Ask the Experts

PwC Director Campbell McKenzie – May 2015

My IT manager suspects that an employee is stealing our electronically stored confidential information. I have also been informed that the employee has resigned to join a competitor – what should I do to best protect my business?

Confidential information is often the source of your competitive advantage and without adequate data loss prevention systems in place, the theft of information by employees creates challenges and risks for all employers.

To confirm your IT manager’s suspicions, carrying out an employment investigation is recommended which will likely determine the method and extent of any data loss. IT systems are designed for normal business needs; they’re not designed to respond to critical incidents which create an immediate need for that data to be preserved, examined, and produced so a successful investigation would include: covert work, care to avoid the risk of spoiling evidence and the application of specialist tools and training.

If evidence of offending is confirmed, steps should be taken to protect against further data loss and to then proceed with the clean-up efforts. Consider suspending the employee’s physical and electronic access. Request the return of any other electronic items provided by or used in your business including ‘Bring Your Own Devices (BYOD)’. Cloud storage locations are now commonly used to steal confidential information, which may provide additional sources of evidence but also complicate the clean-up efforts. This electronic evidence can then be used in employment or criminal proceedings under charges such as ‘accessing computer system for dishonest purpose’.

To prevent data loss, you should start with a clear policy outlining what information is considered personal and what is confidential. Training from the outset should be provided, along with regular reinforcement. Ask your employees to confirm they understand the policy, and then remind them of the policy at the time of their departure, making sure they have complied with all aspects of it. It may also be worth considering complementing your policy with an electronic data loss prevention system as this will help make your policy more effective.

Campbell McKenzie is a PwC Director in Forensic Services.

As published by Fairfax in May 2015.

Talk to us

Want to know more?