One would hope the staffers underneath you could be trusted with the sensitive information that Finance sees on a daily basis. But this tells a different tale.
Intellectual property and trade secrets are at risk, according to a recent study by Symantec. It found that half of employees who left or lost their job in the past year had no qualms about keeping confidential corporate data.
More troubling is that 40% of those surveyed said they’d planned to use it at their new jobs – or old competitors.
But is it all done out of spite? The study shows that might not be the case. Most employees think it’s perfectly acceptable to take confidential data with them and actually believe their former company doesn’t mind! Only 47% say their company would take action against an employee who was holding onto confidential data, even if that company has a policy in place.
Here are some more highlights from the report:
- Employees move company data to more than one personal device. 62% are copying documents, spreadsheets and any other relevant work files to their personal laptops, tablets, smart phones or cloud storage services. There’s apparently no urgency to delete the files either once an employee is gone from the company.
- Employees believe ownership = person who created the data. A little less than half of employees believe the individual person who authors a piece of data – whether it’s a document or programming code for a website – is the owner of that data. 42% believe it’s okay to re-purpose that data.
- Data security isn’t a priority. Only 38% of employees said their manager views data protection as a priority, and 51% think it’s okay to hold onto confidential corporate data because there is no strict policy in place.
Steps for preventing data theft
Symantec recommends three steps to take for nipping this practice in the bud. As expected, the main deterrent is educating employees:
- Teach them during training. Employees need to know from day one that every piece of intellectual property and corporate data is confidential and is not to be used outside the office for any means. Make the disciplinary – and legal – consequences of data theft crystal clear.
- Address data theft concerns during exit interviews. That’s not to say treat every exiting employee as a possible threat, but make sure the interviewer reminds the departing employee about the consequences.
- Monitoring policy. It may make the most sense to have IT monitor any inappropriate access or use of corporate data.
Is data theft a cause for concern at your organization? Let us know your tips for avoiding it in the comments below.