Fraud is equally widespread. According to the annual Global Fraud Survey by the risk consulting company Kroll, 88% of companies worldwide suffered from some form of it in 2010. In Europe, it's an inside job in 50% to 60% of cases.
Kroll's results show a striking increase in the theft of corporate data (detected in 27.3% of businesses, up from 18% in 2009), particularly in the financial and professional services sectors. Cross recalls a recruitment consultant who went it alone with – as his ex-boss suspected – a little help from his former employer's client database downloaded on to a memory stick: "They had no software preventing copying of confidential data."
Cross posed as a start-up sandwich seller and got himself invited to the consultant's new offices. "I taped the guy talking about starting a business and hinting at the 'good old database'," he says, "and filmed the client names on his whiteboard." He pulls out a packet of Sovereign Black cigarettes from his pocket, pointing to a tiny camera hole.
Internal financial fraud is less common, but it still occurred in 13% of the companies Kroll surveyed. Cross secretly filmed a manager in a pie manufacturing company, who was signing for more meat than had been delivered and pocketing some of the supplier's payment.
Footage was also unexpectedly captured of the man viewing pornography on his work computer. "With mostly manual workers and few computers, the company hadn't installed software detecting and blocking flesh-coloured pixels coming through from websites or in emails," says Cross.
Most large and medium-sized organisations do use such filter software, often with activity monitoring software that logs all user actions: applications and web pages accessed, all mouse movements, print requests, keystrokes and memory stick insertions. This technology facilitates a monitoring policy which employees sign, usually with little knowledge of how the policing works in practice.
Recording everything employees do at their desktop is not a "Big Brother" approach, says Francis Carden, founder of OpenSpan Inc, a software provider to the Royal Bank of Scotland, Lloyds TSB and Vodafone. "The goal is to improve productivity."
No wonder: a recent survey by MyJobGroup.co.uk suggests that more than half of British workers access Facebook and other social media on company time – one-third for more than 30 minutes and nearly 6% for more than an hour a day. Social networking sites are also increasingly targeted by cybercriminals drawn to their huge user bases, putting employers at risk. Many employers block access to social networking sites altogether.
We also conduct our social lives from nine to five by email and phone. The Human Rights privacy law extends to the workplace, which means we have the right to a "reasonable" amount of personal correspondence and calls. However, it doesn't mean we have the right to use work email and phone for this purpose.
Employers can read our business emails. Although opening personal messages is off limits other than by exception, they can monitor our email usage for anything unreasonable or inappropriate. Most install software that searches for offensive or violent keywords indicating private or malicious traffic, as Tim Brown*, a former reporter on a regional newspaper, found out to his cost.
"I emailed a friend about two senior executives in my office having an affair, calling the woman a 'pissed-up hooker'," he admits. Two days later his editor threatened him with the sack for abusing the newspaper's email policy. "I got away with a warning, but I was made redundant six months later by the woman I'd been rude about."
While workers usually apply common sense when emailing friends from work, company phones can be used more freely. Bosses cannot eavesdrop on or tape calls without a business reason and must tell employees first, unless they have some evidence they are playing dirty with a competitor.
A recent survey by management solutions provider MDS found that employees use business landlines for personal calls and fail to disclose private calls on work mobiles in 79% to 90% of businesses. To counteract this, many employers use tracking software to monitor phone usage and spend. "The system can flag calls to specific numbers or destinations, or users charging more than £200 a month," says Drew Rockwell, chief executive of MDS.
Smartphones with global positioning systems offer employers another way to keep tabs on workers. It was recently revealed that iPhones record and store data about their owners' movements, while firms such as Crystal Ball sell mobile-phone monitoring apps that allow businesses to keep tabs on their employees' whereabouts and phone usage. "These are tough times and we need staff to be as productive as possible," argues Crystal Ball's managing director Raj Singh, who uses the app on his own employees but points out that a privacy option lets them become undetected at the end of the day.
What if employees find their right to privacy is being abused? "Mention the Information Commissioner's code of practice to your boss," says Becky Boston, a human resources specialist at Emphasis HR & Training. "If this doesn't work, you can raise a formal grievance." In 2007 the European Court of Human Rights awarded more than £6,000 to an employee of Carmarthenshire College in Wales, who had her emails, telephone and internet usage secretly checked.
Has Cross ever sailed close to the wind and bugged company premises? He shakes his head: "Normally, you can monitor use of company property – vehicles or computers – but eavesdropping on people is a legal minefield."
"A fluorescent jacket takes you straight into a building," he says simply.
*Name has been changed
Human Resources expert Becky Boston offers the following tips: