Thursday, September 6, 2012

The Employee Dishonesty Problem

Estimates reveal that between 40 to 50 percent of all business losses can be attributed to employee theft. Employers cannot afford to ignore this large-scale problem and should do everything in their power to create a workplace atmosphere that promotes honesty and encourages and rewards good behavior. This is the conclusion of a new Connecting Research in Security to Practice (CRISP) Report commissioned by the ASIS Foundation.

·         Employee theft and error can account for the majority of losses. A recent survey reports that retailers believe employees account for 47% of their inventory losses.

·         Employees have been known to damage merchandise intentionally and mark it out-of-stock, an indirect means of theft. Employees may shoplift or give away merchandise.

·         Frequent driving violations, criminal convictions, multiple worker compensation filings, and falsification of educational degrees or professional licenses are all risky behaviors and should be a red flag for a future employer.

The report, “Strategies to Detect and Prevent Workplace Dishonesty” by Read Hayes PhD, provides research-informed, practical strategies to reduce counterproductive workplace behaviors, including thefts and frauds of all types. It describes factors that can lead to these behaviors, describes common employee theft and fraud methods, and analyzes selected prevention techniques, policies and technologies.

“Regardless of their motivation, many employees are more likely to stray from acceptable behavior when the opportunity presents itself,” Read writes. “If an employee perceives little chance of being caught, he or she may be more inclined to steal.”

The report provides employers in all types of businesses with ways to discover counterproductive and criminal employee behaviors and to prevent employees from even thinking of swaying from acceptable workplace norms. When implemented, the numerous strategies documented through research can prevent problems from occurring—and reoccurring. Learn more at Team AVS Security

Thursday, July 19, 2012

Analyzing Security Essentials

Developing a comprehensive security plan requires methodical and deliberate analysis. Starting with a macro understanding of an organization and progressing to micro security tasks, it takes structure to compile and analyze a security plan. The resulting series of recommendations are orchestrated to complement and support each other.
It is a formidable undertaking, because few industry models exist. Few security programs are products of a comprehensive analysis; most are developed on an ad-hoc basis in response to a security incident. In fact, many security operations are designed for investigations after an event occurs, not for prevention.
The object of a security analysis is to identify security exposures in a methodical and thorough manner so that a security program is based on broad analysis and not simply on the last security incident. Analysis ensures that expenditures for security are directed appropriately based on local needs, thus protecting critical resources while accepting the risks stemming from lesser concerns.
The goal, however, is not to develop a foolproof security plan. An underlying concept is that an asset cannot be protected completely, without absorbing extravagant costs and without inhibiting business operations. The goal instead is to make it difficult — but not impossible — for an adversary to breach security. The level of difficulty depends upon the value of the asset and the organization's tolerance for risk.
The analysis process is divided into five phases: asset definition; threat assessment; vulnerability analysis; selection of countermeasures; and implementation. The process is arranged for a deliberate analysis and requires completion of each phase before proceeding to the next.
Asset Definition

Asset definition begins with a broad understanding of the organization's operation, its tasks and functions, and its operating environment. At the beginning of an analysis, interviews are conducted with the organization's management and operating personnel to identify the resources essential for operations. This includes production equipment, operating systems, raw materials, finished product, inventory control and management systems, and the infrastructure of power, water, natural gas and telecommunications. Often, intangible assets are the most significant and are only discernible by examining the organization's operation beyond surface appearances. In effect, this step defines targets for attack.
Each asset may be further subdivided into micro components. An analysis may indicate that a particular asset must be defined in detail because of its criticality. Information technology is an example of the generally defined asset that may be further subdivided into an extensive list of system components, including equipment hardware, operating systems, applications software, database management systems, telecommunications and system documentation.
Both tangible and intangible assets should be categorized as vital (the loss would prove catastrophic); important (the loss would prove seriously disruptive but survivable); or secondary (the loss would be relatively insignificant).
Threat Assessment
A comprehensive security plan requires a broad definition of threats so that a range of exposures is considered. Through the analysis, the focus should narrow to target those threats that are deemed the most applicable.
Assessment begins by compiling data on past security incidents, including incidents at the site, within the company and within the industry. Determine if patterns of criminal behavior exist and define their nature. Review loss records, safety records and legal judgments involving the organization. Consult the company's legal counsel and examine court settlements to identify exposures with an implication for security.
Conduct interviews with management, insurance underwriters and local emergency management authorities to identify applicable threats. Review criminal data and compare crime rates for the nation, state, metropolitan statistical area, and the municipality.
Identify threats unique to the area and to the organization; locations where concentrations of hazardous materials are stored; and transportation avenues commonly used for transport of materials. Consider threats that may not have occurred yet, but are applicable because of the nature of the business and because of political and social issues.
A threat assessment is a qualitative analysis, although some quantitative techniques are used. It is important to emphasize that an assessment is a snapshot in time. As circumstances change, so does the threat environment. Consequently, the assessment must be updated to ensure that the security program is consistent with the needs of the time.
Each threat should be categorized as probable (expect the event to occur); possible (circumstances are conducive for an event); or unlikely (do not anticipate the event to occur). The severity of each issue should also be categorized as catastrophic (a disastrous event); moderate (a survivable event); or insignificant (relatively inconsequential).
Vulnerability Analysis

Security countermeasures represent obstacles in the path of a threat event. The objective is to make the event less likely to occur by making it more difficult for a perpetrator to accomplish the deed. Before introducing obstacles, however, the process for an event must be defined. Vulnerability analysis provides a mechanism for construction of security event scenarios defined in step-by-step detail.
Representatives of the organization with extensive knowledge of its inner workings should construct the scenarios. The team assumes the role of a criminal attacking the organization, which allows key points of vulnerability to be identified. Security plans designed to thwart the informed insider will be equally, if not more, effective when applied to the external criminal. This exercise highlights points of vulnerability and provides a framework for the subsequent phase, the selection of security countermeasures. The vulnerability analysis creates protection sets; meaning that it clearly establishes a focused problem to be resolved through application of security countermeasures. These protection sets are best illustrated by creating a spreadsheet correlating assets and threats and noting which assets are exposed to which specific threats.
Each scenario should have spreadsheet entries focused on plausibility (Is the scenario too far-fetched?); consequences of the event; and the amount of risk the organization is willing to accept.
Selection of Security Countermeasures

Just as a patient may be harmed by improper medication, an organization's security posture may be weakened, if not compromised, by improper application of security countermeasures. The exercise is more art than science, requiring a collaborative effort of management and security staff to arrive at a program consistent with an organization's needs.
Security countermeasures can include electronic security systems, physical barriers, security personnel and policies and procedures.

Electronic security systems encompass access control, detection, surveillance and evidence gathering. Subsystems may include intrusion detection, access control, duress alarms, CCTV, intercoms, radios, public address systems, life safety and telephone systems.
Physical and psychological barriers are applied to prevent access to a target. Physical barriers include vaults, safes, vehicle barriers, fences and gates, bullet-resistant materials, barbed wire, mantraps, vehicle traps, armored cars, mechanical locking systems, vehicle speed bumps and curbing, bomb-resistant structures, lighting, shielding, penetration-resistant panels, and landscaping.

Security personnel perform a variety of duties including the operation of electronic systems, manual control of fixed post duties, and roving patrols. Most guard operations are designed to observe events and report incidents to law enforcement authorities. In some cases, officers are armed and trained to intervene in events.
Policies state management's position and philosophy on business issues and practices. Procedures define the means for implementing the policy. This is a critical part of a security program. It defines programs and processes that are essential for security mechanisms to be effective.


In this phase recommendations are transformed into specifications for people, systems and policies. The objective is to translate the security plan into bidding and purchasing documents and procedures, and organizational programs and processes. Learn more at Millennium Group Access Control.

Thursday, July 5, 2012

Avoid wasting your limited marketing dollars

Avoid wasting your limited marketing dollars on an expensive image-advertising campaign that won't affect short-term results. Instead, let the quality of your response materials and Web site do the job of enhancing your company's image.

Rather than doing less-effective "shotgun" mailings to rented lists, consider repeat mailings targeted at known prospects (such as past inquirers).

If you don't have your own e-mail lists to market to, consider renting e-mail lists from publishers or placing ads in other targeted e-newsletters or e-zines. These can be very economical ways to reach your market and generate a quick response.

Edit your releases with the magazine's editorial focus, style and readers in mind and you'll increase the chance the publication or Web site will publish your information.

Web sites

A few cost-effective changes can dramatically improve your corporate Web site's marketing return on investment. To increase inquiries from your Web site's visitors, Make offers or calls-to-action on every page. Work with other organizations to link your site to their sites, increasing the number of visitors to yours. Register your web site with search engines, selecting keywords carefully so your site will appear in the search results for your intended audience. Post articles and case studies on your site, then register those individual web pages with the search engines.


7.    Determine the "pain" your products and services address

8.    Determine the "pain relief" your company can provide

9.    Determine your company's competitive advantages and how best to articulate them

10. Determine the best companies and contacts to target with your lead generation efforts

Testimonial ads are king

Talk first person with the reader

Use words in your copy like "you" and "your" to focus on the readers' needs rather than boasting about how good "we" and "our" products or services are. For example, the statement "You will get the work done 25% quicker" is much stronger than "Our product is 25% faster than the competition."

The best way to boost direct mail response is to have a strong offer—that is, a targeted offer that will entice prospects to respond.

Successful direct mail marketers understand that campaign success relies on the list and the offer. Determine why you're mailing to people, and then ensure that your list and offer support your objective. Your response rate will be much higher in terms of "qualified" inquiries.

, it is much better to have in the database 10 individuals at each of 1,000 companies than to have one individual at 10,000 firms.

If you need additional demographic information about the contacts' or companies' industry, size, etc. for your direct marketing solutions, check with some of the business database companies like Dunn & Bradstreet ( or ( Or contact the publishers of the trade magazines you advertise in. They usually offer database services to their advertisers.

All leads and business cards go into your CRM system ASAP

Think about offers you can make that will entice visitors to identify and qualify themselves. Can you create a free guide for selecting your kinds of products or services? Can you offer a white paper that explains how their kind of operation is successfully using your product or service to solve problems? If so, use it as bait for having your visitors share their names, titles, company names and contact information.


If you have email addresses for your prospects and customers, but they haven't expressed interest in hearing from your company by email, be sure to politely ask their permission before starting a campaign. I recommend that you ask them how they prefer to be contacted. By email? Fax? Snail mail? Telephone?


Print directories are handy, and online directories are always up to date. Most directory publishers are publishing both, frequently offering you exposure in both mediums for the same price. Keep in mind that directories are often where buyers look when they are seeking new suppliers and have immediate needs.

Web site

· The size of organizations your company serves? large? medium? small?

· The geographies you serve? local areas? states? countries? regions of the world?

· Explain why your company is a better choice than the competition?

· Address your prospective customers' needs from their point of view?

· Did you include the more popular keywords and phrases in your

· URLs?

· Page titles?

· Headlines?

· Body copy?

· Text links?

· Are you loading your text before your graphics and Flash animations in the source code of your various web pages?

· Are you giving your graphics file names that include relevant keywords?

Are you including keywords and phrases in <alt> tags for each of your graphics?

· Have you included a site map on your home page, pointing to all of your site's individual pages?

· Does your site map include lots of keywords and phrases in the page links and descriptive copy for each page of your Web site?

Add privacy

· Have you included a link to your Web site in every appropriate online directory you can find?

· Adding new pages to your site that include in-depth content related to the most popular relevant keywords and phrases?

· Consider using pay-per-click ads as a temporary solution while you work to optimize your Web site for organic searching.

First, I believe you should focus on optimizing your website for visitors, helping them move from awareness to consideration to inquiry to purchase, before you worry about search engine optimization (SEO). Learn more at the Team AVS Website

Friday, June 8, 2012

Helpful Safety Tips

• Always be aware of your surroundings, especially at night.

• When parking, walking or returning to your car, travel in well-lit and populated areas.

• Wear sneakers or shoes that allow for added mobility.

• Be watchful and aware. Keep your head up. Make quick eye contact with those around you and be observant of passing vehicles. Don’t become distracted by talking on a cell phone or listening to an iPod/similar device.

• Avoid walking alone late at night. Walk with friends and people you know.

• Keep a whistle within reach. If threatened, use the whistle to signal residents for help. Yelling “Fire!” “Help!” or “Rape!” are ways of drawing attention and alerting people of your situation.

• Hold your car keys in your hand to use as a weapon against an attacker.

• Carry a cell phone and call ahead to your destination to alert them that you’re on the way. Make sure you’re expected at a certain time, so in the event you fail to show up, those expecting you will know enough to begin looking for you.

• Walk with confidence. Don’t let anyone violate your space. Trust your instincts. Anyone at anytime can be a victim of crime so never assume, “IT WILL NEVER HAPPEN TO ME.”

• If an unarmed attacker confronts you, believe in your ability to defend, distract, or even incapacitate the attacker enough to escape.

• If you think that someone is following you, switch direction or cross the street. Walk towards an open store, restaurant or residence.

• DO NOT LEAVE VALUABLES IN YOUR CAR WHERE OTHERS CAN SEE THEM. Valuable items, such as your laptop, iPod, etc. should never be left in the front or back seat of your vehicle. Always take your valuables with you, or move them into the trunk.Lock your doors and windows.

• Even if your window is only slightly open, it makes your car an easier target for thieves. A thief will insert a wire into a slightly open window to pop up the door lock.

• Replace your standard door lock buttons with tapered ones. Tapered door lock buttons make it more difficult for a thief to hook a wire or device onto the door lock button to pop it open.

• Invest in an anti-theft device. When you buy a new or used car, checking to see if it has an anti-theft device is as important as checking the engine. If there isn’t one, you should have one installed.
• If you observe any unusual activity or observe a car theft or a break-in, call 911. Learn more at Millennium Group Access Control

Thursday, May 10, 2012

Cyber Criminals Are Winning in a Losing Economy

Amid the global downturn in the economy, cybercrminals appear to be winning in the war against law enforcement according to a recently released McAfee report.

"We saw the cybercriminals take advantage of economic messaging very, very quickly," said Dave Marcus, director of security research and communications for McAfee Avert Labs. He said cybercriminals are cashing in on consumer anxiety, particularly around the holidays and noted that as more and more people go online looking for better deals, criminals are preying on their inexperience in order to lure them to bogus sites and old-fashioned "get rich quick" scams.

One scam involves online job seekers responding to ads for "international sales representatives" or "shipping managers" being recruited as "cybermules" to launder the cybercriminal profits. "It's not a 'mule' in the traditional drug sense, where they're carrying drugs across the country or across a border," Marcus said, "but they are ultimately lured into what they think is like an Internet sales marketer or an Internet sales manager position." In reality they are laundering funds, putting it through additional hands, so that law enforcement has a few more obstacles in their path toward finding the thieves themselves.

Unfortunately, Internet users are on their own, he said. As governments begin to focus on internal economic hardships, the fight against cybercrime slips further in funding and support. McAfee predicts that in the fourth quarter of 2008 cybercrime will continue to escalate in severity.

According to CNET, McAfee found that there is a shortage of computer specialists in law enforcement. And those who are specially trained are often hired away to high-salaried jobs at private companies. Of the remaining law enforcement, they're often bound to national borders, said Marcus, with international jurisdictional disputes further slowing online investigations.

The McAfee report said Russia and China remain the largest safe havens for cybercriminals, while Brazil and Moldova have become the fastest-growing countries to be most often blamed for cybercrime. Learn how to protect yourself at

Tuesday, April 17, 2012

Targeting the Consumer

The biggest technology shift in access control and video security in the last 10 years has not been the move to IP/IT devices, which was and still is a necessity. The real change impacting every new product is customer-centric design.

Long gone are the days when manufacturers ventured into the night to provide a service that few people understood and even fewer knew they needed. Today the products that gain the greatest amount of usability are not just because of the technology deployed. Dare I say, they are developed around what the customer is asking for.

Security devices are now just another part of the corporate culture, and the value proposition for access control is now deeply ingrained into both the building administrator and system users. Building administrators know why they want access control and how they want it used, but they aren't ready to take on the task of putting it in themselves. This is, after all, a big investment.

Manufacturers are now starting to realize that the customer drives the business. Long gone are organizations where the primary driving force is a “cool new technology”developed in someone's garage that now needs a market. Today's security market is mature, and manufacturers understand the growing trend to be market-driven. So the question for manufacturers now is, “How do I get closer to what my customer needs?” Some of those answers fall into the IP/IT space.

Consumers are forced daily to learn new technologies in the IP/IT market space. Whether it be a new VoIP phone system, a new wireless system in a campus infrastructure or even just new ways to control information flow on the corporate network, every computer now has a window open to the Internet. The IP/IT market is one of great technological advancements, and there is growing commoditization. The savvy security manufacturer understands that serving the market involves embracing standards and understanding that the end-user can and should know how a security system works.

Once one has come to that realization, development can begin on products that not only gain consumer acceptance by using base technologies already being adopted, but also expands the consumer's options for choosing installation companies. This widens the range of personnel who can administer the system. And the security manufacturers gain by having a much larger resource and talent pool of engineers, marketers and sales personnel to bring the “next big thing” to market.

Is IT/IP a trend? Yes. Are IT/IP devices and policies the number one trend in the market? Not any longer. They are currently just part of the mandatory feature list.

So what is the“next big thing?”

It's the consumer. You are driving the business now. And it's about time.
Learn more at

Wednesday, March 7, 2012

10 Tips for School Security

Recent tragedies have magnified the threat of school violence in the minds of students, parents, and educators. Unfortunately, the reactionary response is to purchase trendy equipment in an attempt to upgrade security. Before spending valuable school funds, however, it is crucial to take a more thorough approach. In fact, since the primary purpose of schools is to teach, why not make educated decisions? Here are 10 areas to consider in effectively reducing the risk to school security.

1. Management

Schools today are very good at managing "safety" programs. For emergencies, like fire and natural disasters, schools have well-developed plans. These plans include actions to be taken by students and staff. The actions include clearly defined roles and procedures that are both documented in formal written plans and practiced regularly.
Unfortunately, many schools lack this same level of preparation when it comes to the security. The cornerstone of a good security program is a comprehensive security plan. This plan should be a living document detailing current assets, threats, hardware, procedures, etc. Teachers, staff, and administrators should be familiar with the contents and understand their specific roles and responsibilities. Finally, management of the plan should be well-defined. Those in responsibility must be held accountable for its effectiveness.

2. Assets

All security programs are developed for the same purpose: the protection of assets. Not all programs, though, are protecting the same assets. Those developing a security plan must ask and answer the question: "What is the program going to protect?" Assets can take many forms, ranging from people to facilities to information. Assets should be identified and prioritized. When drafting and prioritizing the asset list, it is important to get the input of everyone affected by and involved in the security program.

3. Threats

Just as assets are listed and prioritized, threats to those assets must also be. Threats are defined as the people that the security program must protect against. Additionally, threats can be either internal or external. Examples of school threats include students, staff, disgruntled family members and community offenders.

Once identified, threats must be accurately described. Such a description should include the number of people acting together to commit the act, the behaviors and characteristics of the people, and the degree of the threat. Schools can use many different sources of information to develop threat descriptions. Demographic data can predict threat levels. School incident logs provide historical data and patterns. Police registrations can identify potential community threats. The information from these and other sources should be collected and used to build the threat list.

4. Deterrence

Deterrence is one of the most basic elements of a security program. The goal of the deterrence is to keep a security incident from being attempted. The key to deterrence is high visibility. Signs can draw attention to security features and policies. Effective lighting can eliminate dark areas and shadows that serve as hiding places. Well-marked guards and escorts can make people on the school grounds more difficult and/or less attractive targets. In short, if your school makes aspects of its security program very visible, certain threats will choose to go elsewhere.

5. Detection

Detection is the first of three components of a security system. Delay and response are the other two components, but are dependent on detection occurring first. Successful detection requires two steps. First, a sensor must signal that a security incident has occurred and send an alarm. Second, someone must identify and assess the cause of the alarm. For example, a door sensor will send an alarm when a door is opened.

Assessment may be achieved by an on-site respondent or remotely via CCTV. In some cases, sensing and assessment may be performed by the same element. For example, a staff member may observe a trespasser (sensing) and use a two-way radio to report the incident (assessment).
Security systems are designed to operate in two modes. Generally, the first mode is during daytime when facilities are open, and the second mode is during nighttime when facilities are closed. Even though the security system uses different methods in different modes, the system must maintain a balanced profile.

6. Delay

Delay in a school is not simply about locks and doors, but about the door itself and other surfaces adjacent to the door. Doors include hinges, glazing, and the basic construction. For interior doors, a basic need is to list all of the doors in the school by room number. Next, determine the use for the room. Finally, list room function. Obviously, the computer lab is a more attractive target for theft than the typical classroom. For daytime use, a simple door bolt on the door will allow the teacher to quickly secure the room from the inside to prevent a series of violent acts from progressing unimpeded from room to room.

7. Response

Response is based on a security person arriving at an incident on campus in a timely manner. As a general rule, the first responder must act within two minutes or fewer from the time an alarm is reported. The local law enforcement agency is typically 15 minutes away from responding. Obviously, the campus security has to be ready to respond quickly. Important questions that involve policy, procedures and training include: What are the security persons trained and equipped to do? Do they use physical force to restrain or interrupt altercations? Are they armed and can they use deadly force to protect themselves, students and faculty? Liaison on a regular basis is important so that police know of the current status of facilities, enrollment and incidents.

8. Mitigation

Mitigation involves actions after an incident has occurred or during an incident of long duration, such as a hostage situation. The long duration incident usually makes use of either an improvised or fixed emergency management center. Those in charge must have familiarity with the facility and surrounding area. Current facility maps and floor plans depicting doors, windows, etc. should be on hand. Other important information that should be noted includes stairwells, lighting panels, telephones (including their numbers), fire panels, HVAC controls, gas lines, etc. A simple, "walk through" videotape recording hallways, doors and office information should also be available to provide cognitive orientation. This information should be readily accessible at an alternate location.

9. Briefings and Drills

Regular awareness training, briefings and drills for students, staff and PTL help correct problems before an incident occurs. Security awareness should be as much a part of contemporary school life as are "D.A.R.E" programs. Signage in school hallways should serve as action reminders when strangers, unlocked doors, etc. are found. Prompt notification of trained security personnel will address issues and may deter or prevent a more serious incident. Practicing security drills is as important as practicing fire drills - both are emergencies. Staff and students should know the difference in their roles.

10. Risk Prioritization

Schools are bound by budgets. Funds must, therefore, be wisely used to "balance" security and, thus, risk. Risk is directly proportional to the threat. A school without risk is unobtainable and unaffordable. As risk is balanced across school facilities, it must also be balanced across a district or geographical area. Additionally, it should be taken into account that demographics and situations change regularly.

Risk is reduced not just with gadgets and guards but with a disciplined program of management-deterrence-detection-delay-response-mitigation that is measured, tested and drilled. Funding should be prioritized and allocated so that the individual school or district improves uniformly from poor to fair to good to excellent - just like a remedial program for a student that has "fallen behind."

A thoughtful consideration of the 10 areas described above is foundational in addressing school security. There is no way to overestimate the value of providing children with a safe learning environment. Detecting, correcting and protecting is, indeed, an important assignment. Learn more at