Research by the DTI found that three quarters of companies had suffered some kind of security incident last year. Many of the threats came not from highly trained hackers on an international scale, but rather from the disgruntled employee along the corridor.

Justin King (MD C2i International) said recently in Director Magazine, "We don't know how many companies are being bugged. But we do know that £10 million a year is spent on listening technology". Surprisingly it is not illegal to place a bug in a company's boardroom. All you can be done for is stealing electricity!

Disposal of confidential rubbish is often effected via sacks, taken to the tip or incinerator, often by lowly paid staff. The going rate for stealing a sack of confidential waste from cleaners is just £20.

There is a lot companies can do, not only to protect employees but to protect the company too.

Companies employing more than 7 people are obliged to carry out full risk assessments that deal with everyday, real-world risk as opposed to a terrorist attack.

Under Health and Safety law if you fail to warn the staff of certain security risks they can sue you.

To reduce identity theft within the workplace and in fact other types of workplace fraud, employers need to set the tone from the top by writing and disseminating a security and anti-fraud policy statement and then to foster it rather than it being a 'one-off'. It's a case of inform, educate and advise.

It shouldn't be a complicated message but should address the issues and also be transmitted to third parties and contractors - make them aware that you are aware.

In addition, companies should take care when sending documents such as Microsoft Word files. It may be possible to trace the changes and comments made to an original document that a third party shouldn't see. It's far safer to copy the final draft into a new copy. Similarly the originator of a document can be traced by going into Outlook's properties menu - could be an issue if you have third party legal advisers involved.

Employers can screen out fraudsters via pre-employment screening and vetting and careful review of application forms and especially the scrutinising of gaps in employment. Take up and verify references. Consider psychometric testing - it's surprising how revealing this can be on a number of fronts. Calligraphers have a proven track record of identifying thieves. Keep matters under constant review.

Remember too that intellectual property theft is rife. Write and implement an IT security policy. Utilise ISP 9000 and other quality procedures to ensure people stick to the correct way of doing things. Pay particular attention to laptop computers which seem to have the ability to walk! Remember the stolen Gulf War plans and Maxine Carr's secret location? Provide staff with security awareness training. Reward efficiency and reduction in losses but also punish offenders in a tough and direct manner.

Whistleblowing should be encouraged and backed up by solid codes of conduct and standards based on standing orders and workable rules and procedures.