People inside your business do more damage
Businesses spend large amounts to protect their business from external threats like criminal actions, property damage, customer complaints, and other environmental incidents. However, reading the newspapers each day you see that businesses get hurt mostly by their own staff who do the wrong thing intentionally or unintentionally.
Internal risks are the hardest to protect against. With computers for example you just get a firewall software package installed and then you are safe to go on the internet for example. I know of businesses that spend a lot to get their computers protected from viruses.
Totally opposite to this is the lack of time and resources used to check a new employee before giving them access to all your business information and assets.
Recently employees have stolen entire customer databases and set up their own competing business that often, employers now have started included key clauses in employment contracts. This is a good start but doesn't repair the damage.
Enforcing Confidentiality clauses
If an employee decides to deliberately ignore or breach a confidentialy contract there is nothing an employer can do about it because the employee doesn't advise the business that they intend on stealing information. The confidential information is stolen, along with anything else of fancy, by the employee before anyone knows about their intentions.
You can only respond to the breach if you detect that they have actually taken the information in the first place. How many managers conduct random regular reviews of employee actions regarding access or transporting of information. Is the computer monitored and unusual activity reported for investigation.
The business then has the options of pursuing a legal action against the employee, further risking its public image, and at a high legal expense. The costs for court action can be considerable and take months to resolve. Everyday it will drain resources and time from your core business.
Even if you are successful in court the employee might not be able to pay damages to compensate for your losses.
The old cliché of closing the barn door after the horse has run applies here. Definitely.
In the first exposure to a competitor your information is already being reviewed and possibly analysed for intelligence. There are companies that have departments that specialise in competitive intelligence who could prepare detailed advantages from a review of your confidential information within days.
How would you know how many copies were made or files forwarded to other businesses. It is too late to try and get it back. Understand that an average of 5 people read each email you send during normal business operations imagine how many people would have access to highly confidential information that is being passed around.
How to reduce the effect
Limit what your employees can get access to and have strong information security policies. Not just the computer version, but the actual human information security practices.
Conduct random reviews of all information movements and let your employees know that you do it
Review the access levels of all your employees and make sure that it is correct for their current position.
© Copyright 2008 by Paul Baker
Information supplied by Paul Baker
Over twenty years security & risk management experience across Australia to protect corporate clients from critical incidents and security risks. Previously served in the Military and expert in explosives, weapons, and information gathering techniques. Achieved formal qualifications in a wide range of security risk management skills and commendations for crisis response operations
03 9642 0599