A few years ago, a 38 year-old California man strolled into a San Bernardino-area dealership, pocketed a pair of keys and drove off in another person’s vehicle — all during business hours. It turned out the man had previously been employed at the dealership, so he knew exactly where keys were kept.
This incident is one of many that happen across the nation every year. In fact, research indicates that the number one source of shrinkage for retailers in 2015 was employee theft.
Although not every theft is preventable, you can follow a few best practices to reduce the likelihood of internal key theft.
It's unclear how the San Bernardino man gained access to customer keys without turning heads. However, if you’re concerned about a similar security breach, updating manual key control processes to electronic key control could help deter theft.
By requiring users to log in via password, key fob and/or fingerprint scan, the system creates an audit trail so you can review exactly who’s accessing which keys and when. Additionally, with an electronic key control system in place, dishonest associates won’t be able to argue against the validity of key control logs. This reality will resonate with your employees, discouraging potential theft.
Separate Employee Responsibilities
In some businesses, it’s not uncommon for the employee handling alarm codes to also be the keeper of the keys. In the event an alarm goes off, however, this arrangement can easily become a conflict of interest. If you designate a single employee to handle both responsibilities, that employee could 1) commit theft nearly unnoticed, or 2) leave keys unmanned long enough for another employee to commit theft.
To limit this liability, consider designating multiple system administrators, so that no employee has unchecked access to security measures. Designating several system administrators distributes accountability, which is beneficial for several reasons:
- If one administrator isn’t present you’ll still have access to the system.
- You eliminate the risk of a conflict of interest.
- Each administrator can still complete daily tasks without compromising key security.
Disable User Accounts After Employees Leave
When an employee leaves, it's important to ensure they don't still have access to company systems and assets. The same electronic key control system that allows you to set up multiple users also allows you to remove terminated employees from the system. In doing so, you can protect your company against potential credential abuse. Whether it’s an employee trying to clock in for a coworker, or an ex-employee looking to steal from their former boss, password security is not to be taken lightly.
For more information on how to maintain key security, read our post “Do You Know Where Your Keys Are?”