Trust Everyone, but Cover Your Assets

Scenario
You want to trust your employees, but the recent disappearance of some unused software and hardware has left you shaking your head. Was the equipment misplaced or was it stolen? How can you tell? And if it were stolen, what does that say for the security of other corporate assets, such as your source code? You have a growing suspicion that a member of your staff isn't playing entirely straight with you, and you're not sure what to do about it.

Solution
The vast majority of employees are well intentioned and honest. But there are a few bad apples out there. As a manager, you have an obligation to protect the company from the malicious acts of unscrupulous employees.

Confront the Issue
Let your team know that you are deeply disturbed by the loss of the equipment and that you'll be taking steps to make sure this doesn't happen again.

In discussing the situation with team members, ask them to suggest ways to prevent items from disappearing in the future. Also ask them if they're aware of any other missing items that you might not have heard about yet. This is an opportunity to make sure you have the full picture.

Managers at one company were surprised when a couple of computers went missing. But the managers were even more surprised to discover that smaller items—keyboards, mice, memory, and used boards—had been disappearing for a long time. Employees hadn't notified management of the missing items because they didn't think it was that important. "It's just a mouse no one was using," they explained. "We thought you had more important things to worry about."

In fact, the employees themselves were unaware of the full extent of the losses. Individuals had noted missing items as isolated incidents. "That's weird," they’d say. "I was sure that machine had more memory installed." It wasn't until bigger items disappeared that people across the organization began sharing information and discovered the pattern of lost items.

A series of small losses may add up to a big problem. Let your employees know that you care about any type of unexplained loss and act on information you receive right away—even if it's only a mouse.

If you even suspect the items were stolen, get your manager or HR involved immediately. Don't wait to see if it happens again. While you're waiting, thousands of dollars in assets might be walking out the door. Whether or not you suspect a member of your staff, it is still important to alert the management team to the problem. Your manager or HR department can advise you when and how to get local law enforcement involved.

Mitigate the Risk
What would happen in your organization if someone—whether on purpose or by accident—were to format the disk drive of the machine that houses your source code or bug tracking system? Automated nightly backups stored offsite can mitigate the risk of a careless or malicious employee deleting critical data. Be sure to test the restore process. It will do you no good to back up your data if you can't restore it when needed.

I have seen critical data wiped out on three separate occasions at three different companies. In each case, it was an accidental loss. But that didn't make it any less devastating. In two of the three cases, nightly backups saved us. In the third case, we lost a lot of time and ultimately had to redo a great deal of work.

Take Measures to Prevent Loss
Check references. The most important loss prevention measure you can take is to check