The number of High Court cases in which sensitive corporate data has been stolen by employees has increased by 25% in a year, according to a London law firm.
EMW senior solicitor, Felix Dodd, claimed that an increase in staff turnover could be the cause of the rise, from 40 cases in 2015 to 50 last year.
In other words, malicious insiders are deliberately taking customer databases, sensitive financial information and the like with them to help with their new roles.
He added that the ubiquity of smartphones and cloud storage platforms has made the process far simpler without raising suspicion.
In the financial services sector, firms need to guard their proprietary algorithms with care, while recruiters and estate agents are more likely to be affected by the loss of client databases, said Dodd.
“Theft of confidential data has become such a widespread concern for firms in the City that many of them ban their employees from sending work emails to their personal accounts, and some now even disable some functions on their employees’ smartphones,” he explained.
“Bigger businesses should have the systems in place to be able to monitor activity like this effectively, but a lot of smaller businesses might not have the budget or skills to track what their employees are doing with sensitive data.”
This year a former employee of aviation cleaning company, OCS Group UK, was jailed after sending confidential information to his personal email address, breaking the terms of a court order. Meanwhile, investment management firm, Marathon Asset Management, won a case against two former employees who breached their contracts by copying and retaining key files.
Head of employment at Lennons, Leah Waller, argued that the increase in High Court cases could be down to the fact that firms can now apply for compensation by way of damages rather than being forced to bring a criminal action for theft.
“With technology advancing at an incredible speed, and the majority of information now being stored electronically with easy access, the instances of employees, especially those that leave on bad terms, taking confidential information is likely to continue to increase and as such the number of claims in the High Court will continue to rise,” she added.
David Emm, principal security researcher at Kaspersky Lab, argued that the insider threat is one of the biggest challenges facing businesses.
“Employees rank at the very top of the list of threats to data and systems,” he added.
“Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information – customer data.”
To mitigate the threat, Emm recommended a combination of staff education, threat intelligence services, restricted access to key systems and regular security audits.