Theft and Fraud: Monitoring Employee Activities
It’s a disappointing reality that hoteliers have to contend with employee theft and fraud. But theft and fraud can have a major impact on a property’s bottom line and guest satisfaction. This past year, a number of employee theft stories have made the headlines. In October, an employee at the Renaissance hotel in Baton Rouge, La., allegedly stole more than $34,000 from hotel safe deposits and altered financial records to cover his tracks. In July, a former employee of a Tallahassee hotel faced charges she stole more than $42,000 from the business by diverting money onto personal credit cards. To prevent such losses, follow these tips:
6. Provide a sense of ownership. When employees have a sense of ownership in a property, security throughout the property will be much tighter. One method to promote such ownership is instituting some form of profit sharing. So, when employees see waste or theft, they’re more likely to stop or report it. “The employees are the eyes and ears of the hotel,” Callaghan says. “At hotels where they’ve had profit sharing, I’ve heard employees say things such as, ‘Hey, don’t do that, that’s my profit sharing.’ ”
7. Boost employee empowerment. Related to ownership, when employees have a sense of empowerment, they’ll be able to solve safety and security problems quickly and often more efficiently. Have an anonymous tip line, where employees can report theft or threats to guest or staff safety. And when an employee sees anything unsafe or unsecure on the property, have a work order system in place that treats these reports with priority.
8. Staff smart. During the hiring process, conduct drug screening and criminal background checks. Then, once the person is hired, explain that there are controls in place. Employees who know there are monitoring systems will be less likely to commit crimes of opportunity. And while it may be tempting to consolidate duties, reduce head count, and save payroll, it may cost property managers in the long run. For important processes, such as handling a cash bag, have at least two people sign off. Also, to avoid adding staff, property managers can also turn to external, off-site auditors.
9. Add active monitoring to video surveillance. Most properties have some sort of video surveillance of employee activities around sensitive areas, such as the front desk and cash drawer. But new technology enables another level of monitoring. Software enables hotel owners to match transactions with video surveillance, eliminating the need to watch hours and hours of video to find potential criminal activity. For example, the software can detect when a cash draw is left open and will show that whatever is being passed over a scanner is actually read. “It’s pretty inexpensive and won’t cost an owner much to have those analytics,” Clifton says, adding that such systems could be installed for less than $10,000, depending on the type and number of cameras installed. “Often, when you buy a new video system, the software will be added. Be sure to ask for it, though.”
Cyber Security: Protecting Electronic Borders
As technology has advanced, so has criminals’ ability to exploit those new technologies. The hotel industry has seen several such examples lately. Russian hackers breached Wyndham Worldwide’s data center in Phoenix three times between 2008 and 2010, accessing more than 600,000 payment card accounts and leading to more than $10.6 million in fraud loss. As a result, in June 2012, the Federal Trade Commission filed a lawsuit alleging that Wyndham failed to implement reasonable data security measures to protect the payment card information of their customers. (Wyndham has filed a motion to dismiss the lawsuit.)
Property owners and managers should reassess cyber security about as often as physical security. Here are a few things to look for and consider as you evaluate your cyber security:
10. Connect IT and security departments. Don’t keep a wall between the information technology and security departments of your property. “The two departments should work together, because security is [vital to] both their jobs,” Clifton says. “Clearly establish how the two departments work together, and they should know where each other’s responsibilities stop and the other begins.” To foster this relationship, some properties place the two departments under the same manager and same budget. And the two departments should conduct regular security meetings, perhaps as often as once a week.
11. Upgrade to VLAN. A LAN, or local area network, is a network that connects computers. For many businesses that includes a WiFi access point for customers. However, WiFi that’s directly connected to your property’s servers can pose a risk and provide easy access for savvy hackers. One way to add more cyber security is to install what’s called a VLAN, or virtual network. Relatively inexpensive, VLANs often don’t require additional hardware. Installing this software can add another layer of security between your servers and potential hackers. Also, a common feature of VLANs is the ability to set up multiple wireless network names, which can have varying levels of security. Computers used for business and staff can have a high level of security, and guest WiFi networks can have a lower, easy-to-access level of security and be separated from the property’s network.
12. Beware of social engineering. Not all cyber threats occur online. Social engineering and physical hacking of hotel computers pose a significant risk. “Employees should have an awareness about the physical security of computers, access control, and passwords,” Clifton says. “Many of the big hacking schemes we hear about start with someone conning a password out of an employee.” Change passwords every three months. Also, employees should monitor the physical access points to a property’s computers and servers. Make regular patrols to look for people who are in staff-only areas of a property.