Employers beware as staff database theft increases

Businesses were urged this week to review their security policies following evidence that the economic downturn has led to a...

Businesses were urged this week to review their security policies following evidence that the economic downturn has led to a sharp rise in the number of civil actions against former employees for stealing their company databases.

London law firm Mischon De Reya said it had seen a significant rise in database theft cases over the past year and predicted the problem would get worse as businesses become increasingly reliant on IT.

In one case, a company was forced out of business when its customer database was stolen by a rival firm, which then undercut its prices. Other companies have lost customers and suffered heavy losses.

Dan Morrison, a partner in Mischon's fraud and brand protection group, said, "When you are investigating fraud all you see is the tip of the iceberg. You never know the full extent of who is involved, what is involved and the money involved."

The police are usually of little help in database theft cases. They lack the time, the resources and the expertise to pursue database thieves, Morrison said.

Victims usually have little choice than to mount their own investigations and to take action through the civil courts.

Morrison said, "The only language the crooks understand is money. You have to go for the money, and follow the assets."

Mischon has advised victim companies how they can gather admissible evidence using undercover techniques such as bugging, examining rubbish or setting up front companies to approach the fraudulent firms as potential customers.

You can make life more difficult for fraudsters by segregating data, so that staff have access only to the data they need, by limiting the size of file that can be sent outside the company on e-mail, and by restricting the ability of office PCs to make copies of files on to CD, he said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.