Law Firms Accounting Firms & Title Agencies beware of hidden costs of employee theft/data breach

August 30, 2016

Data TheftWhether it is office supplies, time theft, privileged information or money, employee theft can create a significant cost for firms.  According to the U.S. Chamber of Commerce approximately 75% of all employees steal from work in some way, and about 30% of all corporate bankruptcies are a direct result of employee theft.   The greatest threat to firms is from the inside.

The following steps help lessen employee theft and its impacts on the organization: 

1.     Develop anti-theft policies by having firm’s having very clear policies prohibiting stealing, outlining what constitute stealing, and the consequences are if the employee is caught stealing.   Employees should acknowledge in writing that they understand and will comply with the policy.

2.     Perform background checks to appropriately screen all job applicants before they are hired.  A comprehensive background check should include a criminal and civil history check, verification of education, review of state bar records or state CPA organizations (where applicable), past employment and references.  Credit checks should be performed on individuals who access money or sensitive data (such as data that can be used for identity theft).When performing background checks, firms need to follow the requirements under the Fair Credit Reporting Act.

3.     Make sure to have a separation of duties for jobs that handle sensitive information, money or credit cards. The individuals that are handling the monies or sensitive information should not be the ones that are doing the reconciliations of information.

4.     Where possible rotate responsibilities.

5.     Enforce vacation policy for staff making sure that all staff takes at least one consecutive week off a year where other staff members must “fill” in their absence.

 

 

If you find or suspect theft or data theft:

 

1.     Investigate thoroughly to ensure you are not jumping to conclusions Follow your firm’s procedures as you would with any allegation.   In order to avoid claims of false accusation, the employee should be allowed to share their version events.

2.     If the theft involves sensitive data you may be required to notify state agencies as well as clients of the data breach.  Make sure to comply will all related data breach laws.

3.     Notify the appropriate insurance carrier of the theft or data theft if cyber if appropriate.

 

Firms should consider conducting a risk assessment to identify and manage areas of weakness.  Internal controls should be developed to prevent theft from becoming a serious problem.  If employees believe that the firm’s processes will be regularly reviewed and audited, they are less likely to commit theft.  

 

For help with your insurance needs for theft or cyber/data breach insurance, contact the professionals at L Squared Insurance Agency.

Do You Have Sufficient Protection?

Ready to protect your professional career with the best malpractice insurance on the market? Contact us today and let our experienced team guide you towards peace of mind. Your success is our priority.