Because so many companies run on technology, corporate secrets are vulnerable to theft.
Unfortunately, the thief may be an employee.
The most likely thief is someone contemplating or about to leave.
According to surveys by Information Strategies, Inc. and others, most employees queried indicated they had taken company information when leaving an employer.
The most common theft was client lists, proposals and proprietary information such as formulas and specifications.
For managers, this places an additional burden when contemplating separation of employees with access to sensitive information.
Confidentiality agreements are often mute once an employee leaves.
The time to protect data is while employees are employed.
Three suggestions offered by experts:
- Severely restrict access to sensitive data and monitor who is downloading such information.
- Conduct periodic in-house meetings highlighting the need to secure data.
- Monitor employees who exhibit signs they are leaving the company.
Naturally, all of these activities run the risk of alienating employees but attempts should be made to sensitize all levels of management as to the dangers of lost data.
A recent poll by Information Strategies, Inc. indicated less than 10% of respondent firms had implemented or considered creating in-house programs educating employees about data theft.
Only two respondents said they had active programs encouraging employees to look for other staff members who appeared to be appropriating or misusing data.
Unfortunately, data theft is an accepted practice in many areas.
Experts cite sales, marketing, IT and finance as functions with high acceptance of data theft.
For instance, nearly half of IT professionals from across a wide range of industries admit they have taken data with them -- everything from documents and lists to sales proposals and contracts -- when they've changed jobs.
The problem is that IT programs are often designed to easily permit downloading of corporate data by just about anyone.
In a study of more than 900 professionals commissioned by enterprise rights management company Liquid Machines, said they don't see their companies' IT security practices as obstacles to accessing data from outside company walls or to walking out the door with it in their bag or thumb drive.
Respondents indicated that this fact made them aware that if they're capable of taking critical information home with them, others are, too.
The survey showed that 39% of workers have printed a document out rather than forward it on electronically to try to minimize the number of paths it could take out of the building.
Historically, IT and security managers have focused on protecting the company network, and the information on it, from outside attackers.
Over the last several years, though, an increasing amount of attention has fallen on the risk associated with a company's own employees -- the dreaded insider.
Some security professionals are even recommending that companies perform background checks on their IT workers, especially those who have access to key systems and applications.
Of the 45% of respondents who said they've taken data with them when they've left a job, some said they simply e-mailed data to a personal address. Others said they walked out the door with the data, usually on a peripheral storage device, tucked in a bag or pocket.
Eighty-seven percent said they're allowed to use flash drives, while 69% can use external hard drives. Even MP3 players, which are used by 46% of respondents, can be used as external hard drives.
The study also showed that with so many admitting to taking data with them when they leave jobs, it's no surprise that 53% of respondents said they suspect their companies' intellectual property is being used by the competition. Among manufacturing employees, a whopping 71% said their competition has used their companies' intellectual property. Technology employees agree with this statement 63% of the time.
It's not clear how many people blame their own sticky fingers, but it's clear that many blame IT.
About 42% of respondents said their companies' security is non-existent, not strong enough, the wrong type, or too restrictive. A full 48% of those working in technology blame poor security.