Laid off workers likely to steal company data, survey warns

In an era of layoffs and company cutbacks, disgruntled employees often leads to data leaks, according to a survey from Symantec and the Ponemon Institute.

Employees who leave their companies -- whether voluntarily or by force -- are now more likely to steal confidential company information on their way out, especially if they don't trust their employer, according to a recent survey. 

SearchSecurity.com:

To get security news and tips delivered to your inbox,  click here to sign up for our free newsletter.

The report, "Jobs at Risk = Data at Risk," is based on a Symantec Corp. and Ponemon Institute survey of 945 participants located in the U.S. who have been laid off, fired or changed jobs in the last 12 months. It found 59% of employees who leave or are asked to leave are stealing company data, such as contact lists, employee records and other business documents.

Rob Greer, senior director of product management at Symantec, said often times when company security policies are unclear, some employees feel they are entitled to take data with them when they leave as parting gifts because they helped build or create the data. However, there are also instances where malicious insiders may take being laid off or let go personally and try to inflict harm on the company. 

Economic doldrums:

PCI costs slow compliance projects in down economy: PCI projects at some firms face scrutiny and funding shortfalls due to the economy.

Security spending continues despite shaky economy, Forrester finds: An uncertain economy is causing many companies to do some budget tightening, but the continued barrage of data breach news has helped keep data security a priority in most companies.

Four ways to prioritize security programs in bad economy: While IT pros should evaluate their ongoing security processes and technologies, security vendors also need to make an assessment of their overall value and adjust the business.

Report offers security strategy tips to overcome funding problems: The economy is forcing companies to accept more risk, but a new report offers tips to showcase the value of the security team.

The report found that 61% of respondents who had negative feelings about their company took data, while only 26% of those with a favorable view of their company took data. Employers should focus on communicating with their employees to prevent negative sentiments that may result in malicious activity and stolen information after a layoff, Greer said.

The financial crisis has sent the economy spiraling, resulting in increased layoffs in many industries. The U.S. unemployment rate is at 7.6%, the highest in more than 16 years. Banks and other financial institutions have been especially hard hit with layoffs and could face the greatest risk of data leakage from insiders. The highest percentage of survey responses came from the financial services industry, Symantec said.

"Generally speaking when thinking about companies that are dealing with this economy and laying people off, if [employers] focus more on communicating and being more open as to what's going on within the company as much as they can, the likelihood of having employees take data would be less likely as [employees] are not constantly wondering about the status of their job," Greer said.

Companies are failing to take proper measures to stop employee data theft. Eighty-eight percent of respondents reported their company did not do an electronic scan of devices such as portable data-bearing equipment or USB memory sticks before they left.

Greer advised companies to be proactive in managing their data and to form a comprehensive prevention strategy to prevent data loss.

"Know where your data is, how it is being used, and the best way to prevent its loss and do that across all three threat vectors -- endpoint, network, and storage -- and lastly, be consistent with the policy," Greer said.

Employee education is also instrumental in preventing data loss, Greer said. 

"Employees should know what the company's polices are and be aware of their actions and what actions might be used against them in the future," Greer said.

Another way to prevent employees from stealing data is implementing a solution that monitors end users, Greer said.

"If people know they're being monitored, they'll be less likely to do foolish things if they end up getting laid off."

While employees are taking information without permission, the majority are not looking to ruin the entire company, he said.

"You may have some employees that are very upset and more focused on damaging the employer, but the majority [of employees], based on the information in the survey, are more focused on utilizing that information in the future [for another job]," Greer said.

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close