Six out of ten employees steal company data

The research, ‘Jobs at Risk = Data at Risk’ conducted by the Ponemon Institute, concluded that the thefts may be encouraged by fears over job security in the current economic downturn. The stolen company data could be used to assist in finding a new job, starting a business or be used in revenge through means such as leaking it to a competitor or customer.

“[The thieves] are making judgments based out of fear and anxiety,” Mike Spinney of the Ponemon Institute told BBC News. “People are worried about their jobs and want to hedge their bets.”

The report surveyed 945 adults in the US who, in the last twelve months, had changed jobs or lost theirs through redundancy or dismissal.

Each respondent had access to sensitive company information such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other intellectual property.

"This shocking research places further emphasis on why IT security should be a priority for all businesses and highlights the need for a multi-pronged approach to data loss prevention," comments Jon Rolls, vice president of product management at ScriptLogic.

Rolls suggests some measures that can be taken to mitigate the risk of data theft from employees.

1) Ensure that permissions are correctly assigned to ensure that employees only have access to the information they need in order to fulfil their job responsibilities and remain productive

2) Control use of removable storage devices, specifically iPods, mobile phones and USB sticks, which provide an easy way to pull volumes of corporate data from the network.

3) Implement tools to quickly audit access to files and specific corporate data to identify the information that was stolen in a breach

"The key is to increase security without hampering productivity," says Rolls. "Unfortunately, many of the “free” and built-in tools provided to manage permissions and lock down removable storage devices are woefully inadequate."

He notes that "The best third-party solution will find the right balance for employee and employer, incorporating all of these aspects. Such solutions, will be more powerful, and yet will have simple permissions management to ensure this kind of data theft is much more difficult and will leave an audit trail."

What’s hot on Infosecurity Magazine?