printer friendly version

Does an employee’s financial position affect the value of company data?

Company data is often thought of as the information that is kept by the company secretary and belongs in the finance department. Unfortunately, this is far from true and data can be as simple as your staff telephone list right through to top-secret information housed in the CEO’s office. The value of this data is determined by how easily it can be distributed and who would want to get their hands on it.

Internationally it is known that at least 60% of employees leaving an organisation take company information with them for various reasons. 65% of those who took data from their former employer grabbed e-mail lists. The next most frequently stolen data included non-financial business information (45%), customer contact lists (39%), employee records (35%) and financial information (16%).

The majority of those questioned, 72% had no ethical problems stealing information to help them in a new post. Most, 58%, thought that, in moral terms, it ranked with exaggerating insurance claims.

"The surprising thing is the level to which people believe this is acceptable," said Chris Watson of data forensics firm Ibas, which commissioned a survey on the theft of workplace data. He said that many thought that they were entitled to take information with them because they had helped win customers and create databases of sales leads.

"They have invested a lot of time putting it together and that is why they feel they have ownership of it," he said. Over 80% of those surveyed said this input justified their theft

The theft of information is however not limited to departing employees only. Late last year the U.K. Information Commissioners Office (ICO), a British privacy watchdog organisation, revealed that a mobile service operator had lost thousands of customer records sold by an employee who had access to the service provider's database. The employee earned 'substantial sums' for selling the records, which were used by rival providers to get customers to switch services.

Taking the above into account and looking at the current economic plight of many employees the picture becomes even scarier. A recent Business Day report says that spending is a hard habit to break and South Africans, stung by recession and high debt, want to cut spending and save, but are finding it hard to do. The MasterCard worldwide purchasing priorities index states that saving as a proportion of household income has declined every year since 2006 and South Africans have been consuming, and often borrowing to do so. 71% of people cited stated that they were unable to save because they had insufficient income.

Employees in this position are often tempted to supplement their income and this unfortunately often happens in the workplace illegally; and with physical security measures being tightened up it may be that an easy way to do this is to sell data. Data is available anywhere in the office and cleaners have even been known to sell the trash. Information contained in the waste bins is often valuable to competitors or fraudsters and many staff do not shred confidential information merely because they have not been educated about the value of it.

Companies should conduct a full risk assessment to establish what information is valuable to the organisation and how to protect it. Once the parameters have been set education programmes for the staff should be run to inform them of these policies.

Simple education programmes on the value of data can save a company and should include policies on:

* What external devices may be used on a company computer.

 A portable music player could store 60 gigabytes of data – enough to copy a typical hard disk.

 A thumb-sized memory stick can store gigabytes – enough for a personnel database and hundreds of documents.

 Many phones, PDAs, cameras can be connected to PCs with a cable or infra-red link and can be used to transfer computer data.

 Many computers have CD-ROM burners which can write 640 megabytes of data to a blank CD.

 With broadband Internet connections, employees can e-mail vast quantities of data out of the office without anyone knowing.

* Accessibility to data.

* Clear policies about what employees can do with confidential or business-critical data.

* The encryption of corporate data removed from the network just like you would for information on a laptop.

Share this article:

Further reading: