It has been revealed that there has been a 25% increase in the number of High Court cases involving stolen confidential data.
One key contributory factor may be an increase in staff turnover, as employees may take key client and financial information with them when they leave.
Another contributory factor may be the range of devices available to employees, such as smartphones and online Cloud storage platforms, as it allows them to “feel more confident about taking confidential data without arousing suspicion”.
Organisations across many industries face the risk of data theft, but those in the financial services sector are particularly vulnerable to the loss of “propriety algorithms”, and recruitment agencies and estate agents risk losing highly valuable client databases.
Felix Dodd, senior solicitor at EMW, said:
Theft of confidential data has become such a widespread concern for firms in the City that many of them ban their employees from sending work emails to their personal accounts, and some now even disable some functions on their employees’ smartphones.
Recent High Court cases where corporate data was stolen include Marathon Asset Management LLP: a case was won against two former employees who retained key files in breach of their contracts. Likewise, a former employee at OCS Group UK was jailed for sending confidential data to his personal email account, breaking the terms of a court order.
There are conflicting opinions when it comes to determining the causes of corporate data theft.
Leah Waller, head of employment at Lennons, said:
With technology advancing at an incredible speed, and the majority of information now being stored electronically with easy access, the instances of employees, especially those that leave on bad terms, taking confidential information is likely to continue to increase and as such the number of claims in the High Court will continue to rise.
David Emm, principal security researcher at Kaspersky Lab, said:
Employees rank at the very top of the list of threats to data and systems. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information – customer data.
Emm recommends staff education as part of a wider plan to reduce the likelihood of future threats.
Although it is clear that the problem is a growing concern for many organisations, it is unclear whether employees are fully aware of the risks.
When dealing with confidential and sensitive corporate information, employees need to be aware of internal security policies and procedures, as well as information security best practice.
Our Information Security Staff Awareness E-Learning Course aims to familiarise staff with information security policies and procedures, and help employees understand the organisation’s information and compliance risks.