Worried about theft by staff? Start with these 5 steps

Worried about theft by staff? Start with these 5 steps

There are steps you can take to deal with theft in the workplace

There are steps you can take to deal with theft in the workplace

Theft by staff can be a problem for many organisations, particularly those with tempting things available to people.

Ideally, employee relations are at a level where theft is not a problem, but from time to time rogue staff can take advantage of their trusted position.

In this blog we will take a look at five immediate steps you can take in the event of stealing by staff members.

1. Is it really stealing?

First, make sure the act committed by the staff member is actually theft and not something they expect is available to them. For example, stationery items might be freely available to staff, but if limits are exceeded then there is a case for theft. Be sure to communicate to all staff what is free and what is not.

If you are working with material or information that is open to theft, then communicate this to staff and indicate there are serious punishments, including when there is collusion or a cover up by more than one staff member. The more transparent you are the less likely you are to have to deal with theft in the first place.

In fact, think twice about using the word “theft” as it implies criminality and you don’t want to have that label stick around if the accusation turned out to be false. Use terms like “violating company policy” instead of “theft”.

2. Have a policy

Like most things that involve a dispute, it is best to have a policy so managers have a clear understanding of the course of action to take.

Don’t think employee theft matters will be clear cuts, or should be handled in an ad-hoc way. Have a consistent policy for dealing with theft and make sure the policy template is recognised, and can be applied by, all the key stakeholders.

Theft cases can result in dismissal, so it is important you follow a proper process that is consistent with what is expected of staff rights.

3. Gather the evidence

If you suspect employee theft then it is vital to have evidence to support it. Falsely accusing someone of theft and taking action without proof are themselves risky and can expose the organisation to litigation.

Gather as much evidence as possible and look for a clear motive for theft. In most cases there will be a path you can follow and a theft incident is probably not isolated.

Evidence can be in the form of a video recording or audit trail of a data transfer. And sudden changes in an employee’s behaviour, or sudden a departure, can also raise red flags for theft. Polonious specialises in case management and helps organisations ensure there is a clear trail of evidence that can be reviewed by all stakeholders.

4. Act swiftly

If you have strong evidence theft was committed then don’t delay notifying the employee of their contract termination. The longer you delay the more opportunity there is for further theft.

During the termination make sure all of the employee’s contractual rights are adhered to and follow your company’s policy. When dealing with a difficult situation the last thing you want is for it to become messier and expose your organisation to any counter claims.

Moreover, don’t withhold or deduct anything from the employee’s termination pay, or do anything to “punish” the person on the way out. As part of your policy, have a processing for dealing with terminations due to misconduct and make sure you are covering any potentially difficult contracts or third-party notifications.

5. Assess any police involvement

Depending on the severity, many theft cases result in the employee being terminated without further action.

In the event of a severe case of theft – particularly those involving company data or other asset that can land the organisation in hot water – then assess escalating it to the appropriate authorities.

A police report might also be needed if you are pursuing an insurance claim relating the incident. If you do need to get the police involved, keep it quiet to avoid concerning other staff and risking any reputation damage.

With the right work culture you can avoid troublesome incidents like theft, but if you do have to act on it, it is important to have the right processes and tools to support your side of the dispute.

One system, many teams, an opportunity to reduce costs and improve outcomes.

One system, many teams, an opportunity to reduce costs and improve outcomes.

Investigations are carried out across various business units and teams in an organization – HR, Information Protection, Corporate Security, Cyber Security, Brand Protection, Physical Security, Insider Threat, Customer Services and Health & Safety to name a few. 

Most teams will have a method of documenting their investigations and tracking progress and outcomes. Depending on the maturity of the company this could range from spreadsheets and emails to large enterprise applications. This is extremely inefficient and costing companies in terms of time, money and strategic outcomes.  

By implementing a single system to carry out investigations, you can unite teams from across the company – sharing skills, knowledge, and best practices. 

It’s never an easy task to rationalize systems from different business units, but the business case to do so can be compelling and the benefits felt across the wider organization.  

Here are a few examples of benefits: 

IT Support – A single system to support, administer and assure. 

Split Costs – Licensing split across many business units. 

KPI/KRI – Single source of metrics. 

Automation – Reduce manual activity and increase throughput. 

Consistency – Even with different processes it’s easy to ensure a robust investigation takes place. 

At Polonious we often help to rationalize systems and build bridges across business units. Want to know more? Contact us at info@polonious.co.uk

Polonious Analytics – A First Look

This is a demonstration of our new Analytics capability, which is part of our 20.2 release.

This demonstration will show you how easy it is to create a useful and visually compelling dashboard specifically, in this case, to help with team coordination.

We will build this dashboard in 10 minutes, stopping here and there to explain some of the capabilities and concepts.

We believe your team can take on the task of building their own uniquely useful dashboard views into your case data.

So how does Analytics help your team?

Analytics give them the ability to:

  • Prove your team’s value to the organization.
  • To create greater efficiencies by analyzing performance.
  • To track Compliance by examining the data you can easily capture on compliance KPIs
  • To improve referrals to your unit by examining past cases referred vs case outcomes and savings.
  • To measure quality by creating dashboards to measure the quality of work our vendors and team are doing


Drag and drop, configure, run..

View, filter, list and then view cases.

So, what did we just see?

The dashboard build took around 10 minutes with stops to explain some of the concepts.

I think you will agree, it was easy to drag, drop and construct this dashboard.

We believe you can do this task now with no IT involvement required. This is a big saving in doing time, turnaround time and internal costs.

So what did we just see in terms of Polonious Analytics capability?

You can easily filter and select the case data you need to answer your questions.

There are a bunch of smart widgets to visualise your data as you need.

When you are using the dashboards, if you see something interesting, it’s very easy to drill down to that detail and see all cases in a list represented by that point of interest.

You can view a case straight out of that filtered list to see the full detail of what went on during that individual case.

What else can we do with this new capability? What are the other possibilities?

Rick Shepherd and Steve Epstein of Polonious  gave a metrics presentation at IASIU on the key areas analytics help a team such as yours. Proving Value, Improving Referrals, Creating Efficiencies, Measuring Quality and Compliance. All of these are now easy to create with Polonious Analytics..

We hope you enjoy our new 20.2 release. We really look forward to seeing what your team are able to put together with this new capability.

If you have any questions or improvement suggestions, we are very keen to hear from you. Thank you.

Polonious Not Vulnerable to ‘Java Zero Day Exploit’

Polonious Not Vulnerable to ‘Java Zero Day Exploit’

On Sunday, a new vulnerability was reported on the newswire relating to a Java vulnerability in the frequently used ‘commons-collection’ library. This reportedly affects java web-based applications world-wide.

Polonious’ development and security team reacted to this news within 24 hours.
The ‘commons-collection’ exploit allows an attack to vector directly into an IBM(tm) Websphere(tm) or JBOSS(tm) server running java applications on-line, exposing the server with command line access. This vulnerability is just as likely on Windows, OSX and Linux.
The security-trained senior engineers at Polonious have reviewed their popular PCMS (Polonious Case Management) product and declared it not vulnerable to this exploit. The library in question (commons-collection) is never used in a way that can cause this attack to succeed.

Whilst PCMS is not vulnerable to this attack, customers who choose to run IBM(tm) Websphere(tm) or Red Hat(tm) JBOSS(tm) for their Java web applications will need to review with their support contractors to ensure that they are not vulnerable. As a default, Polonious implement a hardened version of Apache Tomcat which is not vulnerable to this attack.

Polonious takes an active role in detecting, checking and removing any vulnerabilities reported on security feeds world-wide.

For further information on PCMS and Polonious, contact your local office in Australia or the USA.