We talk a lot about insider threats and the damage that employees can do – whether knowingly or by accident – to your computer networks and company data. A new Symantec survey points out another serious employee-related threat – the outgoing employee. According to the survey, half of employees who left or lost their jobs in the last 12 months kept confidential corporate data and 40 percent plan to use it in their new jobs.
Why do they do it? Because the majority of employees don’t see it as a problem. You know, take a pack of your favorite pens from the supply room and put the projects you slaved over on a flash drive – nobody will know the difference and nobody will care. In fact, the survey shows just that: 47 percent say their organization takes action when employees take sensitive information contrary to company policy and 68 percent say their organization does not take steps to ensure employees do not use confidential competitive information from third parties.
A major part of the problem goes back to basic education and communication. Nearly half of employees believe that whomever created the company’s intellectual property also owns it. From my days working for a magazine, I saw that in action. The in-house writers were told that their articles and research were owned by the publication. The wording was in their contracts and it was discussed in interviews and in meetings. Not everyone liked the policy – many argued that they should own the copyrights to everything they created, but the policy was spelled out and expected to be followed. Businesses create all sorts of intellectual property, but are decision makers doing a good job of explaining who owns that property and why? According to the Symantec survey, no, they aren’t.
Another finding in the survey jumped out at me: Only 38 percent of employees say their manager views data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies. And this, the survey said, means corporations are failing to create a culture that focuses on security. As Nick Cavalancia, VP of Spectorsoft, an employee monitoring solutions provider, said to me in an email:
Among the reasons why organizations have failed to create a culture of security and deploy monitoring technologies is because they don't realize how simple and cost-effective implementing both can be. Employers are also concerned about monitoring due to privacy issues, which is why they frequently shy away from it. Companies needn’t worry about this anymore though, as employees recognize and accept that they are subject to monitoring. In fact, a recent survey we conducted revealed that a majority of employees do not object to being monitored, and that they welcome it.
Employers have to do a better job securing their intellectual property. The place to start is with better education about ownership and monitoring technology, like shutting off access to computer networks when the employee leaves the company. If employers don’t start making intellectual property theft a big deal, employees will continue not to take it seriously.