Thursday, 12 February 2015

Data theft - what is it?

Data theft is when someone takes information (data) from you/your business without authority to do so. There is almost always the intention to use it for personal financial gain – to start up a new business or work in a business that is in competition to yours, on-sell the information to a competitor or encourage your clients/customers to purchase services or products elsewhere.

It’s important to understand that we’re talking about people who are in your business who may well have access to certain levels of data within your company right now. In fact, most employees need a certain level of access to data these days to undertake their jobs - job function. Once people have access to data, or the computers and hard drives that data is stored on, its not hard for them to copy it and steal it.

So, data theft occurs when a person in your business steals information from you. It’s like any other theft, it’s the theft of your data ‘your property’.

There’s a big difference with data theft and other types of property though. You’d know pretty quickly if your car, wallet, laptop, phone, credit cards were stolen and you’d be able to call on various people, the police, other authorities to prevent their use of it. With data theft, you probably won’t know that the data has been stolen until well after its walked out the door or been sent to another device.

And here’s the real challenge and problem.

After the employee has stolen your data assets its next to impossible to prevent them from using it, physically or through the courts. Data can be disseminated in literally seconds. Its gone baby and there is nothing you can do to stop it's use unless:
1. you can prove the culprit took it;
2. you have enough money to injunct the person to prevent them from using it;
and in Australia you'll need a big chunck of change and resources just to raise an injunction let alone provide surety over costs to the courts and the thief. That's right, the thief can ask the courts that you provide a guarantee over their costs to defend against your allegations and then use the financial gains they have made from the theft to defend themselves.

A very recent case took three years in the Supreme Court to get to hearing and another 14 months to get a decision from the Judge. The business from where the data was stolen lost their case and the thief and the competitor he took the data to have both prospered financially.

Data theft would have to be the biggest source of fraud in the world that is rarely successfully prosecuted … and the data thieves, particularly in Australia, know this.

So, if data is important to your business, you need to really start thinking about how you protect it (and I’m not talking about spam or standard security software here), how you store it, what levels of access you allow to it and how you monitor its access and use. And very importantly you have to be very aware of changes in employee attitudes toward you, staff and or the business.