As a small business, taking on additional staff signifies growth and is often a milestone of success. However, the very people that contribute to a small company’s achievements can constitute the greatest risk to a business’s digital assets.
New research uncovers that data theft by employees within small and medium-sized enterprises (SMEs) is on the rise. High court cases relating to the theft of confidential information rose by 250 per cent between 2010 and 2012, and the majority of cases involved ex-employees and SMEs.
The reasons for these attacks vary. While some staff simply do not understand that company data is not theirs to take, a small minority are well aware of the valuable nature of data and the ease with which they can use it to their own benefit – including selling customer contact details onto marketing firms or using business IP to impress a future boss.
If employing staff is synonymous with growth and success, what can SMEs do to counteract this threat from within?
Clearly not hiring staff is not an option and hiding data from a largely loyal workforce would be equally as counter-productive. The answer is therefore to concentrate on defending your business, rather than attacking your employees.
1 As data builds up, it is easy to lose track of where it is stored and who is responsible for it. However, it’s impossible to know exactly what is missing if you don’t have a full knowledge of what you had in the first place, so locate and limit access to your data. Ensure that multiple copies are not stored in various locations, from which they can be easily stolen.
2 With the responsibilities and priorities that come with running a small business it is impossible to keep an eye on your employees at all times. Moreover, as small businesses increasingly seek the flexibility and economic value of remote workers and freelancers, monitoring staff is becoming even more of a challenge. Workers are not only accessing data from outside the office, but also bringing their own devices into work, thus spreading data widely across a number of different endpoints.
It is therefore important to log and secure all devices used by your employees, including USB sticks, smartphones, tablets and laptops, so you don’t lose track of critical data. Moreover, the growth of cloud computing was cited as one of the key reasons for the increase in data theft in recent years. Protect network access with virtual private networks (VPNs) and firewalls and block any access to your network as soon as the employment is terminated.
3 Now it is time to concentrate your efforts on your employees. Screen them thoroughly prior to hire and ensure you are entrusting your business critical information in safe hands.
4 Once the decision has been made to take on an employee, it is important to be clear from the beginning that any data they manage belongs to you. By highlighting this in the contract, you can ensure that employees understand that while they may have handled, collated or designed the data, it is not theirs for the taking. By putting these terms down in black and white, you can also ensure if an employee does target data purposefully for their own benefit, or because of a personal vendetta, they are bound by law and can be prosecuted if they do not toe the line.
The vast majority of employees will abide by your rules but it does pay to protect yourself against greedy or malicious employees, as just a single incident could spell disaster. By carrying out the right background checks on prospective employees, locating all your data and securing and limiting devices that have access to it, you can reap all the benefits of having an efficient, loyal workforce, without putting your business at risk.