Wednesday, May 7, 2014

Multifamily Key Control: The Way You Collect Data Is Key

Key control is important for all businesses — especially those in the multifamily industry.

The threat of an employee stealing and using tenant keys to commit burglary is real. An apartment complex in Boston realized this when it experienced a series of burglaries where there was no sign of forced entry, indicating someone had used keys to access the units. It's essential for you, as a property owner, to tightly secure keys and uphold staff accountability by recording key transactions.

The first decision you have to make is whether to collect this data actively or passively.

What's the Difference?

Active Data Collection

keys being handed to person in front of apartmentsActive data collection relies on users to manually record information such as key tag numbers, dates, times and reasons for checking out keys or to swipe a key tag through a reader after removing it from a lockbox.

This method of data collection is most often used with manual key control methods such as pegboards or with electronic key boxes that don't automatically record user transactions from the instant the key is taken to the moment it's returned.

Passive Data Collection

Passive data collection doesn't require users to remember to manually enter any transaction information. Instead, transaction information is collected automatically the instant a key is removed from the system so users don't have to manually write it down, enter it into a spreadsheet or scan a key tag.

Automated key control systems use passive data collection to record user information, date, time and reasons for checking out a key (e.g., during an apartment showing or maintenance call). Another perk of this type of data collection is that it provides a 100 percent verifiable audit trail of the information, so it enforces employee accountability.

Why Passive Data Collection Is More Secure

When it comes to security, the word "passive" has a negative connotation. In terms of recording key control data, however, passively collecting data is crucial for protecting yourself from liability risks.

Active Data Collection

In a perfect world, your staff would always take the time to accurately record when they check out or return keys. Unfortunately, human error is inevitable (even well-meaning, trustworthy employees make mistakes). In the event that one of your employees decides to use a key for a prohibited activity, active data collection leaves your key control protocol vulnerable to manipulation.

A key can be taken from a lockbox or pegboard, duplicated and returned within a matter of minutes. If a person removes a key without signing it out and subsequently returns it before anyone notices it's missing, the key security for the unit to which the key belongs has been compromised. Even if you use computerized lockboxes that require users to enter a PIN or swipe a card, keep in mind that transaction details won't be recorded unless the user scans the key tag or enters the key tag number into the system.

Without any recorded key transaction details, the security breach will likely go unreported until a resident or their property is harmed. Because the landlord is responsible for following key control best practices to protect residents, active data collection can create liability risks for the property owner.

Passive Data Collection 

Passive data collection virtually eliminates the risk of inaccurate records because users aren't required to manually input information or scan a key tag. By relying on passive data collection, you'll be able to easily keep a real-time verifiable audit trail of which users checked out or returned keys and the date, time and reason they did so. Data can't be forged or altered by users, so you'll automatically have tighter and more accurate key security than if you were using a manual process.

Passive data collection reduces the risk that keys will fall into the wrong hands. Electronic key systems that rely on passive data collection authenticates users by having them scan a fingerprint, enter a unique password, scan a key card or provide a combination of these authentication methods. Some systems also allow you to create access levels for authorized users. In the event that a user attempts to remove a key they're not authorized to use, the system can  instantly notify you by text or email.

We think the choice is pretty clear for property owners, because, most importantly, passive data collection enforces a necessity that active data collection doesn't: accountability. For more tips on how to secure your property, check out our whitepaper "Six Common Key Control Mistakes Property Owners Make."