How HR can help prevent data breaches

by John Hilton01 Feb 2017
In order to combat the threat of employees stealing information, HR really needs to work closely with their IT teams, says Lynne Lewis, partner, intellectual property at law firm Minter Ellison.
 
In particular, it’s important to ensure that there are comprehensive systems in place so that employees doing the wrong thing can be tracked, Lewis told HC.
 
 
Employers have the option of accessing technology which allows them to see if an employee has been downloading onto USB keys. Moreover, they can see if staff have been taking their computer home, hooking it up to devices and downloading from it or printing from it.
 
However, Lewis has come across organisations, quite often large ones, that don’t have sound IT systems in place.
 
For example, there may not be any logs kept of USB keys that are plugged in and out of workplace computers.
 
“If I’m running a case, I want to be able to show that the night before someone actually departed or the night before they hand in their resignation that a USB key was inserted into their work computer and that XYZ was copied over onto that,” Lewis said.
 
“HR must work with the IT teams to get good tracking and lockdown technology in place ahead of time.”
 
HR teams also need exceptional internal communication in place whenever an employee resigns, added Lewis.
 
“I’ve seen many circumstances where the information doesn’t necessarily get told to the correct people who might notice that something unusual is happening with people’s access to premises or documents during that period of time,” said Lewis.
 
“Had they known that person had resigned then they might have actually spoken up about seeing some strange things happening.”
 
It’s also important to be careful with document destruction policies because sometimes important information can be lost, said Lewis.
 
She cited one of her clients who introduced a 30-day policy whereby everything disappears after 30 days. “That can be really hard to recover,” she said.
 
“But they can put in place an exemption to that if they’ve got a basis for it in their system.” 
 
Related stories:

Spies, lies and thieves: Stopping IP theft                                    

Are your staff suffering from ‘tech fatigue’?                                    

SAI Global sues worker for raiding database before quitting

COMMENTS

Most Read