Thursday, February 23, 2012

What is Your Loss Prevention Strategy?

By Scott Kreisberg, CEO One Step Retail Solutions

When it comes to security and protecting your assets, you need a good strategy. You will know how good that strategy is when you try to balance the cash register at the end of the day; when you do your physical count; when you are faced with a computer crash; or when too many of your customers start having identity theft on their cards. Do you want to wait until then to find out that your protection was inadequate?

The most effective method to achieve security has always been a layered approach. In other words, instead of just relying on a single solution, you set up a number of protective layers and thus greatly reduce the chances of being a victim.
Airports are an example of a layered approach: there are visual inspection of ID's and tickets before you are allowed beyond a certain point, there are TSA agents observing via cameras, there are metal detection imaging devices that you must go through, and there are personnel at the ramp to the plane who check tickets and ID's again.

We at One Step Retail take a similar approach to protecting you and your business from both external and internal threats. After all, we have been around helping retailers for 25 years and we hear about disasters from unprotected retailers. Consequently, we want to ensure you do not experience the same thing.
What would happen if all the information stored in your computer were suddenly lost? Or you had a hacker or virus or Trojan attack? Could you recreate this information? If so, how much time would it take? How much would it cost? What about dishonest employees? Most importantly, would your business survive?

In today's economic climate, it is vital to protect your assets and one of the most important assets you have is your data. If you lost it, it could possibly close your store. That may be hard to believe, but look at these statistics from Comdisco Vulnerability Index Research Report:

• 82% of companies are not prepared to handle a computer system disaster
• 83% of corporate data recoveries from tape backup FAIL
• Only 6% of companies that suffer from a catastrophic data loss survive

In our own backyard, we've seen it happen. Two different clients thought they were backing up and protected, but then their computers crashed and they discovered otherwise. After a year of manually inputting all the missing data, one retailer still occasionally scans an item that should be in the system but isn't. Another client lost years of data and had to pay for expensive data recovery but not all of it was recoverable.

In the category of dishonest employees, one client after six months of periodic cycle counts being off, finally traced down the problem to an employee taking fictitious “returns” and giving refunds-to herself. Another client had an employee who, as their Systems Administrator, embezzled money from them for five years. Months of sales information in their computer records was missing and she said they had been lost. Where was the backup? This company went out of business two years later.

One Step has researched resources and partnered with experienced, honest vendors to bring you layers of security specific to your needs as a retailer.
With RetailSafe, you have a professional backup service that knows retail and their data backup needs, plus you as our client get a discount for their services.
With sonicWall you get not only an intelligent state-of-the art firewall protecting you from malware, you get PCI compliance integrated into the system protecting your business from another type of disaster. You can buy firewalls including sonicWall at Amazon but none of them will be PCI Compliant out of the box. You must be trained on how to properly configure the firewall in order to meet PCI compliancy. So, buying them from anywhere else would be an utter waste of money.

With Quadrox you have a Network Video Recording system that can, among other things, integrate with your POS. The POS is a primary location for employee theft or mistakes. For example, you could quickly access the time when an employee issued a return and refund (as noted on the POS) and see actually what happened on the video—no cycle counts for six months to discover the dishonest employee.
So, start getting these layers firmly in place. If you have some or all of them already, make sure:

• they are working,
• you are verifying on a regular basis that they are working
• they are adequate for your specific needs as a retailer
• you understand them and can use all of their features
• you not only can use their features, you are using them