Regardless of the industry, all businesses should be vigilant with regards to employee theft. Employee theft can come in all shapes and sizes, from an administrative assistant pocketing some extra Post-Its to hardcore embezzlement on behalf of leadership. It can be easy to dismiss repeated instances of employee theft as isolated incidents, implementing disciplinary action or termination, and moving on with the work week. However, many executives and managers may not realize that repeated instances of employee theft could be indicative of a much larger problem in their corporation or organization.
From a position of leadership, it’s easy to dismiss a single instance of employee theft; the employee is the one who made a choice to steal from their company or organization, and that employee was wrong for doing so. Discipline or termination typically follows, and leadership walks away feeling confident that they’ve removed a bad apple from their barrel. However, pervasive issues with employee theft are symptomatic of a systematic problem within the business or organization that go beyond a single employee’s bad judgement.
Why do employees steal?
The three most common reasons employees steal are not very difficult to understand.
- employees feel as though their employer has wronged them, or their compensation is inadequate.
- employees believe that employers insure such losses—therefore it is a victimless crime.
- employees know they will not be held accountable if they are caught
All of these reasons may characterize the employee as “disgruntled,” a term with a cultural context that often absolves the employer of any misconduct. When a corporation or organization has repeated instances of multiple employees committing theft, it’s a sign that the corporate culture of the workplace is less than healthy. A single employee pilfering staplers is not symptomatic of unhealthy corporate culture, but 5 employees pilfering staplers is a sign that employees do not feel valued, and therefore do not respect their employer.
The cycle of healthy corporate culture always begins with happy employees, because when employees are happy, they are more engaged, and contribute positively to the productivity of the organization. This pleases leadership, which incentivizes them to make decisions that raise morale, such as rewarding success with pay-raises, benefits, and thoughtful, constructive collaboration. The cycle begins anew with happy employees. Poor corporate culture means that undervalued employees will contribute negatively to workplace productivity. One of the ways poor corporate culture manifests is through employee theft—and it’s not just about profits or staplers. When employees are disengaged from their duties, they’re more likely to take extraneous breaks, or taking longer breaks than permitted, which is theft of company time. This often comes from a rationalized perspective, in which the employee does not feel their own time is valued within the organization, and therefore will place the same perceived value on company time.
Whatever the type of theft, repeated instances of employee theft cannot be ignored. It may be a sign that your business or organization needs a corporate culture audit. A corporate culture audit is like a check-up—when you go into the doctor for a standard check-up, they evaluate all of your major bodily functions for signs of disease or deterioration, and a corporate culture audit is no different. When investigators conduct a corporate culture audit, they evaluate all of your business’s internal operations, hiring processes, and principle employees for roadblocks that hinder productivity and contribute to poor corporate culture. The identification of these pervasive issues will lead to investigators providing leadership with expert recommendations to dislodge the blockage, allowing the cycle of corporate culture to right itself through cause and effect.
If you think your business or organization needs a corporate culture audit, call Lauth Investigations International today for a free quote on our Corporate Culture Audit program. For over 30 years, Lauth has been providing corporations with solutions to stimulate their business. In pursuit of truth, call 317-951-1100, or visit us online at www.lauthinvestigations.com.
Cyber criminals are evolving at an alarming rate. Cyber-security product developers are on an infinite loop with felons, each trying to out fox the other with regards to data breaches. Security is absolutely necessary for brick and mortar establishments due to a myriad of reasons, but in 2019, the name of the game is cyber-security. Not only are data breaches an efficient way to steal trade secrets and financial information from businesses, but they can also be done remotely. A proficient hacker or scammer can access a company’s vital company information from halfway across the world, and from that same location, can devastate the company. Within minutes, they can access financial information, trade secrets, distribution and delivery schedules, and private customer information. To prevent this from happening to your business, here are 5 cyber security measures every business should have:
This is Internet 101. Since the birth of the World Wide Web, we’ve been educating adults and children alike on the importance of having a strong password to access online accounts. Whether it’s a company’s financial information, or a Grubhub app on an executive’s phone, thieves can crack weak passwords to gain access. As such, it’s important passwords never contain personal information about an individual, especially if that information is visible on social media. Parents often include the name of their kids in their passwords, using their dates of birth for any numerical value requirement. Teens and young adults use the name of their favorite animal, sport, or music artist. Another common tactic is using common words that are easy to remember, and then spelling them backwards for a false sense of security. Experts at the National Cyber Security Alliance also do not recommend using sequences of characters that are near each other on the keyboard, such as “QWERTY,” the first six characters of the keyboard. The current recommended length for strong passwords is between 8-12 characters. If you’re unsure whether or not you password is secure, use an online password checker to verify the passwords level of cyber security.
Firewalls have been around almost as long as passwords. Firewalls are shields that protect your business from harmful or insidious traffic. When you connect to the internet, the system is constantly communicating with the wireless network, both sending and receiving units of information known as packets. Firewalls monitor these packets and perform a risk assessment, blocking unsafe packets. These firewalls protect your company’s data from unauthorized remote access by criminals.
Roland Cloutier, the Chief Security Officer for ADP, calls antivirus software “the last line of defense” when protecting your company’s data from hackers and other cyber-criminals. Not only can remote criminals access and view a company’s vital information, but they can also install vicious malware that will copy the target’s hard drive, and subsequently render the machine inoperable. Installing anti-virus and anti-malware programs aren’t enough, though. These programs need to be updated regularly as part of the infinite loop mentioned earlier. Every time a criminal finds a way to bypass an anti-malware product, the product requires changes to combat those breaches.
Laptops and Mobile Phones
It’s important to secure laptop computers and mobile smartphones associated with your business. For this, experts recommend encryption software so any remote felon attempting to access or copy the hard drive cannot do so without the proper password. They also stress the importance of never leaving these devices in ones vehicle, where they are easily accessible to thieves. “Lock-out” options are also standard for these devices in 2019. This setting allows you to establish a time period during which the phone lies idle. After that period expires, the phone locks itself, preventing anyone from accessing it without the password. Smartphones and laptops with remote-wipe features must be enabled. This way, if your device falls into the wrong hands, you can remotely wipe the device and prevent the leak of sensitive company information.
Last, but never least, it’s important your workforce is educated on the security measures in place and regularly enforces them on a day-to-day basis. Companies often neglect employee education under the false impression their IT team will be able to resolve all issues whenever they arise. The fact is, even IT professionals cannot anticipate every cyber threat, and may not be up-to-date on the very latest in cyber-criminal tactics. An ounce of this education is worth a pound of cure—Despite the level of technology literacy in the United States in 2019, an employer or business owner cannot assume an employee’s level of security knowledge. The prevention starts with employees, providing them with an intimate knowledge of company operations and how cyber security measures protect them.
Regardless of your company’s industry or size, all businesses must update and maintain their cyber security. An ounce of prevention is worth a pound of cure when criminals can bypass cyber security, and devastate a company in minutes.
The invention of direct-deposit payments in electronic banking have likely saved companies millions of dollars over the years in labor hours, materials, and fees that previously caused problems for companies. However, in an age where your paycheck is sent automatically to your checking account, phishers are seeking to exploit this automation for personal gain.
The Internal Revenue Service has reported an upswing in various types of fraud that directly target a company’s payroll. While the ruses come in many forms, one of the most popular is phishing emails disguised as legitimate correspondence from an employee or upper management. It’s always an instruction to alter payroll information so that funds would be rerouted to the scammer’s bank account. Once the deed is done, the money is withdrawn and the company is responsible to replace the missing funds. While the FTC and the IRS are constantly reevaluating their strategies for containing these types of fraud, this particular scheme is hard to detect and often goes unreported. The email can outsmart security measures set down by the company or within a company’s email server, and scammers take amounts that can just be written off as unfortunate missteps on behalf of personnel.
Frauds such as these have gone through an evolution as security technology becomes more sophisticated and what we know about internet culture continues to grow. Internet frauds used to be about volume and inattention to detail—thus the birth of phishers, who sent emails rife with spelling and grammar mistakes out to mile-long email lists, casting a wide net throughout the web. Education about fraud has forced scammers to be more cautious. Today, companies who have seen this scam in its newest form remark that these phishing emails look so authentic that there may not be a question in their mind before obliging their request. Security measures that have risen from the nucleus of electronic banking combat wire fraud every day in the United States. Large sums in wire transfers now throw up giant red flags. Phishers and scammers are getting more bang for their buck by taking smaller amounts with more frequency, lurking below the radar. This does not require sophisticated hacking skills. Just the ability to open a Gmail account. Phishers make the account look cosmetically convincing, then throw out the lure. One of the most targeted entities is non-profit organizations, because of the benevolent nature of their business. The idea of someone ripping off a charity or relief organization is horrifying, but the simplicity of scams like this make the opportunity too lucrative to pass up.
It’s frightening how simple the fraud is to pull off, but there is recourse for businesses who are vulnerable to such a scam. One of the non-profits who fell prey to this scam was KVC Health Systems, an agency for child welfare in Kansas City. Their IT director, Erik Nyberg, says it starts with comprehensive education on company procedures, “The CEO is never going to email you out of the blue and ask you for any deposit changes. And if you have any sliver of a doubt, call the person who is making the request.” He goes on to discourage executives and upper management employees from using their personal email accounts to send staff correspondence, and to set email filters that will catch suspicious incoming messages. Social media managers are also cautioned against posting any company information to their pages that could serve to bolster a phisher’s credibility.
If your business has been the target of this wire fraud scam, you are encouraged to report them to the Federal Bureau of Investigation’s IC3 tip line.
FMLA fraud can devastate a company, but companies should protect the integrity of their investigations to protect themselves.
The Family and Medical Leave Act (FMLA) provides working families balance to their lives when their circumstances take a turn. Whether it’s caring for new life in the household—such as a newborn or a foster child—or to care for an ailing relative, the 1993 act protects employees from being terminated from their jobs when they must take an extended absence for a specific set of reasons. However, abuses of FMLA are extremely common in the American workforce. While suspicions of FMLA abuse should be taken seriously by employers, companies must conduct thorough and unbiased investigations before terminating any employees. Businesses who do not follow protocol can open themselves up to expensive litigation.
In addition to protecting employees from termination during an extended leave, FMLA also requires their various insurance coverage remain in effect. This protection can be guaranteed for up to 12 weeks. According to the Department of Labor:
FMLA is designed to help employees balance their work and family responsibilities by allowing them to take reasonable unpaid leave for certain family and medical reasons. It also seeks to accommodate the legitimate interests of employers and promote equal employment opportunity for men and women.
FMLA applies to all public agencies, all public and private elementary and secondary schools, and companies with 50 or more employees. These employers must provide an eligible employee with up to 12 weeks of unpaid leave each year for any of the following reasons:
- the birth and care of the newborn child of an employee;
- placement with the employee of a child for adoption or foster care;
- to care for an immediate family member (spouse, child, or parent) with a serious health condition; or
- medical leave when the employee is unable to work because of a serious health condition.
The use of FMLA within these guidelines (with some exceptions) is designed to protect hard-working men and women from losing their jobs when their family suddenly requires their attention. Life can change so fast, and employees can rest easy knowing their jobs will be waiting for them when they are able to return in top-performing condition.
According to Charlie Plumb, an attorney who represents clients in all phases of management, abuse of this protection should be investigated, provided the employer has an “honest suspicion.” He goes on to say, “This honest suspicion standard is really intended to protect the employer against a claim they are interfering against FMLA leave and/or being retaliatory.”
A familiar scenario is one where an employee has been granted leave under FMLA for a serious illness or injury. The employer then happens to see posts from the employee on social media having fun out with friends, exercising, or driving. The employer might think, “If they’re well enough to do these things, they must be well enough to work.” While this might sound like an open and shut case from the employer’s point of view, Allen Smith of The Society of Human Resources Management, provides an example where this philosophy proved problematic:
“Joan Casciari, an attorney with Seyfarth Shaw in Chicago, said she handled a case that involved an employee who was put on FMLA leave for depression. The employer later discovered, through surveillance, she was doing Christmas shopping with her family and having a wonderful time. But her doctor confirmed “retail therapy” was consistent with her condition and the fact she could shop did not mean she did not require FMLA leave.”
Luckily for the employer in this anecdote, they did their due diligence and consulted a medical professional who could corroborate the circumstances of her FMLA qualifications. Some employers are far hastier. When employers do not conduct comprehensive and objective investigations into suspicious FMLA claims, they can open themselves up to lawsuits that can be devastatingly expensive and a public relations nightmare.
Vigilance of adherence to the guidelines of FMLA becomes manageable when Human Resource directors keep an eye out for certain patterns of behavior, such as absence patterns, especially when they coincide with non-work events (holidays or something personal that they may have mentioned in the past). Employers should also be suspicious of absences directly contradicting any medical certification in frequency or duration.
Once an employer has a reasonable suspicion of FMLA abuse, they should most certainly investigate. However, internal investigations into these kinds of abuses can be very messy for Human Resources and upper management. The aforementioned scenario involving “retail therapy” could have been a disaster if the company had not done their due diligence. Some employers are not so diligent.
Another scenario involving a maintenance worker at a nursing home and rehabilitation center panned out much differently. The employee in question noticed his superior was exhibiting a pattern of absence he found suspicious. He began reviewing surveillance footage to compare to his own personal log of her comings and goings in order to prove she was abusing company time. After discovering the independent investigation, the superior served a series of performance adjustments to the employee before terminating him. The termination came after the employee had submitted an FMLA request. The court found the dates of his termination tied in too closely with his request for FMLA, allowing the employee to take the case to trial.
Scenarios like these are why Human Resources and management should 1) be vigilant of FMLA abuse, and 2) conduct a thorough and unbiased investigation in order to ensure the company is protected from litigation. Many companies choose to handle investigations internally in order to minimize the amount of exposure. However, internal investigations spearheaded by current members of staff, will not only disrupt daily operations, but can also have negative effects like the case of the nursing home. The employee conducting his own investigation may have had honest suspicions of his superior’s misconduct, but he was certainly not a unbiased source to investigate.
Private investigators are probative routes often overlooked when a company has an internal investigation. There are many circumstances under which companies do not want to give up control over an internal investigation, and a private investigator is the definition of a third-party. However, the objectivity of a private investigator is the number one reason why companies should consider them as an option. The personal biases of the persons involved in the previous examples caused the investigation to go south. As an independent contractor, a private investigator’s only loyalty is to the truth. They are vital to ensuring an investigation is a transparent expedition for the truth. This goes a long way towards protecting a business from subsequent lawsuits or bad press.
When handling an investigation internally, employers are limited to what surveillance they can attain from their own equipment or social media. Private investigators are licensed to track individuals and photograph their activity in public. Persons who fraudulently claim to be out for injury can be photographed doing tasks directly contradicting their FMLA claim, like yardwork or lifting heavy groceries. In addition to tracking their public movements, private investigators may also conduct undercover operations in order to investigate any frauds. They are invaluable in this regard as they are not known to those within the company. Whether you’re looking for an FMLA weekender or an FMLA moonlighter, if someone has made a fraudulent FMLA claim, a private investigator is the most-equipped professional to prove or disprove the suspicion.