Friday, June 15, 2018

How Inadequate Key Control Puts Hospital Patients at Risk

Cabinet with pill bottles next to hanging keysFrom cyber attacks to active shooter threats, ensuring hospital security is more challenging than ever. Plus, you have to worry about HIPAA compliance and rising insurance costs that are influenced by treatment outcomes and patient feedback.

To reduce your risk, you need to reduce security threats that could impact patient care and satisfaction. You likely have someone to mitigate external cybersecurity threats, and it’s just as important for you to address internal physical security threats. Your facility has probably invested in physical security measures like cameras, metal detectors, public safety officers and training. But how well do these measures prevent employees from misusing facility keys? Let’s take a look at how poor key control intensifies two major risks to your facility and your patients.

Major Hospital Risks


Drug Diversion

With the rise of the opioid epidemic, more medical professionals are diverting drugs. According to DEA data, employee pilferage accounts for 22 percent of drug thefts or losses. Doctors, nurses and pharmacy staff within the VA’s network of over 160 medical centers and 1,000 clinics allegedly stole controlled substances for personal use or to sell. In some cases, this impacted patient care.

In fact, the CDC warns that when doctors or nurses abuse their access to narcotics, patients suffer due to substandard care and infection risks. Since 2005, there have been five separate infection outbreaks caused by healthcare workers contaminating injection equipment and supplies that were then used on patients.

In light of these risks, the DEA does not take drug diversion lightly. It opened an investigation against Effingham Health System for allegations that the hospital’s lax controls allowed employees to divert controlled substances. The investigation resulted in a settlement of $4.1 million. Consider how well your controls could withstand an investigation in a similar situation.

Device Theft or Loss

Data breaches are another risk that could affect patient satisfaction and increase your liability. Every year, security events cost U.S. hospitals approximately $1.6 billion. Of those, 38 percent are related to physical security. Believe it or not, healthcare is the only industry where more breaches are caused by insiders (56 percent) than by external threats. In 2017, 90 percent of the healthcare physical security incidents were thefts of assets such as laptops, portable devices and paper documents. The thefts took place in work areas such as offices 36 percent of the time.

For example, a former IT employee of Chilton Medical Center stole computer equipment from the hospital, including a hard drive he later sold online. The device contained records for 4,600 patients over the course of nine years. At North Texas Comprehensive Spine and Pain Center, a former employee stole an external hard drive from a doctor’s office, compromising the personal information of around 3,000 victims. Both of these examples demonstrate that employee accountability is critical to protecting patient information.

Mitigating Risks With Key Control


Certain employees do have a legitimate need to access keys for areas where narcotics, sensitive data or other sensitive assets are stored. But are you certain employees always use their keys for the authorized purpose? Can other employees gain access to those keys?

To protect your facility from liability and protect patients’ well-being, it’s critical to maintain employee accountability for key usage. The best way to do so is to create an automatic audit trail of key use that’s not vulnerable to human error or manipulation. Electronic key control systems help meet this objective.

Unlike traditional key storage methods such as desk drawers or pegboards, electronic key control systems typically consist of a metal drawer or wall-mounted panel that physically locks down keys. Some even allow you to set up access levels to ensure that people are only retrieving the keys they need to perform their job duties.

In addition, if someone checks out a key outside their shift hours when they have no need to do so, or if they have a key checked out for longer than they should, you can be immediately alerted by text or email. The system is fully automated, so if a security incident occurs, the automatic audit trail can aid in an investigation by providing a report of who checked out keys and when.

If employees abuse their access privileges and you don’t have adequate key control measures in place, are you prepared to answer to patients whose health or privacy has been compromised? Can you absorb the cost of compliance fines, rising insurance costs and more?

Tuesday, June 5, 2018

Holding Mail Carriers Accountable to Reduce Identity Theft

Mailboxes lined up on street corner
Private mail is a treasure trove of information for identity thieves. There are medical bills, credit card statements, checks, ID documents and more.

In Yonkers, NY, 85 people have been victims of mail theft so far, resulting in $660,000 in losses. Police arrested three men who stole 10 public mail bins — but the thefts continued. The officials involved in the investigation reported that it’s possible the thieves obtained a master key through ties to former employees of the postal system.

Unfortunately, it’s not uncommon for identity thieves to exist within the postal service itself. Employees have access not only to high volumes of mail but also master keys to public mail bins and cluster box units (CBUs). The Postal Inspection Service reports that in 2017, there were 1,145 cases of mail theft. From October 2016 to September 2017, the Office of Inspector General investigated 1,364 internal mail thefts — that’s 119 percent of the thefts from the Postal Inspection Service’s reporting period!

Fortunately, there’s a way you can address and prevent these thefts.

How to Reduce Insider Threats Through Key Control


Ensuring the safety of delivery equipment such as post office boxes, collection boxes and CBUs requires that you hold employees accountable for how they use keys. An effective key control policy requires that employees:

  • Only have access to keys required for their jobs
  • Use keys for the intended purposes
  • Report lost or stolen keys as soon as possible
  • Return keys at the end of their shifts

To reduce the risk of insider threats, the manual steps involved in meeting these goals should be automated wherever possible. Here are a few examples of how electronic key control helps improve employee accountability:

  • User Profiles — Rather than manually issuing keys, an electronic key control system controls access to keys based on specific user profiles. The system will also record when a key is removed, who removed it and when it’s due for return. To capture this information, some systems might require you to scan a key tag to update the log, while others will automatically record the transaction when the key is removed from the system. Again, the fewer manual steps required, the more secure the process is.
  • Real-Time Alerts — If the key is not returned when it’s due, some systems will send designated personnel a text or email alert.
  • Verifiable Audit Trail — Ensuring you have a verifiable audit trail of key usage can help with investigating security breaches. Even if someone accesses a key without going through the appropriate channels, the audit trail will help you identify who has used each key in the past and demonstrates that you took reasonable efforts to control access to your assets.

By implementing these measures, you can help ensure that employees use keys for their intended purpose. You owe it to citizens to minimize the risk of their personal information being stolen.

Tuesday, May 22, 2018

[Customer Tip] This One Item Improves the Way Your Dealership Stores Smart Keys

Keyless entry systems are all about convenience, but are they making key control more complicated at your dealership? They can be bulky, cluttering up your key control system. In addition, many smart keys (e.g., Toyota, Dodge, BMW) have a built-in valet key that can be separated from the body of the fob.

The problem with this design, as one dealer discovered, is that salespeople can remove the fob from their KeyTrak system while leaving the valet key attached to the key tag in the drawer. When a user doesn’t follow the proper checkout process, there’s no record of the key being removed, which can result in mystery miles and increase the dealership’s liability risk.

Fortunately, you can simplify smart key storage with one simple item: a key fob pouch. Here are the top three reasons you should use them for all your smart keys:

  • Less Clutter in the Drawer — When KeyTrak drawers are full, having the smart key and its pouch attached to the key tag prevents fobs from jostling in the drawer, helping to keep it tidy.
  • Added Security — The pouch containing the smart key is attached to a key tag via a KeyTrak fastener that runs through the top of the pouch, ensuring the valet key and fob stay attached to each other until the vehicle is sold. The fastener also prevents users from removing the fob from the drawer without going through the standard checkout process.
  • Fewer Scratches on the Key — The pouch protects the key from getting scratched so the key stays looking as new as the vehicle. The clear front allows salespeople to easily see and press the fob buttons.

Key fob pouch
  Key fob pouch with KeyTrak fastener

If you’re a current customer, you can purchase the pouches from our supplies catalog or call 1.800.541.5033 (option 2).

Monday, May 7, 2018

Are Your Dealership’s Sales and Service Departments in Sync?

You probably recognized long ago how your dealership sales and service departments can work together to generate revenue for your dealership. The sales department can offer service contracts on new or used cars, while the service department can refer customers to sales when vehicles start reaching their end of life.

Car salesman holding car keys
However, at many dealerships, the communication between departments stops there. You might not realize how important it is for these two separate departments with different operations to work and communicate with each other to keep your entire dealership running smoothly.

For example, consider what happens one department takes a vehicle key from the other and doesn’t properly log the activity or even tell anybody they have the key. A customer walks into your showroom and requests to test drive a specific car in certain interior and exterior colors. They’ve been searching the internet for weeks for this particular combination and you’re the only dealership in the area with their dream car.

Your website and CRM indicate that the car is on the lot, but the sales rep is unable to find the key on the pegboard. The rep checks with multiple people in your sales department but is still unable to find the key. The customer refuses to test drive a different car since they came for that specific vehicle and leaves after an extensive wait.

Later that afternoon it’s discovered that a service rep had taken the car to the back for routine service and failed to mark it in the key log. This lack of communication lost you a sale.

Just as your various departments can work together to make sure everybody is making money, you can see they also need to communicate in order to not lose even one customer.

Carl Sewell, a successful dealer in Texas, once wrote that one of his customers is worth $517,000 over their lifetime. How much is each of your customers worth to you? What can your dealership do to keep a careless mistake from costing you a long-term loyal customer and revenue source?

Knowing who accesses keys and when isn’t just a good security practice; it’s also a way to keep your dealership operations running smoothly and to give your customers a better, quicker experience. If you’re looking for an electronic key control system, be sure you choose an option that logs key access automatically and can give you a complete picture of where a key has been anytime you log in.

In the situation we described earlier, the sales rep would have instantly known who had the key when they made the request. The car would have been found, the customers likely would have bought it, and you would have been one step closer to having a customer for life.

Whether you have a single lot or a sprawling family of dealerships, knowing where keys are is crucial to making you money. How many times have you lost keys due to poor communication between departments?

Wednesday, May 2, 2018

Does Your Business Have a Data Recovery Plan?

Computer error
Have you ever gotten a new smartphone and gone through all the setup steps only to discover that your entire contact list from your old phone wasn't backed up properly? If it was a business phone loaded with vendor and customer contacts, how big was that headache?

Of course smartphones aren't the only electronic systems you use to conduct your business. You have computers, tablets, copy machines and maybe even an electronic key control system. All of these things store important data, and suddenly losing that data can have serious consequences.

Data corruption, security breaches, power loss, backup power failure, user error and hardware or software failure are all major causes of data loss and can happen at any time, no matter what steps you take to protect yourself.

If you use an electronic key control system for securing and tracking keys at your business, what would happen if you suddenly didn't know where your keys were in the drawer, which keys were checked out and who had them last? Losing key control system data would create unnecessary work for your employees, who must now figure out what keys go where, creating liability and security risks in the process.

The best thing you can do is have a recovery plan to help you continue operation during a data loss event. Here are some steps you can take to help you mange your keys if your system fails.

Use Reporting Features


Knowing who has keys and when they took them is a smart security and liability-reducing practice. It's also likely a big reason why you chose to implement an electronic key control system at your business. However, the ability to track key activity would be severely hampered if your system failed and you didn't have a contingency plan in place to continue operations.

That's where having a recent key inventory report can help you know what keys go where and manage key activity during the downtime. While not as efficient or secure as a fully operation electronic key control system, the ability to log key access manually with a recent report can help you continue operating and make sure keys are where they are supposed to be when the system is brought back online.

Perform Routine Backups


Just as you should pull reports for your system on a regular basis, you should also routinely back up your entire system to an external media device, such as a USB memory drive. It's a backup best practice to back your data up to an external location rather than the system itself.

If your server is still operational after some sort of outage or data loss, a recent backup can help you quickly restore the latest backed-up data and allow you to resume operations with minimal long-term disruption.

Prepare for the Worst


Unfortunately, even best-laid plans can still be spoiled if human error leads to a backup not being performed as scheduled or if your external storage device becomes corrupted. That's why you should choose an electronic key control system provider that can offer you a cloud backup solution.

An automatic off-site backup to a secure cloud gives you an added layer of protection against serious downtime. If your server is completely debilitated by an unexpected incident, such as a coffee spill or a pipe burst in your office, your latest backup can be loaded to a replacement server and promptly shipped to help you get your system running as soon as possible.

How have you prepared your business to recover from a data loss scenario?

Wednesday, April 25, 2018

Are You Neglecting This Important Aspect of K-12 Campus Security?

K-12 schools across the country have been rocked by recent events that highlight a need for greater security. Because of these events, you may be looking at updating current security policies and procedures, as well as implementing new ones.

School hallway of lockersOne security issue that hasn’t received significant public attention is key control. Implementing effective and secure key control procedures entails several variables, including who will manage keys, how many faculty members will have access to them, how long faculty can keep certain keys, and so much more. All of these factors contribute to the struggle you may be facing when trying to put your key control policies into practice.

Unfortunately, this security gap puts your students and your campus at risk. For instance, police were investigating a bomb threat at a school in Massachusetts when they discovered a 16-year-old was carrying a school master key. Although the teen wasn’t connected to the threat, it’s concerning that he was caught with the key. What was he planning to do with it? Had the school realized the master key was missing? How did he get it in the first place?

These are questions that no school should leave unanswered. Fortunately, there’s a secure and effective solution for managing your campus keys. To learn more about how you can improve your key control practices, check out our white paper.

Tuesday, April 17, 2018

Client Spotlight: Electronic Key Control System Helps Sprawling Dealership Family

McGrath Family of Dealerships
Source: McGrath Family of Dealerships
The drive from Marion, IA to Dubuque, IA is more than 65 miles each way, making the round trip almost two and a half hours. That's a long time for an employee to be in a car during business hours, let alone when a customer sale is hanging in the balance.

That drive is something employees at the McGrath Family of Dealerships occasionally have to deal with when they need to retrieve a car from a Volkswagen store in Dubuque for a sale in Marion. When a dealership group has multiple stores spread across a region, trips like this are simply a reality of the business. They can also turn out to be a huge waste of time and money.

What happens if there is a miscommunication about the car being in Dubuque? Does the dealership even know where that car's key is? What if the car was sold the day before and the CRM wasn't updated in time? Even if the rep calls ahead, does the Dubuque employee know for sure that the car is still on the lot?

Wasted trips helped McGrath recognize that it needed a better solution for managing its inventory and its keys across its multiple dealerships. That solution needed to track who has keys and when they took them across multiple locations. By ensuring inventory information was centralized and kept up to date, employees would no longer have to make long, pointless trips to stores in Iowa City, Dubuque or Grand Rapids.

McGrath found an answer in KeyTrak. The dealership began installing the electronic key control system at several of its stores in early 2012 and has continued to install systems at every new store it has acquired or opened since.

There are now 21 KeyTrak systems storing more than 3,500 keys across McGrath's multiple dealerships, covering sales and service departments alike and keeping everything running like a well-oiled machine.

"When a key is checked out, we know who has the key," said Orrin Smith, director of sales for McGrath Family of Dealerships. "We chose KeyTrak for how the systems integrate with each other and how they can communicate with all departments at multiple locations."

How much would having key systems that communicate across your several dealerships help improve your processes?