Beware the ‘frenemy’ within

Article Index

Understandably, most employees would be mortified to be labelled as stealing from their employer. But almost half of UK employees (40%) admit to taking private company information with them when they move to a new job and over half would readily dispute that they are stealing, claiming that they regard the information as rightly theirs. A further 62% of UK employees also believe that it’s acceptable to transfer work documents to personal devices or online file sharing applications and over half (56%) are more likely to attribute ownership of intellectual property (IP) to the person who created it.

It seems that a large portion of UK employees don’t understand that if corporate data is being taken from the employer for personal use then this is at odds with the vast majority of company polices. And, with the majority of employees able easily to move documents around between work and personal devices, many don’t even think about it because they don’t understand the associated risk. 

Our research also found that nearly of third (31%) of UK employees claim to have more access to files and documents than is actually necessary to do their job properly. Combined with the fact that only a small number of managers (30%) view data protection as a business priority, it’s easy to see why employees think that organisations don’t care about their IP. 

It’s all a bit confusing, right? Well, it seems that businesses are missing a trick when it comes to protecting confidential company data due to a lack of clarity about who owns the IP. We live in a knowledge-based economy – where ideas are money. In our modern digitally-enabled world, corporate information is often stored as electronic data, which is estimated to be worth 49% of an organisation’s total value – one of their biggest assets. Yet, businesses are failing to train people in what belongs to the employee and what belongs to the company, by not encouraging responsibility for safeguarding business information or explaining to employees that using a former employer’s confidential data puts the current employer at risk.

Interestingly, this disconnect between employees and companies is a lot higher in the UK than globally (44%) suggesting that we have fewer guidelines or policies in place to educate employees about ownership of IP. To rectify this, the business needs to be working much more closely with HR to create easily digestible guidelines that employees can refer to. 

To help you start managing this potential risk in your businesses and help your staff to manage your company data properly, here are my five key recommendations:

  1. Educate employees: although you need to reinforce that taking confidential information is wrong, you need to get to the heart of the matter and educate employees about ownership of IP. Introduce guidelines so it’s crystal clear that IP developed on the job belongs to the company. IP theft awareness should be integral to security awareness training.
  2. Manage access: it is wise to make sure that employees don’t have access to more information than they need to do their job. This simple approach means that no data is unnecessarily exposed.
  3. Enforce non-disclosure agreements: include stronger, more specific language in employment contracts and ensure exit interviews include conversations focused around employees’ continued responsibility to protect confidential information and return all company information and property (wherever it is stored). Make sure employees are aware that policy violations will be enforced and that theft of IP will have negative consequences to them and their future employer. Educate new staff that they must not bring confidential information with them from their previous employer –this puts you at risk. 
  4. Use monitoring technology: implement data loss prevention software that monitors inappropriate access and use of IP and automatically notifies managers and employees in real time when sensitive information is inappropriately sent, copied, or otherwise exposed - this increases security awareness and deters theft.
  5. Review your policies: make sure that you are regularly reviewing your policies and your technologies to make sure that it’s working for you. Employee feedback is vital to managing this process.

See also:


Add comment

Security code

Forgotten your password?

I'd like to subscribe
Subscribers only - te law will answer your employment law queries. Find out more about our email support

Now there's more ways to stay in touch

Join Us on Linked in Become our Fan on Facebook Follow us on Twitter