Employee Data Theft & Fraud – Uncovering the evidence
Employment tribunals are expensive and can be risky, if the case is lost then the employer will be responsible for damages to the previous employee(s).It is, therefore, vital that an employer ensures that any supporting evidence of wrongdoing, including employee data theft, is identified and prepared in accordance with relevant guidelines so that it can be relied upon.Commonly cases of employee data theft occur when an employee leaves to work for or to setup a rival business, taking with them important customer information and company sales data.More simply, many employees consider data and files that they have worked with as their own and do not consider it to be theft.However 2011 saw a 41% growth in employee’s dishonestly claiming benefits from their employer that they were not entitled to, including the taking of company information as part of data theft.This type of fraud is referred to as ‘Dishonest Actions by staff to obtain benefits by theft or deception’ (where a person knowingly, and with intent, obtains or attempts to obtain a benefit for himself/herself and/or others through dishonest action, and where such conduct would constitute an offence).Counter fraud professionals have also highlighted it as the biggest threat to their organisation in future years.Employee data theft is (at least to some extent) a by-product of the challenging economic and employment climate of the UK as more employees are driven to steal from their employer or to manipulate systems such as incentive schemes in order to obtain funds.Whilst there is rarely a “smoking gun”, evidence of employee data theft may be found after an examination of hard copy diaries, files and notes, emails, mobile phones, handheld devices and laptops will often provide enough of a picture to decide whether to proceed.For example hardware may have been wiped clean or the employee may have downloaded reams of information in the days/weeks prior to resignation.In order to maximise the capture of data and potential evidence any material should be immediately preserved following the loss of an employee.Relying upon an in-house IT department can also result in the loss of more data as, in the pursuit of attempting to preserve data, we have actually experienced them destroying any that may have been present as they are not equipped with the necessary tools or expertise to perform intricate computer forensic examinations and extract this valuable evidence without compromising its quality.Even just a ‘small poke around’ can be enough to overwrite or destroy it, which, in turn can then jeopardise the entire case.Instead immediate contact should be made to a specialist, such as Athena Forensics who are able to provide reputable and experienced experts in computer forensic investigations that are able to retrieve far more digital based evidence than most in-house IT capability could.As part of their incident response service to employers forensic examiners are deployed within 24 hours to quickly investigate and positively determine if any compromises have been made to your systems as the result of an incident without taking your system out of service.Acts of Fraud committed by employees have risen over recent years and figures provided by the UK’s Fraud Prevention Service show that their members reported a 14.5% increase from 2010 a stark contrast to the static levels of the previous two years, where no annual increase was recorded.As previously suggested an increase in employee data theft is to some extent a result of the recession with employees faced with redundancies and falls in bonuses.Another contributing factor could also be as a result of ‘BYOD’ (a recent trend of employees bringing personally-owned mobile devices to their place of work) and using those digital devices to access privileged company resources such as email, file servers and databases as well as their personal applications and data.With employers allowing their employees to ‘BYOD’ this practice has resulted in data breaches. Quite simply if an employee uses a Smartphone to access the company network and then loses that phone, the confidential data stored on the phone could potentially be retrieved by un-trusted parties.It also means that more employees have access to sensitive information on their personally-owned laptop or mobile, leaving companies very exposed when employees leaves a company, especially when the majority of HR policies are found to neglect covering the removal of corporate information from such personal devices when an employee leaves.As the digital age continues to develop rapidly, so must the policies and practices surrounding how we manage and most importantly protect electronically stored information.As an Employer it is important that you update your policies to ensure that the correct methods are employed for the preservation and protection of key digital forensic evidence.You can also add restrictive covenants to employment contracts to contractually restrict the activities of employees after the termination of their employment, such as a restriction to stop employees soliciting former clients or to prevent the use of clearly defined contractual documents.Without these contractual provisions in place, it is likely that you would only be able to protect genuine trade secrets, which will not cover the majority of information you would to want to keep confidential.
