8 Ways To Prevent Employee Data Theft In Your Company And To Protect Your Business Secrets
Author : MyLegalWork Staff
Data breach and theft has become as a common event in today’s businesses. With more and more business processes going digital, the incidents of data-theft in a company have increased many-folds.
According to a research in 2016 by Ponemon Institute, about 50% of the small and medium level business have reported some kind of data theft, the actual numbers would be much larger as most of the times either the company doesn’t want to disclose and admin the fact and other times the theft isn’t discovered by the company.
By definition, data theft is the act of stealing virtual information with an intent to compromise someone’s privacy or to obtain confidential information. In this article we will be most talking about data theft by employees.
Data theft could be of numerous kinds:
- Stealing of confidential company information like business procedures.
- Stealing of company’s client/customer records containing email ids, passwords, contact details.
- Stealing company’s private employee data.
- Stealing company’s intellectual property like code base, designs etc.
- And many others.
The importance of different type of data is different for every company. For a business like Tesla its intellectual property like designs, engineering methodology and future product plans would be of utmost importance, while for a business like WhatsApp the most vital information could be its user’s information.
The damage caused due to data theft by employees could vary from case to case but is always bad for a company’s reputation, revenues and competitive advantage. According to an IBM study data breach can cost about $4 Million on average and in some extreme cases it also leads to shut down of the whole business.
Now that we are educated about the general idea of data-theft and how deadly it could be for your business, let us learn how to prevent it.
How to prevent employee data theft in your business?
Securing your business against data theft is not one department’s job and a 360 degree approach needs to be taken to achieve security and assurance.
Business departments which play an important role in preventing data theft are IT, HR and Legal.
Here are the 8 ways through which businesses of any size could protect against employee data theft:
1) PROPER ONBOARDING PROCESS:
According to the Ponemon research more than 50% of the employees perform the act of data-theft because consciously they are not aware of the ownership of things they create for company, and state that data theft was an act of ignorance. Also in most of the data thefts done by external hackers the main cause is ignorance or lack of information among employees about data security.
After employment agreements are handed over to the employee, the HR executives can take mandatory small introductory sessions with the new employees and ask them relevant question to understand whether they have understood the data sharing, ownership and privacy policies of the company completely or not.
Effective documentation of this process can also become a supporting evidence when a mishap of data theft occurs and the matter is taken for legal recourse.
2) DEFINED OFF-BOARDING PROCEDURE:
Most of the data theft incidents take place when an employee leaves the company, the management should make sure they have right to check all the digital belongings of the employee and retain the right to keep him accountable even after he leaves the job incase any data breach is traced back to him.
The laptop/system of the employee should be thoroughly searched by the professionals and all the access logs of the employee should be gone through before issuing a relieving and experience letter.
3) IMPLEMENTING ADEQUATE TECHNOLOGY MEASURES:
Digital assets like employee records, customer data, code, designs etc. are the most vulnerable assets for data theft. Proper IT measures like the ones enumerated below could not only prevent data theft from happening but can even act as evidence during the legal recourse against the culprit once such an act has already taken place.
4) IMPLEMENTING ROLE BASED AND ACCESS BASED CONTROL:
Limiting access to only required functionalities and data critical for job, and logging the user’s action on the data could reduce the chances of data theft. The market is full of open-source and paid solutions to track user activity within an intranet. For example: Junior level developers should have limited access to primary database.
5) USAGE OF DIFFERENT MACHINES FOR PROFESSIONAL AND PERSONAL USE:
Most companies allow use of same devices for personal and professional use, and this blurred boundary between company and personal data can lead to incidental data breach. Businesses may have to make sure that they have rights and access to monitor usage on the device. In ideal scenarios the professional and personal devices should be entirely different.
6) LIMITED ACCESS TO HARD-DRIVES, PORTABLE DRIVES AND CLOUD SERVICES:
Although the best solution would be to glue out all the external storage ports of the devices but in practicality it can cost you employee convenience. The next best and more convenient method is to monitor the data exchange from the company systems through vigilance softwares. Many times it has also been found that employees upload data on cloud storage websites or may even mail it to their personal email accounts when outside the premises, to tackle such situations you should keep a limited intranet access and limiting access for some employees to company’s cloud subscriptions outside the company premises.
7) HAVING A TECHNICAL OFFBOARDING POLICY:
Different employees have access to different types of data. A record of all the access and its importance to the company should be maintained.
A checklist for employee offboarding should be developed which should contain but should not be limited to:
- Scanning employee’s devices for company data before signoff.
- Resetting passwords or limiting access to accounts the employee has access to.
- Keeping a record of all the data access given to employee during the job.
8) DEFINED & SMOOTH LEGAL PROCESSES:
No matter the amount of security given to data [which trades the convenience for every employee), or the amount of education given to employees, there would still be chances for data theft by employees. To tackle such scenarios and protect business interests the best methodology is to have proper legal systems at place. Proper legal systems cannot only help in reducing the chances of data theft but can also help companies recover their stolen assets and make sure the culprit is punished by the law.
Here are following ways in which legal systems can help:
a) Carefully drafted business agreements and policies
b) Important clauses for employment agreement
- Right to search devices which were in employee’s possession.
- Right to exclusive ownership of intellectual property created by employee.
- Right to freeze salary if proper off-boarding is not done.
- Right to legal recourse in case of any observed data theft.
c) Sending timely legal notice
Legal notice is the first step for legal recourse after a theft is identified. As the content in legal notice are binding on your business and can complete make or break the case, it is strongly advised to take help from a professional lawyer.
d) Access to timely legal support
All the businesses deal with lot of nuances limited not only to data-theft, thus having access to quality legal help is essential for every business. If proper steps are taken at the right time, the losses caused to business due to data theft and other mishaps could be reduced to a large extent.
‘Prevention is better than cure’ it is always better to safe-guard your company against data theft by implementing proper systems and process to prevent it. But there are times when even the best technology implementations could not prevent such mishap. Having a proper set of legal procedures at place will not only prevent data theft from happening but can also reduce the intensity of loss in case it had already happen.
Our law has empowered businesses to thrive and protect their assets from unauthorised use, it's the responsibility of business managers to harness the power of law and technology to protect their businesses.
Add Your Comment
Thanks for the information, our executive will contact you in a while.
email@example.com | +91 9508888989