Mitigating Security Risk - Expense: $0.00
We were approached by a client that ran a luxurious retail business across Asia Pacific. Client had an incident at one shop where half a million ($HKD) worth of electronic merchandise was stolen in a two-week period.
Client needed to understand how it went undetected and how to prevent future incidents. Due to the loss amount was high and happened in a short period of time, our working hypothesis was: insider's job.
After site survey, logistics review, peak hour observation, and staff interviews, we produced the findings:
1. Guards were summoned by store manager to help with sales duties.
2. Staff, despite being against policy, do not always enter or exit the shop via the back door where security checks take place.
3. Stolen merchandise were handed over to outside receiver in the toilet near the shop.
The findings suggested:
1. An insider stole the merchandise;
2. Left the shop via front door to avoid security check;
3. Transferred the stolen items to the receiver;
4. Repeated above steps.
The guards at the sales floor could have slowed down the process but instead they were busy with sales duties.
1. Enforce security policy that all staff must enter and exit via the backdoor.
2. All staff must wear a badge at all times where guards can easily identify staff from non-staff.
Client was happy to implement the recommendations because they made sense and introduced no extra expenditures.