A study of people who left or lost their jobs in 2008 found close to 60 percent kept corporate data after leaving. The survey, performed by the Ponemon Institute and sponsored by Symantec, included more than 900 responses and found that many of those who took the data did so by stealing paper documents and hard files.
The survey, which was sponsored by Symantec, included responses from 945 adult employees who had lost or left a job in 2008.
The most commonly stolen pieces of information were e-mail lists and non-financial business information, taken by 65 and 45 percent, respectively, of the respondents who took something. Thirty-nine percent admitted taking customer information such as contact lists.
Among those who stole data, more than half said they did so because they thought it would be useful in the future – for example, at their new job. Roughly 60 percent of those who kept data had an unfavourable view of their company, and thirty-seven percent of the survey’s participants said they left because they were fired. Thirty-eight percent, meanwhile, said they simply found a new job, while another 21 percent left because they were expecting layoffs.
Larry Ponemon, chairman of the Ponemon Institute, found the statistics surprising: “I’m not sure that malicious intent and future employment are mutually exclusive,” he said. “Clearly the responses show that obtaining future employment was a significant motivating factor, but when we see a high percentage of individuals who took information knowing full well they were acting in violation of company policy, that hints strongly at the presence of malice.”
Sixty-one percent of the employees who stole business information took it in the form of paper documents or hard files. The next most popular method was downloading data onto a CD or DVD, which was done by 53 percent. Just fewer than 40 percent did it by sending documents as attachments to a personal e-mail account.
Equally troubling from an IT security perspective is that almost a quarter of the participants had the ability to access data even after they left the company, with 32 percent of these respondents admitting they accessed the system and their credentials worked.
“Most of this data loss is preventable,” said Rob Greer, senior director of product management for Symantec Data Loss Prevention. “While the majority of data loss is still due to accidental insider actions or broken business processes, this survey highlights preventable issues exacerbated by a slowing economy.”
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
I was interested to see the Ponemon Institute research that found an alarming 59 percent of employees who lost their jobs last year admitted to stealing confidential company information. This highlights the modern dangers associated with allowing unmanaged access to sensitive company information and then not switching this off when an employee leaves. Whilst companies will stop any ex-employee trying to wheel out filling cabinets full of customer information at the door, we see far more lax security measures when it comes to stopping access to the same information when held electronically.
The unprecedented layoffs occurring right now have exacerbated the issue, with companies running into the problem of having numerous ?zombie? accounts ? those left open to former employees or employees who have changed jobs. Zombie accounts are the result of a gap between the time an employee leaves a company or changes job function and when access to their accounts is revoked. This ?lag time? can also leave usernames and passwords open to being shared or sold to the highest bidder, giving cyber-criminals access to sensitive information without the need for sophisticated hacking techniques.
The problem can be solved through the implementation of Access and Compliance Management best practices to help companies safeguard their data and prevent the dreaded ?zombie account? loophole that is being exploited by a high percentage of ex-employees outlined in the research.
Stuart Hodkinson, General Manager, Courion (www.courion.com)