IT folks tend to assume that most company employees are not morally challenged.
However, SailPoint, a provider of data governance tools, recently commissioned Harris Interactive to poll 1.548 workers on their attitudes about confidential data. Almost half of them said they would take some form of company property with them upon leaving the company.
Specifically, 27 percent said they would take customer information, 23 percent would take electronic files, and 16 percent would take proprietary product information.
The thing that most companies need to realize, says Jackie Gilbert, vice president of marketing, is that many employees don't equate any of these activities with stealing. In their minds, electronic information that they worked on is as much their property as the company's.
Of course, the courts and employers see things very differently. But Gilbert says the most important thing a company can do to prevent security breaches by employees is to regularly review who has access to which files. There's a tendency to give employees perennial access to information regardless of how many times their roles change within the organization. The means many employees have access to information that goes well beyond the scope of their current assignment.
Beyond limiting what people have access to, Gilbert says companies would also be wise to implement a "least-privilege" approach to information based on a need to know. This doesn't necessarily need to be draconian, but a little prudence can go a long way when it comes to data governance.
Like most things in IT, it's frequently not about the technology at all. In the case of data governance especially, a lack of process for securing information in the first place tends to lead to recriminations later on.