A Framework for Theft Prevention
August 2004
To be effective, equipment theft protection
techniques need to be incorporated into an overall risk management strategy.
It is important to develop a theft prevention and recovery matrix so that every
type of resource available to the firm is considered at each stage of the process.
by David J. Shillingford
National Equipment
Register, Inc.
Previous IRMI commentaries, indeed most articles on theft prevention, have
focused primarily on techniques for preventing
equipment theft. As these techniques and resources are many and varied, it is
important to have a way of organizing these within an overall risk management
strategy. This article describes a framework for applying techniques and resources
within an overall strategy. Links to detailed descriptions of particular techniques
are used rather than a full explanation.
The framework has four aspects:
-
Principles. These should guide all
planning.
-
Resources. Organizing the tools and
techniques available in groups.
-
Process. Organizing the processes in
chronological order.
-
Summary. Relating each group of resources
to each process.
Principles
The following principles apply to all equipment risks and need to be considered
during all phases of planning.
Safety First
Some security techniques or products, such as immobilization, must be considered
against the safety of employees, visitors, and even people who are not supposed
to be on-site.
Productivity and Profitability
There is no point in having security that is 99.9 percent effective if the
costs of implementation or ongoing execution are excessive. Conversely, many
security practices are simply part of good employee and asset management and
will enhance productivity.
People Help and Hinder
Although personnel is mentioned as a resource, it is also highlighted here
as success in this area is often the difference between good and bad security.
Variety and Layers
No one system or procedure is the "silver bullet," no two risks are exactly
the same. Use a combination of solutions that are "layered" so that more complex
precautions are implemented where the greatest risk exists.
Be Realistic
Do not aim for 100 percent security and do not believe anyone who tells you
that a certain product or service is 100 percent. Your aim is to make the thief
move on to a softer target.
Resources
There are four categories into which available resources and techniques can
be organized, discussed below.
Personnel
People are either a company's greatest security asset or its greatest security
risk. The people who can most easily steal from you are those with access to
your assets. Success largely depends on set procedures for hiring and the fundamental
relationship between contractor, subcontractor, and their employees.
Personnel outside the company can also be a risk or an asset. Planned communication
with local residents and local law enforcement will give you more eyes protecting
or looking for your equipment. Employee incentives and rewards for recoveries
can be very cost effective. A local or national crime prevention program with
a hotline for tips such as the Construction Crime Prevention Program of the
Pacific Northwest is a good way of pooling resources to achieve a "community"
effort.
Physical Security
Physical security can be broken down into resources and techniques that relate
either to equipment or premises/worksites. A full description of these can be
found in my August 2002 article, Heavy
Equipment Theft and Solutions—Part 2.
Technology
A great variety of products for either securing equipment or for tracking
equipment have recently come onto the market. The best way to assess such technology
is to clearly understand your own risk and then understand the underlying technology
of the product or service being offered. A general description of much of this
technology can be found in my March 2003 article, Technology in the Fight Against Equipment
Theft.
Data
Like personnel, data is one of the most potent, flexible, and cost-effective
weapons against thieves. It can deter as well as detect theft if used fully.
It is also a cost-effective tool because the aim is simple: to ensure that law
enforcement has the information that they need when they need it.
The key to this is that the primary action—recording the serial number of
your units—must be done prior to theft.
Once the machine is gone, it is too late. This can be taken a step further where
equipment and premises are clearly marked to let a thief know that this data
is recorded and accessible to law enforcement. More details on the use of data
are contained in my December 2003 article, Using Information To Fight Equipment Thieves—Part
3.
Note that deterrence is part of all of
these processes. Deterrence is often treated as a separate category; however,
it really is part of all four categories as it is, in most cases, letting a
thief know what measures you are taking and why stealing from you will be more
difficult or risky. Good examples of deterrence are warning signs, lighting,
or marking your equipment with unique and very visible paint or decals. None
of these actually increase physical security but they let the thief know what
you are doing and that detection is more likely. It is also noteworthy that
if you are doing certain things, the thief will assume that you are taking other,
less visible precautions.
Deterrence should be practiced at every opportunity because it is either
free or low cost, and maximizes the effect of other actions. If the thief does
not know that a measure is in place, it cannot deter. Like in medicine—prevention
is better than cure.
Processes
The processes can be broken into four somewhat chronological phases that
cover preventative/preemptive measures and post-loss/reactive measures, discussed
below.
Phase 1—Risk Assessment and Reallocation
A subcontractor with 2 employees and 40 hand tools, a highway construction
company with $100 million of heavy equipment, and an equipment rental company
with 10 branches and 2,000 units all have different risks and security weaknesses—each
needs to carry out their own analysis. The factors to consider when assessing
the risk to your equipment are the following.
- Type of equipment (value and mobility)
- Location (physical security and observation)
- Use (by who and when)
The following two extreme examples illustrate the effect of these factors.
- A skid steer loader being used by a renter is left by the side of a
little used road over a weekend.
- A large tracked vehicle is used by the same long-term employee every
day that seldom moves from an established worksite site with good physical
security.
Theft statistics will help with this analysis. A report and analysis on thefts
in the United States in 2003 can be found at http://www.nerusa.com/stats.asp.
The reallocation of risk is traditionally
carried out through insurance. In the case of equipment theft risks, it is important
to know what potential costs of theft are covered where a policy is in place.
What value will be paid—replacement value, actual cash value, or another value—and
how is this calculated? Other causes of loss should be considered such as the
cost of business interruption and replacement rental costs which can be significant
where equipment is stolen from an active worksite, particularly where a unique
and mission-critical item such as a lifting device is stolen.
The use of deductibles is now widespread and, particularly in a hard insurance
market, may be a significant factor. Many factors will play into decisions as
to how much risk to self-insure.
Another case where risk is reallocated is when renting equipment. Look carefully
at your rental agreement so that you know what risk you are taking as a renter
and whether or not, or what percentage of, a rental equipment theft is covered
on your policy.
Phase 2—Theft Prevention
Theft prevention is the area about which most has been written as the most
techniques and resources have are available. You should be using some mixture
of physical security, equipment marking, and data sharing. Be sure to look at
what emerging technologies might form part of your plan. A full theft prevention
guide is available at http://www.nerusa.com/theftPrevention.asp.
Phase 3—Theft Detection
This does not mean detection of the thief but simply noticing that your equipment
has been stolen. It may seem that this action will be automatic and does not
need planning, but the delay of weeks or even months in the receipt of so many
theft reports tells another story. Such delays give thieves valuable time to
move, store, and sell your equipment with almost no chance of being caught.
This is also the time when a thief is most likely to attract the attention of
law enforcement—once your stolen equipment has been sold in the next state and
is in normal use, there will be fewer "indicators" for police to pick up on.
Equipment owners must know what equipment they have, where it should be kept, and regularly check this—particularly on
Monday.
Phase 4—Recovery
The key to recovering equipment is not only what you do once the theft is
detected but also what you do before the
theft is discovered. It is too late to go out to your equipment to write down
the serial/PIN number once the equipment is gone. More details on recovery techniques
can be found at Using Information To Fight
Equipment Thieves—Part 3.
Theft Prevention and Recovery Matrix
The table below demonstrates the interrelation between the phases of combating
theft and the techniques and resources. This can be used to ensure that every
type of resource is being considered at each stage of the process. Every owner
will put different items in each box. Some examples are provided in a second
table in which some of the squares have been completed.
Table 1
Table 2
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author’s employer or IRMI. This article does not purport
to provide legal, accounting, or other professional advice or opinion. If such advice
is needed, consult with your attorney, accountant, or other qualified adviser.