Avoiding Employee Data Theft

Stealing sensitive information from employers has become “endemic” in our culture. According to a survey sponsored by information security company, Cyber-Ark Software, 41% of employees have taken sensitive data from their previous employer and brought the information to their current employer.

Some 26% of respondents also said that they would pass on company information if it proved useful in getting friends or family a job.

So how do we ensure that our information is always secure and will never get into the wrong hands?

Here are a few simple tips regarding you protecting your company’s information:

Take stock of it.

Audit what information you have and where your company stores sensitive data. Look at what confidential information you have (sales information, pricing, HR records, financial reports, customer information etc) and where it is kept (file cabinets, computer, files at home etc). Find out who has access to that information and what restrictions, if any, are in place. Start to look at what should have restrictive access depending on the types of information and the different levels of risk.

Reduce it.

What information should you keep and what shouldn’t you keep? Keep only what you need for your business, if you don’t have a legitimate business need for keeping it then don’t retain it. Only keep information for as long as you need to and then destroy it.

Lock it.

The most effective data security is to look at physical security of your documents by making sure they are under lock and key with restricted access, and electronic security by ensuring that your IT provider implements robust security procedures for your computer systems. Employee training is crucial to ensure that staff are aware of your policies for keeping information secure and the disciplinary consequences if they breach them.

Destroy it.

Confidential documents in open bags lying around in the office or in a skip outside your office can be a gold mine for ID thefts and opportunists who want to view or steal your information. By properly disposing of sensitive information your company is significantly reducing the risk of information getting into the wrong hands which can have huge financial consequences and implications for your company. Review your current method of document destruction.

If you use an external contractor to dispose of your waste, carry out an immediate review of the process that they adopt to destroy your documents and assess how secure that process is. With the legal requirements of the Data Protection Act, the growth in ID Fraud and the many stories in the media of organizations losing data, this is an essential way to start thinking about information and security.