To be effective, equipment theft protection techniques need to be incorporated into an overall risk management strategy. It is important to develop a theft prevention and recovery matrix so that every type of resource available to the firm is considered at each stage of the process.
Previous IRMI commentaries, indeed most articles on theft prevention, have focused primarily on techniques for preventing equipment theft. As these techniques and resources are many and varied, it is important to have a way of organizing these within an overall risk management strategy. This article describes a framework for applying techniques and resources within an overall strategy. Links to detailed descriptions of particular techniques are used rather than a full explanation.
The framework has four aspects:
- Principles. These should guide all planning.
- Resources. Organizing the tools and techniques available in groups.
- Process. Organizing the processes in chronological order.
- Summary. Relating each group of resources to each process.
The following principles apply to all equipment risks and need to be considered during all phases of planning.
Some security techniques or products, such as immobilization, must be considered against the safety of employees, visitors, and even people who are not supposed to be on-site.
Productivity and Profitability
There is no point in having security that is 99.9 percent effective if the costs of implementation or ongoing execution are excessive. Conversely, many security practices are simply part of good employee and asset management and will enhance productivity.
People Help and Hinder
Although personnel is mentioned as a resource, it is also highlighted here as success in this area is often the difference between good and bad security.
Variety and Layers
No one system or procedure is the "silver bullet," no two risks are exactly the same. Use a combination of solutions that are "layered" so that more complex precautions are implemented where the greatest risk exists.
Do not aim for 100 percent security and do not believe anyone who tells you that a certain product or service is 100 percent. Your aim is to make the thief move on to a softer target.
There are four categories into which available resources and techniques can be organized.
People are either a company's greatest security asset or its greatest security risk. The people who can most easily steal from you are those with access to your assets. Success largely depends on set procedures for hiring and the fundamental relationship between contractor, subcontractor, and their employees.
Personnel outside the company can also be a risk or an asset. Planned communication with local residents and local law enforcement will give you more eyes protecting or looking for your equipment. Employee incentives and rewards for recoveries can be very cost effective. A local or national crime prevention program with a hotline for tips such as the Construction Crime Prevention Program of the Pacific Northwest is a good way of pooling resources to achieve a "community" effort.
Physical security can be broken down into resources and techniques that relate either to equipment or premises/worksites. A full description of these can be found in my August 2002 article, Heavy Equipment Theft and Solutions—Part 2.
A great variety of products for either securing equipment or for tracking equipment have recently come onto the market. The best way to assess such technology is to clearly understand your own risk and then understand the underlying technology of the product or service being offered. A general description of much of this technology can be found in my March 2003 article, Technology in the Fight Against Equipment Theft.
Like personnel, data is one of the most potent, flexible, and cost-effective weapons against thieves. It can deter as well as detect theft if used fully. It is also a cost-effective tool because the aim is simple: to ensure that law enforcement has the information that they need when they need it.
The key to this is that the primary action—recording the serial number of your units—must be done prior to theft. Once the machine is gone, it is too late. This can be taken a step further where equipment and premises are clearly marked to let a thief know that this data is recorded and accessible to law enforcement. More details on the use of data are contained in my December 2003 article, Using Information To Fight Equipment Thieves—Part 3.
Note that deterrence is part of all of these processes. Deterrence is often treated as a separate category; however, it really is part of all four categories as it is, in most cases, letting a thief know what measures you are taking and why stealing from you will be more difficult or risky. Good examples of deterrence are warning signs, lighting, or marking your equipment with unique and very visible paint or decals. None of these actually increase physical security but they let the thief know what you are doing and that detection is more likely. It is also noteworthy that if you are doing certain things, the thief will assume that you are taking other, less visible precautions.
Deterrence should be practiced at every opportunity because it is either free or low cost, and maximizes the effect of other actions. If the thief does not know that a measure is in place, it cannot deter. Like in medicine—prevention is better than cure.
The processes can be broken into four somewhat chronological phases that cover preventative/preemptive measures and post-loss/reactive measures.
Phase 1—Risk Assessment and Reallocation
A subcontractor with 2 employees and 40 hand tools, a highway construction company with $100 million of heavy equipment, and an equipment rental company with 10 branches and 2,000 units all have different risks and security weaknesses—each needs to carry out their own analysis. The factors to consider when assessing the risk to your equipment are the following.
- Type of equipment (value and mobility)
- Location (physical security and observation)
- Use (by who and when)
The following two extreme examples illustrate the effect of these factors.
- A skid steer loader being used by a renter is left by the side of a little used road over a weekend.
- A large tracked vehicle is used by the same long-term employee every day that seldom moves from an established worksite site with good physical security.
Theft statistics will help with this analysis. A report and analysis on thefts in the United States in 2003 can be found at http://www.nerusa.com/.
The reallocation of risk is traditionally carried out through insurance. In the case of equipment theft risks, it is important to know what potential costs of theft are covered where a policy is in place. What value will be paid—replacement value, actual cash value, or another value—and how is this calculated? Other causes of loss should be considered such as the cost of business interruption and replacement rental costs which can be significant where equipment is stolen from an active worksite, particularly where a unique and mission-critical item such as a lifting device is stolen.
The use of deductibles is now widespread and, particularly in a hard insurance market, may be a significant factor. Many factors will play into decisions as to how much risk to self-insure.
Another case where risk is reallocated is when renting equipment. Look carefully at your rental agreement so that you know what risk you are taking as a renter and whether or not, or what percentage of, a rental equipment theft is covered on your policy.
Phase 2—Theft Prevention
Theft prevention is the area about which most has been written as the most techniques and resources have are available. You should be using some mixture of physical security, equipment marking, and data sharing. Be sure to look at what emerging technologies might form part of your plan. A full theft prevention guide is available at http://www.nerusa.com/OurServices.asp.
Phase 3—Theft Detection
This does not mean detection of the thief but simply noticing that your equipment has been stolen. It may seem that this action will be automatic and does not need planning, but the delay of weeks or even months in the receipt of so many theft reports tells another story. Such delays give thieves valuable time to move, store, and sell your equipment with almost no chance of being caught. This is also the time when a thief is most likely to attract the attention of law enforcement—once your stolen equipment has been sold in the next state and is in normal use, there will be fewer "indicators" for police to pick up on. Equipment owners must know what equipment they have, where it should be kept, and regularly check this—particularly on Monday.
The key to recovering equipment is not only what you do once the theft is detected but also what you do before the theft is discovered. It is too late to go out to your equipment to write down the serial/PIN number once the equipment is gone. More details on recovery techniques can be found at Using Information To Fight Equipment Thieves—Part 3.
Theft Prevention and Recovery Matrix
The table below demonstrates the interrelation between the phases of combating theft and the techniques and resources. This can be used to ensure that every type of resource is being considered at each stage of the process. Every owner will put different items in each box. Some examples are provided in a second table in which some of the squares have been completed.
Theft Prevention and Recovery Matrix
Theft Prevention and Recovery Matrix (Example)