Not long ago, a large retail chain laid off, among others, an executive with access to key company business information. In an oversight, management neglected to take away that individual's ability to log on to the company network and, perhaps driven by anger, that individual logged on and downloaded highly confidential corporate and consumer data.

Making a bad situation even worse, the company, which did not have real-time access to its data, did not discover the breach for three days — plenty of time for that individual to exploit the situation for personal gain or revenge by selling that data or using it to publicize the breach.

Fortunately, this story has a happy ending: an audit revealed the breach, the company called the police and the data was recovered. But it was as much the result of luck as preparation, says King Rogers, founder and principal of the King Rogers Group and a former vice president of assets protection for Target.

"It's very common for someone who suddenly has his loyalty and allegiance severed, along with his pay checks, to take information as well as tangible property with him," Rogers says.

It's harder to protect data and property when layoffs happen in large numbers, but Rogers and other industry experts say that companies have the best chance of preventing thefts and data breaches when they have stringent IT security protocols in place and strict termination policies that are implemented in all instances.

Circuit City and Home Depot provide recent examples of how the risks associated with mass closings can be minimized when such programs are in place.

Last January, Home Depot exited its EXPO Design Center business and some related test concepts, affecting 5,000 employees. The company also streamlined various support functions, affecting an additional 2,000 associates.

Vice president of asset protection Mike Lamb's team was one group impacted by the layoffs, requiring Home Depot to develop new and equally productive ways to manage shrink and the security of its assets.

When a retailer announces staff reductions, "you have a perception challenge with potential bad guys who think that shrink may not be as important to the company as it once was," Lamb says. "We've learned from individuals who committed theft or fraud that part of their motivation was that they thought there was an opportunity because there was less of a physical loss prevention presence in individual stores."

Home Depot enhanced its store review process by creating dashboard exception report applications that replaced monthly reviews that were "very time-consuming for both asset protection managers and store operators."

The company's pro-active restructuring appears to have worked. "We have not seen a material negative impact on our business results," Lamb says. "By reallocating our resources, by focusing on stores with a significant opportunity for shrink improvement and by learning to manage by exceptions, we were able to manage change very effectively and I think our business results demonstrate that."

Circuit City, which underwent a complete liquidation, adopted an approach that focused on protecting assets — including intellectual property — in an equally comprehensive manner.

Once the country's second-largest consumer electronics retailer, Circuit City closed 567 stores in March. Thanks to protocols put in place as part of its PCI compliance processes, Circuit City protected sensitive corporate and consumer data as it terminated some 34,000 employees and liquidated approximately $1.7 billion in inventory.

Mark Stinde, Circuit City's former vice president of loss prevention, says the company gained valuable insights from an initial wave of closings that shuttered 155 stores late last year.

"In markets where all stores closed, we saw a three-fold increase in loss incidents and the volume of internal theft cases we had to resolve," Stinde says. "Learning what we did from the closing of those 155 stores enhanced our ability to protect our stores and our data when we did the final closings."

During both rounds of closings, Circuit City used a variety of metrics to identify and manage stores at varying degrees of risk, including local crime indexes, market crime indexes, three-year shrink histories for individual stores and the number of internal theft cases each store resolved over a given period of time.

Auditors were deployed to high-risk stores daily, to medium-risk stores several times a week and to low-risk stores about once a week, Stinde says. In their store visits, auditors would review inventories, particularly of expensive high-risk goods, and ensure that all proscribed security measures were in place.

As a result, "we would know within a day or so whether something was missing," Stinde says. "Then we would investigate that loss and resolve it."

Provide personal escorts
Shrink during the mass closing of an electronics retailer could be expected to range from 2 percent to 6 percent of starting inventory value, Stinde says. "Our shrink was on the very low end of that. When you look at the resources we put toward this, we feel like the expense required to pro-actively review our systems, programs and standards paid for itself eight to ten-fold in dollars saved."

Other best practices for companies about to initiate mass layoffs, says Rogers, are to "immediately line up a team of trustworthy people who will be remaining on board and provide an escort for each of those being terminated."

The escort, he says, needs to begin "at the instant when people are told they are being terminated." Some companies have taken to calling their lower-level employees at home to tell them of their termination. "It seems cruel, but it allows companies to control the situation much better," Rogers says.

Next