5 minute read
Marketplace
personnel management to rescreen MARKETPLACE and conduct enhanced monitoring for employees in higher-risk roles or who are starting to display concerning behaviors,” she added.
For companies who would like to showcase their solutions in this section, please contact LPM’s Media Strategist, Ben Skidmore, at 972-587-9064 or via email at BenS@LPportal.com. LP Products and Services Marketplace This section provides readers with information on select products and services from retail asset protection solution providers. If your company is considering new technology or programs, please check with these vendors as well as the other advertisers throughout the magazine.
• Fire Alarm Systems • Design, Installation & Service • UL Listed & FM Approved Central Station Monitoring • Test & Inspection Services At AFA, we deliver superior levels of customer service. If you don’t believe us, ask our customers! www.afap.com (866) AFA-NATL
Life-Cycle Personnel Management
Knowing that insiders are disgruntled first and strike later, experts focus on the connection between them. Within the gap, they suggest opportunity. If managers, who supervise technical workers and others in unique positions to do harm, recognize performance and behavioral problems as a possible security issue—and communicate it as such—then retail organizations can better prevent incidents.
Several experts advised security leaders to push their organizations to pay greater attention to concerning behavior by an employee following a negative work-related event, to possibly include greater monitoring of the employee’s network activity. A company may not have the capacity to watch everyone’s online activity all the time, in which case it’s valuable to maintain awareness of employee dissatisfaction and troublesome behavior to target proactive system monitoring. Targeted monitoring of online activity by employees of concern can prevent insider theft and sabotage by AFA PROTECTIVE immediately detecting technical precursor SYSTEMS, INC. activity, they advise. SINCE 1873 The reason behind insider activity is typically complex, according to Hansen. There is often more than one motivation, perhaps a toxic mix of financial troubles, a lack of loyalty, and perceived insufficient recognition. He suggested security needs to be equally layered to match it, by taking a “defense in depth” approach. It starts with looking for indicators of trouble during the hiring process—for financial, personality, and other red flags—but must extend to controls throughout the employee’s lifetime.
One often overlooked risk is when employees temporarily take on roles during job vacancies. Too often, temporary privileges extended to an employee while companies fill positions are never revoked, according to Sherri Ireland, CISSP, president of Security Exclusive, a cyber and physical security consulting firm. “It’s happened to me when I would oversee another department while they were looking for a new hire,” she noted. “It’s really important to audit to make sure your employees have access they require to do their jobs and nothing more than that.” Organizations tend to do a good job advocating for the concept of “least privilege,” but they often do an incomplete job of auditing whether they follow it, she warned. Security controls also tend to grow lax around long-time employees, which runs counter to the actual threat. “Major employee fraud typically occurs by employees with at least five years tenure,” said Ireland. Case in point: the eye-popping case a decade ago when a Fry’s Electronics employee of twenty years was found guilty of embezzling $66 million over four years. Or the arrest a few years ago of a wireless retailer’s veteran chief operation officer who, for several years, held a secret consulting agreement with a financial services firm to provide it with confidential information regarding sales, compensation, and product launches at the retailer’s 400 locations. Ireland warned that insider theft is often committed with security controls in mind, citing an example of a retail employee who stole just under its investigation threshold of $50 every day for fifteen years before being caught. Malique Carr, PhD, a psychologist and vice president for TorchStone Global, a global risk mitigation and security firm, similarly warned that organizations must review their theft prevention posture against both insiders that opt for the “low-and-slow approach and skim a little off the top” and those that go for the big score. “Employees need privileges to perform their roles effectively and responsibly, but privileges should be accompanied by controls, with segregation of duties for example,” said Hansen. As such, employee monitoring and recognizing threat indicators are key elements in safeguarding a company against the insider threat, along with educating nonsecurity managers about threat indicators. Often, activity a security professional would recognize as a threat, nonsecurity personnel don’t, noted one asset protection professional. “You need cyber-awareness training all the way up to the C-level,” added Ireland.
Once triggered, an insider’s behavior will often reveal their activities if an organization has positioned itself to notice it. Carr said common indicators may include failing to follow security protocols, questionable downloads or data transfers, changes in computer and phone use, and printing off large amounts of material. Data security tools, improved by AI, are a necessary layer of protection against rogue insiders, said Ireland. “IT activity needs to monitor for anomalous activity. Why is she coming in and downloading documents at 3 a.m.?” Sherri Ireland
Market Your Company's Products and AFA PROTECTIVE SYSTEMS, INC. SINCE 1873 Services Here • Burglar Alarm Systems
Contact LPM's Media Strategist Malique Carr • • Design, Installation & Service UL Listed & FM Approved Central Station
Ben Skidmore at Monitoring BenS@LPportal.com
At AFA, we deliver superior levels of customer service. If you don’t believe us, ask our customers! www.afap.com (866) AFA-NATL
AFA PROTECTIVE SYSTEMS, INC.
SINCE 1873
• Video Surveillance Systems
– IP & Analog - Intelligent Analytics
• Design & Installation
At AFA, we deliver superior levels of customer service.
If you don’t believe us, ask our customers!
www.afap.com (866) AFA-NATL AFA PROTECTIVE SYSTEMS, INC.
SINCE 1873
At AFA, we deliver superior levels of customer service.
If you don’t believe us, ask our customers!
www.afap.com (866) AFA-NATL
LP MAGAZINE | NOVEMBER–DECEMBER 2020
Connecting You to (Just About) Everything LP, AP, Safety, and so Much More…Straight From Your Smart Phone!
