Articles > April/May 2011 > Trust Never Sleeps

Trust Never Sleeps

HiRes.jpg
Everyone knows to protect their date from outsiders – but there are also risks from those closer to home.

I am always advising clients on ways to protect their data. You know the drill: backup often, protect computers from hackers, and protect computers from viruses and malicious software infections. But what about protecting your data from your own employees?

Not a nice question to have to address, I know, but many recent surveys show that data theft is on the increase; sometimes, with the information being stolen sold to competing companies. More often though, when employment is terminated or the employee moves on to their next opportunity, they simply take your data with them to use in their next position.
Some surveys have pegged the number of employees taking confidential data with them when they leave a company as high as 60 percent.

I would think that with the economic downturn, this figure would be even higher due to disgruntled employees.
To make it worse, a lot of the time the employees do not consider it theft at all.
The classic example is of the sales rep who has built up a client database while working for you.

When they move on to their next opportunity, they seem to think, often, that the clients are theirs because they took the time to build those relationships.
They do not seem to grasp the fact that they were being employed specifically to do this for your company.
Also, contributing to the high occurrence of data theft is the sheer ease today of getting data off site.

With USB sticks, external hard drives and even digital cameras being able to easily copy large amounts of data from computers. Other possibilities are using Email, FTP sites, social networking sites and in many cases remote access to company data for staff working from home.

With a mobile workforce being more and more common, often data is synchronised to Notebooks and other handheld devices such as phones.
Some ways to minimise data theft would be to restrict the use of USB devices on computers. This is possible through polices on the workstations that can be applied by your network administrators.

Control internet access on your network with restrictions on non-essential sites and services. Also, remember to change passwords often, especially with staff turnover and for remote access users. Have clear policies in place around ownership of your data and the confidentiality of company information.

If your information is being synchronised to other devices such as phones, remember to collect and clear these as staff turn over. In some cases, staff may choose to use their own devices, such as their IPhone, for work as well as personal use because they know and like the interface. If you allow this to happen, just be aware of where your data is ending up. It can be difficult to get data back later on from an employee’s personal property if problems occur.

Probably one of the best approaches to make sure data theft does not happen to you is simply by looking after your staff so well that it never becomes an issue.
Make sure your company’s data stays your company’s data; after all you paid for it.

Cliff Salter
www.pchardware.co.nz