If a company director receives reports that an employee is reading colleagues’ screens and sending encrypted messages externally, the situation raises several potential risks: possible data leakage breach of confidentiality unauthorised disclosure of business information potential intellectual property theft potential breach of UK data protection law The UK National Cyber Security Centre (NCSC) warns that insider threats can arise from both malicious and accidental behaviour, and organisations should monitor unusual activity. https://www.ncsc.gov.uk/collection/insider-threat Cyber security expert Professor Alan Woodward (University of Surrey) has noted: “Some of the most damaging cyber incidents come from insiders who already have legitimate access to company systems.” The key is to investigate calmly and carefully, not jump to accusations. Why Insider Threats Should Not Be Ignored Employees looking over colleagues’ screens may appear harmless, but it can expose sensitive information such as: customer data financial records HR information commercial contracts internal emails intellectual property If the same individual is sending encrypted emails externally, it raises legitimate questions about whether company information may be leaving the organisation. Step 1: Do Not Confront the Employee Immediately Avoid Accusations Without Evidence Even if the behaviour appears suspicious, the first step should be gathering facts. Immediate confrontation may: alert the employee lead to deletion of evidence create legal problems if the accusation is incorrect Instead, begin a discreet internal review. Step 2: Review Email and System Logs Check Whether Company Data Is Being Sent You should examine: email logs attachments sent externally frequency of encrypted emails destination email domains file transfer activity Important questions include: Are company documents being sent externally? Are customer records involved? Are confidential files being shared? Are the external addresses associated with competitors? If your systems allow it, review metadata rather than email content initially. Step 3: Check Company Policies Is the Behaviour Against Policy? Your employment contracts or internal policies may already cover: confidentiality obligations acceptable use of company systems data protection rules information security procedures If an employee is sending encrypted emails outside the organisation without authorisation, it may breach internal policy. The Information Commissioner’s Office (ICO) emphasises that organisations must ensure personal data is processed securely and appropriately. https://ico.org.uk/for-organisations/guide-to-data-protection Step 4: Consider Data Protection Implications Potential GDPR Issues If personal data is being transmitted externally without authorisation, this could represent a data protection breach. Examples might include: customer contact information employee HR records financial account data supplier information Under UK GDPR rules, organisations must assess potential breaches and may need to notify the ICO within 72 hours if there is risk to individuals. https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach Step 5: Speak to the Employee Professionally Ask Questions Before Drawing Conclusions Once initial facts are gathered, the employee should be invited to a professional meeting. The goal is to understand: why they are observing colleagues’ screens why encrypted emails are being sent externally what information is included in those messages whether management authorised the communication Possible explanations may include: legitimate collaboration with external partners misunderstood job responsibilities personal security tools being used incorrectly Or something more concerning. Step 6: Take Action if Necessary Possible Outcomes Depending on findings, possible actions may include: issuing guidance or additional training restricting system access changing role responsibilities formal disciplinary procedures reporting potential data breaches Serious unauthorised disclosure of confidential information could potentially justify disciplinary action. Step 7: Strengthen Internal Security Controls Prevent Future Risks Situations like this often highlight weaknesses in company security controls. Practical improvements include: limiting access to sensitive data monitoring outbound email traffic implementing data loss prevention tools training staff on confidentiality rules improving internal reporting processes The NCSC provides practical advice for organisations managing insider threats. https://www.ncsc.gov.uk/collection/insider-threat Final Thoughts Reports of an employee observing colleagues’ screens and sending encrypted emails externally should not be ignored. However, the correct response is measured investigation rather than immediate accusation. A director should: discreetly review available evidence check company policies and email activity assess potential data protection risks hold a professional discussion with the employee take appropriate action based on the findings In many cases the behaviour may turn out to be harmless or misunderstood. But if sensitive company information is leaving the organisation without authorisation, early investigation can prevent serious commercial and legal consequences. And in the modern workplace, the most dangerous cyber threat is often not a remote hacker. It is someone already sitting inside the office. Post navigation Ransomware on a Work Computer: What a UK Small Business Director Must Do Immediately