Workers may violate policies or engage in theft because they feel undervalued, have low self-control, or simply because they’re confident of getting away with it. In addition to these old causes, there are new theft motivators. Here is a look at what companies are up against, what they may be doing wrong, and how they can turn the tide.
Key Points
- Modern work arrangements are often characterized by a looser bond between employee and employer, which raises the importance of removing theft opportunities, encouraging honesty, and eliminating security policies that employees routinely circumvent to perform their work more efficiently.
- From stolen data to theft of goods, it is easier than ever for employees to convert acts of wrongdoing into profit, making investigations a critical element to understanding the degree to which it is a problem.
- Studies of massive employee frauds show an increase in employees who steal because of financial losses from gambling, and with online opportunities to gamble growing, security strategies that have traditionally been useful for workplace within proximity to gambling establishments are now useful for many organizations.
Contributors to Employee Theft and Malfeasance
1. Self-interest. Workers behave dishonestly to enrich themselves. Whether employees are trying to get back at a bad boss, self-correct a substandard pay raise, or because “everyone does it,” employees who break the rules ultimately see it in their self-interest to do so. This has always been the case, and it’s why the traditional prevention model is multi-pronged: forge a workplace culture that values honesty and rewards good behavior, while removing theft opportunity and catching and punishing violators. But even this model prevention process can prove ineffective in modern work arrangements that are characterized by a looser bond between employee and employer.
The trick to preventing dishonesty and employee theft among today’s workforce is to transfer some ownership of the problem to staff
How to stop it: Removing theft opportunities is perhaps the most important place to start, according to Read Hayes, Ph.D., a research scientist in criminology at the University of Florida and director of the Loss Prevention Council. Minimizing opportunity prevents theft regardless of what factors might be pushing a worker to commit the act. It doesn’t matter if a worker has poor impulse control, financial pressures, a negative attitude, or thinks the company is too big to notice—if there is zero chance to steal without being caught, then workers won’t steal.
However, workers need access to assets to do their jobs, so removing theft opportunity is a means of prevention that organizations can only carry so far—they also need to encourage honesty. To create a culture of honesty in today’s work environment—in which loyalty to employers has weakened—companies must help employees see that it is in their best interest to prevent theft and wrongdoing.
The trick to preventing dishonesty and employee theft among today’s workforce is to transfer some ownership of the problem to staff, according to Richard Hollinger, Ph.D., a professor specializing in employee theft, deviance, and criminology. Whether companies do it by rewarding staff when theft rates decline, educating workers on the impact that dishonesty has on annual raises, or by increasing employee participation in developing security protocols, the goal should be to get the average worker to think he or she has more to gain from reducing dishonesty than from committing an act of dishonesty (given the additive risk of being caught).
2. Mixed signals. Too often, there is a discrepancy between corporate security policies and the way things are actually done. This has two problematic consequences:
- it creates genuine confusion among workers about what is expected of them;
- it gives employees a general impression that security policies are optional and secondary to getting the job done.
This is a particularly important data security issue note analysts, including experts at Gartner. One analyst cited the example of an organization that has a policy against individuals using unapproved file sharing services but then doesn’t provide workers with a better way to send out large files.
How to stop it: A recent data security survey found that workers identify “unreasonable” security policies as the primary reason for violating them. Security teams should investigate work processes and interview employees to determine if there are any security policies that employees routinely circumvent to perform their work more efficiently. The company should then adjust the policy to accommodate the work or give workers the tools to both effectively do their work and adhere to security policy. There is enduring harm to the overall security mission when employees choose the security policies to which they adhere. Experts say that unlike the common rulemaking approach, business managers whose goal is productivity and executives whose goal is security need to create realistic and effective rules in consultation.
Lax enforcement is a related issue that can complicate the security mission. It surely sends a mixed signal to workers, if when security violations are uncovered, they go unpunished. Often, the problem stems from the promise of significant repercussions for relatively small violations, which results in managers ignoring violations altogether. Experts recommend that companies provide real incentives to employees for following security policy balanced with real consequences for repeated violations.
3. Profit potential. The ability for employees to convert acts of wrongdoing into profit has increased exponentially. A decade ago, to be worthwhile, most workplace thefts and other security violations needed to provide an immediate benefit to the individual committing the act (such as stealing petty cash out of a manager’s drawer). To profit otherwise required a much higher level of effort or connection to the criminal element. Today, however, online marketplaces and social media provide every individual a simple avenue to profit from stolen company merchandise and materials.
Employees can also peddle in data, something for which there was no real market in the past. Online fraud forums now provide employees with a readily available avenue to profit from stolen information. They can make money off customers’ or coworkers’ personal and financial information without having to run the risk of stealing directly from accounts.
How to stop it: The issue of whether online marketplaces are doing enough to prevent the sale of counterfeit and stolen items is an ongoing battle. Thus far, however, actions have not substantially curbed the ability of thieves to offload stolen goods online. So, it is largely up to company security organizations to conduct investigations to learn if stolen company assets are being sold or auctioned online and to examine whether assets are being unnecessarily exposed to theft. Case in point: Some restaurants and lodging establishments in the US recently reported an increase in theft by staff and patrons of property like wall art, lamps, and silverware. In response, some chose to lock down certain items and to substitute disposable items for those being repeatedly stolen.
4. External pressures. Shelley Kirkpatrick, a behavioral threat expert, warns that corporate cost-cutting or a weak economy can contribute to cases of insider malfeasance. Employees facing economic pressures and employment uncertainty can be motivated to steal from their employer, especially amid rumors of downsizing.
How to stop it: Efforts by human resources and company management to minimize stress on employees (to the extent possible) will help, but security teams should also take special precautions. Most experts suggest that closer monitoring of high-value assets and better communication with supervisors—to encourage them to maintain a more watchful eye on employees—is the best chance to blunt the threat. Employees who suddenly start working long hours for no obvious reason or seek access to materials and systems outside their job scope, should raise red flags for managers that they should be encouraged to relate to investigators. Kirkpatrick said almost always “there are warning signs. But they are not always listened to.”
5. A bad run of luck. The summary of a study on massive employee fraud cases found that stealing company funds in service of a gambling addiction is surprisingly common. In cases where a motive could be identified, 27% of large employee frauds were due to a perpetrator’s gambling problem or addiction, significantly higher than the percent of workers who stole to supporting a drug habit, fund a personal business, or because of family medical bills (Marquet Report on Embezzlement).
In a tiny school district in Fort Bend County, Texas (US), for example, administrators noticed huge discrepancies in the food services budget. An investigation revealed that a district secretary, in charge of lunchroom receipts, stole more than $100,000 over two years. The reason? To feed her hunger for gambling at nearby Louisiana casinos.
How to stop it: Companies in casino areas typically understand the need to recognize the increased potential for employee fraud by those with gambling problems. Problem gambling doubles within 50 miles of a casino, one study noted ("Casino gambling and workplace fraud: a cautionary tale for managers"; Kelly, Hartley; Management Research Review). Gambling opportunities have increased in many parts of the world, and with online sports betting and Internet gambling more prevalent than ever, a greater number of organizations should appreciate the risk.
Basic fraud and financial controls are the best prevention, and the threat from gambling addiction makes it good security to:
- Control easy access to cash (it is a particularly dangerous fuel to employees with a gambling problem).
- Take note of employees who have frequent, extended absences from the office.
- Listen for employees talking about trips to casinos or other gambling venues or their online gambling activity.
- Consider certain factors that make people more susceptible to developing a gambling problem, including a previous history of addictions/mental illness and a significant life event like divorce or death of a family member.