Kiwi businesses complacent about data theft
Kiwi businesses complacent about data theft
Kiwi businesses are just as, if not more, vulnerable to data theft or destruction from disgruntled ex-employers than US companies, says Brian Eardley-Wilmot, Managing Director of Computer Forensics NZ Ltd.
A recent survey by the Ponemon Institute in the U.S. found that up to 59% of fired workers admitted to stealing company data and 67% used their former company’s confidential data to leverage a new job.
Computer Forensics’ Eardley-Wilmot says that New Zealand companies should not be complacent, and assume this is just a problem confined to corporate America.
“The number of reported instances of data theft or wilful destruction of data been growing in double digits in New Zealand in recent years, so we can assume the real increase is even higher,” he says.
“Management often don’t know it is happening or assume it can’t happen to them. But it typically happens to companies with 10-50 staff, where both the human resources systems and the IT security infrastructure are not necessarily very sophisticated. That’s a huge proportion of businesses in New Zealand,” says Eardley-Wilmot.
“Even worse, there are plenty of companies happy to accept the benefits of such theft when hiring new employees. It’s a bit like pirating movies – it’s a crime and it has a cost, but many people don’t like to think of themselves as criminals when they do it or receive the benefits.”
“People who do this once and get away with it will do it again. There are serial data thieves out there who’ve made ripping off their former employers a standard practice when shifting jobs. If you hire someone partly because of the information they bring with them, you can be pretty sure your company’s data will be going out the door with them when they leave” says Eardley-Wilmot.
Such opportunistic employees aren’t the only danger company’s face, says Eardley-Wilmot. Again, because of the small size of the majority of New Zealand businesses, and the relative lack of sophistication of their IT systems, many companies are very vulnerable to the destruction of crucial data by disgruntled employees.
“We’ve seen this happen many times with small companies. Important company data has ended up residing exclusively on an employee’s PC, or sitting on a company server which has not been adequately backed up. And then the company fires the employee or makes them redundant and in anger they delete data before walking out the door,” he says.
Be it data theft or destruction, companies don’t do themselves any favours by not taking action, he says.
“Smart companies have come to us and got us to find the proof of the ex-employee’s actions. Because while you don’t like to think any of your employees might be capable of such actions, the reality is there are plenty who are. If you don’t make it clear to all your employees that such behaviour is illegal and the company will take action against employees who indulge in it, then it will happen to you again. And the cost to the company of losing vital information, either to a competitor or the electronic rubbish bin, can end up being far higher than the cost of taking action against the perpetrator,” says Eardley-Wilmot.
“It’s never a comfortable situation for a company, if they suspect someone has done this to them. But there are better options than ignoring it. Get the proof of the crime, and take legal action. You’ll minimise the damage of theft, since no employer will be able to use the stolen data once the crime is out in the open, and you’ll make sure it doesn’t happen to you again.”