Skip to content

Following the recent news that staff payroll data was stolen from supermarket chain Morrisons, Andrew Lightburn, associate at hlw Keeble Hawson, and an expert in contentious aspects of employment law, advises SMEs on protecting themselves against staff sabotage. 

1. The Morrisons theft could happen in your business

The high profile news of the data theft which allegedly included bank account details of around 100,000 Morrison’s’ employees should ring alarm bells for SMEs.

2. Tighten up internal processes and systems

Ensure that your IT security is robust and limit access only to data and systems that are necessary for staff to do their job.

3. Rigorously check new employees

However well qualified, personable and able a new recruit seems, employers should always carry out basic checks. Follow up references and examine gaps in CVs as a bare minimum.  

4. Conduct fresh checks when promoting internally

Employers would be advised to follow this advice - particularly where an employee is being elevated to a position of greater trust or responsibility.

5. Be alert to behavioural changes

Businesses have a duty of care when it comes to the wellbeing of their staff. This includes monitoring any unusual behaviour and offering appropriate support. 

6. Encourage whistleblowing

A well thought out whistleblowing policy will ensure that employees know that they can safely and confidentially report concerns about colleagues’ behaviour or conduct without fear of retribution

7. Ensure employee documentation is watertight 

Make certain that employment contracts and provisions for suspension and garden leave allow employees to be removed quickly and easily from the business.  Contracts can also give the employer the right to block access to IT systems, including email, and prevent employees from communicating with colleagues.

8. Protect against spiteful online posts

Implement a social media policy or guidelines appropriate to your business - and ensure that staff understand what can and can’t be posted. New defamation laws have tightened up processes for removing malicious online comments.

9. If you are still concerned, step up your levels of checks

Increasingly larger companies will carry out more detailed checks, including ID, address, Criminal Record Bureau (CRB) and financial probity. 

10. Remember that internal saboteurs can present the greatest risks

Companies will spend time and money on protecting themselves from external threats such as data theft or computer hackers, yet the greatest risks can come from employees who breach their positions of trust and responsibility.

With four offices in Sheffield, Leeds and Doncaster, hlw Keeble Hawson is one of the region’s biggest law firms and is at the heart of the business and wider community.  Visit for more information.