Why You Should Shut Down Your Laptop When Traveling

Leaving your hotel room for a while? Don’t leave your laptop on. Shut it down lest it becomes subject to a cold boot attack. This is a type of a side channel attack in which an attacker with physical access to the computer can retrieve encryption keys from a running operating system after using a cold reboot to restart the machine. The attack allows a hacker to steal information stored in RAM in only a few minutes. Keep in mind that for a cold boot attack the hacker must have physical control of the device. The simplest way to stop this from happening is to fully shut down your computer – leaving it in sleep mode will not protect it.

I Checked Out LPRC IMPACT and Here’s What I Learned

The first of October was another first for me. I attended the Loss Prevention Research Council (LPRC) IMPACT conference for the first time, in muggy but beautiful Gainesville, FL.

For years, I had been hearing about the research going on at the University of Florida by Read Hayes, PhD, and his team, but I really wasn’t certain about what went on at the conference or who was behind the scenes. My list of conferences to attend for the year has been the same in the past with the bigger “shows” like NRF, RILA, RLPSA and ASIS. I was interested in a more intimate conference and looked forward to geeking out while hearing the recent research on retail crime.

Here are my takeaways in case you’ve wondered about this event like I did.

First, the size of the event is perfect. Sometimes I’m not in the mood to go wandering through a gauntlet of flashy booths and mobs of people. I’m pretty sure the LPRC wants to grow its membership, but right now, it’s just small enough to be navigable, has the right amount of sessions, and allows enough time to visit with a handful of solution providers. I felt it was the right size with about 30 booths in the exhibitor space and well-timed sessions completed in rounds, so you could make it to most, if not all, of them.

My major in college was the Administration of Justice, and I have to say that the sessions took me back to the days when I was a student sponging up theories on crime, statistics and policing methods. The keynote speakers challenged everyone to question their perceptions and commonly held beliefs around what really works. It turns out there’s a huge difference between what we believe works and what actually gets the job done.

The LPRC’s choice of speakers made it clear they value clear-cut, scientific research. Each learning lab session was brief and thought provoking, with a mix of retail and researcher input. Again, the format of the sessions created an atmosphere where it seemed easier to exchange ideas and questions (sorry for all the questions).

Conferences in general are great for networking—there’s no doubt about this—but some are better than others. LPRC IMPACT was a little easier to network since there were fewer people to try to mingle with. In the past at some of the larger shows, I found it almost overwhelming and difficult to connect while standing elbow to elbow in a room with 500 people. This had a lower-key, relaxed, Florida vibe throughout the organized events and between sessions.

The Innovation Lab 5.0 was jam-packed with solutions for retail theft. The LPRC created a mock sales floor including solutions for soft lines, electronics, food and more. Instead of walking a giant show floor searching for what they need, the retailer could walk through this area in a matter of minutes and focus on their burning questions. I saw some innovative solutions in product protection, from tags to box wraps to ORC sweep prevention. The lab included EAS systems and a separate area for CCTV and analytics platforms. So, if you are trying to keep up with all the technologies out there and find yourself getting overwhelmed or you’re just too busy to stay on top of it all, I’d suggest hitting the Innovation Lab next year for a one-stop shop.

The “Live Internal Offender Engagement”, was something I had heard about, but seeing really is believing. At this year’s conference, two admitted dishonest associates were interviewed live on stage for the crowd. They recounted their experiences stealing from their employers, along with what led up to the thefts and what could have prevented them.

They even opened up to more questions from the crowd at the end. As a student of behavior, I couldn’t help but try to read their responses, and amazingly, I think they were being honest about their theft activity.

My takeaway from their talk: need + opportunity – manager attention = recipe for theft.

It would have been easy to write these guys off and think, “Well it’s not our job to make sure people make the right decisions; they should know better.” Good luck with that. These two volunteers were giving us all the gift of amazing insights. They told us they needed money, that in their minds they weren’t making enough on the job, that they had access to systems and modes to commit theft and that they felt like management didn’t care. Bonus tip: for those of you preparing to ramp up seasonal hiring, both subjects stated multiple times that their new-hire orientation was rushed, inadequate and may have made a difference in their decision to steal.

It’s clear that retailers play a huge role in the research being done and helped extensively with the IMPACT conference. I saw quite a few TJX folks helping to run the show and being recognized for their contribution at the awards ceremony. Shoutout to John Kopen and the rest of the team for all their hard work!

After attending, I’d recommend getting involved with the LPRC on a committee or checking them out online to learn more. You could help guide the research being done or lend your valuable insights with your experience in LP. We only get stronger as a group.

 


Stefanie is a regular contributor to the work of the International Association of Interviewers. To enjoy other great content from her and other contributors, please visit CertifiedInterviewer.com

Stefanie Hoover’s “Confessions of a Forensic Interviewer” Wins MarCom Gold Award

SAN FRANCISCO, Calif., (October, 25 2018) – The monthly column Confessions of a Forensic Interviewer, published in LP Magazine and authored by Stefanie Hoover of CONTROLTEK, has won a gold MarCom Award in the category of best blog.

Stefanie’s column, written in her trademark engaging style, focuses on experiences and challenges retail loss prevention investigators face in their work.  She offers a unique perspective of someone who devoted a large portion of her career to getting the truth out of theft suspects through interview techniques and personal insights.

A new article in Stefanie’s column is published every last Thursday of the month on LP Magazine’s website and in the publication’s e-mail newsletter LPM Insider.

MarCom Awards honors excellence in marketing and communication while recognizing the creativity, hard work and generosity of industry professionals.  The awards are administered by the Association of Marketing and Communication Professionals.

Tom’s Tek Tips Win MarCom Gold Award

SAN FRANCISCO, Calif., (October, 25 2018) – The monthly mini-column Tom’s Tek Tips, published in D&D Daily every Tuesday, and authored by Tom Meehan of CONTROLTEK, has won a gold MarCom Award in the category of best book.

Tom’s Tek Tips are bite-sized lessons on technology focusing on retail asset protection.  Each tip is written so that it can be read in under 30 seconds.  D&D Daily has been publishing Tom’s Tek Tips on a weekly basis for over a year.

Select Tom’s Tek Tips were published in a form of a small book earlier this year, and distributed to the attendees of the NRF Protect.  It is this small book that won the gold award.

MarCom Awards honors excellence in marketing and communication while recognizing the creativity, hard work and generosity of industry professionals.  The awards are administered by the Association of Marketing and Communication Professionals.

Let’s Sit at the Same Side of The Table, or How to Be a Better Partner

With a regular blog titled “Confessions of a Forensic Interviewer” you’d think that every week I’d have something to say about interviews.  I do.  But here’s the thing: I’m a solution provider now.  In order for me to write regularly, I have to write about my experience, and what I’ve experienced since transitioning from retail loss prevention five years ago to solution provider has been, well, A LOT!

Thinking back to when I worked for various retailers over the years and bumping into “vendors,” let’s just say I was mostly underwhelmed (though sometimes pleasantly surprised) at the service we received.  My role brought me into contact with field technicians and occasionally a manager, if something had gone haywire.  I was there during installations as the eye in the sky or checking on the work after it was done, and saw a whole range of behaviors on the job, from taking extra-long lunches, to flirting with store staff, to just plain shoddy workmanship.  Not everything was negative, as I said, there were pleasant surprises too: techs that showed up on time, with a name badge, checked out at the end of shift and walked me through the work that they did.

Through all my years of working with vendors, I never once had a supervisor, project manager or account rep call and ask me how the job went.  This was curious to me – wouldn’t they want feedback from the customer directly?  I always thought to myself that if our vendors would communicate with us more often, then they would become solution providers.  Now living on the vendor-side for five years, I noticed that communication isn’t always easily forthcoming from the retail side either.  And I re-learned what my experience as an investigator first taught me – that communication is a two-way street.

So this will be a two-way article.  I’ll offer suggestions for improving the retailer-vendor communications from both sides, so regardless of which side of the table you are sitting at, you may find a helpful nugget.

Being a Great Customer

If you are a retailer who wants a rock star vendor, don’t just sit back and wait for it to happen on its own.  When you’ve gone through all the trouble to select a vendor—or even if you have a long-term partnership—talk about your expectations and then follow up on them.  Almost every retailer has a service level agreement (SLA) or master service agreement (MSA) in place but how many actually talk about those things that make that SLA run?

For instance, you may have an SLA in place that states your vendor needs to respond to service calls within five days; however, are there any mechanisms in place to make sure each service call is placed with a maximum amount of information from your end so the vendor’s tech can properly complete the job when on site?  If your store isn’t satisfied with something about their service can they document the issue, or does it go by word-of-mouth to the loss prevention manager?

You’ll see a common thread here, it’s communication.  Many times, frustrations start to develop because the retailer waits too long to share the issues.  The larger the organization, the more delays there are, and the quicker these frustrations pile up. Do you have a regular touch base with your vendors?  It may not be the most exciting conference call of your week, but regular calls can help to develop a rapport and you may be surprised that information starts to flow and things will bubble up that otherwise may have laid dormant and festering.

Being an Awesome Solutions Partner

One thing I’ve learned as a solution partner is that every retailer is different and they all communicate quite differently.  Some don’t want to hear from me at all unless they have a problem.  Then there are those who I can pick up the phone with, pick their brain about a new product and we have a great chat.  What needs to stay consistent is the attempt to communicate, from day one.  Outlining the critical processes and double checking that there is consensus is crucial.  If your retail customer has a different expectation than you thought, it’s only going to become exacerbated as time goes on.

Don’t hesitate to call your retail customers with bad news.  We all have those tough calls to make – sometimes things don’t go perfectly.  But the longer you wait, the worse it will get.  As my friend and boss, Steve Sell, likes to say, deliver good news fast and bad news even faster.  Communicate truthfully.  People can smell BS a mile away.  Retailers have enough to worry about without having to deal with a vendor who is colorful with the facts.

We also have to accept that sometimes people don’t click.  Personalities may clash or there may be history of some kind you have no control over.  Communicate anyway.  Ask the other party, how would you like me to communicate?  What works best for you?  What have you experienced in the past that you’d like me to do different?

Treat others with respect.  This goes both ways.  I have seen retailers treat vendors like indentured servants and I have also seen vendors acting like they own the place.  These attitudes don’t serve anyone and only further build the walls between the two sides.  If you are a retailer and have a procurement team who handles your LP buying, may I suggest sitting in on a conference call or meeting to see how things are going?

A finely tuned partnership between retailer and vendor can only result in benefits for both sides.  Just think of the idea sharing, problem solving and money saving that could arise if ideas were exchanged freely and on a regular basis!  To illustrate this, I’ll leave you with an example as a final thought.  I let one of my retail partners know I was going to be in his area recently and we made plans to grab lunch.  He was telling me about a problem they were having with some auditing, and I was able to recommend a company to him that might be able to help.  You could write this off as normal networking or even run of the mill sales stuff, but I disagree.  This came about because we have good communication and feel comfortable with one another.  Comfort and easy exchange of ideas only come about with some work upfront on communication.  We’re there.  And you can be too!

 


Stefanie is a regular contributor to the work of the International Association of Interviewers. To enjoy other great content from her and other contributors, please visit CertifiedInterviewer.com

Insert ATM Card, Remove Keypad?

Wait, what?! A few days ago, an Oklahoma City police officer pulled the entire keypad off an ATM machine! No, he wasn’t trying to prove his strength, although that would have been quite impressive.

The outdoor ATM at Bank of Oklahoma in Tulsa Hills was weathered, but the officer noticed the keypad seemed brand new. When he began to inspect it further, the entire thing popped right off. “It kind of felt weird being a police officer and calling 911, but that’s what I did,” said Master Sergeant Corey Nooner in the NewsOn6 article.

ATM skimming fraud is getting so advanced that this “press-on” keypad can actually send data via Bluetooth to thieves. KrebsOnSecurity.com says that fraud devices are often placed on the ATM with glue or double-sided tape. While some banks have implemented skimming detection devices, some fraudsters in turn started using insertable skimming devices to avoid being detected.

Hackers use the information from the skimming device to create fraudulent copies of debit and credit cards. “Once they are into the system, they go to the administrative account and they remove any sort of limitations, so whatever’s in the bank at that time, they can cash that, and they do it at a pre-determined time, all over the world,” explains San Jose State University Professor Dr. Ahmed Banafa.

You know the threat is real when the FBI issues a warning of a “potential ATM bank heist” that could cost upwards of millions globally. USA today coverage said the FBI warned: “Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities.”

Okay, so don’t get too alarmed. Financial institutions use these warning to trigger “fail safe positions” and increase security. And, ATM owners can take the following precautions to see if there is a skimming device on their cash machine:

  1. Camera check: Check the area for small, wireless cameras that may be placed on or near the ATM.
  2. Increase visibility: Visit a high-traffic and highly visible ATM to reduce risk says Forbes magazine. Owners can place machines where they are highly visible, and unobscured by retail displays or other items.
  3. Routinely inspect your machine: Inspect your ATM for a keyboard overlay placed over the normal keypad, or internal skimming devices if you have access to the interior of your cash machine.

As the famous G.I. Joe quotes goes, “knowing is half the battle.” The other half involves being more aware of ATM conditions and possibly, contacting 911.