Let’s be clear. Like any crime, if someone wants to steal from you or attack you or your assets, they will. Your only solace is knowledge to use prudent controls and understanding of the law. Fortunately, as of November of 2009, Oklahoma has made it a criminal felony of Grand Larceny to take proprietary information from your employer.
Previous to this ground breaking event, the matter was civil with it costing an average of $50K just to get to trial. Lawyers were the only winners and if a judgment was made against a pirate, they simply declared bankruptcy and escaped justice. However, now that there is some law for protection, businesses still need to shore up defenses for proof and diligence with policy and controls.
You should start with company culture to make it clear that security breaches and grousing are harmful to all employees, as well as the company. Grousing, theft of company intellectual property, and security breaches of any kind should not be tolerated and met with swift dismissal.
You should consider putting employment agreements in place that have specific language concerning confidentiality (consult your attorney). It sounds outrageous to check, but there is a school of thought often taught by unscrupulous attorneys that employees should sign their name something like “Why Bother” to look like their signature and backdate signing date by a year to escape agreements. In addition for little or no cost, a logon banner should be implemented that states company policy and must be accepted at each logon.
The next 3 major risks are e-mail, web browsing/social media, and file access. The best approaches are regular audit, prevention, and quick recovery. There should be the ability to access an employee’s files and e-mails on demand at any time. Further, e-mail should be journaled for message tracking regardless of employee deletion. Regular snapshots on data should be handled in a similar fashion. For web browsing, it’s best to simply have web filtering prevent access to adult sites and shopping. Finally, it’s a good idea to use tools like Google Alerts to track key employee names, company name and products/services, and competitor names for daily reputation management.