Tuesday, July 2, 2019

The Human Side of Poor Key Control

Man with head in hands
Would you want to be known as the organization that allowed a thief to pilfer the property with a master key? What would you say to the media if someone stole a vehicle from your organization and used that vehicle in another crime? How would you rebuild trust with customers if an employee abused their key access to steal someone’s personal information or assets? How long would it take you to recoup profits lost from reputation damage?

There are real business consequences to poor key control. But what you might not have thought about is how misuse of keys and other assets negatively affects people’s personal lives — perhaps even your own or your loved ones’ lives.

For example, lost or stolen keys waste employees’ time and inconvenience customers who have entrusted their personal property to your business. In extreme situations, mismanaging keys can even put lives at risk, such as if an intruder steals an apartment key and hurts a resident or if a thief is involved in a fatal accident while driving a vehicle stolen from a dealership.

That’s why it’s vital for your organization to secure keys and reduce security vulnerabilities. Let’s take a closer look at how poor key control impacts employees, customers, and the community.

Employees


As mentioned earlier, when keys are lost, employees are forced to spend time dealing with interrupted operations, rekeying, and more. If unsecured keys are stolen, that can spell additional trouble for staff.

For example, after a car was stolen from a repair shop in Michigan, employees were concerned that  insurance costs would increase and the repair shop would lose credibility, hurting employees’ ability to provide for their families. At a Georgia prison, mishandled keys endangered corrections officers (COs) by enabling an inmate to swipe a key and open other inmates’ cells.

Customers


Customers and stakeholders also face the consequences of poor key control. In the automotive industry, there are plenty of horror stories involving customers whose cars were stolen while they were being serviced. After one man’s vehicle disappeared from the service drive, management told the customer that if they couldn’t locate the vehicle, the customer would be stuck replacing it himself.

Just as mishandled keys in a dealership’s service drive leave customers’ vehicles at risk, improperly secured and tracked keys at multifamily communities, assisted living facilities, and college dorms leave people's homes vulnerable.

If keys aren’t stored in a secure location with proper checkout methods in place, employees, vendors, or burglars can use these keys to enter a resident's home without authorization. There are countless headlines about intruders stealing cash, prescription medications, or other personal items. Although less common, there have also been cases of violent crimes against residents.

Additionally, ineffective key management can expose customers to data breaches and identity theft if employees abuse their key access to obtain devices holding confidential data. That was the case at a medical facility where a former IT employee stole a hard drive containing sensitive customer information and sold it online.

The Community


In some cases, the effects of unsecured keys can extend beyond employees and customers to the broader community.

One common way an unauthorized key user could put the community at risk is by driving a vehicle without permission, whether it’s a company fleet car, dealership inventory, a delivery truck, or a government vehicle. If that driver is involved in an accident, they could harm pedestrians, other drivers, or city infrastructure. In one Oregon town, for example, a car struck a power pole, leaving the entire town and surrounding areas without power.

A rare, but still concerning, scenario is a prisoner using a key to escape from prison or jail, posing a danger to society. At a New Mexico jail, an inmate swiped a key that had been left hanging in a lock. He then used the key to access an area containing housing pipes, where he and three other inmates — a group that included a convicted killer and murder suspect — escaped through a hole in the roof.

While everyone is responsible for their own actions, you can take steps to avoid putting your employees, your customers, and the wider community at risk. Investing in an effective key control system is one of those steps. Most, if not all, of the examples mentioned here could have been avoided if keys were securely stored in a way that only authorized people could remove them.

When deciding how you’ll secure your keys, considering the implications to your organization is important, but don’t forget to consider how people’s personal lives could be affected by your decision.

Tuesday, June 25, 2019

Condo Master Key Control: Five Risks and How to Solve Them

Burglar breaking in with key
Fueled by a heroin addiction, a maintenance technician at a Massachusetts condominium community robbed 19 separate residents over a period of a few years. The monetary value of the items amounted to several thousand dollars, but worse than that, many were irreplaceable heirlooms passed down through multiple generations.

In Canada, a condominium complex spent $30,000 to $40,000 to rekey its building after someone stole a bike from a storage unit.

The common thread in these stories is master keys. The maintenance technician abused his access to the master key to enter residents’ homes, and someone stole a master key from the fire safety box at the Canadian complex to let themselves in to the storage unit.

It’s not uncommon for condo associations to keep master keys on file (or at least copies of each resident’s key), but is the way you handle keys putting your association and residents at risk?

Master Key Risks


Unfortunately, it’s difficult to keep master keys out of the hands of unauthorized people and prevent authorized key holders from abusing their access. Some common issues include the following:

No Rekeying After Construction

During construction, contractors use a master key system to allow them to move easily throughout the building. Once the development is complete, it’s difficult to know which contractors and other vendors might still have master keys to the building. If your condo building hasn’t been rekeyed since it was built, you’re leaving homeowners vulnerable.

Unauthorized Duplication

Stamping keys with “Do Not Duplicate” provides a false sense of security. The Associated Locksmiths of America (ALOA) advises members to discourage customers from relying on this inscription as a security precaution, as it’s not legally binding unless the law prohibits duplication of the keys (such as keys used by the Department of Defense).

If someone wants a copy of a key badly enough, they aren’t likely to let the “Do Not Duplicate” warning stop them. A quick Google search reveals strategies for disguising an inscription, such as hiding it with a rubber cover or covering it with tape and writing a unit number or “Shed Key” on it, so the locksmith is more likely to make copies. There are even local threads dedicated to recommending locksmiths that will ignore the inscription.

Key Abuse

Assuming someone is authorized to use a master key as part of their job, can you be sure that they’re using the key for legitimate reasons? As one lawyer told The Palm Beach Post, even if condo associations have a right of access, it’s “not to be abused by a maintenance man who needs a private place, and not so a maintenance man can use a bathroom.” Failing to abide by these standards can lead to legal issues.

Key Theft

The risk of key theft goes up if you keep keys in an insecure place, such as a fire box that can be easily pried open, a pegboard from which keys can be swiped, or in a desk drawer that’s left unlocked. If you don’t maintain a verifiable access log to track who’s removed keys and when, that risk increases even more.

Carte Blanche Electronic Access

Smart locks, also called electronic locks or keyless entry, give residents the ability to unlock their doors with codes, fobs, or even their smartphones. Keyless entry is convenient, but it does come with more administrative effort than some property managers may realize. If the property uses a system with security tokens, condo association employees may choose to program a master access method that opens all unit doors. This practice presents many of the same risks as master keys.

How to Protect Your Community


To protect your community, follow the below best practices for key security:

Rekey When Necessary

If your building hasn’t been rekeyed since construction or if a master key has gone missing, it’s critical that you rekey to protect residents. To avoid this expense in the future, take steps to secure the keys in your care.

Inform Homeowners

Let homeowners know if you have a master key on file, how you’ll secure it, who will use it, and in what circumstances it’ll be used. If possible, request individual copies of unit keys instead of maintaining a master. Also notify residents when the key to their home has been removed and why.

Keep Accurate Logs

Keep a log of which employees and board members are authorized to access which keys and when. Be sure to update this record and collect any unreturned keys when an employee leaves or when new board members are elected.

In case you need to investigate a possible issue with key abuse, ensure you have a way to pull reports on demand. Using an electronic key control system to create an electronic log minimizes the possibility for human error and manipulation.

Implement the Right System From the Right Partner

To secure keys, implement a patented key control system (a recommendation that’s supported by the ALOA). If you use electronic locks and use preprogrammed access fobs or proximity cards, consider using an electronic key control system to restrict access to those tokens. Just be sure to choose your key control partner carefully — one of homeowners’ top complaints about associations is when management chooses low-quality or unethical vendors.

Train Employees and Board Members

Implement periodic key control training for employees and board members. This ensures that those responsible for keys know what’s expected of them and are aware of the consequences for failing to follow your key control procedures.

Without taking the right precautions, your master keys could be mastering you. By taking steps to secure keys and hold authorized users accountable, you can avoid costly security breaches and put homeowners’ minds at ease.

Tuesday, June 11, 2019

Is Your Dealership Inviting Organized Crime?

Lot of cars next to harborHow would you react if you discovered that five vehicles had been stolen from your dealership’s lot? What about when police tell you that organized criminals were responsible for the theft — and that those five vehicles were likely shipped overseas to be used in activities related to drug trafficking, terrorism, and other crimes?

Believe it or not, this exact scenario is happening more often, thanks to a common dealership practice: keeping keys in window-mounted lockboxes.

Why Dealers Love Lockboxes


Dealers who use window-mounted lockboxes say one of the reasons they prefer this key control method is it prevents salespeople from abandoning prospects on the lot to retrieve vehicle keys.

However, consider that 60 percent of the car-buying process happens online, with buyers spending nearly 15 hours researching their intended purchase. When prospects visit your store, they’ve already done their research and don’t want to spend time wandering the lot. Even if they did, having prospects in the middle of your sea of inventory only distracts and confuses them, delaying the sales cycle.

Having the vehicle they want to test drive already pulled up when they arrive for an appointment is going to make for a more positive experience than dragging them out to the lot to retrieve a key from the lockbox.

Why Thieves Love Lockboxes


In fact, keeping keys in lockboxes could make you a target for organized crime. Storing keys with each vehicle — as opposed to storing them in a secure location separate from your inventory — simply makes thieves’ jobs easier.

Sure, lockboxes are more secure than keeping keys inside an unlocked car, but as one Tennessee dealer realized, they’re not as foolproof as you might think. Professional thieves have ways to thwart lockboxes, such as using a master key they’ve purchased online, intercepting the fob signal, or simply smashing the box open.

How to Protect Your Inventory


To reduce the risk of theft, it’s important to implement a key control solution that meets at least the following criteria:

  • Prevents unauthorized users from removing keys
  • Keeps keys separate from vehicles
  • Allows salespeople to easily check out keys for test drives

Be sure to continually review your key security measures, especially since new vulnerabilities crop up every day.

To learn more about how organized criminals are targeting dealerships and what you can do to protect your business, download our eBook “Is Your Dealership Inviting Organized Crime?

Wednesday, June 5, 2019

Customer Tip: Create a Daily Key Control System Checklist

Daily Key Control System Checklist
There’s a reason — several, in fact — some of the most successful leaders use checklists. Not only do they help you stay organized, they also help you delegate and achieve excellence. The same principles apply to effective key management.

With a small daily time investment in your KeyTrak system, you can save time in the long run and prevent hours of headaches in the future. Use the checklist below as a starting point and feel free to customize it for your organization. There are some tasks you should perform throughout the day and others you only need to handle at the end of the day. Once you get into the habit of using this checklist, it’ll become second nature.

Throughout the Day


Inspect the Drawer(s)

Log in, open each drawer, and quickly scan the contents to make sure all keys are properly attached to the tags and all tags have been returned to a slot.

Check the System Summary Screen

Check the System Summary screen for an at-a-glance overview of recent key and user activity. This screen is continuously displayed at the bottom of the main screen, making it easy to keep tabs on system transactions.

Review Automatic Email Reports

If you haven’t already, consider setting up automatic email reports so you can conveniently monitor system activity from your desk.

Pay Attention to Pop-up Messages

If a pop-up message appears on the screen, don’t ignore it. Be sure to follow any instructions it includes. Users should be trained to contact a system administrator, their manager, or KeyTrak support if they encounter an issue.

At the End of the Day


Ensure All Keys Have Been Returned to the System

Making sure all keys have been returned to the system at the end of the day helps prevent security breaches. Use the System Summary screen to quickly see how many keys are checked out.

Run Keys Out and Tag Inventory Reports

If you see that keys are still checked out of the system at the end of the day, run Keys Out and Tag Inventory reports to see which keys haven’t been returned and which users checked them out. Keep reports on file for at least 90 days in case you need them to investigate an incident.

Perform a Backup

Back up the system via an external media device or KeyTrak Cloud Backup and ensure you have a data recovery plan. This ensures that in the event of an event such as a power outage, you’ll have a map of each drawer’s contents.

If it’s not possible to complete all these steps personally, whether you’re going to be out of the office or the business closes after you’ve left for the day, you can share any or all of these tasks with a trusted system administrator.

Taking a few minutes every day to go through your checklist and monitor your KeyTrak system will help your business be secure, efficient, and successful.

Friday, May 31, 2019

Effective Key Management Saves Time and Lives

Corrections officer watching inmates
According to the Justice Department, about 4,400 people die in U.S. prisons every year, which equates to 12 per day. Whether it’s a fight among inmates or an inmate needing medical attention in their cell, your correctional officers (COs) need to react quickly and efficiently.

Unfortunately, when precious seconds matter and a CO needs a key, policies and procedures often get tossed aside. It’s not ideal to search and fumble for the right key and sign it out when every second counts in a dangerous circumstance.

Under the stress of the situation, whoever took the key may not put it back immediately. If the key isn't promptly returned and later left in an unsecured location, that opens the door for an inmate to swipe the key. If a CO loses a key after failing to complete the checkout log, then there’s no telling who might have it or who needs to be held responsible for losing it. It might even go unreported.

What happens when you do find out that a key has been lost or stolen? You may have to change multiple locks in your facility. That means dishing out significant funds, which could have been used for other facility upgrades.

You may think that these problems are unavoidable and that they happen in every jail or prison. However, there are several ways that you can avoid these issues in your facility.

Don’t Rely on Outdated Procedures


Old metal lockboxes and handwritten logs are outdated procedures that represent a major security and key management risk for your facility. Secure your keys with an electronic key control system that allows quick but secure access to keys.

Hold Employees Accountable


Make sure you know who’s responsible for keys by keeping accurate key audit trails. Keeping accurate audit trails helps with avoiding employee theft. With an electronic key control system that automatically tracks access, you can quickly know if a key isn’t returned and who removed it, holding employees accountable and saving you time and money.

Avoid Slow Key Checkout Methods


With a quick and easy key checkout method, you can make sure COs don’t feel compelled to grab keys without signing them out first because they don’t have time to waste in an emergency. An electronic key control system with a prompt checkout procedure, such as a biometric fingerprint reader, ensures COs aren’t wasting any precious seconds.

An electronic key control system can also help your COs in times of duress — especially when a CO may need to discreetly notify a supervisor of a problem without letting the inmates know. Being able to do so will ensure a quick response time and prevent the situation from escalating.

When all it takes is a second for things to go south, it’s imperative to have efficient procedures in place that don’t hinder safety or security. An efficient key management process can save your facility time, money, and lives.

Wednesday, May 22, 2019

CO Training Doesn't End After Orientation

Prison guard tower
Correctional officers (COs) face dangerous situations every day. The 428,000 COs tasked with overseeing 2.3 million incarcerated individuals in this country are well aware of the stresses and risks of the job.

Let's break down the numbers. Correctional institutions have a higher rate of nonfatal workplace-related injuries (7.9 per 100 full-time workers) than ferrous metal foundries (7.4), sawmills (5.9), coal mines (3.7), and forestry and logging operations (3.1). In fact, the national average across all sectors is 3.1 — less than half of what COs face every day.

It would stand to reason that occupations with a high amount of risk, such as being a CO, would warrant a high amount of training. After all, commercial pilots, law enforcement patrol officers, and military soldiers receive extensive training before going out into the world and being entrusted with others' lives.

Unfortunately, that's not always the case for COs. Prisons and jails across the country are filled to the brim with inmates, while a shortage of COs is leaving gaps that are being filled by tired and overworked COs or, in a move that's becoming more common, inexperienced support staff. In some states and facilities, new COs are rushed through a basic orientation class then thrown to the wolves.

The realities of your staffing needs might prevent you from providing COs with much more than orientation before they're sent inside, but that doesn't mean training should stop there. It's more important than ever to maintain routine training — even if it's revisiting basic security processes like key management — for new and experienced COs alike.

Here are some areas where routine training is critical:

Defusing Dangerous Situations


Your COs will inevitably face dangerous situations that could escalate into fights, attacks, or riots. Sometimes it's better to be the brains in the situation than the brawn. Training on how to defuse dangerous situations helps COs keep the peace. A course on crisis intervention, for example, helped Deputy Warden Robert Montoya stay calm while negotiating with inmates during the New Mexico State Penitentiary riot in 1980.

Surviving When the Worst Happens


Physical attacks are going to happen, and COs need to be prepared for how to react. Hand-to-hand combat is probably part of your basic training program for COs, but it's an area that should get frequent refreshing. The ability to escape an attack and de-escalate the situation should be muscle memory. This skill is especially important for the support staff filling shortage gaps since inmates will anticipate they can take advantage of staff members' inexperience.

Catching Smuggled Contraband


From weapons and drugs to food and cell phones, there are any number of things your facility considers contraband, and keeping those items out is a growing challenge. Outsiders — and even insiders — are always searching for and evolving ways to get contraband inside. Routine training should cover the latest methods for smuggling contraband, such as drones, and reinforce the consequences for COs who are caught involved in smuggling.

Maintaining Security Processes


All it takes is one little slipup to give an inmate a chance to escape or instigate problems. Consider a scenario where a cell key is lost by a rookie CO. How soon would your key management officer know the key is missing? How much time and money would you waste rekeying cells because the CO was careless or wasn't held accountable? From making sure gates are closed to practicing sound key management, all security processes should get routine training refreshers.

Even if your COs get extensive training before their first day on the job, it's still important to reinforce these areas. COs must do their job right day in and day out, and even one mistake can lead to an attack or escape attempt. What do you do to make sure your COs always follow procedures?

Tuesday, May 7, 2019

How to Predict and Prevent Employee Theft

Man concealing money in suit jacket
Every year, workplace crimes such as employee theft costs U.S. businesses $50 billion. Most of these thieves aren’t hardened criminals who’ve been plotting to defraud their employers from the outset. In fact, the vast majority (96 percent) don’t have prior fraud convictions. With the right motivation and opportunity, employees will try to justify stealing time, money, information, or assets from your organization.

Not all employees steal, of course, so how do you spot and stop insider threats?

Three Characteristics of Employees Who Steal


While insider threats take many forms, people who have stolen from their employers can typically be described by one or more of the following three characteristics.

Disengaged


According to Gallup, only 33 percent of U.S. workers are engaged in their jobs. Apathetic employees are toxic to the work environment — they miss more work, negatively influence coworkers, cost money in lost productivity, and drive customers away. You might have guessed that they’re more likely to steal as well. In fact, business units with high numbers of disengaged employees lose 51 percent more of their inventory.

Desperate


Desperation can send seemingly trustworthy veteran employees down a slippery slope to fraudulent behavior. Circumstances that can drive people to extreme measures include:

  • Death
  • Divorce
  • Family problems
  • Financial difficulties
  • Addiction struggles
  • Medical issues
  • Job troubles
  • Unstable life circumstances

Faced with any of these issues, an employee could feel there’s no other solution than to misappropriate resources. They might try to justify their actions with excuses such as “The company makes millions every year. A few thousand won’t hurt,” or “I’ll return the money when I can.”

Disgruntled


Disgruntled employees can wreak havoc on your company, retaliating for what they feel is unfair treatment, whether it’s low pay, disrespect, or termination. They may steal proprietary information, facility keys, computer hardware, equipment, money, inventory, time, or things as small as office supplies.

Deterring Theft


Understanding why employees steal is one thing, but preventing theft is another. There are, however, a few things you can do to help nip fraudulent activity in the bud.

Address Suspicious Behaviors


Certain behavioral warning signals can indicate whether or not an employee is more likely to swindle your company:

  • Living beyond their means
  • Developing an unusually close relationship with a vendor, customer, or other business partner
  • Objecting to sharing job duties
  • Displaying a wheeler-dealer attitude
  • Acting irritable, suspicious, or defensive
  • Harassing other employees
  • Frequently showing up late or not at all
  • Abusing internet access by visiting inappropriate websites or spending too much time browsing

It’s important to monitor these behaviors and promptly address any areas of concern.

Hold Employees Accountable


As with most processes, your approach to security should never be “set it and forget it.” Management should be actively involved in ensuring the honest, appropriate employee conduct your organization expects. The following steps are a good start:

  • Have clear company policies that outline expectations for performance and conduct.
  • Enforce predefined consequences for noncompliance.
  • Implement checks and balances such as having employees share responsibilities or requiring two approvals for transactions.
  • Revoke access privileges and confiscate company property immediately when employees leave.

By holding employees accountable, you can reduce opportunities for theft.

Detect and Investigate Suspected Theft


Unfortunately, even with precautions in place, theft does still happen. To help you detect and investigate suspected theft, implement the measures below:

  • Secure restricted areas or equipment with hardware or software that can track user access.
  • Set up automatic alerts for suspicious activity on key control, accounting, or other systems.
  • Establish a tip hotline or other reporting process employees can use to anonymously report any fishy behavior they’ve observed.

Once you’ve been tipped off to possible wrongdoing, be sure to act promptly to minimize the impact on your organization.

By being proactive and aware of what’s going on inside the four walls of your business, you can avoid being a part of that $50 billion tab for employee theft.