Thought for the day: Beware the danger of DIY leaving presents

Ensure staff don't walk off with business-critical data when they get a new job

New Asset  
Ensure staff don't walk off with business-critical data when they get a new job, says Christopher Mordue.




Improvements in the labour market are fuelling an unwelcome trend: staff switching employer and taking confidential company information with them, providing the perfect springboard to a new career.

A survey conducted by computer forensics specialist Ibas in May revealed that seven out of 10 employees have stolen information from their employers. Most of the thefts occurred when employees were leaving to take up alternative employment.

Top of the thieving list were e-mail address books and customer databases. Some staff have gone as far as e-mailing sensitive quotations to their new employer so they can attract new clients or poach customers from their soon to be ex-employer.

The obvious point is that employees will most likely pose a threat if they feel undervalued or under-rewarded at work. If they feel well rewarded - perhaps financially, through flexible working arrangements, or effective people management - they will be less likely to leave the business and take valuable information with them.

The key is in understanding the level of risk posed by each employee and methods of mitigating that risk. It is worth remembering that junior as well as senior staff can damage a company when they leave.

When conducting exit interviews, IT directors and HR managers should remind an employee of any contractual obligations that may exist. Follow this up with a letter outlining these obligations and the consequences if they are breached. Consider inserting specific clauses in contracts of employment, especially if the employee has had access to the company's most sensitive data and technology.

Post-termination covenants impose enforceable restrictions for a defined period on employees. They are particularly useful in preventing staff from dealing with existing customers, employing your key employees, and in some cases setting up in competition or working for a competitor.

Gardening leave is another effective means of protecting the business by sending an employee home for the balance of their notice period to take them out of the market.

One of the best ways of tracking any threat to the business is through misuse of the e-mail system. E-mail is by far the most popular way for employees to get the information off the company's premises. A survey by Forrester Research earlier this year found that three-quarters of large companies saw the potential legal and financial risks associated with outbound e-mail as a major concern.

Filtering tools on e-mail servers could catch some of the thieves but well-enforced rules are equally important. Employment policies and contracts should allow your business to monitor e-mails, correspondence and phone calls to identify possible misuse.

When a problem is identified, IT directors need to act swiftly and decisively. If you are considering litigation, you need to decide if the costs will be proportionate to the threat. You will also need to gather any evidence of wrongdoing, and your customers may be best placed to provide this. Examine the employment contract plus any evidence gathered as to whether the employee has approached any of your customers.

Long gone are the days when all employees stole was a box of paper-clips or a few branded pencils. Remember, if it is valuable to you, it will almost certainly be valuable to your competitors.

Christopher Mordue is a partner at law firm Pinsents

Read more on IT jobs and recruitment