When we think about cyber security, we often think about the external threats and the well-known dangers that are hackers or phishers. But in focusing on the external threat, many companies overlook the danger which may be lurking within their business.
The core value of most businesses is held within its technical know-how, its customer databases, its contractual terms and its pricing structures. Unfortunately, those inside the company with access to this sensitive data are often the people best placed to exploit its value, to the detriment of the business.
So while it’s important to consider outward-facing cyber security, it’s equally important to consider effective internal protection.
Four measures to help protect your business against internal cyber security threats
You must steer clear of spying on your employees unnecessarily and without their knowledge. But there are things you can do to ensure that your valuable data isn’t compromised by your employees.
Here are four measures you could consider.
- Where possible, avoid shared devices, restrict access to sensitive information on a need-to-know basis, have individual password protected access to all systems and invest in systems that can tag and record all activity, such as forwarding or copying of information.
- Have clear IT, Information Control and Disciplinary Policies in place. These need to tightly control what employees can and can’t do with regard to company data. They should also inform employees that your IT systems are monitored, meaning that employees can have no expectation of privacy when using those systems.
- Ensure that all employment contracts and, in particular, those of key personnel, include provisions that protect your business and the confidentiality of its information. These might include Garden Leave clauses, confidentiality provisions and Post-Termination Restrictive Covenants. Post Termination Restrictive Covenants seek to prevent the solicitation of customers, clients, suppliers, other employees, and/or prevent general competition for a defined period after termination of employment.
- Maintain proper commercial insurance, particularly Legal Expenses Insurance. This means that if the worst happens and you are double-crossed by an unscrupulous employee, the cost of retrieving sensitive data (by way of a Search and Seize Order) and preventing any such data being used against your business (by way of a Springboard Injunction), does not act as a barrier to the protection that such legal proceedings can bring.
If you would like to discuss the issue of cyber security and the internal threat in more detail, we will be presenting at the Online Cyber Fringe Festival on 24 November 2020. We will also be hosting a virtual “bubble” at that event, along with the 3 Counties Defence and Security Group. Find out more and book your free ticket at the Online Cyber Fringe Festival website.
Rebecca Kirk, Partner in the Employment Team based in Hereford can also be contacted at any time on 01432 349709 or 07805 627430.