How to mitigate the risk of employee data theft

For the business owner or CEO, data theft is always a tricky situation, but with a 2013 Symantec study showing that half of employees who lose their jobs keep confidential information and with 56 per cent believing sharing data after employment is not a crime, finding ways to mitigate data theft risk has become a priority.

The Warm Zones v Thurley and Buckley case is an important recent case, however rare the situation may be, which has increased protection to employers from former employees.

Ms Thurley and Ms Buckley were dismissed from not-for-profit organisation Warm Zones in March 2013. And after both joined UK SS Renewal Energy Services (RES), Thurley issued unfair dismissal proceedings against Warm Zone.

However, it was soon found out that Thurley and Buckley had intended to disclose confidential data to RES while they were still employed by Warm Zones. Note that both employees’ contracts contained stipulations prohibiting them from disclosing company information during and after employment.

Warm Zones applied for an injunction and requested that both former employees’ personal computers be inspected. The request was granted by the high court.

This highlights the need for well-drafted confidentiality clauses in employment contracts. Chris Cook, partner and joint head of employment at SA Law explains that “the order that the former employer had requested in this case was very specific and ‘designed simply to secure the return, protection and security’ of the relevant confidential information. This made it easier for the court to grant the requested order.

“The clear infringement of their contracts, coupled with the highly sensitive information that could have been leaked, made this uncommon feat possible. All in all, “this case is a clear signal from the court that it is willing to protect legitimate interests of employers’ businesses, which in itself can be a useful precedent for employers to rely upon when faced with similar situations in the future.”

But this risk doesn’t always come from former employees. Recent Verizon data suggests that a shocking 95 per cent of all internal data theft is carried out by employees who want to get an advantage once they leave the company.

But how else can you ensure that the insider data theft threat doesn’t make its mark on your company?

A useful tactic that can be learned from a 2011 Citadel case, is by setting IT controls in place around any intellectual property you may have.

A Citadel financial engineer stole the company’s closely guarded computer-trading code. It was said that he used his knowledge of the company’s systems to bypass security monitors by using two virtual machines and then sent the information to his personal email account and an additional external hard drive.

However, additional controls installed by IT notified them that an employee suddenly had an unusually large number of files on his system.

So really think about how to configure your host-based controls. Furthermore, court decisions generally give employers substantial leeway when it comes to monitoring employees’ usage of electronic transmissions. This includes computer file usage on company-owned equipment.

Share this story

Close
Menu
Send this to a friend