Tag Archives: Theft

How Do You Handle Allegations of Employee Theft? Four Guidelines

Situation:  A company’s leadership is wrestling with how to handle an accusation of employee theft. In the case presented, the accuser lacks credibility, but the charge is serious. The leadership team wants to deal fairly and equitably with the case, but doesn’t want to send the message that pilferage is acceptable. How do you handle allegations of employee theft?

Advice from the CEOs:

  • To assure fairness and equity, determine a way to substantiate, with objective or third party information, whether charges of pilferage are valid.
    • Express your seriousness about the situation, and ask the accuser what evidence they can provide to substantiate the allegations.
    • In a warehouse or stock room situation, install inexpensive video equipment to record and verify pilferage.
    • To assure that messages to employees are clear, revise employee manuals to specify serious repercussions for pilferage as well as measures being taken to prevent it. This will demonstrate awareness of the issue as well as the company’s determination to discourage pilferage.
  • If you can verify the allegation, either through objective or third party evidence, face the employees involved. The choices are simple:
    • Either the behavior stops and the estimated damages repaid to the company by the employee, or
    • The employee is fired.
  • Do not think that this is something that will go away on its own. If there has been pilferage and the situation proceeds unchecked, it will damage you both financially and in terms of employee respect and morale. Employees will be watching your response closely.
  • To protect yourself, once you determine a course of action be sure to document everything.

What Is Changing The Game in Network Security?

Interview with Philippe Courtot, CEO, Qualys

Situation: Companies experiencing security breaches and data theft are regularly in the headlines. Those launching these attacks are increasingly well organized and very creative. What is changing the game in network security and how can you respond?

Advice from Philippe Courtot:

  • The movements from enterprise software to Software as a Service (SaaS), and from mainframes to PCs to mobile devices increase the challenges of protecting enterprise environments. Therefore, a cohesive technology platform is imperative.
  • Companies are sensitive to the possibility of attack at any time. There are three principal attack vectors: breach through web applications, breach through email and browsers, and breach by device. Between PCs, iPhones and Android devices, the PC is the most closely linked to the corporate intranet while often the most vulnerable because users are lax about updating their systems and applications.
  • Attackers often target a company executive or high level administrative assistant to access the user’s profile and passwords.  In one type of attack called spear fishing, the attacker creates emails tailored to the person targeted appearing to come from a colleague or friend. When the target clicks on the email, a small piece of code is inserted in the computer, which can give control to the attacker. Another way to gain control of a computer is through physical access. An attacker can learn about a pending vacation via Facebook or twitter, providing an opportunity for home invasion. Once the attacker has access to the computer, they can plant a control program on the system. When the user returns, the attackers can make fast, brief forays inserting additional code or taking data from the enterprise network. They may use the information themselves, or sell it to others.

Given these new realities, how does a company prevent attack?

  • First, the company must thoroughly analyze and understand their vulnerabilities which are all potential entry points for an attacker. Once vulnerabilities are mapped, work on a schedule to remediate them.
  • Second, you must educate all users about the threats. This is especially critical for any personnel who have access to secure company data.
  • Third, invest in and build additional defenses to shield all remaining vulnerabilities. Make sure that employees are drilled on the defenses and that they are used. One growing trend is the use of two factor authentication, requiring employees to carry token generation devices with them to use in addition to their password. These tokens can be delivered by smart phone.

You can contact Philippe Courtot at pcourtot@qualys.com

Key Words:  Network, Security, Breach, Data, Theft, Response, Mainframe, PC, Mobile, Enterprise, Environment, Criminal, Government, Attack, Vector, Social Network, Email, Browser, Web, Application, Device, Spear Fishing, Executive, Assistant, Profile, Password, Vulnerability, Educate, Defense, ID