KeyTrak

Office worker searching confidential information

Earlier this year, the ransomware virus Wanna Cry encrypted more than 200,000 computers across the world. The Equifax data breach put 145.5 million Americans’ personal information at risk because an employee failed to apply a security patch. With high-profile incidents such as these, it’s easy to see why cybersecurity spends so much time in the headlines. While cybersecurity is important to protect your organization against a data breach, make sure you don’t overlook physical security — specifically key control. Follow these four tips to increase physical protection for your data.

Secure Keys to Areas Where Sensitive Data Is Stored

The Federal Trade Commission (FTC) recommends combining cybersecurity best practices with physical security guidelines, which are essential to protect against insider threats and social engineering. According to the FTC, you should store devices and documents containing personally identifiable information (PII) in a locked file cabinet or room, and use access controls for on-site data centers.

If you keep keys in a desk drawer or on a pegboard, however, that’s not enough to deter someone from gaining unauthorized access to files or devices. Storing keys in a tamper-proof electronic key control system rather than in an easily accessible area reduces your risk of a security breach.

Set up Access Levels

The FTC says to limit cabinet or room key access to employees with a legitimate business need. Employees should return keys as soon as they’re done with them.

Storing keys in an electronic key control system allows you to enforce these guidelines by setting up user profiles for various job functions and access privileges. If someone needs a key, they can only access the system if they’re authorized to do so.

Automate the Audit Trail

To improve employee accountability, it’s best to minimize the level of human involvement in your key control procedures. For example, say that your HR manager is in charge of issuing keys to locked filing cabinets containing confidential employee records. The manager maintains a spreadsheet of who has been issued keys and when, but there are a few problems with this method:

Someone has to remember to update the log.
It’s easy to manipulate data.
If a single person is managing multiple keys, they have to manually review the spreadsheet to determine if all keys have been returned on time.
It relies on a person’s trustworthiness and sound judgment. Someone could issue a key to an unauthorized user or use the key themselves for unauthorized purposes.

The benefit of using an electronic key control system is that it will automatically record data for each system transaction. If a key isn’t returned on time, the system will automatically send a text or email alert to the system administrator or sound an alarm. Additionally, the automatic audit trail gives you a reliable source for investigating the incident, and the accuracy of the data is less likely to be called in to question.

Be Cautious When Giving Vendors Keys

If it’s necessary to check out keys to a contractor or vendor, inspect their driver’s license to verify their identity. After checking out the key(s), print a copy of the key receipt and have each party sign. Ensure that the key grants the vendor access only to the areas they need to perform their job. You can also put a time limit on the transaction so you’ll be notified if the vendor has key for longer than they should.

Protecting your data requires a strong focus on cybersecurity, but you can’t afford to neglect security. For more tips, check our post “The Four Layers of Physical Security.”

Having a list of amazing amenities and well-maintained units is great for attracting new tenants to your multifamily property, but what they see on the surface might not be enough to get them to renew once they've experienced how your property is managed.

If you're not doing enough to keep your tenants and their property safe or to provide them with good, efficient service, they could be looking for somewhere else to live when their lease is over.

Here are a couple tips for making your property a place tenants want to stay.

Keep Tenants and Their Keys Safe

How you treat keys to your units plays a big role in providing both security and good service. If your key security is falling short, you're leaving your tenants vulnerable to potential thefts and violent crimes. Employees misusing keys can also be a problem. For example, a Seattle woman recently caught a property's assistant manager stealing cash from her apartment.

Your property needs a secure and efficient way to manage your keys. Whatever method you choose to keep your keys safe, be sure you have a way of tracking who has keys and when. Handwritten logs are one way to track keys, but an electronic system that automatically records that information based on login credentials would give you a more accurate and easy-to-manage audit trail.

Reduce Your Liability

Poorly maintained or nonexistent key security and access logs can leave you open to lawsuits. It can also send a message to your tenants that you don't care about their safety — or your own liability. In the event that an access incident does happen, such as an employee who used a key without a proper reason or authorization, you need to be able to respond.

By tracking every key and all access to your property, you can answer any concerns about access that a tenant might have and reduce your liability. With a key control system that automatically logs access, you'll have a verifiable audit trail to determine if an employee had the key at the time in question. Having access to this information will also help hold your employees accountable for what they do with keys when they have them.

Manage Packages Better

The winter holidays are here, and your office is probably already inundated with boxes and boxes of online orders piling up in a back room (or worse, in the middle of your leasing office). Your staff already has their normal daily duties, but now they have to keep track of who's been notified about their packages, if a package has been retrieved and who needs to be notified again — all on top of making sure packages don't go to the wrong people or get lost.

Consider using a system that easily tracks packages as soon as your office receives them. You should be able to quickly create a record of the package, scan its information and have the system automatically notify tenants via email or text message. Then the tenants must sign for the package, ensuring the packages go to the right people. this will keep you from having a pile of boxes disrupting your regular office functions during the holiday season.

Managing properties, especially multifamily communities, requires juggling a lot of different components. How do you keep your property running smoothly and your tenants happy?

A 10-ton motorhome piloted by an inexperienced RV driver can be plenty dangerous on the highways. Now imagine that motorhome is being driven by somebody who stole it right off your RV dealership's lot. The damage and injuries caused by the thief are going to make for some ugly news headlines.

Who is going to be held responsible for this wild joyride when the dust settles? The thief will certainly get a fair share of the blame. But if you didn't take reasonable measures to secure your keys, headlines that damage your dealership's reputation won't be your only problem.

Protecting your inventory — from camper trailers all the way up to Ferrari-priced Class A motorhomes — is probably already a priority at your dealership. That's why you likely have fences, padlocked gates and maybe even a lockbox for keys. But even those security measures can fall short against determined thieves.

Fences and padlocks didn't stop thieves from driving three RVs worth almost $2 million off a dealership lot late one night in Colorado. Dealership management told a local news station that the thieves had to have had a plan in place. Even if your keys are secure, do you know who has access to them and when they're taken?

Thieves in Arizona got a little bit luckier when they took two motorhomes that had been on display at a local mall. They keys to the RVs were left locked inside by dealership employees. Even basic security practices won't be enough if you make it easy for a thief to access keys and make a clean getaway.

The situation can careen even more out of control if the fleeing criminal is involved in accidents while driving the stolen motorhome. No bystanders were hurt during a high-speed police chase with a stolen RV in California, but the dealer could still have faced civil liability for damage, injuries or death caused by the thief in the stolen RV.

If a motorhome stolen from your dealership is involved in an accident or causes damages, the loss of the asset, insurance deductibles and increased premiums won't be your only concerns. What steps have you taken to make sure your keys don't fall into the wrong hands?

The recent tax reform bill will bring changes to many Americans' taxes, but certain provisions of the bill could be a boon for real estate investors, landlords and the multifamily industry in general.

The bill will reportedly make it more profitable to own income-generating property, such as apartments and condominiums. Experts say this could result in an increase in multifamily construction, meaning there will be more properties competing for your tenants very soon.

As the competition heats up, it won't be enough to simply offer competitive rates and nice amenities to your prospective tenants. You need to have a smooth and easy leasing process, a staff that you trust to take care of your tenants' property, and a way to protect yourself from liability in the event that keys are stolen or go missing.

Here are some ways that hitting those key performance points will give your tenants an excellent, secure living experience and help you compete against newer properties.

Improving the Leasing Process

Nobody likes to wait. Everybody has been frustrated when they get put on hold by a customer service representative. How would it make you feel if you were forced to wait while a leasing agent struggled to find a key for a model unit or an empty apartment? Prospective tenants who are left waiting around the leasing office are already developing a negative opinion of your property before they even see the units.

Does a maintenance technician have the key you're looking for? Has it been misplaced or stolen (more on that in a bit)? A lack of awareness of where your keys are isn't just a security issue. It can leave your leasing agents unable to perform their jobs and send prospective tenants elsewhere. You need a system for keeping track of your keys to be sure one isn't missing when you need it. Either maintain a written access log, which has its own problems, or use an electronic key control system that logs activity automatically.

Holding Employees Accountable

Protecting your property against break-ins and robbery is hard enough without employees abusing their access privileges. How much do you trust your employees to not steal from your tenants? Many properties have struggled with this liability. Some tenants have even taken the matter into their own hands to prove that employees were accessing their apartments without proper notification and stealing money.

Just as knowing who has keys and when can help you improve the leasing process, it can help you hold employees accountable. If a tenant complains about stolen items or access, can you answer them honestly and correctly? A system that automatically tracks key access will let your employees know that you take key security seriously. This will make them think twice before doing something foolish.

Reducing Your Liability

While making sure your employees aren't misusing keys is important, making sure keys don't fall into the wrong hands outside your company is a much bigger issue. It's not just about giving your tenants a place to live that they feel is safe and well secured. Your company could be held liable if a key is stolen and used to access an apartment, especially if it leads to a robbery or a violent crime. It's your responsibility to ensure access to your apartments is properly managed.

Keeping keys secure is an electronic system that notifies you when a key is missing can help you react quickly to a potential issue. Knowing a key is lost can let you change locks before a key is misused. Reduced liability and insurance costs can then be reinvested in the property, helping you remain an attractive property in a competitive market.

How do you plan to keep tenants coming to your property during the coming boom?

According to one Boston Globe correspondent, fingerprints are unlocking the future. As criminals exploit weak passwords, people are turning to biometric authentication to improve security. Because everyone’s fingerprints are unique, it’s much more difficult to bypass biometric authentication. Plus, fingerprints are easier to keep track of than complex passwords (although for added security, you might choose to combine a password with a fingerprint).

Whether you’re using a fingerprint reader for your key control system, your child’s school or even your computer, here are some tips for getting a successful scan.

Position Your Finger Correctly

Place your finger flat on the sensor. The arches, loops and whorls that distinguish your prints from others’ are in the pad of your finger, not the tip. Also make sure that you position your finger on the scanner the same way each time. Apply light pressure — pressing too hard can distort the ridges in your skin.

Prevent Dry Skin From Affecting Your Scan

Fingerprint scanners feature a silicone membrane that relies on the skin’s natural oils to detect a fingerprint match. If you struggle with dry skin during cold weather, it may take a couple tries for the reader to recognize your fingerprint. To redeposit natural oils, try running your finger along the back side of your ear before placing your finger on the sensor. You can also regularly moisturize with oil-free lotions, but ensure your hands have plenty of time to dry before using the scanner to help prevent residue on the sensor.

Don’t Clean the Device With Any Kind of Liquid

You might be tempted to give your fingerprint reader a good scrubbing with warm soap and water or an all-purpose cleaner, especially during flu season. However, using any type of liquid or cleaning chemicals could damage the device.

Instead, clean the scanner with office tape about once a week. Simply press tape to the surface and lift; the tape traps oils and clears the surface. A soft, dry cloth works as well.

By following these simple tips, you — and you alone — will be able to log in to your system in no time.

Source: McGrath Family of Dealerships

The drive from Marion, IA to Dubuque, IA is more than 65 miles each way, making the round trip almost two and a half hours. That's a long time for an employee to be in a car during business hours, let alone when a customer sale is hanging in the balance.

That drive is something employees at the McGrath Family of Dealerships occasionally have to deal with when they need to retrieve a car from a Volkswagen store in Dubuque for a sale in Marion. When a dealership group has multiple stores spread across a region, trips like this are simply a reality of the business. They can also turn out to be a huge waste of time and money.

What happens if there is a miscommunication about the car being in Dubuque? Does the dealership even know where that car's key is? What if the car was sold the day before and the CRM wasn't updated in time? Even if the rep calls ahead, does the Dubuque employee know for sure that the car is still on the lot?

Wasted trips helped McGrath recognize that it needed a better solution for managing its inventory and its keys across its multiple dealerships. That solution needed to track who has keys and when they took them across multiple locations. By ensuring inventory information was centralized and kept up to date, employees would no longer have to make long, pointless trips to stores in Iowa City, Dubuque or Grand Rapids.

McGrath found an answer in KeyTrak. The dealership began installing the electronic key control system at several of its stores in early 2012 and has continued to install systems at every new store it has acquired or opened since.

There are now 21 KeyTrak systems storing more than 3,500 keys across McGrath's multiple dealerships, covering sales and service departments alike and keeping everything running like a well-oiled machine.

"When a key is checked out, we know who has the key," said Orrin Smith, director of sales for McGrath Family of Dealerships. "We chose KeyTrak for how the systems integrate with each other and how they can communicate with all departments at multiple locations."

How much would having key systems that communicate across your several dealerships help improve your processes?

K-12 schools across the country have been rocked by recent events that highlight a need for greater security. Because of these events, you may be looking at updating current security policies and procedures, as well as implementing new ones.

One security issue that hasn’t received significant public attention is key control. Implementing effective and secure key control procedures entails several variables, including who will manage keys, how many faculty members will have access to them, how long faculty can keep certain keys, and so much more. All of these factors contribute to the struggle you may be facing when trying to put your key control policies into practice.

Unfortunately, this security gap puts your students and your campus at risk. For instance, police were investigating a bomb threat at a school in Massachusetts when they discovered a 16-year-old was carrying a school master key. Although the teen wasn’t connected to the threat, it’s concerning that he was caught with the key. What was he planning to do with it? Had the school realized the master key was missing? How did he get it in the first place?

These are questions that no school should leave unanswered. Fortunately, there’s a secure and effective solution for managing your campus keys. To learn more about how you can improve your key control practices, check out our white paper.

Have you ever gotten a new smartphone and gone through all the setup steps only to discover that your entire contact list from your old phone wasn't backed up properly? If it was a business phone loaded with vendor and customer contacts, how big was that headache?

Of course smartphones aren't the only electronic systems you use to conduct your business. You have computers, tablets, copy machines and maybe even an electronic key control system. All of these things store important data, and suddenly losing that data can have serious consequences.

Data corruption, security breaches, power loss, backup power failure, user error and hardware or software failure are all major causes of data loss and can happen at any time, no matter what steps you take to protect yourself.

If you use an electronic key control system for securing and tracking keys at your business, what would happen if you suddenly didn't know where your keys were in the drawer, which keys were checked out and who had them last? Losing key control system data would create unnecessary work for your employees, who must now figure out what keys go where, creating liability and security risks in the process.

The best thing you can do is have a recovery plan to help you continue operation during a data loss event. Here are some steps you can take to help you mange your keys if your system fails.

Use Reporting Features

Knowing who has keys and when they took them is a smart security and liability-reducing practice. It's also likely a big reason why you chose to implement an electronic key control system at your business. However, the ability to track key activity would be severely hampered if your system failed and you didn't have a contingency plan in place to continue operations.

That's where having a recent key inventory report can help you know what keys go where and manage key activity during the downtime. While not as efficient or secure as a fully operation electronic key control system, the ability to log key access manually with a recent report can help you continue operating and make sure keys are where they are supposed to be when the system is brought back online.

Perform Routine Backups

Just as you should pull reports for your system on a regular basis, you should also routinely back up your entire system to an external media device, such as a USB memory drive. It's a backup best practice to back your data up to an external location rather than the system itself.

If your server is still operational after some sort of outage or data loss, a recent backup can help you quickly restore the latest backed-up data and allow you to resume operations with minimal long-term disruption.

Prepare for the Worst

Unfortunately, even best-laid plans can still be spoiled if human error leads to a backup not being performed as scheduled or if your external storage device becomes corrupted. That's why you should choose an electronic key control system provider that can offer you a cloud backup solution.

An automatic off-site backup to a secure cloud gives you an added layer of protection against serious downtime. If your server is completely debilitated by an unexpected incident, such as a coffee spill or a pipe burst in your office, your latest backup can be loaded to a replacement server and promptly shipped to help you get your system running as soon as possible.

How have you prepared your business to recover from a data loss scenario?

You probably recognized long ago how your dealership sales and service departments can work together to generate revenue for your dealership. The sales department can offer service contracts on new or used cars, while the service department can refer customers to sales when vehicles start reaching their end of life.

However, at many dealerships, the communication between departments stops there. You might not realize how important it is for these two separate departments with different operations to work and communicate with each other to keep your entire dealership running smoothly.

For example, consider what happens one department takes a vehicle key from the other and doesn’t properly log the activity or even tell anybody they have the key. A customer walks into your showroom and requests to test drive a specific car in certain interior and exterior colors. They’ve been searching the internet for weeks for this particular combination and you’re the only dealership in the area with their dream car.

Your website and CRM indicate that the car is on the lot, but the sales rep is unable to find the key on the pegboard. The rep checks with multiple people in your sales department but is still unable to find the key. The customer refuses to test drive a different car since they came for that specific vehicle and leaves after an extensive wait.

Later that afternoon it’s discovered that a service rep had taken the car to the back for routine service and failed to mark it in the key log. This lack of communication lost you a sale.

Just as your various departments can work together to make sure everybody is making money, you can see they also need to communicate in order to not lose even one customer.

Carl Sewell, a successful dealer in Texas, once wrote that one of his customers is worth $517,000 over their lifetime. How much is each of your customers worth to you? What can your dealership do to keep a careless mistake from costing you a long-term loyal customer and revenue source?

Knowing who accesses keys and when isn’t just a good security practice; it’s also a way to keep your dealership operations running smoothly and to give your customers a better, quicker experience. If you’re looking for an electronic key control system, be sure you choose an option that logs key access automatically and can give you a complete picture of where a key has been anytime you log in.

In the situation we described earlier, the sales rep would have instantly known who had the key when they made the request. The car would have been found, the customers likely would have bought it, and you would have been one step closer to having a customer for life.

Whether you have a single lot or a sprawling family of dealerships, knowing where keys are is crucial to making you money. How many times have you lost keys due to poor communication between departments?

Keyless entry systems are all about convenience, but are they making key control more complicated at your dealership? They can be bulky, cluttering up your key control system. In addition, many smart keys (e.g., Toyota, Dodge, BMW) have a built-in valet key that can be separated from the body of the fob.

The problem with this design, as one dealer discovered, is that salespeople can remove the fob from their KeyTrak system while leaving the valet key attached to the key tag in the drawer. When a user doesn’t follow the proper checkout process, there’s no record of the key being removed, which can result in mystery miles and increase the dealership’s liability risk.

Fortunately, you can simplify smart key storage with one simple item: a key fob pouch. Here are the top three reasons you should use them for all your smart keys:

Less Clutter in the Drawer— When KeyTrak drawers are full, having the smart key and its pouch attached to the key tag prevents fobs from jostling in the drawer, helping to keep it tidy.
Added Security— The pouch containing the smart key is attached to a key tag via a KeyTrak fastener that runs through the top of the pouch, ensuring the valet key and fob stay attached to each other until the vehicle is sold. The fastener also prevents users from removing the fob from the drawer without going through the standard checkout process.
Fewer Scratches on the Key— The pouch protects the key from getting scratched so the key stays looking as new as the vehicle. The clear front allows salespeople to easily see and press the fob buttons.

If you’re a current customer, you can purchase the pouches from our supplies catalog or call 1.800.541.5033 (option 2).

Private mail is a treasure trove of information for identity thieves. There are medical bills, credit card statements, checks, ID documents and more.

In Yonkers, NY, 85 people have been victims of mail theft so far, resulting in $660,000 in losses. Police arrested three men who stole 10 public mail bins — but the thefts continued. The officials involved in the investigation reported that it’s possible the thieves obtained a master key through ties to former employees of the postal system.

Unfortunately, it’s not uncommon for identity thieves to exist within the postal service itself. Employees have access not only to high volumes of mail but also master keys to public mail bins and cluster box units (CBUs). The Postal Inspection Service reports that in 2017, there were 1,145 cases of mail theft. From October 2016 to September 2017, the Office of Inspector General investigated 1,364 internal mail thefts— that’s 119 percent of the thefts from the Postal Inspection Service’s reporting period!

Fortunately, there’s a way you can address and prevent these thefts.

How to Reduce Insider Threats Through Key Control

Ensuring the safety of delivery equipment such as post office boxes, collection boxes and CBUs requires that you hold employees accountable for how they use keys. An effective key control policy requires that employees:

Only have access to keys required for their jobs
Use keys for the intended purposes
Report lost or stolen keys as soon as possible
Return keys at the end of their shifts

To reduce the risk of insider threats, the manual steps involved in meeting these goals should be automated wherever possible. Here are a few examples of how electronic key control helps improve employee accountability:

User Profiles— Rather than manually issuing keys, an electronic key control system controls access to keys based on specific user profiles. The system will also record when a key is removed, who removed it and when it’s due for return. To capture this information, some systems might require you to scan a key tag to update the log, while others will automatically record the transaction when the key is removed from the system. Again, the fewer manual steps required, the more secure the process is.
Real-Time Alerts— If the key is not returned when it’s due, some systems will send designated personnel a text or email alert.
Verifiable Audit Trail— Ensuring you have a verifiable audit trail of key usage can help with investigating security breaches. Even if someone accesses a key without going through the appropriate channels, the audit trail will help you identify who has used each key in the past and demonstrates that you took reasonable efforts to control access to your assets.

By implementing these measures, you can help ensure that employees use keys for their intended purpose. You owe it to citizens to minimize the risk of their personal information being stolen.

Cabinet with pill bottles next to hanging keys

From cyber attacks to active shooter threats, ensuring hospital security is more challenging than ever. Plus, you have to worry about HIPAA compliance and rising insurance costs that are influenced by treatment outcomes and patient feedback.

To reduce your risk, you need to reduce security threats that could impact patient care and satisfaction. You likely have someone to mitigate external cybersecurity threats, and it’s just as important for you to address internal physical security threats. Your facility has probably invested in physical security measures like cameras, metal detectors, public safety officers and training. But how well do these measures prevent employees from misusing facility keys? Let’s take a look at how poor key control intensifies two major risks to your facility and your patients.

Major Hospital Risks

Drug Diversion

With the rise of the opioid epidemic, more medical professionals are diverting drugs. According to DEA data, employee pilferage accounts for 22 percent of drug thefts or losses. Doctors, nurses and pharmacy staff within the VA’s network of over 160 medical centers and 1,000 clinics allegedly stole controlled substances for personal use or to sell. In some cases, this impacted patient care.

In fact, the CDC warns that when doctors or nurses abuse their access to narcotics, patients suffer due to substandard care and infection risks. Since 2005, there have been five separate infection outbreaks caused by healthcare workers contaminating injection equipment and supplies that were then used on patients.

In light of these risks, the DEA does not take drug diversion lightly. It opened an investigation against Effingham Health System for allegations that the hospital’s lax controls allowed employees to divert controlled substances. The investigation resulted in a settlement of $4.1 million. Consider how well your controls could withstand an investigation in a similar situation.

Device Theft or Loss

Data breaches are another risk that could affect patient satisfaction and increase your liability. Every year, security events cost U.S. hospitals approximately $1.6 billion. Of those, 38 percent are related to physical security. Believe it or not, healthcare is the only industry where more breaches are caused by insiders (56 percent) than by external threats. In 2017, 90 percent of the healthcare physical security incidents were thefts of assets such as laptops, portable devices and paper documents. The thefts took place in work areas such as offices 36 percent of the time.

For example, a former IT employee of Chilton Medical Center stole computer equipment from the hospital, including a hard drive he later sold online. The device contained records for 4,600 patients over the course of nine years. At North Texas Comprehensive Spine and Pain Center, a former employee stole an external hard drive from a doctor’s office, compromising the personal information of around 3,000 victims. Both of these examples demonstrate that employee accountability is critical to protecting patient information.

Mitigating Risks With Key Control

Certain employees do have a legitimate need to access keys for areas where narcotics, sensitive data or other sensitive assets are stored. But are you certain employees always use their keys for the authorized purpose? Can other employees gain access to those keys?

To protect your facility from liability and protect patients’ well-being, it’s critical to maintain employee accountability for key usage. The best way to do so is to create an automatic audit trail of key use that’s not vulnerable to human error or manipulation. Electronic key control systems help meet this objective.

Unlike traditional key storage methods such as desk drawers or pegboards, electronic key control systems typically consist of a metal drawer or wall-mounted panel that physically locks down keys. Some even allow you to set up access levels to ensure that people are only retrieving the keys they need to perform their job duties.

In addition, if someone checks out a key outside their shift hours when they have no need to do so, or if they have a key checked out for longer than they should, you can be immediately alerted by text or email. The system is fully automated, so if a security incident occurs, the automatic audit trail can aid in an investigation by providing a report of who checked out keys and when.

If employees abuse their access privileges and you don’t have adequate key control measures in place, are you prepared to answer to patients whose health or privacy has been compromised? Can you absorb the cost of compliance fines, rising insurance costs and more?

Man touching plus and minus symbols on screen

In its 2018 Data Breach Investigations Report, Verizon reported that 11 percent of breaches involved physical actions, and 28 percent of breaches involved internal actors. Considering that access control and identification are two of the four layers vital to physical security, those are concerning figures. Without proper identity management, there will be security gaps in your access control — the two work hand in hand.

The facts above illustrate why it’s important to manage who can access your KeyTrak system. To add and delete users, your system administrator should follow the steps below. (If you’re not sure how to designate a system administrator, read this post.)

Adding Users

When adding a new user, follow the principle of least privilege. In other words, a user should have the minimum level of access privileges required to do their jobs.

To add a new user to your KeyTrak system:

Navigate to "Data Maintenance".
Select "Users".
Click "Add".
Create a user ID and password. You may also add up to two fingerprints and/or a fob for user authentication. Some of the most secure combinations are fingerprint and password (most secure), fingerprint and fob, or fob and password.

To make setting up new users more efficient, establish user profiles for specific job types. KeyTrak user profiles can control system access, asset access, power access, checkout reasons and login options. For example, only management should have authorization to power off the KeyTrak system or access drawers with spare keys in them. To control profile settings, login options and other user settings, choose the "Profiles" option in the Administration menu. For guidance on setting access levels for each position, contact KeyTrak support.

Deleting Users

When an employee or contractor ends their employment with your organization, it’s critical that you revoke their access privileges immediately. If you don’t, employees could use their knowledge of your organization’s access control procedures to steal data, keys or money. We’ve seen it happen at hospitals, a dealership, an oilfield service company, a public works organization, an assisted living facility, the postal service and more.

To remove a user from your KeyTrak system:

Navigate to "Data Maintenance".
Select "Users".
Click "Delete".
Check "Yes".
Click "Remove".

By staying on top of adding and removing users from your KeyTrak system, you’ll improve your physical security and reduce the odds of becoming one of the 28 percent of organizations whose employees caused a breach.

When you get home after a long day, what do you do with your keys? Do you toss them on a table near the door? Hang them on a hook in the entryway? Leave them in your purse or briefcase? Place them in a locked safe in a closet? If you’re like most people, your answer is probably one of the first three options. The reason is simple: Those places are convenient. Not many people take time to think about the most secure place to put their keys because they feel safe at home.

Unfortunately, that attitude of prioritizing convenience without regard to security often carries over into the workplace, and it’s risky. Failing to seriously consider where you keep your organization’s keys and how you control access to them — and by extension, the facilities, assets and data they protect — is asking for a security breach or theft.

If you’re wondering where you shouldn’t keep your keys, we’ve compiled a list of places organizations have stored keys that were later stolen. By learning from their mistakes, you’ll save yourself time, money and headaches.

Unlocked Box

If you keep important files or assets in a locked file cabinet, it may seem like it makes sense to throw the keys in a box, where the key is out of sight but still easily accessible. Unfortunately, we learned from one Florida police department that this approach comes with a greater risk of theft. The department kept confiscated cash in a locked filing cabinet and stored the keys in an unlocked box. Eventually, the keys disappeared, along with more than $225,000. Police suspected a civilian employee, but there wasn’t a verifiable audit trail to link the employee to the theft.

Plastic Tub

Plastic tubs are helpful for organizing office supplies, but they’re not ideal for storing keys. One university learned this lesson the hard way. While it was rekeying buildings after several keys had been stolen, a janitor reported that a plastic tub containing more keys had gone missing. The university then had to rekey a second time.

Desk Drawer

When you pack up for the night, it’s easy to throw keys in a desk drawer. Maybe that’s not their permanent home, and you reason that you’ll put them back in their proper place in the morning. However, that window of opportunity could be just what thieves need. At one dealership, a group of teens broke in one night and had no trouble stealing seven vehicles because they found the keys in desk drawers.

Cupholder

Putting keys in a vehicle’s cupholder is tempting if you know you’re going to be returning soon or if multiple people need access to the keys. However, drivers leaving keys in the cupholders of unlocked cars is a common reason for auto theft.

If you keep other types of keys on the ring, that puts other assets or facilities at risk as well. For example, a set of master keys was stolen from a university after an employee left the key ring in the cupholder of a golf cart he’d been driving. It was standard for the keys to be kept there so employees could easily access them. Unfortunately, it was also easy for the thief to take the keys without detection, and the investigation had to be suspended due to a lack of witnesses or suspects.

Bag or Briefcase

While it’s acceptable to keep a few business keys — such as the keys to your office, a filing cabinet and the fleet vehicle you’re driving for the day — in your bag or briefcase (assuming you don’t leave it unattended), it’s risky to routinely carry a complete set of business keys. For example, you wouldn’t want to tote around the keys to all the offices in your suite or all the vehicles in your fleet.

However, some people continue to do just that, whether because they prefer to take keys home with them at the end of each day or because they haven’t found a better place to keep them. This poor key control practice led to a nightmare for one dealership manager and an employee after they left a bag of vehicle keys on an office desk while they went to unlock the dealership’s gates one morning. By the time they returned, the keys were gone.

These examples of key control gone wrong are by no means exhaustive — there are countless other places you shouldn’t keep your business's keys. If you’re not sure if your method of managing keys is secure, ask yourself these three questions:

Is it difficult for unauthorized people to access keys?
Is it easy to prove who has used each key and why?
Can you immediately recognize when a key has gone missing?

If you answered no to any of these questions, it’s time to improve your key management. You might not have experienced a security breach related to lost or stolen keys yet, but that doesn’t mean you won’t. Is the illusion of convenience worth that risk?

How would you like to sell more vehicles off your dealership’s lot? This proposition sounds like a no-brainer, but what if your salespeople aren’t the ones selling them? And what if you don’t even know the vehicles have been sold?

Online marketplaces such as Craigslist, eBay Motors and Facebook Marketplace give you more ways to reach potential customers before they set foot in your store, but they’ve also given scammers a whole new way to take advantage of unsuspecting victims — including your dealership.

Fraudulent online vehicle sales have become so common and costly that the FBI Internet Crime Complaint Center issued a warning to consumers. The warning describes how scammers will post photos of vehicles that aren’t in their possession and trick consumers into sending the money by providing a seemingly legitimate explanation of why the transaction is time sensitive. Of course, after the victim sends the money to the scammer, they never receive the vehicle they’ve purchased.

Now, some thieves are going to even greater lengths to carry out online vehicle scams.

How Thieves Sell Vehicles Right off a Dealer’s Lot

A man in Dallas, TX wanted to buy a truck. He started his search online and ended up purchasing a

truck he found on Craigslist. Unlike the victims of the scams described in the FBI’s warning, this man actually received the vehicle he’d purchased. The problem was it had come from a dealership in Huntsville, TX, and the dealership wasn’t aware the truck had been sold to the Dallas man.

The vehicle was one of several that had gone missing from the dealership’s lot, so the police conducted a surveillance operation. During the investigation, police uncovered the scam that led to the dealership’s vehicles being sold on Craigslist. Here’s how the scam works:

A thief lists vehicles from the dealer’s lot for sale on Craigslist.
The thief fields inquiries from interested parties.
After finding a buyer, the thief steals the vehicle from the dealership’s lot and sells it to the victim.

While this type of scam requires more effort on the thief’s part, it’s also easier for the scheme to go undetected. If a buyer never receives the vehicle they’ve paid for, they’ll know immediately that they’ve been scammed. If they receive a stolen vehicle, they often don’t realize it until later.

What You Can Do to Protect Your Dealership From Online Scams

There are two primary ways to protect your dealership from online vehicle sale fraud.

Protect Your Images

When consumers are searching for vehicles to buy, most prefer photos of the actual vehicle rather than stock photos. If thieves are able to steal photos of your inventory from your website or social media sites, that helps their listings look legitimate. There are a few steps you can take to prevent and detect photo theft:

Watermark your images.
Add a copyright notice.
Disable right click to prevent someone from downloading images (granted, this only works on your website, not on social media).
Do reverse image searches using Google Images to see if your photos are being used online without your permission. (To search by image, click the camera icon and either paste in the image’s URL or upload the file.)

Screenshot of Google Search by Image feature

Google Reverse Image Search

Of course, some of these steps are time-consuming and impractical. For example, your time is better spent selling vehicles than doing frequent reverse image searches of all your inventory.

Protect Your Keys

Key Attached to Key Tag With Steel Ring

The most effective way to avoid vehicles being stolen from your lot is to make it more difficult for thieves to take the keys. Some thieves familiarize themselves with where your keys are kept or wait for someone to leave them unattended on a desk or counter, swiping them when the opportunity arises. Others use the key-swap scam, where they ask for the keys to a vehicle under the guise of inspecting or test driving it. They then hand the salesperson a dummy key and return later to steal the vehicle.

To thwart thieves, use an electronic key control method that allows only authorized users to access keys. Look for a system where keys are attached via a stainless steel ring to a system component such as a key tag to prevent a thief from swapping the key with a dummy key.

By taking these steps to secure your inventory, you can save your dealership thousands in inventory loss and help protect unsuspecting buyers from scammers.

Car in Front of Two Gates to Authorized Certified Auto Service

Millennials are about to reach a new milestone: the largest living adult generation. If your service department isn’t targeting this demographic, you risk losing millennial customers to independent mechanics.

It’s important to be aware that millennials are more cost conscious than older generations give them credit for. In fact, 73 percent of millennials say they create a budget and stick to it. This dedication to budgeting can be challenging to the service drive, since 64 percent of millennials are surprised at the cost of vehicle maintenance. However, the fact that millennials aren’t spendthrifts doesn’t have to be bad news — consumers of all ages are willing to pay up to 16 percent more for a quality experience. To get more millennials coming back to your service drive (and telling their friends and family about your dealership), you have to prioritize customer service, and key control is a big part of that.

What Is a Quality Customer Experience?

Speed and efficiency are the top factors that contribute to a good experience. On the flip side, lack of trust significantly contributes to a negative experience. For a service department, building trust is especially important because millennials are more emotionally attached to their vehicles than any other generation — 40 percent have even named them.

Why Key Control Affects the Customer Experience

Key control plays a pivotal part of the customer experience since it affects speed, efficiency and trust alike. If you keep keys to customers’ vehicles in an insecure place, such as on a pegboard, without an effective way to track who has them and when, that’s a customer experience disaster waiting to happen. Ask yourself the following questions about the key control practices in your service department:

How much time do you spend looking for lost keys?
Do employees handle keys responsibly (e.g., never leaving them unattended or inside the unlocked car)?
If an employee removes a key and drives a customer vehicle for non-work-related purposes, will you ever know about it?
How easy would it be for someone to get hold of keys and steal a customer vehicle?

If you don’t treat millennials’ vehicles with care and respect, you’ll lose their trust and they’ll never return.

How Mismanaging Keys and Vehicles Damages Customer Trust

Not having the proper controls in place is inefficient, and you risk breaking the customer’s trust in your dealership. Imagine having to explain to a customer why she saw a service employee speeding by in the customer’s own car or why a thief was able to steal the keys to a customer's vehicle while it was in service and total it. These are real scenarios that happened because the dealerships involved didn’t have the proper key control practices in place. As a result, they lost trust not only with the customers whose vehicles were stolen but also with other customers who read about the incidents in the news.

If you can provide a quality customer experience built on trust and accountability, however, you can win over millennials as loyal customers — even if you charge more than the independent mechanic down the street.

To learn how to solve customer experience issues related to key control in the service department and beyond, download our white paper “Three Unexpected Ways Your Dealership Alienates Next-Generation Buyers.”

Updated October 23, 2018

It's long been rumored that crime rates increase on Halloween. Some cities, like Boston, have stats to prove it. Other sources say it depends on the type of crime. For example, property crimes are more common on October 31 than on any other day of the year. Tampering with candy, on the other hand, isn't as common a crime as you might think.

Either way, it's important to remember that crimedoes happen on Halloween, so you need to take measures to protect your business. Here are a couple of "tricks" to look out for this Halloween.

Crimes in Costume

Kids aren't the only ones who like to dress up. For some criminals, Halloween provides the perfect opportunity to disguise their identity by donning a costume without looking out of place. Here are just a few examples:

Several years ago in Cocoa, FL, masked burglars targeted more than 30 businesses during October and the surrounding months. The robbers' costume choices included gorillas, a skull and a ghost.
In 2017, a mob of 50 to 60 teens in costume robbed multiple people celebrating the holiday in Alameda, CA.
One crook brought the slasher series "Halloween" to life at a Seattle business when he put on a Michael Myers mask and violently forced an employee to empty the contents of a cash safe into a bag.

Fortunately, there are ways to prepare your business for the threat of burglars in disguise.

What to Do: To protect your business this Halloween, double check your physical security measures, such as securing the premises by locking every entryway that isn't used regularly, restricting access to nonpublic points of entry and storing keys in an electronic key control system. Also make sure you educate your employees on how to prepare for and respond to armed threats.

Vanishing Vehicles

Halloween is one of car thieves' favorite holidays, with more than 2,500 cars stolen on Halloween alone in 2016 (the latest data available). Between trick-or-treating and costume parties, Halloween presents plenty of distractions, which criminals use to their advantage.

At one house party in Pennsylvania, for example, a thief tracked down a partygoer's unattended car keys, located the vehicle in the home's driveway and drove off. In Athens, OH, a thief simply hopped into an idling car and drove off in it.

Are you confident your employees are taking precautions to avoid these scenarios when driving company vehicles?

What to Do: Make sure your company's fleet vehicles are locked and, if possible, stored out of sight from the public. If you have employees who are using company vehicles on a long-term basis, remind them of vehicle safety tips such as not leaving the car unattended while idling, keeping track of the keys and storing valuables in the glove box or trunk.

By planning ahead, you can experience more tricks than treats this Halloween.

Man's hand reaching for medical records on shelf

Updated October 30, 2018

The healthcare industry is no stranger to data breaches. In a two-year period, the OCR's Breach Reporting Tool, or "Wall of Shame," recorded 414 incidents involving 500 or more people. What's notable is that, according to the Verizon 2018 Data Breach Investigations Report, healthcare was the only industry where more data breaches were caused by insiders (56 percent) than by external threats (43 percent).

To reduce the risk of employees abusing their access privileges, digital security is crucial. However, those security efforts must be combined with physical security measures, such as strict key control. Think about how easily unauthorized key use could cause a data breach. One hospital, for example, lost control of the keys used to access locked bins holding patients’ information sheets waiting to be shredded. Only three employees were supposed to have access to these keys, but an audit revealed that more than 53 employees had key copies, with no record of how they'd acquired them.

If you're a healthcare provider, below are three steps you can take to tighten your facility’s key security.

1. Train employees.

One of the biggest security threats healthcare institutions face are staff members' mistakes. The 2018 Global Cost of a Data Breach Report by Ponemon attributes 27 percent of data breaches to human error alone. To help avoid costly errors, regularly educate your employees — especially those who have access to patient information — on privacy and security best practices. If a potential breach occurs, ensure they know the proper procedure for reporting it.

2. Find a key control system that holds employees accountable.

Your facility may have a key control policy in place, but if it's not enforceable, it's not effective. When it comes to key control, digitizing as many of those procedures as possible helps ensure employee compliance. It's important to find a key control system that minimizes manual steps. Instead of requiring staff members to issue keys, you can reduce the possibility of human error and manipulation by automatically tracking keys and user access.

3. Maintain a verifiable audit trail.

Keeping a verifiable record of employee key access helps you identify potential security breaches (e.g., an employee who regularly returns keys late or attempts to remove keys when they're not on the clock). If an incident does occur, the audit trail demonstrates that you've taken measures to protect patients and their information.

By increasing your key security, you can reduce your odds of an insider data breach and hopefully avoid a spot on the Wall of Shame.

Imagine a scenario where one of your officers is pursuing a criminal and needs backup, but something is disrupting their radio signal and the call isn't being heard by anybody on your network. Without backup, this officer is facing even higher risk than normal in an already dangerous situation.

That scenario could have been a frightening reality for two law enforcement departments in Ohio. A recent series of raids on several homes in northeast Ohio resulted in the seizing of multiple cloned police radios that criminals had used to hack into the public safety radio system.

This wasn't simply a case of criminals being able to listen in on all department radio traffic, much of which someone can listen to with publicly available scanners if the traffic is unencrypted. When multiple radios are registered to the same system, a well-timed button push on a cloned radio can disrupt communication coming from the original, officer-held radio.

Radios play a critical role in everything your department does. Even a temporary breach of your ability to communicate — whether between dispatch and officers on patrol or SWAT officers coordinating a raid — can have serious consequences for your officers and deputies.

It's critical that you take steps to secure and account for your radios, especially when they're not actively being used for law enforcement purposes. Are you confident that none of your radios have gone missing or been cloned?

Here are some ways you can better manage your radios and keep your officers safe in the field.

Keep Radios Secure When Not in Use

Keep all radios in a secure location or in containers any time they are not in use. It's important to remember that your department's facility might not be as secure as you think it is. A radio left unattended on a desk or even a back room can be discreetly taken by anybody with access to the room, including any members of the public who have reason to be there.

To keep radios from landing in the wrong hands, keep them in secure lockers away from open areas, while still allowing the radios to be quickly and easily accessed by the officers who need them.

Hold Officers Accountable

However you chose to secure your radios, access should be restricted and tracked so the right people can easily retrieve the radios they need and so you know who took them and when. Tracking access also holds officers accountable for what they do with radios in the field since they'll know the radios need to be returned by certain times.

An electronic method of tracking access to lockers containing radios reduces the chance for mistakes or outright omissions in a manual log by recording transactions securely and automatically. It also cuts down on the time officers spend checking out a radio.

Secure Radio Charging Stations

After being stolen or going missing, the next worst thing to happen to a department radios is for the battery to go dead. You're probably well aware that a dead radio in the field is about as useful as a sidearm without ammo. However, how secure are the radio charging stations in your department?

You certainly want to keep your radios secure, but what good does that do if they must be transitioned to and from insecure charging stations? Consider moving your charging stations to the same secure area or lockers in which you store your radios. An even better solution would be to wire individual lockers with charging cords so plugging in a radio every time it is checked in is part of your department's processes.

No matter how you decide to store and secure your radios, be certain that you can trust the method to serve its intended purpose. Even assets secured by traditional locks and keys might not be as secure as you think if access is abused or the keys fall into the wrong hands.

Board members talking in conference room

For many condo associations, the board election season is approaching. If your association is welcoming new board members soon, it’s important to begin organizing your training to ensure that members are well prepared to fulfill their obligations to the community. Be sure your training includes key control policies and procedures — especially if your property uses an electronic key control system.

Key control issues that result in litigation are often due to the lack of checks and balances and employee accountability, so it’s critical that new board members follow the appropriate steps to protect keys from theft or inappropriate use. Here are three steps to set up your key control system for new board members.

Create New User Accounts

Don’t wait until a board member needs to use a key to set up their key control system user profile. Immediately after new members are elected, create new user accounts with the appropriate authorizations (more on that below). Don’t forget to disable former board members’ accounts as well. If you use a biometric fingerprint reader for login, scan each board member’s fingerprints and have them practice logging in using the reader.

Set up Checks and Balances

As a key control best practice, board members’ access privileges should be restricted to certain keys and certain purposes based on their responsibilities and powers. For example, you might set up the following parameters:

All board members have access to keys to common areas.
Only the board president can access the keys to the records room.
If it’s necessary for the board to check out the key to a resident’s home, have two members remove the key and provide a checkout reason.

To keep board members accountable, you could set up key control reports to automatically be emailed to designated members of the board at predefined intervals (daily, weekly, monthly, etc.).

Train Each Board Member How to Use the Key Control System

Once a new board member is elected, they’re responsible for familiarizing themselves with the property’s declaration, bylaws and articles of incorporation and for agreeing in writing to uphold those policies. To help them follow the association’s key control policies, board members need to be familiar with how your key control system works. Walk them through procedures for checking out and returning keys, running reports and other steps required for carrying out their duties. Also take advantage of any system training your key control provider may offer.

By following these three steps to help new board members follow your key control procedures, you can help ensure that you protect your property — and your board — from liability related to misuse of keys.