Out-Law News | 23 Nov 2009 | 5:27 pm | 2 min. read
The company asked 600 workers at London's Canary Wharf and New York's Wall Street about their attitudes to company data and found that 41% had taken data from one job to another. A third of workers would take corporate data to help a family or friend get a job.
Accidental data losses have hit the headlines since 2007 when HM Revenue and Customs lost 25 million people's data, but security experts have long warned that employees are a bigger security risk than lost laptops or misplaced CDs.
The survey, which was carried out by information security specialists Cyber-Ark Software, claims that experts' fears are well placed.
It revealed that the most popular kinds of information to be stolen are customer and contact details, followed by business plans and proposals, then by product details. It found that 13% of workers were prepared to take passwords and usernames so that they could access information at a later date.
“While we are seeing glimmers of hope in the UK and US economy, clearly employee confidence has been rocked," said Cyber-Ark director Mark Fullbrook. "This survey shows that many workers are willing to do practically anything to ensure job security or make themselves more marketable – including committing a crime."
The survey also contained bad news for IT departments within companies. While last year just 29% of workers said it was easy for them to take sensitive data from their company, that number rose this year to 57%.
"While there is no excuse for employees who are willing to compromise their ethics to save their job, much of the responsibility for protecting sensitive proprietary data is the responsibility of the employer," said Fullbrook. "Organisations must be willing to make improvements to how they monitor and control access to databases, networks and systems, even by those privileged users who have legitimate rights. Additional protection can be added with simple steps like frequently changing passwords and only granting access to certain information on-demand.”
Some pieces of information will be protected by copyright, others by trade secret laws, and information to do with people will be protected by data protection legislation. A worker's conduct will be governed by their employment contract, an implied term of which is likely to be that there is a relationship of trust and confidence between the company and the employee which theft would break. Disciplinary policies are also likely to list theft from the company as an example of gross misconduct.
The workers queried were aware of how serious their actions are. The survey found that 85% of them were aware that it is illegal to download corporate information.
The favoured medium for stealing information was the USB memory stick. Printing out information was the next favourite, followed by emailing it.
Most data thieves did not even have a specific use for the data they took. While 20% said they would use it in a new job and 27% said that they would use it as a bargaining tool to get a new job, 64% said that they took data 'just in case it was useful', the survey said.