The heist was over in eight minutes. You know which one. In an age of cyber threats and digital scams, two robbers stole priceless jewels in the most analog way. The pair broke into the Louvre in broad daylight using a truck typically used to hoist furniture through Parisian apartment windows, a disc cutter, and getaway scooters.
The story took the world by storm. How did this happen? Nothing was pulled off under cover of night. The museum — indeed, the very room the robbers operated in — was full of visitors. No easily identifiable objects were taken as in other art heists; nobody was seen scooting through the streets of Paris with Delacroix’s Liberty Leading the People hanging out in a sidecar, and the thieves did not even attempt to get near the Mona Lisa. Rather, the robbers took only those objects that could be taken apart and sold in pieces. They were not particularly sophisticated, as shown by the incredible amount of evidence and DNA they left behind leading to their eventual arrest.
Despite the unsophistication of the thieves and the simplicity of the robbery, the days after the heist saw people examining their own security measures. While most employers will never have to deal with an art heist — or any heist — they can still learn from the Louvre.
Multiple reliable news sources reported that the Louvre’s security camera password was “LOUVRE.” Maybe this was actually smart, who would think to guess that password for one of the best cultural institutions in the world? Regardless, it has been proven that the most secure passwords are actually pass phrases that incorporate numbers. Employers should protect their systems with phrases and train their employees to do the same. For example, Jacques-Louis David, whose paintings of Napoleon hang in the Louvre, might have protected his system with the pass phrase “3xi1eNap0leon1814” after he became disillusioned with the post-revolution leader.
The robbers focused their heist on objects that could be repurposed. While employers do not typically store jewels in their offices, they may give employees items that could be kept for personal use or sold. Employers who provide computers, tablets, phones, or other devices to employees can take steps to protect both their property rights and sensitive data. First, the systems should be operated remotely. In other words, no work-related information should be stored directly on the device. This way, in the event a device is lost or an employee leaves the company, the employer can shut down access to anything work related. Second, employers should include a provision in employment contracts that devices are to be returned at the end of employment. Employers can even make severance payment contingent upon the return of any and all property.
A review of the Louvre’s security measures revealed that the outdoor security cameras were very old and extremely minimal. Had the area been better monitored, the thieves may not have gotten so far. Employers should consider how they can best protect access to their offices. For example, employees may be given key cards to enter the workplace, alarm systems can be armed after hours, and protocols can be put in place to sign in visitors.
If anyone successfully carries out a heist against your business, there may be certain measures you have to take after data is breached or materials are taken. In the event that sensitive client information is taken, you may have a duty to inform your clients of exactly what was compromised. To avoid the process (and embarrassment) of having to follow breach protocols, employers should protect their data before anyone shows up with trucks, disc cutters, and scooters.