How to create an audit trail after a break-in

Take a moment to think about how your business might respond to a burglary. What mechanisms do you have in place to construct a play-by-play of a break-in or security breach for law enforcement and insurance claims adjusters? Specifically, could someone on your team create an audit trail to serve as documentary evidence of how the break-in took place, the impact on your firm's operations and the resulting losses?

Knowing how an attack unfolded requires a systematic approach to how your business secures its people and assets. Here are steps to follow to improve the effectiveness of your security defenses and ensure your firm's ability to create an audit trail in the event of an attack.

 

Conduct a company-wide risk assessment

You can't fend off an attack if you don't know what one looks like. A risk assessment, which identifies the types of risk facing your business and their likelihood of occurring, forms the basis of an effective security program.

Ask yourself when your company last assessed the effectiveness of its security program. Does your business have enough surveillance cameras in place to monitor entry and exit points? Are inventory records and monitoring tools kept up-to-date and reviewed frequently for discrepancies? Or, in the case of a cyberattack, does the technology exist to prevent an outsider gaining access to company records?

Whether your organization needs a better understanding of its physical security weaknesses, its fraud risks or potential for a cyberattack, a template exists to help you identify and mitigate the risk.

The Association of Certified Fraud Examiners has a template to help companies conduct a fraud risk assessment. The federal government also publishes risk assessment templates, including one on physical security from the Federal Emergency Management Association, or this approach from the National Institute of Standards and Technology on cybersecurity risk.

Pay attention to attacks on other businesses

There's a lot you can learn about improving your security program by deconstructing attacks on other businesses. By doing so, you'll identify weaknesses that facilitated the attack, which may also exist in your business.

For example, if another company experienced a break-in when a criminal pretended to work with a delivery company to gain access to the office, commit to reevaluating how your company identifies delivery personnel, and whether they receive unaccompanied access to your facilities when delivering a package. By analyzing just one case a week, you'll identify lots of relatively easy improvements for your program.

 

Educate employees

While most employers realize the important role employees play in protecting the company and its assets from internal and external threats, few invest in education programs to keep them up-to-date on the latest schemes. While a security education program can help mitigate attacks by third parties, it can also help prevent internal threats. By including instruction on how the company detects internal crimes, the training also raises the "perception of detection," which leads an employee to believe that if they commit fraud, the business will uncover their criminal activity.

 

Periodically check your security program

From time-to-time, it makes sense to test the effectiveness of your program in its ability to detect, prevent and generate the audit trails needed to analyze and report the incident.

Sometimes referred to as "red teaming", this process involves the use of a third-party firm, such as your business security partner, acting as a would-be attacker to test and expose weaknesses in your program, including technology, physical or people-related weaknesses that could potentially facilitate an attack.

Although break-ins and data breaches can't always be prevented, the likelihood of an attack succeeding drops dramatically when there is a robust security system in place.

1. "Fraud Risk Management Scoreboards." Association of Certified Fraud Examiners. Accessed on June 3, 2018. http://www.acfe.com/coso-scorecard-home.aspx
2. "APPENDIX A: BUILDING VULNERABILITY ASSESSMENT CHECKLIST." Federal Emergency Management Association. Accessed on June 3, 2018. https://www.fema.gov/media-library-data/20130726-1524-20490-4937/fema452_a.pdf
3. "Cybersecurity Framework." National Institute of Standards and Technology. Accessed June 3, 2018. https://www.nist.gov/cyberframework