Most fired workers steal data on way out the door, survey shows
Symantec-sponsored Ponemon survey finds that 59% of respondents took data with them
Network World - A survey of 945 individuals who were laid off, fired or quit their jobs in the past 12 months shows that 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job.
That's according to the "Jobs at Risk = Data at Risk" survey published Monday by Ponemon Institute LLC. The research firm found that 61% of respondents who felt negatively about the company took data, while only 26% of those with a favorable view did. Only 31% of those surveyed said they had "trust" in their former employer to "act with integrity and fairness," 25% were "unsure" and 44% did not have trust.
Of the respondents, 37% said they were asked to leave, 38% said they had found a new job and 21% moved on because they anticipated layoffs.
The respondents described their work roles as 20% corporate IT; 10% financial and accounting; 24% sales; and 8% marketing and communications, with the remainder spread across fields that include general management, logistics and transportation, research and development, and human resources. They came from close to two dozen vertical industries, such as manufacturing, health care, education and government.
"There are many tragic scenarios now where people are under tremendous pressure," said Kevin Rowney, founder of the data-loss-prevention division at Symantec Corp., which sponsored the survey because it wanted more insight into the data-theft problem.
Rowney said he personally knows of a bank where employees on the day they were laid off all tried to grab corporate information about high-worth individuals, thinking it could help them in the future.
According to the survey, e-mail-related information and hardcopy files were the most popular types of documents to walk away with. Least popular were making off with PDFs, accessing database files or stealing source code outright. Thefts were carried out by simply walking out with paper documents or by transferring data onto a CD, DVD or USB memory stick, or sending documents out as e-mail attachments to a personal e-mail account.
Some admitted they knew taking information was wrong, but 79% who admitted to taking the data offered various reasons why they did so. They said the information might be useful in the future and said such comments as "everyone else does" and "the company can't trace the information back to me."
Rowney said he believes a lot of this behavior is "emotional in a time of stress" rather than "sneaking individuals" carefully plotting a data heist over months. "A lot is in the heat of the moment, people make unwise decisions," he added.
Surprisingly, 24% of the survey respondents said they still had access to their former employer's computer systems after they left, with over 50% of them saying that the access continued for between a day and a week, and 20% said it lasted for more than a week.
While Rowney acknowledged that "there is no silver bullet" to prevent all thefts of paper documents and electronic data, he said there are many steps that companies can take to use technology and enforce clearly defined data-protection policies to prevent a lot of the problems.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.