Sacked Staff Steal Company Data
Sixty percent of people who lose their jobs take company data with them when they go, according to a study sponsored by Symantec.
A study of people who left or lost their jobs in 2008 found close to 60 percent kept corporate data after leaving. The survey, performed by the Ponemon Institute and sponsored by Symantec, included more than 900 responses and found that many of those who took the data did so by stealing paper documents and hard files.
The survey, which was sponsored by Symantec, included responses from 945 adult employees who had lost or left a job in 2008.
The most commonly stolen pieces of information were e-mail lists and non-financial business information, taken by 65 and 45 percent, respectively, of the respondents who took something. Thirty-nine percent admitted taking customer information such as contact lists.
Among those who stole data, more than half said they did so because they thought it would be useful in the future – for example, at their new job. Roughly 60 percent of those who kept data had an unfavourable view of their company, and thirty-seven percent of the survey’s participants said they left because they were fired. Thirty-eight percent, meanwhile, said they simply found a new job, while another 21 percent left because they were expecting layoffs.
Larry Ponemon, chairman of the Ponemon Institute, found the statistics surprising: “I’m not sure that malicious intent and future employment are mutually exclusive,” he said. “Clearly the responses show that obtaining future employment was a significant motivating factor, but when we see a high percentage of individuals who took information knowing full well they were acting in violation of company policy, that hints strongly at the presence of malice.”
Sixty-one percent of the employees who stole business information took it in the form of paper documents or hard files. The next most popular method was downloading data onto a CD or DVD, which was done by 53 percent. Just fewer than 40 percent did it by sending documents as attachments to a personal e-mail account.
Equally troubling from an IT security perspective is that almost a quarter of the participants had the ability to access data even after they left the company, with 32 percent of these respondents admitting they accessed the system and their credentials worked.
“Most of this data loss is preventable,” said Rob Greer, senior director of product management for Symantec Data Loss Prevention. “While the majority of data loss is still due to accidental insider actions or broken business processes, this survey highlights preventable issues exacerbated by a slowing economy.”