Thursday, September 6, 2012

The Employee Dishonesty Problem

Estimates reveal that between 40 to 50 percent of all business losses can be attributed to employee theft. Employers cannot afford to ignore this large-scale problem and should do everything in their power to create a workplace atmosphere that promotes honesty and encourages and rewards good behavior. This is the conclusion of a new Connecting Research in Security to Practice (CRISP) Report commissioned by the ASIS Foundation.
·         Employee theft and error can account for the majority of losses. A recent survey reports that retailers believe employees account for 47% of their inventory losses.
·         Employees have been known to damage merchandise intentionally and mark it out-of-stock, an indirect means of theft. Employees may shoplift or give away merchandise.
·         Frequent driving violations, criminal convictions, multiple worker compensation filings, and falsification of educational degrees or professional licenses are all risky behaviors and should be a red flag for a future employer.

The report, “Strategies to Detect and Prevent Workplace Dishonesty” by Read Hayes PhD, provides research-informed, practical strategies to reduce counterproductive workplace behaviors, including thefts and frauds of all types. It describes factors that can lead to these behaviors, describes common employee theft and fraud methods, and analyzes selected prevention techniques, policies and technologies.

“Regardless of their motivation, many employees are more likely to stray from acceptable behavior when the opportunity presents itself,” Read writes. “If an employee perceives little chance of being caught, he or she may be more inclined to steal.”

The report provides employers in all types of businesses with ways to discover counterproductive and criminal employee behaviors and to prevent employees from even thinking of swaying from acceptable workplace norms. When implemented, the numerous strategies documented through research can prevent problems from occurring—and reoccurring. Learn more at Millennium Group Access Control.

Thursday, July 19, 2012

Analyzing Security Essentials

Developing a comprehensive security plan requires methodical and deliberate analysis. Starting with a macro understanding of an organization and progressing to micro security tasks, it takes structure to compile and analyze a security plan. The resulting series of recommendations are orchestrated to complement and support each other.

It is a formidable undertaking, because few industry models exist. Few security programs are products of a comprehensive analysis; most are developed on an ad-hoc basis in response to a security incident. In fact, many security operations are designed for investigations after an event occurs, not for prevention.

The object of a security analysis is to identify security exposures in a methodical and thorough manner so that a security program is based on broad analysis and not simply on the last security incident. Analysis ensures that expenditures for security are directed appropriately based on local needs, thus protecting critical resources while accepting the risks stemming from lesser concerns.

The goal, however, is not to develop a foolproof security plan. An underlying concept is that an asset cannot be protected completely, without absorbing extravagant costs and without inhibiting business operations. The goal instead is to make it difficult — but not impossible — for an adversary to breach security. The level of difficulty depends upon the value of the asset and the organization's tolerance for risk.

The analysis process is divided into five phases: asset definition; threat assessment; vulnerability analysis; selection of countermeasures; and implementation. The process is arranged for a deliberate analysis and requires completion of each phase before proceeding to the next.

Asset Definition

Asset definition begins with a broad understanding of the organization's operation, its tasks and functions, and its operating environment. At the beginning of an analysis, interviews are conducted with the organization's management and operating personnel to identify the resources essential for operations. This includes production equipment, operating systems, raw materials, finished product, inventory control and management systems, and the infrastructure of power, water, natural gas and telecommunications. Often, intangible assets are the most significant and are only discernible by examining the organization's operation beyond surface appearances. In effect, this step defines targets for attack.

Each asset may be further subdivided into micro components. An analysis may indicate that a particular asset must be defined in detail because of its criticality. Information technology is an example of the generally defined asset that may be further subdivided into an extensive list of system components, including equipment hardware, operating systems, applications software, database management systems, telecommunications and system documentation.

Both tangible and intangible assets should be categorized as vital (the loss would prove catastrophic); important (the loss would prove seriously disruptive but survivable); or secondary (the loss would be relatively insignificant).

Threat Assessment

A comprehensive security plan requires a broad definition of threats so that a range of exposures is considered. Through the analysis, the focus should narrow to target those threats that are deemed the most applicable.

Assessment begins by compiling data on past security incidents, including incidents at the site, within the company and within the industry. Determine if patterns of criminal behavior exist and define their nature. Review loss records, safety records and legal judgments involving the organization. Consult the company's legal counsel and examine court settlements to identify exposures with an implication for security.

Conduct interviews with management, insurance underwriters and local emergency management authorities to identify applicable threats. Review criminal data and compare crime rates for the nation, state, metropolitan statistical area, and the municipality.

Identify threats unique to the area and to the organization; locations where concentrations of hazardous materials are stored; and transportation avenues commonly used for transport of materials. Consider threats that may not have occurred yet, but are applicable because of the nature of the business and because of political and social issues.

A threat assessment is a qualitative analysis, although some quantitative techniques are used. It is important to emphasize that an assessment is a snapshot in time. As circumstances change, so does the threat environment. Consequently, the assessment must be updated to ensure that the security program is consistent with the needs of the time.

Each threat should be categorized as probable (expect the event to occur); possible (circumstances are conducive for an event); or unlikely (do not anticipate the event to occur). The severity of each issue should also be categorized as catastrophic (a disastrous event); moderate (a survivable event); or insignificant (relatively inconsequential).

Vulnerability Analysis

Security countermeasures represent obstacles in the path of a threat event. The objective is to make the event less likely to occur by making it more difficult for a perpetrator to accomplish the deed. Before introducing obstacles, however, the process for an event must be defined. Vulnerability analysis provides a mechanism for construction of security event scenarios defined in step-by-step detail.

Representatives of the organization with extensive knowledge of its inner workings should construct the scenarios. The team assumes the role of a criminal attacking the organization, which allows key points of vulnerability to be identified. Security plans designed to thwart the informed insider will be equally, if not more, effective when applied to the external criminal. This exercise highlights points of vulnerability and provides a framework for the subsequent phase, the selection of security countermeasures. The vulnerability analysis creates protection sets; meaning that it clearly establishes a focused problem to be resolved through application of security countermeasures. These protection sets are best illustrated by creating a spreadsheet correlating assets and threats and noting which assets are exposed to which specific threats.

Each scenario should have spreadsheet entries focused on plausibility (Is the scenario too far-fetched?); consequences of the event; and the amount of risk the organization is willing to accept.

Selection of Security Countermeasures

Just as a patient may be harmed by improper medication, an organization's security posture may be weakened, if not compromised, by improper application of security countermeasures. The exercise is more art than science, requiring a collaborative effort of management and security staff to arrive at a program consistent with an organization's needs.

Security countermeasures can include electronic security systems, physical barriers, security personnel and policies and procedures.

Electronic security systems encompass access control, detection, surveillance and evidence gathering. Subsystems may include intrusion detection, access control, duress alarms, CCTV, intercoms, radios, public address systems, life safety and telephone systems.

Physical and psychological barriers are applied to prevent access to a target. Physical barriers include vaults, safes, vehicle barriers, fences and gates, bullet-resistant materials, barbed wire, mantraps, vehicle traps, armored cars, mechanical locking systems, vehicle speed bumps and curbing, bomb-resistant structures, lighting, shielding, penetration-resistant panels, and landscaping.

Security personnel perform a variety of duties including the operation of electronic systems, manual control of fixed post duties, and roving patrols. Most guard operations are designed to observe events and report incidents to law enforcement authorities. In some cases, officers are armed and trained to intervene in events.

Policies state management's position and philosophy on business issues and practices. Procedures define the means for implementing the policy. This is a critical part of a security program. It defines programs and processes that are essential for security mechanisms to be effective.


In this phase recommendations are transformed into specifications for people, systems and policies. The objective is to translate the security plan into bidding and purchasing documents and procedures, and organizational programs and processes. Learn more at Millennium Group Access Control.

Thursday, July 5, 2012

Avoid wasting your limited marketing dollars

Avoid wasting your limited marketing dollars on an expensive image-advertising campaign that won't affect short-term results. Instead, let the quality of your response materials and Web site do the job of enhancing your company's image.

Rather than doing less-effective "shotgun" mailings to rented lists, consider repeat mailings targeted at known prospects (such as past inquirers).

If you don't have your own e-mail lists to market to, consider renting e-mail lists from publishers or placing ads in other targeted e-newsletters or e-zines. These can be very economical ways to reach your market and generate a quick response.

Edit your releases with the magazine's editorial focus, style and readers in mind and you'll increase the chance the publication or Web site will publish your information.

Web sites

A few cost-effective changes can dramatically improve your corporate Web site's marketing return on investment. To increase inquiries from your Web site's visitors, Make offers or calls-to-action on every page. Work with other organizations to link your site to their sites, increasing the number of visitors to yours. Register your web site with search engines, selecting keywords carefully so your site will appear in the search results for your intended audience. Post articles and case studies on your site, then register those individual web pages with the search engines.


  1. Determine the "pain" your products and services address
  2. Determine the "pain relief" your company can provide
  3. Determine your company's competitive advantages and how best to articulate them
  4. Determine the best companies and contacts to target with your lead generation efforts

Testimonial ads are king

Talk first person with the reader

Use words in your copy like "you" and "your" to focus on the readers' needs rather than boasting about how good "we" and "our" products or services are. For example, the statement "You will get the work done 25% quicker" is much stronger than "Our product is 25% faster than the competition."

The best way to boost direct mail response is to have a strong offer—that is, a targeted offer that will entice prospects to respond.

Successful direct mail marketers understand that campaign success relies on the list and the offer. Determine why you're mailing to people, and then ensure that your list and offer support your objective. Your response rate will be much higher in terms of "qualified" inquiries.

, it is much better to have in the database 10 individuals at each of 1,000 companies than to have one individual at 10,000 firms.

If you need additional demographic information about the contacts' or companies' industry, size, etc. for your direct marketing solutions, check with some of the business database companies like Dunn & Bradstreet ( or ( Or contact the publishers of the trade magazines you advertise in. They usually offer database services to their advertisers.

All leads and business cards go into your CRM system ASAP

Think about offers you can make that will entice visitors to identify and qualify themselves. Can you create a free guide for selecting your kinds of products or services? Can you offer a white paper that explains how their kind of operation is successfully using your product or service to solve problems? If so, use it as bait for having your visitors share their names, titles, company names and contact information.


If you have email addresses for your prospects and customers, but they haven't expressed interest in hearing from your company by email, be sure to politely ask their permission before starting a campaign. I recommend that you ask them how they prefer to be contacted. By email? Fax? Snail mail? Telephone?


Print directories are handy, and online directories are always up to date. Most directory publishers are publishing both, frequently offering you exposure in both mediums for the same price. Keep in mind that directories are often where buyers look when they are seeking new suppliers and have immediate needs.

Web site

  • The size of organizations your company serves? large? medium? small?
  • The geographies you serve? local areas? states? countries? regions of the world?
  • Explain why your company is a better choice than the competition?
  • Address your prospective customers' needs from their point of view?
  • Did you include the more popular keywords and phrases in your
  • URLs?
  • Page titles?
  • Headlines?
  • Body copy?
  • Text links?
  • Are you loading your text before your graphics and Flash animations in the source code of your various web pages?
  • Are you giving your graphics file names that include relevant keywords?
         Are you including keywords and phrases in <alt> tags for each of your graphics?

  • Have you included a site map on your home page, pointing to all of your site's individual pages?
  • Does your site map include lots of keywords and phrases in the page links and descriptive copy for each page of your Web site?

Add privacy

  • Have you included a link to your Web site in every appropriate online directory you can find?
  • Adding new pages to your site that include in-depth content related to the most popular relevant keywords and phrases?
  • Consider using pay-per-click ads as a temporary solution while you work to optimize your Web site for organic searching.

First, I believe you should focus on optimizing your website for visitors, helping them move from awareness to consideration to inquiry to purchase, before you worry about search engine optimization (SEO). Learn more at Millennium Group Access Control

Friday, June 8, 2012

Helpful Safety Tips

• Always be aware of your surroundings, especially at night.

• When parking, walking or returning to your car, travel in well-lit and populated areas.

• Wear sneakers or shoes that allow for added mobility.

• Be watchful and aware. Keep your head up. Make quick eye contact with those around you and be observant of passing vehicles. Don’t become distracted by talking on a cell phone or listening to an iPod/similar device.

• Avoid walking alone late at night. Walk with friends and people you know.

• Keep a whistle within reach. If threatened, use the whistle to signal residents for help. Yelling “Fire!” “Help!” or “Rape!” are ways of drawing attention and alerting people of your situation.

• Hold your car keys in your hand to use as a weapon against an attacker.

• Carry a cell phone and call ahead to your destination to alert them that you’re on the way. Make sure you’re expected at a certain time, so in the event you fail to show up, those expecting you will know enough to begin looking for you.

• Walk with confidence. Don’t let anyone violate your space. Trust your instincts. Anyone at anytime can be a victim of crime so never assume, “IT WILL NEVER HAPPEN TO ME.”

• If an unarmed attacker confronts you, believe in your ability to defend, distract, or even incapacitate the attacker enough to escape.

• If you think that someone is following you, switch direction or cross the street. Walk towards an open store, restaurant or residence.

• DO NOT LEAVE VALUABLES IN YOUR CAR WHERE OTHERS CAN SEE THEM. Valuable items, such as your laptop, iPod, etc. should never be left in the front or back seat of your vehicle. Always take your valuables with you, or move them into the trunk.Lock your doors and windows.

• Even if your window is only slightly open, it makes your car an easier target for thieves. A thief will insert a wire into a slightly open window to pop up the door lock.

• Replace your standard door lock buttons with tapered ones. Tapered door lock buttons make it more difficult for a thief to hook a wire or device onto the door lock button to pop it open.

• Invest in an anti-theft device. When you buy a new or used car, checking to see if it has an anti-theft device is as important as checking the engine. If there isn’t one, you should have one installed.
• If you observe any unusual activity or observe a car theft or a break-in, call 911. Learn more at Millennium Group Access Control

Thursday, May 10, 2012

Cyber Criminals are Winning In Losing Economy

Amid the global downturn in the economy, cybercrminals appear to be winning in the war against law enforcement according to a recently released McAfee report.

"We saw the cybercriminals take advantage of economic messaging very, very quickly," said Dave Marcus, director of security research and communications for McAfee Avert Labs. He said cybercriminals are cashing in on consumer anxiety, particularly around the holidays and noted that as more and more people go online looking for better deals, criminals are preying on their inexperience in order to lure them to bogus sites and old-fashioned "get rich quick" scams.

One scam involves online job seekers responding to ads for "international sales representatives" or "shipping managers" being recruited as "cybermules" to launder the cybercriminal profits. "It's not a 'mule' in the traditional drug sense, where they're carrying drugs across the country or across a border," Marcus said, "but they are ultimately lured into what they think is like an Internet sales marketer or an Internet sales manager position." In reality they are laundering funds, putting it through additional hands, so that law enforcement has a few more obstacles in their path toward finding the thieves themselves.

Unfortunately, Internet users are on their own, he said. As governments begin to focus on internal economic hardships, the fight against cybercrime slips further in funding and support. McAfee predicts that in the fourth quarter of 2008 cybercrime will continue to escalate in severity.

According to CNET, McAfee found that there is a shortage of computer specialists in law enforcement. And those who are specially trained are often hired away to high-salaried jobs at private companies. Of the remaining law enforcement, they're often bound to national borders, said Marcus, with international jurisdictional disputes further slowing online investigations.

The McAfee report said Russia and China remain the largest safe havens for cybercriminals, while Brazil and Moldova have become the fastest-growing countries to be most often blamed for cybercrime. Learn more at Millennium Group Access Control

Tuesday, April 17, 2012

Targeting the Consumer

The biggest technology shift in access control and video security in the last 10 years has not been the move to IP/IT devices, which was and still is a necessity. The real change impacting every new product is customer-centric design.

Long gone are the days when manufacturers ventured into the night to provide a service that few people understood and even fewer knew they needed. Today the products that gain the greatest amount of usability are not just because of the technology deployed. Dare I say, they are developed around what the customer is asking for.

Security devices are now just another part of the corporate culture, and the value proposition for access control is now deeply ingrained into both the building administrator and system users. Building administrators know why they want access control and how they want it used, but they aren't ready to take on the task of putting it in themselves. This is, after all, a big investment.

Manufacturers are now starting to realize that the customer drives the business. Long gone are organizations where the primary driving force is a “cool new technology” developed in someone's garage that now needs a market. Today's security market is mature, and manufacturers understand the growing trend to be market-driven. So the question for manufacturers now is, “How do I get closer to what my customer needs?” Some of those answers fall into the IP/IT space.

Consumers are forced daily to learn new technologies in the IP/IT market space. Whether it be a new VoIP phone system, a new wireless system in a campus infrastructure or even just new ways to control information flow on the corporate network, every computer now has a window open to the Internet. The IP/IT market is one of great technological advancements, and there is growing commoditization. The savvy security manufacturer understands that serving the market involves embracing standards and understanding that the end-user can and should know how a security system works.

Once one has come to that realization, development can begin on products that not only gain consumer acceptance by using base technologies already being adopted, but also expands the consumer's options for choosing installation companies. This widens the range of personnel who can administer the system. And the security manufacturers gain by having a much larger resource and talent pool of engineers, marketers and sales personnel to bring the “next big thing” to market.

Is IT/IP a trend? Yes. Are IT/IP devices and policies the number one trend in the market? Not any longer. They are currently just part of the mandatory feature list.

So what is the “next big thing?”

It's the consumer. You are driving the business now. And it's about time.
Learn more at

Friday, March 30, 2012

Planning Hospital Access Control

Hospital security is a unique challenge. Consider the variety of people who make up the typical hospital environment - patients, staff, vendors, physicians, visitors and even their enemies. Consider the place - many different rooms and spaces, high-value equipment, accessibility to drugs, many entrances and ease-of-movement around the building and premises. Consider a typical hospital - an open feeling, many managers, politics, autonomous physicians, and big desires and limited budgets.

It all adds up to a need for different approaches to security. Hospital managers base their security decisions on law, costs, fear of litigation, and to protect their facility's reputation. But the critical assets of a hospital - its people, property, information and reputation - must be protected with good security.

To analyze security needs, begin by listing the departments, reviewing the business culture of the hospital, determining the threat levels in each department, interviewing department heads about threats and crime, and planning possible countermeasures for each department.

Then develop a master plan and review it against a "reality check" on the basis for the plan and the tools that will be needed. Don't forget that you have options in security.

Professionals should look at the threats likely in specific areas:
- the emergency/trauma department (gang fights, vendettas, domestic conflicts, child custody conflicts, VIP patients);
- infant care area (infant abduction, need for CCTV and infant security);
- pharmacy/drug storage area (alarm and access control systems);
- prisoner care area (receiving, elevator lock-off, surveillance, command center);
- operating rooms (access control, delayed egress hardware, CCTV),
- labs (access control, duress alarms, CCTV);
- nuclear medicine area (access control, CCTV);
- geriatric care area (patient locators, CCTV);
- psychiatric care area (lock-down capability, access control, staff duress, solitary room);
- morgue (decedent services area, access control, alarm system, CCTV); and
- PBX area (late-night security, rest room security, door release, duress alarm).

Don't forget such places as the parking lot (lighting, access control, CCTV in stairwells, duress alarm at fee collection booth), food service area (duress alarm), gift shop (burglar alarm, duress alarm) and shipping/receiving areas (CCTV, patrol). And study the threat potential of biohazard waste storage and disposal (CCTV, access control).

New products such as alarm pagers, infant abduction detection systems, patient wandering systems, CCTV video pursuit systems, people trackers and asset protection systems can each enhance hospital security, Norman suggests.

Indeed hospital security is unique, but with good planning, protection of its assets can be enhanced. Learn more at Millennium Group Access Control Systems

Monday, February 27, 2012

How "Security Aware" are you?

See just how "Security Aware" you really are
Do you believe you're a little more Security Aware? Can you identify the threats that exist in your environment and the steps you should take to avoid them? Take the following quizzes and find out.

Wednesday, February 8, 2012

Four Tips to Help Keep Your Computer Secure

1.     Anti-virus. A reliable, effective anti-virus program with the latest updates. Both licensed and free anti-virus software are available. Whichever you use, make sure it scans incoming and outgoing emails for malware.

2.     Anti-spyware. Reliable effective anti-spyware is a must for securing your computer. Both licensed and free anti-virus software, such as Windows Defender, are available.

3.     Two-way Personal Firewall. Two-way personal firewall software monitors network traffic to and from your computer and helps block malicious communications.

4.     Anti-Keylogger software. Anti-Keylogger software products, like AntiLogger and Keyscrambler Personal, help prevent what you type on your computer, especially sensitive information such as the usernames, passwords, and financial information you use in making online transactions, from being hijacked by Bad Guys. Learn more at

Monday, January 9, 2012

Keep your employees motivated with these 4 suggestions

It can often be challenging to motivate employees when you’re running a small business. Resources are limited, and time is incredibly valuable. Incentives are critical when it comes to motivation, however; finding cheap and easy incentives is vital.
There are a number of ways to motivate employees that don’t include things like big bonuses or expensive benefits. A hand-written thank you letter can go a long way when it comes to showing employee appreciation. Here are a few other ideas:

1. Ask for input
It means a great deal to most employees to know that their thoughts and opinions are considered. By asking for input and implementing the best suggestions, you are showing them that you cherish their opinions and that they play a significant role in the company.

2. Change it up
Sometimes boredom occurs when employees fall into a rut. By mixing up their projects and responsibilities, and allowing them to show off their skills, you are likely to spark a little inspiration that wasn’t there before.

3. Focus on a great company culture
Some of the best companies to work at are those that employees feel are unique. Developing a great company culture can actually be quite simple and may help you to find and keep strong employees. A game room where employees can take a break and decompress when they’re feeling burned out can do wonders.

4. Recognize people for a job well done
One of the biggest de-motivators can be toiling away on something and feeling like nobody is even aware of your hard work. For this reason, it’s necessary to let employees know that you recognize their hard work and appreciate it.
Something as simple as discussing their accomplishments at a company-wide meeting or sending around an email recognizing their triumphs can make them feel appreciated. Although they may avoid attention, they will likely be pleased to know that they’re being recognized.
All of these techniques are simple, affordable and can do wonders when it comes to motivating employees. Try out one or two of these ideas to see how they may affect employee morale and motivation. This article was brought to you by Millennium Group, The leader in access control solutions.