Zeroing Out Zombies

Not long ago, a large retail chain laid off, among others, an executive with access to key company business information. In an oversight, management neglected to take away that individual's ability to log on to the company network and, perhaps driven by anger, that individual logged on and downloaded highly confidential corporate and consumer data.

Making a bad situation even worse, the company, which did not have real-time access to its data, did not discover the breach for three days — plenty of time for that individual to exploit the situation for personal gain or revenge by selling that data or using it to publicize the breach.

Fortunately, this story has a happy ending: an audit revealed the breach, the company called the police and the data was recovered. But it was as much the result of luck as preparation, says King Rogers, founder and principal of the King Rogers Group and a former vice president of assets protection for Target.

"It's very common for someone who suddenly has his loyalty and allegiance severed, along with his pay checks, to take information as well as tangible property with him," Rogers says.

It's harder to protect data and property when layoffs happen in large numbers, but Rogers and other industry experts say that companies have the best chance of preventing thefts and data breaches when they have stringent IT security protocols in place and strict termination policies that are implemented in all instances.

Circuit City and Home Depot provide recent examples of how the risks associated with mass closings can be minimized when such programs are in place.

Last January, Home Depot exited its EXPO Design Center business and some related test concepts, affecting 5,000 employees. The company also streamlined various support functions, affecting an additional 2,000 associates.

Vice president of asset protection Mike Lamb's team was one group impacted by the layoffs, requiring Home Depot to develop new and equally productive ways to manage shrink and the security of its assets.

When a retailer announces staff reductions, "you have a perception challenge with potential bad guys who think that shrink may not be as important to the company as it once was," Lamb says. "We've learned from individuals who committed theft or fraud that part of their motivation was that they thought there was an opportunity because there was less of a physical loss prevention presence in individual stores."

Home Depot enhanced its store review process by creating dashboard exception report applications that replaced monthly reviews that were "very time-consuming for both asset protection managers and store operators."

The company's pro-active restructuring appears to have worked. "We have not seen a material negative impact on our business results," Lamb says. "By reallocating our resources, by focusing on stores with a significant opportunity for shrink improvement and by learning to manage by exceptions, we were able to manage change very effectively and I think our business results demonstrate that."