Employment tribunals are expensive and can be risky, if the case is lost then the employer will be responsible for damages to the previous employee(s). It is, therefore, vital that an employer ensures that any supporting evidence of wrongdoing is identified and prepared in accordance with relevant guidelines so that it can be relied upon.
Commonly cases of data theft occur when an employee leaves to work for or to setup a rival business, taking with them important customer information and company sales data. More simply, many employees consider files that they have worked with as their own and do not consider it to be theft.
However during 2011 saw a 41% growth in employee’s dishonestly claiming benefits from their employer that they were not entitled to. This type of fraud is referred to as ‘Dishonest Actions by staff to obtain benefits by theft or deception’ (where a person knowingly, and with intent, obtains or attempts to obtain a benefit for himself/herself and/or others through dishonest action, and where such conduct would constitute an offence).
Counter fraud professionals have also highlighted it as the biggest threat to their organisation in future years. This type of fraud is (at least to some extent) a by-product of the challenging economic and employment climate of the UK as more employees are driven to steal from their employer or to manipulate systems such as incentive schemes in order to obtain funds.
Whilst there is rarely a “smoking gun”, examination of hard copy diaries, files and notes, emails, mobile phones, handheld devices and laptops will often provide enough of a picture to decide whether to proceed. For example hardware may have been wiped clean or the employee may have downloaded reams of information in the days/weeks prior to resignation.
In order to maximise the capture of data and potential evidence any material should be immediately preserved following the loss of an employee. Relying upon an in-house IT department can also result in the loss of more data as, in the pursuit of attempting to preserve data, we have actually experienced them destroying any that may have been present as they are not equipped with the necessary tools or expertise to perform intricate computer forensic examinations and extract this valuable evidence without compromising its quality. Even just a ‘small poke around’ can be enough to overwrite or destroy it, which, in turn can then jeopardise the entire case.
Instead immediate contact should be made to a specialist, such as Athena Forensics who are able to provide reputable and experienced experts in computer forensic investigations that are able to retrieve far more digital based evidence than most in-house IT capability could. As part of their incident response service to employers forensic examiners are deployed within 24 hours to quickly investigate and positively determine if any compromises have been made to your systems as the result of an incident without taking your system out of service.
Acts of Fraud committed by employees have risen over recent years and figures provided by the UK’s Fraud Prevention Service show that their members reported a 14.5% increase from 2010 a stark contrast to the static levels of the previous two years, where no annual increase was recorded.
As previously suggested an increase in employee fraud is to some extent a result of the recession with employees faced with redundancies and falls in bonuses. Another contributing factor could also be as a result of ‘BYOD’ (a recent trend of employees bringing personally-owned mobile devices to their place of work) and using those digital devices to access privileged company resources such as email, file servers and databases as well as their personal applications and data.
With employers allowing their employees to ‘BYOD’ this practice has resulted in data breaches. Quite simply if an employee uses a Smartphone to access the company network and then loses that phone, the confidential data stored on the phone could potentially be retrieved by un-trusted parties.
It also means that more employees have access to sensitive information on their personally-owned laptop or mobile, leaving companies very exposed when employees leaves a company, especially when the majority of HR policies are found to neglect covering the removal of corporate information from such personal devices when an employee leaves.
As the digital age continues to develop rapidly, so must the policies and practices surrounding how we manage and most importantly protect electronically stored information. As an Employer it is important that you update your policies to ensure that the correct methods are employed for the preservation and protection of key digital forensic evidence.
You can also add restrictive covenants to employment contracts to contractually restrict the activities of employees after the termination of their employment, such as a restriction to stop employees soliciting former clients or to prevent the use of clearly defined contractual documents. Without these contractual provisions in place, it is likely that you would only be able to protect genuine trade secrets, which will not cover the majority of information you would to want to keep confidential.
For more information on computer forensic investigations or if you require Athena Forensics Incident Response Service please contact a member of our team, details of how to get in touch can be found on our contact us page.