When it comes to safeguarding your business, it’s always better to be safe than sorry, says Michael Best
You might not want to think about it, but your business is a target for a cast of unsavoury characters and you need to be able to spot them so that you can take the appropriate action to protect your interests.
Unfortunately, it’s not always easy to spot a ‘burglar’: they come in various shapes, sizes and disguises, from desperate shoplifters to technically sophisticated and ruthless hackers. They might be employees, customers or strangers; they might be dressed in three-piece business suits or ragged jeans and T-shirts; they might intrude in person, by phone, or online; they might be beautiful, ugly or faceless; they might be rude, crude, or charming; they might be armed or disarming; and they might brazenly appear in broad daylight or skulk about after dark. But there’s one thing they all have in common: they’re intent on victimising your small business.
Every asset of your small business is a sitting duck – your petty-cash box, cash register, bank account, inventory, computers, equipment, company vehicle, website, and a host of other items you could probably think of without too much effort. I know of a recent instance where, ironically, the burglar’s haul from a screen printing supply company included its closed-circuit television recorder. If the CCTV had been installed as a deterrent, or to help identify burglars, then, in failing, it illustrated an important point –deterrents must be properly planned and executed.
Before you start thinking about deterrents, it’s important to assess potential threats. You should consider your circumstances and location and determine if you’re vulnerable to break and enters, hold-ups, vehicle jacking, employee fraud, hacking, or any other event. Once you’ve identified all the potential threats, you must consider which assets would be vulnerable should one of these events occur. You can then develop deterrents, which fall into two categories: tangible and intangible. Common tangible deterrents are alarms, lighting, and impediments to physical entry such as locks and steel shutters. Intangible deterrents include internal accounting controls and digital elements such as passwords, codes, and software.
You should expect to consult experts about some of the various deterrents your small business will need. You can quite easily source assistance for everything from securing your premises against physical intrusion to securing your online facilities against hackers. But select your advisors carefully and obtain multiple references whenever possible.
Common tangible deterrents For most people, an indoor alarm is probably the first measure that comes to mind in the tangible deterrents category. In an ideal situation, outer deterrents would discourage a breach, but much depends upon the nature and quality of these deterrents. Fences, window bars, doors, shutters, locks, outdoor alarms, security cameras, and guard services are available in varying configurations and quality but, given enough time, incentive, and determination, just about any deterrent can be breached. For this reason, an expert can prove useful in striking a balance between cost and an appropriate level of deterrent for your circumstances.
Common intangible deterrents Today, intangible deterrents are as important as their tangible counterparts. The digital age has given rise to a whole new range of intangible deterrents necessitated by a growing constituency of digital burglars. These frighteningly accomplished burglars are able to find their way into previously secured files, steal personal information, misappropriate cash, and generally create digital havoc all from a secret location almost anywhere on earth.
Off-the-shelf and downloadable software packages designed to address viruses, malware, and other online threats now abound. A good computer technician should be able to advise and assist in selecting packages appropriate to your particular computer or network. I’ve found that it’s seldom as simple as downloading an item of software and then believing you’re protected from all threats. Your small business website, particularly an ecommerce site, poses some serious security challenges because, among other things, customers need to trust the security of the site enough to use their credit cards on it. Even if you take an expert’s advice and believe, as I did, that your ecommerce site is secure, you can still encounter very unpleasant surprises. Shortly after transferring my company’s ecommerce site to a new firm of website developers for the express purpose of effecting certain upgrades, it was hacked.
One morning we attempted to log on to the administrative pages of the site, as was our daily routine, and found that we were unable to do so. The site’s host had detected unusual activity on the site and promptly shut it down. It turned out that the hacker was unable to access any customer information but was able to destroy or damage over 200 files. I suppose it was the digital equivalent of a burglar breaking into a building, finding the valuable items securely locked away, and then, in anger or spite, committing vandalism. We had no way of identifying the vandal and I was advised that, even if we were able to locate the culprit, the cost of doing so would be wasted because restitution or any other resolution would, in all probability, be next to impossible.
The hack was possible because the latest security upgrades for the shopping cart program we were using hadn’t been downloaded. Now I tell any small business owner who’ll listen that you simply must obtain assurances in writing from your website developer that your ecommerce site is protected as well as can be expected and they will undertake to download all security updates as soon as they become available. Small businesses are also targets for telephone and online scammers attempting all manner of fraudulent activity. In these cases, the small business owner’s Achilles heel is ill- informed or naive employees.
Employee training is an effective deterrent for this type of crime. Instructing new employees, and periodically reminding existing employees, how to spot and deal with telephone and online scams is essential. Share every new article, email, text, or tweet on the topic with your employees as this makes them better equipped to protect your small business from telephone and online fraud. [See Images December 2017, page 15, ‘Fraudsters targeting garment decoration industry…again’: imagesmag.uk/scammers.]
Creative deterrents Small businesses have been known to exercise considerable creativity in devising unusual deterrents. Occasionally you’ll see signs in shop windows pointing out that no cash is kept on the premises. A coffee shop close to my home places the empty cash drawer from the cash register in the window each night, presumably to suggest that no cash will be found on site. At one time, burglars were targeting computers in the industrial area where my business was located. Some businesses were alarmed, but it only takes seconds to smash open a door, grab a computer, and flee before anyone responds to the alarm. To counter this possibility, I bought steel cable kits and locks to secure the computers to desks or bolts in the floor. I reasoned that one could struggle with a steel cable and lock while an alarm blared for only a short time before giving up.
Deterrents do fail. Insurance isn’t an ideal solution to an asset loss because restitution is seldom 100%. But when a loss occurs, failing recovery of the lost assets intact and in full, insurance is usually the next best option. The downside of insurance becomes apparent if the value of the claim renders it uneconomical because (1) the excess, (2) the premium hike following the claim, (3) a reduction in future coverage, or (4) a combination of these considerations exceeds the loss.
You’ve probably seen the occasional video on YouTube of an irate shop owner disarming a robber, or a passerby pursuing a fleeing shoplifter, apprehending the fugitive, and pinning him to the pavement to await store security or the police. These events are proffered as examples of heroics, but what about the events we don’t see – the ones that end tragically? In most circumstances a small business owner or employee is best advised to leave confronting the culprits to the appropriate authorities. Usually the police are only a phone call away, and it makes no sense to unnecessarily risk one’s life, or perhaps even commit a crime, by retaliating. No matter how infuriating an attempted crime may be, attempted heroics can easily turn to foolishness.
A sobering calculation
If you still have any doubt about the effect that a burglar can have on your small business, do this quick calculation: Take the replacement value of a selection of assets you could conceivably lose to crime and deduct what you might recover from sources such as insurance to arrive at a net loss for each item. Then, using your average gross margin percentage, calculate how much additional business you’ll have to do to recover the loss. It can be a very sobering calculation, and I hope it spurs any doubters into immediately reviewing their deterrents and insurance coverage.