We not only live in a world addicted to data, but one that often ignores cyber wellness.

From our smartphones to the digital personal assistants (Siri, Alexa) that have been marketed as tools to free our time for leisurely pursuits—the jury’s still very much out on whether they’re helping most of us achieve that goal—an increasing number of interactions in our daily lives involve internet-connected digital devices that track human behaviour. Most of this data is benign and has little application outside of the marketing world. When I mention visiting a destination on a social media account, for example, I suddenly find ads for that destination in my news feed. It’s annoying, maybe, but not necessarily a major breach of privacy.

Now, what happens when smart devices start tracking and collecting information across a commercial property?

Connected commercial properties

No need to wonder because that’s likely already happening in a building you occupy, and perhaps the one you’re sitting in right now. Everything from your building’s door card readers and fire alarm panels to its HVAC system, surveillance cameras and thermostats could well be connected to the Internet. The potential for efficiencies, cost savings and property performance improvements are almost too numerous to summarize in a single article. But so, too, are the cybersecurity risks.

While security firms such as ours still guard against so-called traditional thieves—thieves who break into a facility intent on stealing merchandise or equipment, or engaging in vandalism, for example—Wincon Security has evolved into an integrated solutions provider in recent years precisely because an equal and fast-growing risk exists in the online realm. Sophisticated malfeasants, many of whom are connected to overseas organized crime rings, are looking for easy targets. That means organizations or commercial property owners reluctant or unwilling to invest in a holistic, digitally-focused security strategy to protect their assets are gravely exposed.

Why wait-and-see never works

Unfortunately, many organizations take a cross-your-fingers approach to security, betting that they’re too small or their data is too invaluable to draw the attention of cyber thieves. That is until they’re hit. Then most are left scrambling trying to restore systems, or pay ransoms to recover data, and rebuild their businesses after an online attack.

So great is the threat that BOMA Canada recently published a Cyber Wellness Guide for commercial property owners. In it, the organization notes:

The IIoT (Industrial Internet of Things) currently in the market are geared towards user value, and haven’t necessarily been looked at from a thorough cyber security perspective. That increases the onus on building managers to have a robust plan to prevent and deal with cyber issues.

In addition to the expanding network of smart devices, attackers are also becoming more persistent and patient, whether it is to gain ransom from you or to cause other damage. In addition to local hackers who may use phishing attacks or ransomware to cause potential damage, there are international threats too as proximity does not matter when dealing with cyber risks, and no sector is immune.

Indeed, it’s not alarmist to assume that a hacker could breach your building’s cyber defenses (assuming they’re in place, which isn’t always a given), steal data and even coordinate with thieves to break into your facility. If your organization happens to deal in high-value or sensitive materials, this is of particular concern. So, what’s a property owner or manager to do?

 Be proactive to bolster cyber wellness

As the BOMA report notes, it all starts with preparation. Having tools such as firewalls, anti-virus software or endpoint security on laptops and other vulnerable devices in place is crucial. Huge advancements are also being made with artificial intelligence technology to detect breaches long before they become obvious or increase risk. Of course, staff training is another important consideration—and that includes making sure that security personnel are as well trained in mitigating cyber threats as they are in monitoring traditional causes of building vulnerability or standing on guard to prevent incidents such as physical break-ins.

Having a significant security budget in place is another important consideration that many property owners overlook—particularly if they’re prone to trying to looking for ways to maximize profitability at the expense of all other considerations. That budget should include line items for both physical and cyber security measures. From there your team will need a cyber security plan that can be implemented at a moment’s notice if a data breach occurs. The plan should be customized to your specific needs and be comprehensive enough to address a range of possible scenarios.

Most importantly, be sure to work with a security provider who understands the risks involved as the IIoT becomes ubiquitous, cyber threats increase and the need for solutions integration becomes more important than ever. Because the last thing any busy commercial property owner should waste time fretting over is whether a hacker in some far-flung locale is preparing to compromise the security of their data or their facility.

Winston Stewart, President and CEO

Wincon Security

Retail theft is not only pervasive, but can be extremely difficult to control. Just ask the LCBO, Ontario’s liquor retailer, which is in the midst of a crime spree-related crisis plaguing key outlets across the Greater Toronto Area—a problem that could, at least in part, be of its own making.

When the Toronto Star first reported on the phenomenon of brazen daylight thefts at LCBO locations, many of us in the security industry shrugged. The incidents were no surprise given the lack of in-store security at most of the organization’s stores. According to statistics unearthed by the Star, LCBO outlets have been targeted more than 9,000 times since 2014. That’s a staggeringly high number, but the data are even more harrowing, according to the Star’s reporting:

“In 2014, police data shows, LCBO outlets accounted for just over a tenth of the shoplifting incidents at the top 100 most frequently targeted addresses of shoplifting incidents in Toronto. By 2017, it was a third. And halfway through 2018, the most recent data in the Star’s possession shows LCBOs accounted for nearly half of shoplifting incidents, with liquor heists happening more than three times as often as they did in 2014.”

The problem has become so bad that school principals have reportedly complained to police that, in some cases, their minor students are shoplifting liquor ‘with impunity.’ What’s to blame for this dramatic increase in theft?

First, the LCBO has a strict no-intervention policy in place regarding in-store pilfering. Staff members are forbidden from intervening when a robbery occurs. This has resulted in bizarre (and in the case of some stores, almost daily) examples of LCBO workers literally being forced to stand by and watch as thieves walk into their stores with duffel bags or backpacks, which they promptly fill with merchandise, before making an exit. Some are so bold as to take their time and leave the targeted store at their leisure.

Aside from the cost to the provincial treasury of losing millions of dollars in merchandise each year to preventable theft, the costs are much greater. LCBO employees report regularly being threatened by thieves—in some cases with needles or knives—and being forced to deal with smashed bottles left in the wake of these brazen robberies. Demoralized and frightened, these staffers have taken to whistleblowing through the media to make their voices heard. How long, they wonder, before a customer or employee gets seriously hurt?

The bigger challenge is a certain apathy at the C-suite level across the LCBO, not to mention on the part of the Toronto Police Service, whose experimentation with no-response retail theft policies sends a clear message to criminals: LCBO stores are open for illicit business. With some products such as rare scotches priced at several hundred (or thousands) of dollars, liquor stores are prime, easy targets. LCBO leadership has only recently announced its intention to add a stronger security presence at some GTA stores. Hopefully the move has the desired operational impact.

To be clear, ‘No touch/No chase’ policies are not exclusive to the LCBO. They have been embraced by risk- and liability-weary organizations for years, and for good reason. Staff are not trained police or security professionals. They risk personal injury—or worse—in making ill-advised, if admirable, attempts to stop a theft in progress. These policies, in other words, exist for a reason.

But it’s incumbent upon upper management at retail organizations such as the LCBO to take action and ensure their stores are protected at all times. That often means taking a holistic, integrated approach, introducing everything from the latest in high-definition digital cameras with facial-recognition software to spot known malfeasants before they can pilfer goods, to having a security presence on-site at all times in higher-risk areas—and those aren’t limited to economically-disadvantaged communities. The LCBO data shows that shoplifting is rampant even in more prosperous neighbourhoods.

Having experienced, professional guards on site sends a message to would-be shoplifters that their activities won’t be tolerated. And yes, deterrence does work. Will it necessarily stop attempted robberies altogether? Obviously not, but criminals will think twice before trying to lift a rare bottle of Glenlivet. More so if they know that police will arrive on scene if a theft is in progress or has just occurred.

Ignoring brick-and-mortar security needs is common in the digital era when an increasing percentage of retailers’ budgets are being directed to preventing fast-growing challenges such as cyber theft and fraud. But as long as business is being conducted in the offline world, organizations need to be prepared to protect their property and their people.

Winston Stewart, President and CEO

Wincon Security