Most fired workers steal data on way out the door, survey shows
Symantec-sponsored Ponemon survey finds that 59% of respondents took data with them
Network World - A survey of 945 individuals who were laid off, fired or quit their jobs in the past 12 months shows that 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job.
That's according to the "Jobs at Risk = Data at Risk" survey published Monday by Ponemon Institute LLC. The research firm found that 61% of respondents who felt negatively about the company took data, while only 26% of those with a favorable view did. Only 31% of those surveyed said they had "trust" in their former employer to "act with integrity and fairness," 25% were "unsure" and 44% did not have trust.
Of the respondents, 37% said they were asked to leave, 38% said they had found a new job and 21% moved on because they anticipated layoffs.
The respondents described their work roles as 20% corporate IT; 10% financial and accounting; 24% sales; and 8% marketing and communications, with the remainder spread across fields that include general management, logistics and transportation, research and development, and human resources. They came from close to two dozen vertical industries, such as manufacturing, health care, education and government.
"There are many tragic scenarios now where people are under tremendous pressure," said Kevin Rowney, founder of the data-loss-prevention division at Symantec Corp., which sponsored the survey because it wanted more insight into the data-theft problem.
Rowney said he personally knows of a bank where employees on the day they were laid off all tried to grab corporate information about high-worth individuals, thinking it could help them in the future.
According to the survey, e-mail-related information and hardcopy files were the most popular types of documents to walk away with. Least popular were making off with PDFs, accessing database files or stealing source code outright. Thefts were carried out by simply walking out with paper documents or by transferring data onto a CD, DVD or USB memory stick, or sending documents out as e-mail attachments to a personal e-mail account.
Some admitted they knew taking information was wrong, but 79% who admitted to taking the data offered various reasons why they did so. They said the information might be useful in the future and said such comments as "everyone else does" and "the company can't trace the information back to me."
Rowney said he believes a lot of this behavior is "emotional in a time of stress" rather than "sneaking individuals" carefully plotting a data heist over months. "A lot is in the heat of the moment, people make unwise decisions," he added.
Surprisingly, 24% of the survey respondents said they still had access to their former employer's computer systems after they left, with over 50% of them saying that the access continued for between a day and a week, and 20% said it lasted for more than a week.
While Rowney acknowledged that "there is no silver bullet" to prevent all thefts of paper documents and electronic data, he said there are many steps that companies can take to use technology and enforce clearly defined data-protection policies to prevent a lot of the problems.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your...