Target hardening is generally created by assessing the situational crime prevention methods that are in place in a location: your business or home. In simplistic terms: your belts, bolts, braces and whistles. This is generally door and window locks, alarms, CCTV, access control, smoke security devices, tagging, shutters and barriers. Target hardening is designed to make the target, that being the item subject of the theft or fraud to be substantially more difficult to steal.
Introducing aspect of security by design also increases the opportunity of target hardening, whether this by a cyber intervention, a design intervention or a process to prevent counterfeit of products.
A documented example of target hardening: Mayhew et al.’s (1976) research into the fitting of steering locks, a tactic that led to a decline in car thefts. Further research by Mayhew et al. (1993) showed burglaries were less likely in households with three or more security devices than a household with none. Research by Bennett and Wright (1984) found that some burglars would be deterred by special security locks.
Research by Ekblom (1987) into Post Office robberies shows that the introduction of protective screens reduces incidences, just as Austin (1988) found for retail banking and finance outlets. Jacques (1994) has highlighted the benefits of shutters in preventing ram raids, while Butler (1994) has shown that certain security devices such as electronic article surveillance systems deter shoplifters from offending.
Reviewing how design security has assisted business shows that Luminar Leisure reduced insurance claims by £200 00.00 by introducing a plastic based replacement for glasses. Locking mechanism for bicycles, banks utilising two tier authentications, access routes on housing estates have all contributed to reducing crime in the continual battle of the offender against the victim.
Crimes change. We live in a cyber fraud world where we are attacked as an organization, business or individual on a daily basis and target hardening and security design are part of the ongoing process of prevention, disruption and detection.
A brief internet search shows Police services (S.W Lincs, W.Yorks & Notts) all disseminate information on target hardening, mostly based on securing the dwelling and the individuals, with some highlighting the commercial building environment and personal data.
No mention of target hardening against the dishonest employee. There is limited research and information on the topic of how we target harden against employees.
It is ironic that we go to extraordinary lengths to protect our commercial building, products and data from external threats and then have an open door for the dishonest employee. Notwithstanding the fact that large and significant businesses in the Government sector, security sector, banking and financial sector will have made significant efforts to address this issue, it still leaves the fundamental question of “How do we secure against dishonest employees?”
How Do We Secure Against Dishonest Employees?
The majority of businesses and in particular within the SME sector will have not given any significant consideration, resources, or budget to this question. In the largest organizations they have done so, I will raise the second question: “How effect are your measures?”
It is a reasonable assumption than an employee within a business is seen as a trusted employee. There is an employee hierarchy that may make a general assumption that the more senior the role, the higher the employee salary and the more responsibility the employee has then, it is that the employee is generally a more trusted individual. (I include Board members as employees).
Businesses and organizations are hugely diverse according to their size (in footprint and revenue), their geographical locations, their industry sector and number of employees. They are vulnerable from all elements of employee dishonesty which may include, although this list is not exhaustive,
- Theft of product, part finished or finished
- Theft of materials, including raw material, part processed, scrap of a material used in a process, such as lubricant or tooling.
- Fraud: procurement, bribery & corruption, statement misappropriation, ghost workers, expenses.
- Theft of data: for personal use, to sell to unauthorised groups / individuals, to take in breach of contract on leaving employment.
- Theft of time, including false absenteeism, running a business in company time, misuse of time, manipulation of overtime.
- Controlled substances / illegal drugs in the workplace: selling, manufacture or cultivation of drugs on work premises or during work time.
How effective is situational crime prevention and target hardening in these cases? The SCP and target hardening is primarily in effect to protect the business and the employees from the external typical perception of a criminal: a car thief, burglary, robbery or walk in thief.
The Fraud Triangle
I believe that Donald Cressey’s Fraud Triangle can be used for all of the aspects of dishonesty in the workplace. An employee by definition of their role will probably have access, opportunity, authorisation to locations, systems and individuals that will afford the opportunity to be dishonest should they choose to.
An employee who does become dishonest will nearly always submit to the temptation due to the financial reward, and this financial reward will fuel their motivation. Having taken the step into dishonesty and benefitting from the financial reward, the willingness to cease in such dishonest activity may be dissipated.
At what point did the employee decide to become dishonest. A decent law abiding citizen has taken a different path. Even the employee with a current or past criminal lifestyle may not have entered employment with the intention of being dishonest. What inspired the rational choice to be dishonest? How did the employee rationalise their dishonesty in their mind?
Internal or external factors: Covid hybrid working creates a new and often insecure working environment for the dishonest employee.
- Being overlooked for promotion
- No / low pay rise when a business is trading with good profit
- Resentment of employer /business / management or other employees
- Instability in the business or business sector
- Encouraged by colleagues/suppliers / contractors
- Desire for a more materialistic lifestyle
- Relationship changes and stresses
An employee has the opportunity, will rationalise their actions and will seek financial reward for motivation and significant investment in SCP will not prevent this.
If an employee has an opportunity it will be because they have access, legitimately or not to the mechanism to affect the opportunity and they know how the systems work and know how to override them, including data accesses.
So What Can Be Done?
So, this highlights the absolute dilemma that I see in businesses on a daily basis and have done so over the last 20 years. In order to install suitable situational crime prevention processes and the ability to make a target so sufficiently hardened so as not to be able to be stolen will in virtually every case cease an organisation or business from being efficient and cost-effective. Where a business is making substantial investment in order to be as efficient as possible it would then be counter-productive to putting barriers that prevent this efficiency from taking place. These barriers may be physical, or they may well be barriers that involve several processes involving several other individuals which again may well increase the footfall of employees and the cost effectiveness of the business.
Businesses of all sizes and in all sectors will accept that they have to have a tolerance to loss of that tolerance will not be a realistic figure in the majority of cases. Businesses will not readily accept that there is a product that has a value to be stolen or an employee that will be willing to commit theft or fraud in any format.
It is much more simplistic to build in situational crime prevention methods and target hardening in a retail environment or public space environment than it is within a business environment. Within public space situational crime prevention techniques are not held with one individual or with one organisation. A council will control the CCTV system, the police authority will be controlling the police service individual shops will have CCTV and uniform security staff, some stores will have access control, such as a jewellery shop and large numbers of public, transport methods and services will naturally provide situational crime prevention and assist with target hardening.
In many retail outlets and public space there will be natural surveillance, whereby premises, individuals and product are naturally observed and under the view of the public. There will be natural territoriality as businesses, individuals and interested parties will naturally observe their business and commercial space.
With a dishonest employee in the commercial environment many of these preventative and destructive measures are not in place allowing the employee the opportunity to be dishonest as the target hardening and situational crime prevention does not fulfil a primary role.
My belief that it is indicative on businesses to look at their target hardening and crime prevention measures regarding the prevention and disruption of dishonest employees in a realistic mature and proactive manner.
Employers and businesses must be realistic and accept that there will be has been or currently are dishonest employees in the business. They need to understand how the employee may be dishonest where and why.
Employers and businesses must be mature in understanding this risk and conducting a gap analysis to identify the opportunities for dishonest employees and weaknesses within the organisation and working from the broad and general towards the specific they look at cost-effective and operationally feasible means in order to prevent and disrupt employee dishonesty.
Employers and businesses in being proactive can substantially reduce the risk of financial loss and reputational damage as well as creating an environment of low morale and create an environment whereby it prevents an employee from becoming dishonest and creating that environment that progresses from what I believe is the current perception to a realistic perception for a dishonest employee.
I would suggest that the current perception for an employee who is being dishonest is that they are unlikely to be caught. If they are caught the sanctions are likely to be minimal, probably resulting in a dismissal from the workplace and no police involvement and that there will be no financial retribution for them in repaying any monies back to the employer or the business.
The perception that a mature and realistic employer and business need to create is that if an employee is dishonest then the likelihood of being caught is high and the consequences and sanctions will be swift and severe. If this is the perception of an employee you have at the initial outset of being mature and realistic already commenced a disruption and prevention structure.
With all of my experience over the years I consistently see that employers and businesses do not fully understand the risk that an employee could be dishonest in the workplace. They consider that the situational crime prevention measures that they have installed in the organisation will prevent employees being dishonest. They consider that they have no target which needs to be hardened .The naïveté is understandable as only when you have worked within law enforcement and investigations is an issue such as this at the very forefront of your mind and consciousness.
Over 20 years on every occasion that I have gone into any business environment and detected the dishonesty by an employee it was so simple to see how this could have been prevented and disrupted with often very simple and cost-effective methods or protocols.
I adopt a simple three tiered approach:
When you look at situational crime prevention and target hardening I am introducing this from the minute that I walk into the business because I am presenting to a board and senior management, some of whom may be being dishonest at that time, may be dishonest in the future or may have been dishonest in the past. What I am doing is highlighting to them how they are likely to be exposed and what I am doing to their colleagues is highlighting how they will be able to see the potential for one of their colleagues to be dishonest. The board and senior management will have just had a ‘shot put across their bows’.
Generally, when a senior employee is dishonest the figures are significantly higher in losses and it take significantly longer to expose that dishonesty. In that workshop / seminar I may have just prevented and disrupted a substantial monetary loss to the business. This is the cheapest or most cost-effective form crime prevention and target hardening.
In conclusion my advice is for an employer and business to be mature, realistic, and proactive and to look at the three tiered approach of education in the form of a seminar, assess your vulnerability in the form of a gap analysis and obtain some training in order to equip yourself.
Consider target hardening within your business and workplace by thinking outside the box in order to prevent, disrupt and detect dishonest employees.
DAVE KEARNS is Managing Director of Expert Investigations Group .www.expert-investigations.co.uk
He also writes under his personal brand of www.davekearns.co.uk
He is one of the country’s leading experts on preventing, disrupting, and detecting dishonest employees.