IT security in any realm involves logical security and physical security.  Logical security is the integrity of data (content), precision of associated processing, and the delivery of coherent, accurate, content.  In other words, data that reflects reality; data that does not mislead or distort various actuals by virtue of distortion/errors of input, process, and output.

Physical security is such things as locked doors on computer rooms.  It’s the safety and surety of infrastructure; protection against overheating, for example.  Physical security is often mundane; don’t set your coffee on a server, for example.

Mobile is especially vulnerable within the realm of physical security.  Devices are constantly transported, their owners on the go, and they can be lost or stolen.  Ensure that users make immediate reportage of loss or theft.  Consider strong encryption, as any content risks exposure.

As to logical security, determine whether users access organizational resources via a virtual-private-network (VPN), or the internet.  Also, ensure strong malware protections are emplaced on devices.

In BYOD environments, that last is especially important:  It’s hard to know where users will be surfing, and what manner of personal downloads will be transpiring.  Regularized scanning for viruses, malware, and unauthorized intrusions is imperative.

                                                                                                    September 7, 2010

Starbucks Customer Relations
PO Box 3717
Seattle, WA 98124-3717

Dear Sir or Madam:

I wish to make you aware of what I believe to be an ongoing bad-business practice at one of your shops.  It concerns the [address] location.

I do most of my work at Starbucks:  I am a book author, writer (paid technical blogger), and IT consultant by profession.  I am a steady customer:  Some weeks, I am there working every day; other weeks minimally three times. 

I have professional standing for both a complaint, and positive suggestion, that I’d like to make.  (You may review my standing by Googling The Business-Technology Weave).  Absent treatment of this complaint, I will have to find another location for my business writing.  I do not wish to do that.

This past Sunday, September 5^th, I was using my laptop, writing my latest article for my blog, when I noticed a large pile of cash on the counter (to one side of the food display, opposite the cash registers).  The pile was about 6 inches high – there was also quite a bit of change on the counter.  The money was attended only sporadically, when a barista performed some measure of counting.  In the course of my several hours of work, the money was there, and primarily unattended – I believe there was a period of at least an hour where no one touched the money at all. 

I have noticed this situation several times in the past and a thought occurred to me:  It would be easy enough for someone else to notice the situation, and time a return trip from the restroom, swipe up the cash, and exit the store.  (In fact, given the regularity that money is unattended on this counter, someone could build courage over the course of weeks, and time a theft).  I was the only customer seated in the back on this day, and when I left, the money was still there – making a theft even easier.  There were three baristas (that I noticed) on duty, and most frequently they were bunched toward the front of the store, near the drive up window and the cash register opposite. 

When I’m writing, I’m focused on my laptop largely to the exclusion of my surroundings.  Thus, if the money disappeared, suspicion would fall on whomever was seated toward the back of the store:  On this day, me.  I decided to speak to a barista about it.  I chose someone I know fairly well and that I speak to often.

Our conversation was as follows, and I assure you this is very nearly verbatim:

“Hey, Helen; may I make a kind suggestion?” 

The barista answered “What?” 

I said, “This pile of money makes me uncomfortable; no one is watching it.  Would you be able to…” 

I was interrupted, “Dave, I’ve been extremely busy.”  The response was snappish.

I said, “But if someone was to breeze by and snatch this, I or anyone sitting back here alone would naturally be under suspicion.  This situation makes me very uncomfortable.” 

The answer was very curt, “I will take that under advisement,” and the person turned away – leaving the money yet unattended.

I left the store about 10 minutes later, and the money was still there.  The baristas were again bunched at the front of the inside counter area, toward the drive up window.  No one was even facing the pile of money, about 20 feet away.  I don’t think there was even a direct line of sight to it.

If common and, perhaps, corporate sense is violated concerning the day’s profits, it leads a reasonable person to wonder what other violations may be transpiring at the store.  Frankly, money is dirty and I’ve seen food and drink mixes prepared at the same counter that the money was directly on.

Please, it is not my intention to get the barista in trouble and that is why I do not mention the name, or even gender, of the person.  I enjoy talking with, and the service from, Helen, Janice, Sally, Tim, Jerrold, Sharon, Martha and the other personnel at the store; I also know several other customers and enjoy the atmosphere.  My letter is sent so that the manager of the store – Jackie (who was not there on the 5^th) – can train staff to a better level of standard regarding simple business security.  Perhaps the manager herself needs training.

I’m not privy to Starbucks standard business practices, but is there no office in the back in which to count money?  Is there not, at the very least, a table?  Certainly there must be a private area, away from general public traffic, for the handling of large sums of money?  That would be my first suggestion – and one that comports with common business advisement and secure practices.

Lastly, if a customer makes a good-faith suggestion, in the kindest of tones, service personnel should listen and at least be courteous.  A snappish response was a surprise to me.

Clients pay me to advise them regarding security.  My counsel:  In the realm of risk, unmanaged possibilities become probabilities.

For the [store name] Starbucks, there already exists risk – of theft.  It is certainly a possibility that someone can take the money – totally unobserved.  Given the unmanaged possibility, I believe the risk of theft is too high for sloppy handling of money at this store.  Given the economy and unemployment, the sight of money is too large a temptation.   Large sums of unattended money also puts customers at risk.  This practice is witless.

If for some reason you believe the practices at this store to be proper, or if you determine that my concerns are off-target or my observations of the 5^th inaccurate, then I need to know that so that I can make a couple decisions.  Otherwise, I’d like to know what is being done to address the problem at this store.

Thank you for taking the time to listen to my concerns regarding the [store name] Starbucks store.

Best regards,

David Scott

Author

I.T. Wars:  Managing the Business-Technology Weave in the New Millennium

Blog:  The Business-Technology Weave

[phone number] (mobile)

Octorber, 24th:  On this day in 1836 the match is patented .