Logo Header Menu

The rise of employees stealing data: how do businesses stop this from happening?

Employees currently think of stealing data, or taking corporate data with them, as a similar offence to taking paper clips home – technology, education and reassurance are required to stop this. The rise of employees stealing data: how do businesses stop this from happening? image

When people outside of the IT industry hear the phrase ‘data breach’ or a story about cyber security, the initial thought is that it is the result of a sophisticated hacker or organisation ‘attacking’ a business. Enterprises are of course being targeted by sophisticated cyber-attacks, however, there are many unsophisticated data breaches occurring every day, where employees or former employees are stealing data and trying to profit from this in some way.

This shouldn’t come as a surprise; the last decade has seen ‘data’ turn from just one of many resources within a business, to a potential game-changer – experts are continually painting ‘data as the new oil’. So, perhaps disgruntled employees have taken note, and have decided to do something else with that data.

In the case of the ‘Wolf of Manchester’, Shane Jerman took photographs of customer information while working for AXA Insurance, sending 100 lines of data a week via Whatsapp to Stuart McGill who was a former employees of the firm in a six month period in 2015.

McGill was found to have been sending between £250 and £650 to Jerman a week, while he was also receiving several thousands of pounds from a claims management company called Mid North West Ltd. Investigators believe that the company would have used the data to call AXA customers and try to refer them onto solicitors who would aid with their accident claims. Jerman and McGill made a total of £18,250 between them.

Over a third of European businesses are victims of data theft

According to new figures from EfficientIP, 39% of EU businesses are suffering data theft and paying, on average, €734,000 per DNS attack.

There are various research reports which should read as a warning sign for businesses. A Ponemon report on data found that 75% of employees say they’ll have access to data they shouldn’t and 25% of employees are willing to sell data to a competitor for less than $8000. Organisations are worried about this; Quest research found 90% of organisations feel vulnerable to ‘insider’ attacks, with excessive access privileges (37%), access to sensitive data (36%) and the increasing complexity of IT (35%) being the key reason why.

“The game changer for this threat is the rise of cloud applications, and the ease of data exfiltration it provides – it has made these types of hack more likely,” suggests Todd Peterson, IAM evangelist at One Identity.

In its 2018 Data Breach Investigations Report, Verizon found that 28% of all breaches were insider jobs, and three quarters of these were driven by profit, while ‘pure fun’ was another top motivation.  Quest suggests that the vast majority of organisations (86%) already have or are building an insider threat programme. Leon Deakin, partner at law firm Coffin Mew says that not all cases may be as flagrant as the ‘Wolf of Manchester’ as unscrupulous staff will operate in any grey area they can find.

“By eliminating those grey areas and being completely clear on what is and is not acceptable, as well as the consequences of getting it wrong, employers can eradicate the chances of an employment judge criticising their practices,” he says.

And according to Will Richmond-Coggan, a director at Freeths LLP, regulatory changes in the way in which data is held and monitored offers some hope for employers.

“Bringing data holding practices into line with these requirements will put up additional barriers to the casual or inexperienced thief, making it more likely that the theft will be prevented or traced,” he says.

Businesses are increasingly using monitoring and analytics tools to prevent and detect data that is being accessed, manipulated, or sent onwards – but while the likes of AI and machine learning will assist organisations further, much of the onus will be on educating staff, and even making employees act as surveillance themselves.

Five steps to protect your business from insider data theft

Most data leaks arise from insiders doing things they shouldn’t.

“Staff need to know that they won’t get into trouble for reporting another member of staff who is behaving strangely, CCTV can be evaded, keylogging on work devices can be circumvented, but if your colleague is photographing company data on their phone, or going home very late, alarm bells should ring, and staff should be reassured they’re tip will remain anonymous,” says Lisa Forte, who worked for the UK Police Cyber Crime Unit and in the government intelligence services.

Forte, who is now a partner at Red Goat Cyber Security, believes that malicious insiders often display a change in behaviour – such as becoming less social or suddenly spending a lot of money on holidays or other items.

The risk with using technology or even people to keep a check on things is that employees may feel their privacy may be being infringed upon.

Matan Scharf, senior security solutions manager at Synopsys suggests that this could cultivate a culture of mistrust, and so the benefits of preventing a data breach need to be weighed up accordingly.

With cyber-attacks, losing data by accident, phishing and fraud all high on business’ agenda, there may be less priority over educating staff on the perils of stealing data or sending this data to someone else.
idax CEO Mark Rodbert, believes this is already a bigger problem than phishing.

“People don’t value security or data – many employees think that stealing customer data isn’t a big deal and liken it to taking some paper clips or pencils from the office. Moreover, they think their own customer data is something that should belong to them – so they think they’re entitled to monetise it,” he states.

According to Forte, the UK is reported to have one of the highest instances of staff taking data with them when they move to a different company.

“I have interviewed many of them and all of them believed that because they had written that report or created that PowerPoint, it belonged to them – employees need to understand that everything you create at work belongs to the company; taking it with you is a crime,” she states.

Latest news

divider
Retail
The challenges of e-commerce: The internal blame game costing retailers thousands

The challenges of e-commerce: The internal blame game costing retailers thousands

23 August 2019 / Investing in eCommerce capabilities is no longer a choice for retailers, its essential. But the [...]

divider
Cybersecurity
Simulation software: protecting your organisation during a sustained period of cyber war

Simulation software: protecting your organisation during a sustained period of cyber war

22 August 2019 / We’re in the midst of a cyber war that threatens every single business and the [...]

divider
Emerging Technology & Innovation
London’s demand for emerging tech skills could create North-South divide

London’s demand for emerging tech skills could create North-South divide

22 August 2019 / There are currently 422,000 professionals with emerging tech skills, including data analytics, artificial intelligence (AI), [...]

divider
Blockchain
Are blockchain-based smart contracts stupid?

Are blockchain-based smart contracts stupid?

22 August 2019 / Blockchain-based smart contracts are getting more than their fair share of attention in the media [...]

divider
Communications & Networking
5G network infrastructure revenue to reach $4.2 billion in 2020 — Gartner

5G network infrastructure revenue to reach $4.2 billion in 2020 — Gartner

22 August 2019 / 5G has dominated headlines of late, for both positive and negative reasons. Questions have been [...]

divider
Cyber Innovation
Random numbers for the quantum computing world, has Crypta Labs really cracked it?

Random numbers for the quantum computing world, has Crypta Labs really cracked it?

21 August 2019 / There seem to be lots of holy grails these days and lots of companies claim [...]

divider
Emerging Technology & Innovation
Change your customer and employee experience using AR and VR

Change your customer and employee experience using AR and VR

21 August 2019 / Augmented reality (AR) and virtual reality (VR), although limited at the moment, will be a [...]

divider
Governance, Risk and Compliance
Technology, regulation and the law: don’t be caught out. An example

Technology, regulation and the law: don’t be caught out. An example

21 August 2019 / Technology, regulation and the law Near-perfect examples of this phenomenon are “language technologies” — those [...]

divider
Diversity
Investors must embrace diversity now

Investors must embrace diversity now

20 August 2019 / Venture capitalists (VCs) play a vital role in shaping the future. Although the VC industry [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest