Traditionally cybercrime was considered a problem for larger companies and corporates. Small and medium-sized enterprises (SMEs) felt safe in the knowledge that cybercriminals would have little to gain from a targeted attack, and as such often did not prioritise protecting themselves against such threats.
However, with the technical competence required to become a cybercriminal lowering, the cybercrime landscape has shifted in recent years. SMEs are now responsible for vast amounts of customer information, including credit card details and contact information, as well as their own business data. As such, it is not surprising that cyber criminals have started to see SMEs as an easy and lucrative target, with 41per cent of small businesses falling victim to cyber attacks last year, according to the Federation of Small Businesses (FSB).
Fortunately, as this problem grows, small business owners are starting to realise their own vulnerability to attacks and take action against them. Yet while small business owners are protecting themselves from the dangers of malicious external hackers and data thieves, many are unaware of the threat from within their own business.
Data theft by former employees has soared in recent years. Recent research reveals that the number of High Court cases relating to the theft of confidential information rose by 250 per cent between 2010 and 2012, and the majority of cases involved ex-employees and SMEs.
Whether they are selling the data onto marketing firms, using it to impress a future boss, or stealing intellectual property for their own business plans, employees are copying entire databases and business critical information for their own benefit.
Consequently small business owners are faced with a dilemma. Simply blocking employees from accessing sensitive data may seem the easiest way to remove the threat, but employees play a critical role in handling customer records, intellectual property and critical business data.
Moreover, regardless of the fact that hiding data from employees would be completely counter-productive, tarring all staff with the same brush would upset loyal employees and destroy morale. So what can small business owners do to prevent former employees from walking out of the door with such important data?
- Locate and limit access to private data. With various employees accessing data at different times, copies get stored in various places and it is easy to lose track of where sensitive data is located. The more contained your data is, the safer it is, so keep track of it.
- Secure devices in and out of the office. The rise of Bring Your Own Device (BYOD) and remote working means that employees are regularly taking data out of the office and legitimately accessing the network from external locations. As such, it is essential to log and secure all devices used by your employees, including USB sticks, smartphones, tablets and laptops, so you don’t lose track of critical data. Moreover, the growth of cloud computing was cited as one of the key reasons for the increase in data theft in recent years. Protect network access with virtual private networks (VPNs) and firewalls and block any access to your network as soon as the employment is terminated.
- Vet your staff. Trust plays a large part in the relationship between employer and employee – yet it is still important that you screen your staff properly. Carry out thorough background checks so you can feel safe entrusting them with confidential data.
- State your ownership in the contract. While some data thefts by employees involve bitter ex-staff seeking revenge, others are simply a case of crossed wires. It is easy to understand why employees might think that data they’ve developed or gathered may belong to them, which is why it is important to make it clear in their employment contract that it is your property. With these provisions in place, you can take legal action against those employees that don’t toe the line with data management.
While small business owners that have the right paperwork in place are protected by the law, legal battles with ex-staff can be expensive and emotionally draining for both you and your remaining staff team.
It is therefore easier and less stressful to secure your data and protect yourself from this growing crime before employees have the chance to exploit you and your business. By ensuring that staff know where they stand when it comes to company data from the get-go, securing all devices both on and off-site and properly vetting staff, small business owners can make sure that their business-critical data remains with its rightful owner.