Target hardening is generally created by assessing the situational crime prevention methods that are in place in a location. In simplistic terms: your belts, bolts, braces and whistles. This is generally door and window locks, alarms, CCTV, access control, smoke security devices, tagging, shutters and barriers. Target hardening is designed to make the target substantially more difficult to steal.
Introducing aspects of security by design also increases the opportunity of target hardening. Whether this is by a cyber intervention, a design intervention or a process to prevent counterfeit of products.
Research by Mayhew et al. (1993) showed burglaries were less likely in households with three or more security devices than a household with none. Research by Bennett and Wright (1984) found that some burglars would be deterred by special security locks.
Research by Ekblom (1987) into Post Office robberies shows that the introduction of protective screens reduces incidences. Jacques (1994) has highlighted the benefits of shutters in preventing ram raids. And Butler (1994) has shown that certain security devices such as electronic article surveillance systems deter shoplifters from offending.
Crimes change. Target hardening and security design are part of the ongoing process of prevention, disruption and detection.
It is ironic that we go to extraordinary lengths to protect our commercial building, products and data from external threats and then have an open door for the dishonest employee. Notwithstanding the fact that large and significant businesses in the Government sector, security sector, banking and financial sector will have made significant efforts to address this issue, it still leaves the fundamental question of “How do we secure against dishonest employees?”
The majority of businesses and in particular SMEs will have considered this question. In the largest organizations they have done so, I will raise the second question: “How effect are your measures?”
It is a reasonable assumption than an employee within a business is seen as a trusted employee. There is an employee hierarchy that may make a general assumption that the more senior the role, the higher the employee salary and the more responsibility the employee has then, it is that the employee is generally a more trusted individual. (I include Board members as employees).
Businesses and organizations are hugely diverse according to their size (in footprint and revenue), their geographical locations, their industry sector and number of employees. They are vulnerable from all elements of employee dishonesty which may include, although this list is not exhaustive,
How effective is situational crime prevention and target hardening in these cases? The SCP and target hardening is primarily in effect to protect the business and the employees from the external typical perception of a criminal: a car thief, burglary, robbery or walk in thief.
I believe that Donald Cressey’s Fraud Triangle can be used for all of the aspects of dishonesty in the workplace. An employee by definition of their role will probably have access, opportunity, authorisation to locations, systems and individuals that will afford the opportunity to be dishonest should they choose to. You can read more about this phenomenon here.
An employee who does become dishonest will nearly always submit to the temptation due to the financial reward, and this financial reward will fuel their motivation. Having taken the step into dishonesty and benefitting from the financial reward, the willingness to cease in such dishonest activity may be dissipated.
At what point did the employee decide to become dishonest. A decent law abiding citizen has taken a different path. Even the employee with a current or past criminal lifestyle may not have entered employment with the intention of being dishonest. What inspired the rational choice to be dishonest? How did the employee rationalise their dishonesty in their mind?
Internal or external factors: Covid hybrid working creates a new and often insecure working environment for the dishonest employee.
An employee has the opportunity, will rationalise their actions and will seek financial reward for motivation and significant investment in SCP will not prevent this.
If an employee has an opportunity it will be because they have access, legitimately or not to the mechanism to affect the opportunity and they know how the systems work and know how to override them, including data accesses.
So, this highlights the absolute dilemma that I see in businesses on a daily basis and have done so over the last 20 years. In order to install suitable situational crime prevention processes and the ability to make a target so sufficiently hardened so as not to be able to be stolen will in virtually every case cease an organisation or business from being efficient and cost-effective. Where a business is making substantial investment in order to be as efficient as possible it would then be counter-productive to putting barriers that prevent this efficiency from taking place. These barriers may be physical, or they may well be barriers that involve several processes involving several other individuals which again may well increase the footfall of employees and the cost effectiveness of the business.
Businesses of all sizes and in all sectors will accept that they have to have a tolerance to loss of that tolerance will not be a realistic figure in the majority of cases. Businesses will not readily accept that there is a product that has a value to be stolen or an employee that will be willing to commit theft or fraud in any format.
It is much more simplistic to build in situational crime prevention methods and target hardening in a retail environment or public space environment than it is within a business environment. Within public space situational crime prevention techniques are not held with one individual or with one organisation. A council will control the CCTV system, the police authority will be controlling the police service individual shops will have CCTV and uniform security staff, some stores will have access control, such as a jewellery shop and large numbers of public, transport methods and services will naturally provide situational crime prevention and assist with target hardening.
In many retail outlets and public space there will be natural surveillance, whereby premises, individuals and product are naturally observed and under the view of the public. There will be natural territoriality as businesses, individuals and interested parties will naturally observe their business and commercial space.
With a dishonest employee in the commercial environment many of these preventative and destructive measures are not in place allowing the employee the opportunity to be dishonest as the target hardening and situational crime prevention does not fulfil a primary role.
My belief that it is indicative on businesses to look at their target hardening and crime prevention measures regarding the prevention and disruption of dishonest employees in a realistic mature and proactive manner.
Employers and businesses must be realistic and accept that there will be has been or currently are dishonest employees in the business. They need to understand how the employee may be dishonest where and why.
Employers and businesses must be mature in understanding this risk and conducting a gap analysis to identify the opportunities for dishonest employees and weaknesses within the organisation and working from the broad and general towards the specific they look at cost-effective and operationally feasible means in order to prevent and disrupt employee dishonesty.
Proactive employers and businesses can substantially reduce the risk of financial loss and reputational damage. As well as creating an environment that prevents an employee from becoming dishonest.
The current perception for an employee who is being dishonest is that they are unlikely to be caught. If they are caught, the sanctions are likely to be minimal. Probably resulting in a dismissal from the workplace and no police involvement. Moreover, there will be no financial retribution for them in repaying any monies back to the employer or the business.
With all of my experience over the years, I consistently see that businesses do not fully understand the risk from employee dishonesty. They consider that the situational crime prevention measures that they have installed in the organisation will prevent employees being dishonest. They consider that they have no target which needs to be hardened.
Over 20 years, it has become so simple to see how employee dishonesty could have been prevented and disrupted. And often by using very simple and cost-effective methods or protocols.
I adopt a simple three tiered approach:
Generally, when a senior employee is dishonest the figures are significantly higher in losses. Additionally, it can take significantly longer to expose that dishonesty. In that workshop / seminar I may have just prevented and disrupted a substantial monetary loss to the business. This is the cheapest or most cost-effective form crime prevention and target hardening.
Consider target hardening within your business and workplace. Think outside the box in order to prevent, disrupt and detect dishonest employees.
You Can Put It To Use In Your Own Business. Get In Touch: