Attractive targets

by Carolyn Gruske

Lou Malbeuf recently experienced something every warehouse manager dreads: a break-in. But unlike a lot of people who have been victims of similar crimes, Malbeuf wasn’t upset.

“We have a large warehouse where we put all our seized property, and last night somebody broke into that place through the roof. It’s funny. It’s hilarious. Here we just seized almost a million dollars worth of liquor that we’ve stored there, and somebody has broken in from the roof, bypassing the alarm system. We don’t know what they got—it doesn’t look like they got much—but it just goes to show you that people get information.”

To read a companion piece about trucking company identity theft, fake transportation businesses and stolen cargo click here.

Malbeuf isn’t a warehouse manager, or even somebody who works in supply chain. Malbeuf is a detective sergeant with the York Regional Police’s auto/cargo theft unit. It’s his job to investigate crimes like trailer and cargo theft and warehouse break-ins.

He admits that maybe the thieves weren’t looking for liquor—he says it’s possible they got wrong information that there were drugs in the warehouse—but it doesn’t really matter. It’s just one more demonstration that warehouse theft “is such a lucrative business for criminals”.

“I’m so busy. It just doesn’t stop. Even if you arrest people they still do it because it’s too lucrative. The sentencing we get for these people is a slap on the hand—judges think it’s a victimless crime because insurance pays for it.”

Malbeuf says investigating crimes is just one aspect of his job. The other part is to get the word out to the business community that inventory and cargo crimes cost companies a lot of money, but that there are steps that can be taken to reduce the probability of being a victim and ways of improving the odds of getting stolen property returned.

Adding up the pieces

The first step to staying safe is understanding what you need to protect and what are the attributes of the facility where the goods are stored. David Hyde, owner of David Hyde & Associates, a Toronto, Ontario-based security and crime prevention consultancy, says this must be done in stages.

The first step is performing an asset characterization. In other words, figure out exactly what you’re protecting. Then perform a threat profile. Determine what types of criminals would be attracted to what’s stored in your DC. Are there specialized high value items that would have to be moved on the black market, or are there cheaper goods that can be turned over quickly almost anywhere? The third step is to conduct a vulnerability assessment or a vulnerability profile. Check your security protocols and see if there are any holes or gaps that could be exploited.

While it may be easy to think of a security program as holistic, in reality it’s not. Experts say any security measures must be built around four separate pillars, and every organization will require a different balance of elements to ensure attention and investment are made in suitable proportions.

“The first one is physical,” says Hyde. “Locks, keys, barriers and doors and how secure you are physically. It could even be fences.

“Then we look at technical security, including alarms and CCTV cameras. There’s a wide range of things that can help. Card access systems that track who comes and goes, so you can tell if an employee is returning at two in the morning—that person may be up to no good.

“Then there’s procedural security. What is the staff allowed to do inside the distribution centre? What kinds of protocols are in place for who can access which kinds of space? When does the loading area open? When are things exposed? What provisions exist for reporting suspicious behaviour?

“And the last one is the human element—personnel. How do you train them? Do you have loss-prevention staff, and do you need them? Does the staff need to be trained on when to report stuff and what rules need to be enforced?”

Going in circles

While technological solutions may be the instinctive choice to deal with security threats—alarms and cameras and access systems—that’s usually not the best place to start. Instead, the building’s physical security is where the most attention should be paid.

Along with the items mentioned above, physical security encompasses things like landscaping, lighting, and most importantly, building design. It’s absolutely cheaper and easier to build a DC with security in mind, but if the need is there, money can be spent and facilities can be renovated and made more secure.

When thinking about physical security, Michael Silva, principal with Silva Consultants in Covington, Washington, says the best image to have in mind is one of concentric circles of protection.

“The idea is to provide multiple layers of security between the outside world and where your high-value assets are. Generally, when designing a facility, that involves providing adequate segregation between the different areas of the building, and a lot of times that’s something an architect won’t give any consideration to at all,” he says.

“What we do is try to get in as early as possible in the design phase and make it as friendly to security as we can.”

When Silva talks about security-friendly designs, much of what he means is layout that is conducive to keeping people out of areas where they don’t belong. As an example, he points out most facilities are built to house both warehousing operations and business offices. He says sometimes the buildings are designed so the emergency exits for the offices go through the warehouse. “That means you’ve got doors and you always have to be able to leave the office to get into the warehouse. From a security perspective, you don’t want that.”

Another potential security hole can be the shipping/receiving areas where drivers are able to get out of their vehicles and enter the DC.

“One common vulnerability is to have the restrooms for the drivers at the back end of the warehouse. So they leave their trucks and are allowed to walk through the warehouse and get to the restrooms. That’s not good from a security standpoint, so we suggest providing separate restrooms near the dock areas, in a segregated area, so the drivers can be taken care of but they don’t need to walk through the warehouse. It’s really a matter of divide and conquer. We want to segregate the building into various zones and then provide appropriate controls between those zones.”

Controlling the human element

While it’s not pleasant to think employees are dishonest or disloyal, every security consultant and expert agrees that one of a DC’s biggest vulnerabilities is being exploited by those who work there—in other words, crimes are often inside jobs.

Chris Mathers, president of security firm Chris Mathers Consulting Inc, says hiring the right people, and ensuring they remain the right people is the starting point for any DC security.

“You need strong hiring procedures. You need qualified HR people—not just somebody who graduated from university. You need people who know their stuff and you need people who won’t be bamboozled by crooks, which is a big challenge for many HR people.”

Key among those strong hiring procedures is getting to really know the people being hired.

“Do comprehensive background checks and interviews and reference checking of your employees. And don’t start hiring people’s cousins, brothers and friends because that’s when you get collusion between various groups to steal,” he says.

“We see planned infiltration by organized crime groups. We see collusions between various groups within facilities. And this is why I say don’t hire everybody in your warehouse from the same country. Or don’t hire everybody who’s related, or who are friends. You don’t want to do that. We’re a multi-cultural society so mix it up.”

Iain Morton, vice-president, Canada, for Tyco Integrated Security in Toronto, Ontario goes a step farther than Mathers. He says checking out an employee once just isn’t enough. It should be done annually.

Even if everybody on the personnel roster passes their background checks with flying colours, Morton says good security procedures still dictate that people’s actions be controlled and monitored, especially if the goal is to prevent internal thefts or shrinkage.

“From a policy perspective, it’s important for employees not to be able to carry bags into the actual area where the products are stored. Have a policy that doesn’t allow bulky clothing that something could be concealed under, and other similar appropriate policies. We would recommend that all garbage bags be clear so you can see through them and see if any products are being put into them.

“We would also recommend alarming doors and using appropriate video surveillance with analytics to be able to determine where people are going, where they should not be going and generating alerts for management to be able to follow up. So if there’s a pattern of behavior that can be quickly determined. For example, if one person continually goes out a side door, you can start to track that by time, by shift and get a little bit better data on what’s happening in your facility.”

Third-party certification

For businesses that find the prospect of creating and maintaining a security plan on their own daunting, one simple way of approaching the process may be to look to what outside agencies require for security clearances. Canada’s Partners in Protection (PIP) program and the US Customs-Trade Partnership against Terrorism (C-TPAT) both have guidelines an organization can use as a security checklist.

Mike Quinn, vice-president of warehousing and distribution for Giant Tiger Stores Ltd, says the Ottawa-based retailer takes security very seriously. Giant Tiger has three DCs—an imported goods and general merchandise facility in Ottawa, another in Ottawa for food and health and beauty aids, and a frozen and refrigerated goods warehouse in Brockville, Ontario—which supply goods to 210 stores across Canada. The company has its own trucking division, Tiger Trucks, and multiple relationships with a number of 3PLs. Giant Tiger also has a 12-person loss-prevention team which looks at both internal and external security issues and inventory discrepancies.

When it came time to review its security procedures and policies, Quinn says the company decided it was going to do things right.

“We felt that if we were going to be secure, then let’s go all the way. Let’s meet everything it takes to become C-TPAT certified. We had a consultant come in. We thought, at first, the employees might be a little bit concerned that we were putting in a loss-prevention office and the entrance, and gatehouses, and cameras in the shipping and receiving areas in the yard, and that type of stuff, but we were so wrong on that. In the end, the staff so much appreciates working in a secure facility.”

Adding the fences and the gatehouse was a major change for Giant Tiger, not to mention the procedures that go along with them (checking the trailers as they both enter and leave the DCs) but now enforcing security standards is an integral part of the way the company operates. Quinn says security is taken so seriously that it expects its 3PL partners to have a similar attitude.

“When we are close to working out an agreement [with a 3PL], our loss-prevention team goes in and looks at the security of the facility and makes a list of what needs to be fixed before we go ahead with that particular company. Loss prevention is very involved in the 3PLs. We do random checks on them throughout the year to make sure their security procedures are working. We’ve asked for cameras in the yard. We had a 3PL about a year ago where their facility wasn’t as well camera’d as it should be. And there was a lot of theft occurring of trailers in that particular area, so we insisted before going forward with the renewal of the contract that they put camera into the yard. That and better lighting. That’s something else our loss prevention team looks for in 3PL facilities: what’s the lighting like on the outside, and how’s the maintenance of the building standards?”

Reporting and insurance

So far, Giant Tiger’s security measures seem to be working. Quinn says the company hasn’t experienced any major security breaches or suffered any losses. But if anything even happens, he knows Giant Tiger will file a report with its insurance company.

But according to those who work in the security field, Quinn’s response isn’t typical. For a number of reasons—including not wanting insurance premiums to go up, and not wanting to gain a reputation in the industry for having sloppy security—a large percentage of warehouse crimes go completely unreported. Businesses don’t inform their insurance companies, and they don’t contact the police.

According to Malbeuf, this just makes the problem that much worse. Without knowing what has happened, he says the police are often left powerless to deal with the people who committed the crimes.

“We say even if you don’t want to report it to the insurance company, at least call us. If you don’t want to report it, at least tell us something was stolen. We find so many things we don’t know where they were stolen from. We know it’s stolen, but we can’t prove it’s stolen and we don’t have a victim. And the next thing you know the bad guys get to keep this stuff because we can’t prove it’s stolen, and that’s because nobody wants to talk about what happened. They’d rather just take a loss on their product and go forward.”

Security links

Security checklist
Security tips (various topics)