Protecting confidential information from employee theft

Protecting confidential information from employee theft

As agencies have come to rely more and more on technology, there's been an increase in employees taking important and confidential business information.

Matthew Robinson, partner with specialist employment law firm FCB Group, has kindly provided REEF with a number of measures to help members manage this complex and perennial problem.

In many instances employees adopt very basic processes to breach their confidentiality obligation, such as using a USB key to copy files or emailing the information to themselves and trying to cover their tracks by deleting the email.

The resulting damage to a business can be significant, however there are a number of ways (practically and legally) to prevent this from happening or bring the ex-employee to account for their actions.

Prevention is far better than a cure and there are a number of basic protections that can be taken to create barriers to recalcitrant employees taking your data.

Employee owned phones – A big no-no

Do not allow your employees to have their own phones and be able to access your critical business information from those phones (for example via an app or remote connection).

Consider whether the business should supply the phones with full administrative access rights and limits on data transfer, especially synchronisation with a cloud account such as iCloud, Google Drive or Drop Box. This will allow you to monitor their file transfers and remotely disable data transfers if you have particular concerns or suspicions.

It also allows you to keep the mobile number after they have left, so you can ensure client calls continue to be answered by your business.

Block USB file uploads

Consider limiting the ability of files to be transferred from your office computers onto USB keys. There are simple ways to set this up to apply to specific computers within your office. You can designate only certain computers as having authority to transfer files to USB. Use of those computers can be limited to senior and trusted employees.

Set up restrictions in email via system rules

Most email systems allow you to create rules to manage how emails are sent, received, blocked and even organised. 'Out of Office' is a basic email rule.

Most email systems allow an administrator to create a variety of rules that operate without the employee being able to disable them. Just be careful that you comply with workplace surveillance laws and your IT surveillance policy. If in doubt, contact REEF. You may also need to consider obtaining basic IT advice if you aren’t confident doing this yourself.

Consider implementing email rules within your office email system, such as:

  • A rule to prevent particular files from being emailed from your system. For example, you could create a rule that prevents RentRoll2016.xlsx from being attached to an email.
  • A rule that automatically bcc's you or another senior manager into an email if it contains more than three attachments or has specific filename types as attachments. You can set these emails to go into a designated email folder, which you can check at the end of each day.

Establish blocks on printing certain files

Consider including a block or restriction on what files your printer will allow particular users to print. For example, you could create a block that prevents certain filename types from being printed, such as RentRoll2016.xlsx.

Dummy entries

Despite taking these steps, a determined thief may find a way through. So you may also want to consider including a number of dummy entries into your database that can act as a red flag to tell you someone has taken your data. For example, consider including certain relatives or friends as 'clients' and include their postal and email addresses. If any of these people receive a letter or email from a competitor, then it is probable that your database has been compromised and the letter/email will thankfully tell you who may have it. If all of your dummy 'clients' get the same or similar message, it' s extremely unlikely that it is a coincidence. This opens up your options to take action.

Message for employers

We often hear claims that there is little that can be done to stop someone taking your information and trading off it, but this is far from the case.

If you have used the REEF template employment contracts, then you have a number of significant legal options to not only shut down the ex-employee's misuse of your confidential information and trace were it has been sent, but to also seek financial compensation for their conduct.

We do not suggest that you need to take expensive legal proceedings over every breach. Commonsense should prevail.  However doing nothing sends a very bad message to the rest of your staff as to what they can take from your business on their departure.

Comments are closed.

About REEF

The Real Estate Employers' Federation is the real estate industry’s leading not-for-profit employer and workplace relations advisory association. It has more than 1600 members and subscribers across Australia.

Each year, REEF receives more than 20,000 calls from real estate employers needing help and guidance on matters affecting the employment relationship.

Contact us

  •  Level 6, 99 Bathurst Street,
     Sydney  NSW   2000

  •   1300 616 170

  •   02 9261 2622