Ensure staff don't walk off with business-critical data
when they get a new job, says Christopher Mordue.
Improvements in the labour market are fuelling an
unwelcome trend: staff switching employer and taking confidential
company information with them, providing the perfect springboard to
a new career.
A survey conducted by computer forensics specialist Ibas in May
revealed that seven out of 10 employees have stolen information
from their employers. Most of the thefts occurred when employees
were leaving to take up alternative employment.
Top of the thieving list were e-mail address books and customer
databases. Some staff have gone as far as e-mailing sensitive
quotations to their new employer so they can attract new clients or
poach customers from their soon to be ex-employer.
The obvious point is that employees will most likely pose a threat
if they feel undervalued or under-rewarded at work. If they feel
well rewarded - perhaps financially, through flexible working
arrangements, or effective people management - they will be less
likely to leave the business and take valuable information with
them.
The key is in understanding the level of risk posed by each
employee and methods of mitigating that risk. It is worth
remembering that junior as well as senior staff can damage a
company when they leave.
When conducting exit interviews, IT directors and HR managers
should remind an employee of any contractual obligations that may
exist. Follow this up with a letter outlining these obligations and
the consequences if they are breached. Consider inserting specific
clauses in contracts of employment, especially if the employee has
had access to the company's most sensitive data and
technology.
Post-termination covenants impose enforceable restrictions for a
defined period on employees. They are particularly useful in
preventing staff from dealing with existing customers, employing
your key employees, and in some cases setting up in competition or
working for a competitor.
Gardening leave is another effective means of protecting the
business by sending an employee home for the balance of their
notice period to take them out of the market.
One of the best ways of tracking any threat to the business is
through misuse of the e-mail system. E-mail is by far the most
popular way for employees to get the information off the company's
premises. A survey by Forrester Research earlier this year found
that three-quarters of large companies saw the potential legal and
financial risks associated with outbound e-mail as a major
concern.
Filtering tools on e-mail servers could catch some of the thieves
but well-enforced rules are equally important. Employment policies
and contracts should allow your business to monitor e-mails,
correspondence and phone calls to identify possible misuse.
When a problem is identified, IT directors need to act swiftly and
decisively. If you are considering litigation, you need to decide
if the costs will be proportionate to the threat. You will also
need to gather any evidence of wrongdoing, and your customers may
be best placed to provide this. Examine the employment contract
plus any evidence gathered as to whether the employee has
approached any of your customers.
Long gone are the days when all employees stole was a box of
paper-clips or a few branded pencils. Remember, if it is valuable
to you, it will almost certainly be valuable to your
competitors.
Christopher Mordue is a partner at law firm Pinsents
