By Matthew McKee, Manager, Forensic and Investigation Services at Grant Thornton

It might be said that the lifeblood of the modern business is no longer its physical assets, such as its premises, goods or even the cash in its accounts.

Whilst these are of course extremely valuable to any business, it is crucial that modern firms do not ignore intangible assets such as their intellectual property (IP) and the data they hold about themselves and their clients.

Information such as client lists, business plans, profitability details, and other commercially sensitive material, are often stored in digital form only and are therefore more challenging to secure and protect.

We are made aware of threats to our digital property on an almost daily basis. Most of what we hear however, is focussed on external dangers from hackers or other cyber-criminals.

Protecting your business against these external threats is very important – but firms should also remain conscious of the threat that might come from within.

In recent years, there has been a significant increase in data breaches and thefts by ‘insiders’ – i.e. current employees or even directors of the business. In 2019, it is thought that 34% of data breaches involved internal actors, up from 28% in 2017 according to the Verizon 2019 Data Breach Investigation Report.

Matthew McKee

So how do you protect your company? Of course, not all employees or directors in a business go to work each day with the intention of stealing from the firm – but it is nonetheless essential for businesses in all sectors to take sensible precautions to protect themselves.

This protection need not cost the earth. Many successful insider data thefts, in particular those involving small to medium sized businesses, could have been prevented by the implementation of a sensible IT policy, with clear rules and permissions across staffing levels.

Many firms for example, seek to limit the ability of employees to insert USB keys or other portable storage hardware into laptops or desktops owned by the company. This can be achieved at minimal cost (or none at all) in many cases and will help ensure that the downloading or removal of firm data must be pre-authorised by a nominated person.

Similarly, with the increase in remote working across almost all sectors in recent years, a clear remote working policy is extremely important to any firm – as is the IT approach which accompanies it.

Many businesses limit an employee’s ability to access company data from certain insecure networks, like those in coffee shops or other public places.

Again, this is relatively inexpensive to implement but may prove an invaluable protection for the firm.

These are only two examples of easily achievable and inexpensive solutions you might consider to protect your business – there are many others.

Compare the costs of these solutions to the potential financial and reputational impact of a successful insider theft and the investment of time and money to protect the business will certainly seem more than reasonable.

For further information or advice, Matthew McKee can be contacted at

Grant Thornton (NI) LLP specialises in audit, tax and advisory services.