV monitors (i.e., screens) by personnel, without falling asleep, has been a challenge since the origin of these systems. Personnel that are not rotated periodically become fatigued from watching too much TV. This serious problem is often overlooked. People may “test” the monitoring of the system by placing a bag or rag over a camera or even spraying the lens with paint. If people see that there is no response, CCTV becomes a hoax. The use of dummy cameras is not recommended because, when people discover the dummy, CCTV can be perceived as a deceitful farce.

Users of CCTV systems are especially interested in the recording capabilities of their systems, knowing their personnel are often occupied with multiple tasks (e.g., answering questions for customers, providing information over the telephone) and unable to watch monitors continuously. When an event does occur, these systems permit a search of recordings by date, time, location, and other variables.

CCTV capabilities can be enhanced by using video motion detection (VMD). A video motion detector operates by sending, from a camera, a static (i.e., having no motion) picture to a memory evaluator to analyze the image for pixel changes. Any change in the picture, such as movement, activates an alarm. These systems assist security officers in reacting to threats and reduce the burden of increasing camera usage. Tse (2006: 42) refers to a study by an Australian firm that found that after 12 minutes of continuous watching of monitors, an operator would often miss up to 45% of scene activity, and after 22 minutes, up to 95% is overlooked.

The integration of VMD and intelligent video systems (IVS) is a developing technology that offers a variety of promising functions that aim to precisely define alarm conditions, enhance the capabilities of CCTV systems, and reduce the problem of humans missing important events on monitors. These systems enable the user to preselect actions that are programmed into the digital video system, and this software signals an alarm when such an event takes place. Examples of events triggering an alarm include stopped or moving vehicles, objects that are abandoned or removed, and loitering of people (Duda, 2006: 48–50).

Cameras commonly are placed at public streets, access points, passageways, shipping and receiving docks, merchandise storage areas, cashier locations, parts departments, and overlooking files, safes, vaults, and production lines. In the workplace, the location of cameras requires careful planning to avoid harming employee morale. A key restriction on the placement of cameras is that they must not be applied to an area where someone has a reasonable expectation of privacy (e.g., restrooms, locations where individuals change clothes).

The extent of the use of hidden surveillance cameras is difficult to measure, especially because many individuals are unaware of the existence of these cameras in workplaces. Pinhole lenses are a popular component of hidden surveillance cameras. They get their name from the outer opening of the lens, which is 1/8 to 1/4 inch in diameter and difficult to spot. Cameras are hidden in almost any location, such as clocks, file cabinets, computers, sprinkler heads, and mannequins.

It is important to note that when the network is down, IP cameras, NVR, and other technology tied to the network are down; therefore, emergency plans are essential to maintain business continuity.

Security Officers

Security officers play an important role in countering internal losses. They must be integrated with technology, and this entails quality training and supervision. When uniformed officers patrol on foot inside a facility—through production, storage, shipping, receiving, office, and sales floor areas—an enhanced loss prevention atmosphere prevails. Unpredictable and irregular patrols deter employee theft (among other losses). A properly trained officer looks for deviations, such as merchandise stored or hidden in unusual places, and tampered devices (e.g., locks, alarms, and CCTV). Thoroughly searching trash containers deters employees from hiding items in that popular spot. Losses also are hindered when officers identify and check people, items, and vehicles at access points.

Safes, Vaults, and File Cabinets

Safes

Protective containers (see Figure 7-19) secure valuable items (e.g., cash, confidential information). These devices generally are designed to withstand losses from fire or burglary. Specifications vary, and an assessment of need should be carefully planned. Management frequently is shocked when a fire-resistive safe in which valuable items are “secured” enables a burglar to gain entry because the safe was designed only for fire. The classic fire-resistive (or record) safe often has a square (or rectangular) door and thin steel walls that contain insulation. During assembly, wet insulation is poured between the steel walls; when the mixture dries, moisture remains. During a fire, the insulation creates steam that cools the safe below 350°F (the flash point of paper) for a specified time. The FBI maintains safe insulation files to assist investigators. Record safes for computer media require better protection because damage can occur at 125°F, and these records are more vulnerable to humidity. Fire safes are able to withstand one fire; thereafter, the insulation is useless.

FIGURE 7-19 safe with electronic lock.Courtesy: Sargent & Greenleaf, Inc.

The classic burglary-resistive (or money) safe often has a thick, round door and thick walls. Round doors were thought to enhance resistance, but today many newer burglary-resistive safes have square or rectangular doors. The burglary-resistive safe is more costly than the fire-resistive safe.

Better quality safes have the Underwriters Laboratories (UL, a nonprofit testing organization) rating (see Table 7-1). This means that manufacturers have submitted safes for testing by UL. These tests determine the fire- or burglary-resistive properties of safes. For example, a fire-resistive container with a UL rating of 350–4 can withstand an external temperature to 2000°F for four hours while the internal temperature will not exceed 350°F. The UL test actually involves placing a safe in an increasingly hot furnace to simulate a fire. An explosion impact test requires another safe of the same model to be placed in a preheated (2000°F) furnace for half an hour. Then the heat is lowered slightly for another half hour before the safe is dropped 30 feet onto rubble. If the safe is still intact, it is returned to the furnace for an hour at 1700°F before it is allowed to cool so that the papers inside can be checked for damage. In reference to burglary-resistive containers, a UL rating of TL15, for example, signifies weight of at least 750 pounds and resistance to an attack on its door by common tools for a minimum of 15 minutes. UL-rated burglary-resistive safes also contain UL-listed combination locks and other UL-listed components. UL is constantly toughening its standards. When selecting a safe, consider recommendations from insurance companies and peers, whether or not safe company employees are bonded, and how long the company has been in business.

Table 7-1. UL Testing of Safes

Source: Correspondence (June 7, 2006) with UL, 1285 Walt Whitman Rd., Melville, NY 11747.

Combination Locks (These products are tested in accordance with UL 768)Group 1. Highly resistant to expert or professional manipulation. Used in safes designated as TRTL-15×6, TRTL-30, TRTL-30×6, TRTL-60×6, and TXTL-60×6.Group 1R. These locks meet all of the requirements of Group 1 and are resistant against radiological methods of manipulation.Group M. Moderate resistant to skilled manipulation, these are found in TL-15, TL-15×6, TL-30, and TL30×6 safes, ATM safes, gun safes, and fire-rated record containers.Group 2. Resistant to semiskilled manipulation, these locks are found in non-Listed safes, insulated record containers, and residential security containers.

^*Hour rating 4, 2 or 1. Before inside temperature reaches 350, 150, or 125 F as shown by class designation.

^**Minimum weight 750 lbs., body 1” steel, minimum tensile strength of 50,000 PSI. UL 2058: new standard for Type 1 high-security electronic lock for safes.

Attacks

Before a skilled burglar attacks a safe, he or she studies the methods used to protect it. Inside information (e.g., a safe’s combination) is valuable, and scores of employees and former employees of attacked firms have been implicated in burglaries. Listed next are major attack techniques of two types: with force and without force.

Attack methods using force include the following:

• Rip or peel: Most common, this method is used on fire-resistive safes that have lightweight metal. Like opening a can of sardines, the offender rips the metal from a corner. The peel technique requires an offender to pry along the edge of the door to reach the lock.

• Punch: The combination dial is broken off with a hammer. A punch is placed on the exposed spindle, which is hammered back to enable breakage of the lock box. The handle then is used to open the door. This method is effective against older safes.

• Chop: This is an attack of a fire-resistive safe from underneath. The safe is tipped over and hit with an ax or hammer to create a hole.

• Drill: A skillful burglar drills into the door to expose the lock mechanism; the lock tumblers are aligned manually to open the door.

• Torch: This method is used against burglar-resistive safes. An oxygen-acetylene cutting torch melts the steel. The equipment is brought to the safe, or the offender uses equipment from the scene.

• Carry away: The offender removes the safe from the premises and attacks it in a convenient place.

Attack methods using no force include the following:

• Office search: Simply, the offender finds the safe combination in a hiding place (e.g., taped under a desk drawer).

• Manipulation: The offender opens a safe without knowing the combination by using sight, sound, and touch—a rare skill. Sometimes the thief is lucky and opens a safe by using numbers similar to an owner’s birth date, home address, or telephone number.

• Observation: An offender views the opening of a safe from across the street with the assistance of binoculars or a telescope. To thwart this, one should place the numbers on the top edge of the dial, rather than on the face of the dial.

• Day combination: For convenience, during the day, the dial is not completely turned each time an employee finishes using the safe. This facilitates an opportunity for quick access. An offender often manipulates the dial in case the day combination is still in effect.

• X-ray equipment: Metallurgical X-ray equipment is used to photograph the combination of the safe. White spots appear on the picture that helps to identify the numerical combination. The equipment is cumbersome, and the technique is rare.

The following measures are recommended to fortify the security of safes and other containers:

1. Utilize alarms (e.g., capacitance and vibration), CCTV, and adequate lighting.

2. Secure the safe to the building so it is not stolen. (This also applies to cash registers that may be stolen in broad daylight.) Bolt the safe to the foundation or secure it in a cement floor. Remove any wheels or casters.

3. Do not give a burglar an opportunity to use any tools on the premises; hide or secure all potential tools (e.g., ladder or torch).

4. A time lock permits a safe to be opened only at select times. This hinders access even if the combination is known. A delayed-action lock provides an automatic waiting period (e.g., 15 minutes) from combination use to the time the lock mechanism activates. A silent signal lock triggers an alarm when a special combination is used to open a safe.

5. At the end of the day, turn the dial several times in the same direction.

6. A written combination is risky. Change the factory combination as soon as possible. When an employee who knows the combination leaves, change it.

7. Maintain limited valuables in the safe through frequent banking.

8. Select a safe with its UL rating marked on the inside. If a burglar identifies the rating on the outside, an attack is made easier.

Vaults

A walk-in vault is actually a large safe; it is subject to similar vulnerabilities from fire and attack. Because a walk-in vault is so large and expensive, typically, only the door is made of steel, and the rest of the vault is composed of reinforced concrete. Vaults are heavy enough to require special support within a building. They commonly are constructed at ground level to avoid stress on a building.

File Cabinets

Businesses that sustain loss of their records from theft, fire, flood, or other threats or hazards face serious consequences, such as the possibility of business failure and litigation. Certain types of records require protection according to law. Some vital records are customer-identifying information, accounts receivable, inventory lists, legal documents, contracts, research and development, and human resources data. Records help to support losses during insurance claims.

File cabinets that are insulated and lockable can provide fair protection against fire and burglary. The cost is substantially lower than that of a safe or vault, but valuable records demanding increased safety should be placed in a safe or vault and copies stored off-site. Special computer safes are designed to protect against forced entry, fire, and moisture that destroys computer media.

Search the Web

Use your favorite search engines to see what vendors have to offer and prices for the following products: access control systems, locks, interior intrusion detection systems, closed-circuit television, and safes.

Also, check out the following sites:

American National Standards Institute: www.ansi.org

American Society for Testing and Materials: www.astm.org

Association of Certified Fraud Examiners: www.acfe.com/home-live.asp

Builders Hardware Manufacturers Association: www.buildershardware.com/

International Organization for Standardization: www.iso.org

National Fire Protection Association: www.nfpa.org

National White Collar Crime Center: www.nw3c.org/

Security Industry Association: www.siaonline.org

Underwriters Laboratories (UL): www.ul.com

Case Problems

7A. Consult the floor plans for Woody’s Lumber Company, the Smith Shirt manufacturing plant, and Compulab Corporation (Figure 7-1, 7-2, and 7-3). Draw up a priority list of 10 loss prevention strategies for each company that you think will reduce risks from internal losses. Why did you select as top priorities your first three strategies in each list?

7B. As a corporate security manager, you learn that an IT specialist at the same company is extremely upset because he did not receive a promotion and raise he was expecting. This very intelligent young man told his supervisor that he would get back at the company for the injustice before he quits. What do you do?

7C. You are a security officer at a manufacturing plant where an employee informs you about observing another employee hiding company property near a back door. You check the area near the door and find company property under boxes. What action do you take?

7D. As a security officer, you learn that officers on your shift and your immediate supervisor have secretly installed, without authorization, a pinhole lens camera in the women’s restroom. You refuse to be involved in peeping. The officers have been your friends since high school, and you socialize with them when off duty. One day the chief security officer summons you to her office and questions you concerning the whereabouts of the pinhole lens camera. What do you say?

REFERENCES

Alten J, (2005). “Shhh … Don’t tell Anyone That DVRs Are Becoming Obsolete”. Security Director News.2.

Association of Certified Fraud Examiners , (2006). 2006 ACFE Report to the Nation on Occupational Fraud and Abuse. www.acfe.com/documents/2006-rttn.pdf . [retrieved July 13, 2006.]

Aughton S, (2005). “Researchers Crack Biometric Security with Play-Doh.” PC PRO . www.pcpro.co.uk/news/81257 . [retrieved December 14, 2005.]

Baker M, Westin A, (1987). “Employer Perceptions of Workplace Crime”. Washington, DC: US Department of Justice;.

Barry J, (1993). “Don’t Always Play the Cards You Are Dealt”. Security Technology & Design..

Bernard R, (2006). “Web Services and Identity Management”. Security Technology & Design.16.

Canada.com (2007). “Hydro Lost Millions from Theft, Damage Last Year.” Vancouver Sun (February 7). www.canada.com retrieved February 9, 2007.

Chan H, (2005). “Overcoming the Challenges of Wireless Transmission”. Security Technology & Design.15.

Clark J, Hollinger R, (1980). “Theft by Employees”. Security Management.24.

Coleman J, (2000). “Trends in Security Systems Integration”. Security Technology & Design.10.

Computer Security Institute/FBI , (2005). CSI/FBI Computer Crime and Security Survey. www.GoCSI.com . [retrieved July 11, 2006.]

Computer Security Institute/FBI , (2006). CSI/FBI Computer Crime and Security Survey. www.GoCSI.com . [retrieved July 14, 2006.]

Conklin J, (2001). Criminology. 7th ed. Boston: Allyn & Bacon Pub;.

D’Agostino S et al, (2005). “The Roles of Authentication, Authorization and Cryptography in Expanding Security Industry Technology”. www.siaonline.org . [retrieved May 30, 2006.]

Dean R, (2005). “Ask The Expert”. Security Products.9.

Department of Defense , (2000). User’s Guide on Controlling Locks, Keys and Access Cards. Port Hueneme, CA: Naval Facilities Engineering Service Center;.

Duda D, (2006). “The Ultimate Integration—Video Motion Detection”. Security Technology & Design.16.

FBI , (2005). FBI Computer Crime Survey. www.fbi.gov/publications/ccs2005.pdf . [retrieved January 13, 2006.]

Garcia M, (2006). Vulnerability Assessment of Physical Protection Systems. Burlington, MA: Butterworth-Heinemann;.

Gersh D, (2000). “Untouchable Value”. iSecurity..

Greene C, (2004). “Hang Up on Fraud with Confidential Hotlines”. In: Fraud Alert. Chicago, IL: McGovern & Greene;.

Honey G, (2003). Intruder Alarms. 2nd ed. Oxford, UK: Newnes;.

Harowitz S, (2007). “Faking Fingerprints and Eying Solutions”. Security Management.51.

Hunt S, (2006). “Integrated Security Solutions: Getting to Know It”. Security Products.10.

Inbau F et al, (1996). Protective Security Law. 2nd ed. Boston: Butterworth-Heinemann;.

Jordan B, (2006). “Telework’s Growing Popularity”. Homeland Defense Journal.4.

Keener J, (1994). “Integrated Systems: What They Are and Where They Are Heading”. Security Technology & Design..

Lary B, (1988). “Thievery on the Inside”. Security Management..

Lasky S, (2006). “Video from the Top”. Security Technology & Design.16.

Mellos K, (2005). “A Choice You Can Count On”. Security Products.9.

National Association of Credit Management , (2005). “Embezzlement/Employee Theft”. Business Credit.107.

Nemeth C, (2005). Private Security and the Law. Burlington, MA: Elsevier Butterworth-Heinemann;.

O’Leary T, (1999). “New Innovations in Motion Detectors”. Security Technology & Design.9.

Pearson R, (2000). “Integration vs. Interconnection: It’s a Matter of Semantics,”. Security Technology & Design.11.

Pearson R, (2001). “Open Systems Architecture: Are We There Yet”. Security Technology & Design.11.

Pearson R, (2005). “Well-Designed Badges Help Prevent Loss”. Security Technology & Design.15 [].

Philpott D, (2005). “Physical Security—Biometrics”. Homeland Defense Journal.3.

Piazza P, (2005). “The Smart Cards Are Coming … Really”. Security Management.49.

Randazzo M et al, (2004). “Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector”. Washington, D.C.: US Secret Service;

Scicchitano M et al, (2004). “Peer Reporting to Control Employee Theft”. Security Journal.17.

Siemon Company , (2003). “Video over 10G ip™”. www.siemon.com . [retrieved July 24, 2006.]

Shaw E et al, (2000). “Managing the Threat from Within”. Information Security.3.

Skinner W, Fream A, (1997). “A Social Learning Theory Analysis of Computer Crime among College Students”. Journal of Research in Crime and Delinquency.34.

Speed M, (2003). “Reducing Employee Dishonesty: In Search of the Right Strategy”. Security Journal.16.

Suttell R, (2006). “Security Monitoring”. Buildings.100.

Swartz D, (1999). “Open Architecture Systems: The Future of Security Management”. Security Technology & Design.9.

Taylor R et al, (2006). Digital Crime and Digital Terrorism. Upper Saddle River, NJ: Pearson Education;.

Toye B, (1996). “Bar-Coded Security ID Cards Efficient and Easy”. Access Control..

Tse A, (2006). “The Real World of Critical Infrastructure”. Security Products.10.

U.S. Department of Homeland Security , Science and Technology Directorate and the Executive Office of the President , Office of Science and Technology Policy , (2004). The National Plan for Research and Development in Support of Critical Infrastructure Protection. www.dhs.gov . [retrieved June 13, 2005.]

Webopedia , (2006). “Open Architecture”. www.webopedia.com/TERM/O/open_architecture.html . [retrieved July 16, 2006.]

Zunkel D, (2003). “A Short Course in High-Security Locks”. Security Technology & Design.13.