Emerging standards and technology can be used to mitigate people risk in the retail environment and increase the quality of your candidates by 70%. We know how devastating employee theft can be: 30% of business closures blame this.
Then there are data breaches. 1 in 4 data breaches are caused by malicious employees (not accidental fat finger or clicking on a bad link). So when your retail computer systems contain customer PII, IP, HR records, market-sensitive financials insight and other commercially sensitive information – you are exposed. These are vulnerable to malicious trusted insider data breach threats. Are you going to leave it to a police check?
Add on top of that, 99 percent of retail theft incidents were financially motivated. The Australian Retailers Association estimates all forms of shoplifting across the retail sector costs retailers $9.5B per year, 1-3% of gross profit. Than means, for example retail shrinkage per year is approx.
- Woolworths: $1 billion
- Coles: $891 million
- Myer: $30 million
- David Jones: $22 million
In the US, Wal-Mart has had a $4.3B loss or 1% of its $430B revenue. It broke down the losses in this way: 38% ($1.6B) shoplifting, 35% ($1.5B) employee theft, 27% damaged goods and admin errors.
The “Theft Barometer” breaks down ‘Employee theft’, per Australian vertical in this way:
- Non-grocery retailers: 81% of total shrinkage
- Department stores: 59% of total shrinkage
- Supermarkets/grocery retailers: 50% of total shrinkage.
Another global study found that financial cost of bad apple employee is 4.3x more expensive than a garden variety shoplifter. Specifically, $2,700 per trusted employee vs $625 per shoplifter. Why? Because trusted insiders know the business operations better than anyone, they know the loopholes, they know the weaknesses, they know your vulnerabilities – they are in positions of trust.
This maybe a shock to know but 75% of retail employees have stolen from their employer at least once. After US businesses suffered a record breaking $50B loss in 2017, the commentators also looked at the emotional costs noted said
“Often, the employees who embezzle are trusted members of a company’s team … it can be incredibly devastating to find out they have been ripping you off.”
How can your loss prevention and profit protection activities be enhanced?
Enter: the Australian Government’s Security Principle “P10”: Only trusted and vetted personnel are to be granted access to systems, applications and data repositories.” The Information Security Manual, ISM Security Control 0434 states that “Personnel must undergo appropriate employment screening, before being granted access to a system and its resources.”
Pushback: But Retail is not government. True, but as Australian Computer Society (ACS) has said:
“With an increasing array of security standards fleshing out what reasonable steps might entail, directors failing to protect data could risk negligence lawsuits due to a failure to protect data from a “reasonably foreseeable” risk of harm.”
So what does “appropriate employment screening” look like for the retail sector? Looking at the statistics we have shared so far, is their room for improvement? Is now the time to review what your HR department and/or recruitment partners actually, specifically do?
A leader in police checks in Australia once said:
“HR Officers often understand the need for screening but misunderstand the true nature of risk. Investment in pre-employment screening processes is very poor. Recognition of the insurance value is rare.” – CV Check
We would like to share with you ground-breaking research that deters, detects, predicts and anticipates a trusted insider threat. It’s called the “Critical path to insider risk.” It is used in high end background screening organisations around the world.
Hostile acts can include theft, workplace violence, data breaches, adverse drug-influenced decisions and behaviours, espionage, sabotage and other counter-productive workplace behaviours. Now consider the sophistication of the above compared to your process or lets say the current Employment Screening Standards (A driver’s licence meets the basic standard and defines your candidate as “worthy of trust”).
Is there a ‘better way’ forward?
ICAC says YES!
In their white paper: Strengthening employment screening practices:
“Employers should have a robust process for responding to red flags that arise from employment screening checks.”
And in their employment screening handbook the say:
“Employment screening typically consists of checking a candidate’s identity [AS4811]. There are better practices available to inform employment screening such as the Protective Security Policy Framework (PSPF)”
The PSPF? Never heard of it! You are not alone!
Currently only perceived as a requirement for government agencies to adhere, the Protective Security Policy Frame (PSPF) … provides a means to address security gaps within private organisations. There is no direction or advice to business to comply with these controls, independent of their dealing with government. Promoting the implementation of these controls will begin to address this need. – Deakin University
Protective Security Policy Framework. Remember the phrase “Trusted & Vetted”?
These two concepts are only defined in the PSPF.
So, how is suitability determined?
The determination of whether an individual is suitable to hold a clearance is based on careful consideration of the whole person in the context of the following risk factor areas:
- external loyalties, influences and associations
- personal relationships and conduct
- financial considerations
- alcohol and drug usage
- criminal history and conduct
- security attitudes and violations
- mental health disorders.
These factor areas may have a bearing on one or more of a subject’s character traits (HTTMLR). The Attorney-General’s Department recommends vetting agencies use a process of structured professional judgement to come to an overall determination based on the available information.
A Glassdoor survey reported that businesses that take the time to invest in a good candidate screening process will improve the quality of their hires by 70%. Now if an official Baseline Clearance (the lowest level) stops 1:1,000 – for the retail sector it might be perhaps 1:500 – so it won’t scare good candidates away or reduce your capability, but it will increase the character and the integrity of your staff. Plus your security and cyber posture is strengthened in the process.
You can instantly augment and enhance your background screening determinations, improving your Loss Prevention and Profit Protection position by:
1. Vetting your people at the right moment.
2. Screening them across all dimensions that matter.
3. Evaluating them in the smartest and fastest way possible.
Q. What would mimicking a government-standard suitability clearance process do for you?
Cleard Life is a high-end background screening organisation. We have fused commonwealth security vetting practice with a digital avatar screening interview, analysis and reporting platform to deliver faster, cheaper, smarter, better vetting recommendations. Vetting-As-A-Service – as fast as next day turn-around-time, and as low as $135 per check.