What carriers can do to protect cargo from insider threats

Image: Jim Allen/FreightWaves

Image: Jim Allen/FreightWaves

A recent cargo theft report suggests that transportation companies are particularly vulnerable to “insider threats.” In other words, companies may not be doing enough to secure their cargo from their own employees. 

The report, ”BSI and TT Club Cargo Theft Annual Report 2018,” evaluates cargo theft trends and aims to highlight major areas of concern, theft tactics and targeted modalities and commodities.

“People are an organization’s biggest asset; however, in some cases they can also pose an insider risk,” according to the report. “As organizations implement increasingly sophisticated physical, procedural and cyber security measures to protect their assets from external threats, the recruitment of insiders becomes a more attractive option for those attempting to gain access.”

Principal Owner of Corporate Security Solutions JJ Coughlin agreed that insiders can pose a significant threat to cargo security, particularly for less-than-truckload (LTL) carriers and other companies that utilize freight consolidation.

“When you’re thinking about insiders, you’re thinking about consolidation. The more that the freight is handled, the more at risk it is,” Coughlin said. “With the consolidation companies, what I found in the course of my career was that about 85 percent of their crime was internal and about 15 percent was external.”

In the case of a full truckload that is loaded at one location and driven to its destination without ever stopping to consolidate the freight, Coughlin said the risk values are almost the exact opposite. 

Coughlin spent 21 years serving with the Dallas Police Department before spending almost a decade as the regional security manager for a full service transportation company. In addition to his current work at Corporate Security Solutions, Coughlin serves as the chairman of the Southwest Transportation Security Council.

The BSI and TT Club report describes an “insider” as a full-time employee, part-time employee, contractor or even a business partner. The report cited five primary types of insider activity, including: unauthorized disclosure of  information; process corruption; facilitation of third-party access to assets; physical sabotage; and electronic sabotage. 

The overwhelming majority of insider activity falls into the realm of unauthorized disclosure of information (47 percent) or process corruption (42 percent), according to the report. Financial gain was found to be the motivation behind the behavior in 47 percent of cases.

The report found that 88 percent of insider acts were conducted by permanent employees, with only 7 percent involving contractors and 5 percent involving temporary staff. Still, Coughlin said in-depth background checks are one way to cut down on the portion of the crime that does come from contractors and temporary workers.

“A lot of the time, companies will go to contractors or temp agencies, and they say they do a background check. You have to follow up and see exactly what they check in their backgrounds,” Coughlin said. “You have to hold third parties to the same background requirements you use for your own employees.”

The report also states that 60 percent of insider activity involves people who have worked for the organization for fewer than five years, but Coughlin pointed out that new employees and seasoned employees tend to commit two different types of theft. 

“In an industry with as many moving parts as transportation and logistics, someone on his first day does not even know how to steal or how to try to hide it. What I found in my career is most employees who stole from the company had worked there for at least four years,” Coughlin said. “I’m not talking about stealing one laptop out of the pallet. I’m talking about a crime ring within your business, stealing whole pallets. It is not the beginners that do that. The beginner might get one piece here and one piece there, but the true crime ring insider has worked for the company and knows the system.”

No matter how stringent a company’s background requirements are, an important step in mitigating insider risks is maintaining strong managerial control, according to Coughlin.

“Sometimes on an LTL dock, the thing is like an anthill. You can’t tell who is working and who is stealing,” he said. “You have to be able to trust your employees, and you have to have management checks. Transferring that freight is where the opportunity for the insider to help themselves exists.”

Stricter background requirements and stronger managerial presence may be what it takes for carriers to protect their freight from insider threats with the same fervency they apply to outsider threats.