subscribe: Daily Newsletter


Staff the weak link in security


A KPMG report (2005) says 76% of staff, excluding management, are either
directly or indirectly involved in losses.

Adding more CCTV cameras, and installing fraud detection and access control
systems will not necessarily reduce fraud and theft.  More and more
organisations are beginning to realise that security is a human problem. The
trend is for companies to demand honest behaviour from their employees.
This means that employers need to create an environment where employees are
encouraged to produce acceptable behaviour.
It is now generally recognised that the biggest security threat to an
organisation are employees.
Hendrik van Rooyen, CEO of the PISA Integrity Assessments Centre, says that
security involves employee integrity management and not simply adding
additional security hardware.
But then how does management avoid employing the wrong people and identify
existing staff who maybe tempted to commit theft or fraud. And how does
management reduce the percentage of existing staff tempted to commit theft
or fraud?
It is therefore critical to raise ethics and morality in the business
environment.  This will go a long way in addressing internal security issues
which in turn will benefit society in general.
To address potential fraud and theft, on-going staff evaluation programmes
need to be in place.  The programmes could include random polygraph and
psychometric testing.
Polygraph testing is being used by a growing number of companies but alone
does not provide a long-term solution.  It addresses the problem only after
the event, but does not solve the problem before it occurs. Ongoing
psychometric testing is also needed.
"Employers need to create an environment where employees are encouraged to
produce acceptable behaviour.  This can be done by recognising and rewarding
acceptable behaviour, and at the same time consistently punishing
unacceptable behaviour," says van Rooyen.
Staff are required to periodically confirm their honesty, typically by doing
a polygraph examination.  Positive results can be 'recognised' by issuing a
certificate.  Employees can be further rewarded in a variety of ways.
Recognition and rewards are done publically.
"Negative results are dealt with by withholding recognition and rewards.
Because the process is public, all staff members will take cognisance of the
absence of recognition and rewards for some employees.  This creates
pressure on them because all humans wish to belong and to be recognised," he
Van Rooyen says a diamond mine is using a similar program.  Staff who pass
the polygraph screening are allowed to enter and exit the company's
high-security systems easily.  "Employees failing the polygraph revert to
the highest security level of security screening.  This makes the
environment extremely uncomfortable and time-consuming to enter and exit
security checks."