Your staff are STEALING your clients!!!!!

In a recent article on www.threatpost.com a claim was made that concerns employees stealing company data.

“…just under half of 820 respondents admitted if they were fired tomorrow, they’d walk out with proprietary data such as privileged password lists, company databases, R&D plans and financial reports…”

Now for the reality check – what should you do? Years ago company files were paper. I remember walking into the office on a Saturday and finding people “working” using the photocopier. The next week they left and started up their own agency.

I had another case when a partnership broke up and one of the Directors gave their PA a packet of floppy disks and told them to “copy the database” (for the geeks out there the database was 800MB + 2GB of documents).

Fast forward to now and anyone can copy & paste & email “company secrets” to their home accounts and build up a picture of the “crucial” aspects of your data.

Employees are by far the most significant attack vector to your information security.

What can happen if an ex-employee steals your candidate or client database?

1. Information Lifetime

You want to keep your margins on that high volume account a secret? (Ignoring the fact that your client is probably giving them out to all contenders to “beat that rate”). Well face facts: How many months will it be for a change in pay rates or similar event will mean that the rates will not be the same? Unless a competitor wants to match that rate in a race to the bottom then what can they do with that information?

2. Information Value

Perhaps there is some value to a database but that information is not exclusive. Put it this way – in today’s hyper connected world could people not build up a similar profile of your clients & contact using web searches and databases like LinkedIn?

3. OH NO MY CANDIDATES!!!!!!

Here’s rich tip – they are not yours – they are people and since the abolition of the slave trade they can do what they want. Candidates are like milk – a perishable product with a short shelf life. If someone walks with this information its going to decline in value very rapidly.

So to sum up: Stop worrying about something you as a manager or owner has no real control over.

If they take and *use* data then it speaks volumes about them as people. Personally every time a recruiter has told me what they could “bring” to the company I have always canned the interview. Hire ethical people and you will have an ethical company. Hire jerks and get ripped off. Your choice…


Conclusion

There are probably a few steps you can take to ensure that your exposure and the damage done by data theft is minimised.

  • Make sure your employment contract has a clear set of restraint of trade clauses that are enforceable
  • Only provide levels of access to data that are relevant to the employee's job
  • Make it clear that company email messages are not to be forwarded on to personal networks (and ideally monitor your outgoing traffic)
  • During the exit interview make sure that the outgoing employee is reminded of their obligations under the restraint and when/under what circumstances the restraints expire.
  • Hire honest staff and treat them well.