A study in December 2005 by business services firm BDO Stoy Hayward revealed that the cost of employee fraud to companies has almost doubled over the past two years to reach £78m.
The trouble is that in today’s electronic era, it’s easier than ever for employees to steal. No company director would do business with a competitor looking over their shoulder, but that’s exactly what they could be doing by not addressing the risks of employee fraud – 60% of incidents involve collusion of some kind.
It’s difficult to identify fraudsters, but they tend to be disgruntled staff, or those who are about to leave. And one of the fastest-growing problems is the theft of corporate information.
Most employees take corporate secrets of some sort with them when they leave their job, ranging from e-mail contacts and sales proposals/presentations to customer data. All have the potential to do some serious damage to a business if this information falls into the wrong hands.
Devices such as memory sticks and even MP3 players have been used to remove intellectual property and company secrets. Another common method is e-mailing information to private e-mail accounts from the office.
IT-savvy employees can wreak even more havoc. They can develop ‘back-door’ software programs that allow remote users to control a computer, or they can place a virus on the company’s network. One disgruntled ex-employee of a major professional services firm planted a ‘remote login’ and had access to his former employer’s network many months after leaving, although he had set out to exact revenge on the company, rather than steal data.
Since HR plays such a key role in both recruiting employees and developing workplace policies, it has the potential to help stop employee fraud. Policies should cover everyone who has computer access, ranging from temps to chief executives.
How to avoid employee fraud
Contract covenants: An enforceable non-competition covenant should be included in employment contracts to stop employees who leave taking clients. It should also be clear that intellectual property (such as customer databases) remain the property of the company. Contracts should also warn employees that the company regularly monitors individual use of IT equipment, including files accessed, e-mails and internet use.
Acceptable usage policies (AUP): These are not just about e-mail or internet etiquette. They ensure businesses are legally entitled to monitor what employees are doing on company IT equipment. It should be made clear what is acceptable relating to company time, equipment and information. You could also consider restricting the use of storage devices in the office, including MP3 players, as this will make it more difficult for staff to remove critical information.
Monitor the use of IT equipment: Software is available to monitor network activity and record violations when they occur. Beware, though, that people engaged in stealing company data and corporate secrets may attempt to cover their tracks by using encryption, hiding data and deleting evidence, so that it is virtually impossible to detect this activity without forensic software. You should also screen outgoing e-mails with attachments, which may contain information belonging to the company. Remember, it could be illegal to monitor employee IT usage without a suitable AUP and contract covenant.
Follow up on references: There is no way to identify a ‘type’ of person who will commit employee fraud, so it’s important for HR or recruitment managers to follow up all references. If concerned, check candidates’ criminal records.
Restrict access for temporary staff: Temps should have very limited access to the network, and be bound to the same AUP as everyone else. Do spot checks and monitor e-mail and internet usage, as many cases of fraud involve temporary workers.
Offer garden leave: When someone gives their notice to quit, businesses should consider giving them paid leave for the duration of their notice period. The most likely time for workers to steal corporate information is during the run up to their departure.
Back-up e-mail and internet logs
All of this could be vital in the event of legal action, so do this on a daily basis.
If you suspect employee fraud…
Many businesses that have had employee fraud committed against them may not even be aware of it until they start losing business, or discover a problem on their network.
One organisation learned of its employees’ betrayal when it lost major clients. It turned out that members of its previous management team had stolen customer databases and pricing structures and had produced business plans and stationery on their former employer’s office equipment. The company had not drawn up covenants in its employee contracts. Fortunately, the fraudsters left enough evidence to identify the clients and intellectual property they had their eyes on.
In many cases, the key reason employers fail to catch the fraudsters is because they have not preserved the evidence. Untrained IT staff can inadvertently contaminate vital evidence during investigations. If files and logs are accessed following an offence, the evidence becomes less admissible in court.
Ultimately, prevention is better than cure. It is possible for companies to take legal action against ex-employees for this type of behaviour, but it is extremely expensive, and costs will not be retrieved if the case is lost.
Employee fraud up 200% in three years
An HR guide to workplace fraud
Confidentiality: The danger of iPods
Employee fraud action plan
- Isolate any workstations where you consider there may be suspicious activity
- Preserve evidence – printing off an e-mail could tarnish the evidence
- Don’t confront – don’t give the offender an opportunity to cover their tracks until you have taken steps to secure the data
- Act fairly and impartially – remember it could be an innocent mistake on the part of the employee
- Lock out e-mail and internet accounts and prevent external access
- Record your actions and the reasons behind them
John McConnell is a computer forensics expert at Zentek Forensics. Computer forensics can involve mobile phone and PC investigations, and help to tackle e-mail and internet abuse at work.