A study has found some 60% of workers who quit or are made redundant take company information with them when they go, despite knowing full-well their contract forbids it. How can you manage the risk of losing sensitive data when disgruntled staff members leave your organisation?
A study has found some 60% of workers who quit or are made redundant take company information with them when they go, despite knowing full-well their contract forbids it. How can you manage the risk of losing sensitive data when disgruntled staff members leave your organisation?
The most common thefts are email lists, non-financial business information, customer contact lists and employee records. And your numbers aren’t safe either – 16% take financial information with them, the Ponemon Institute study found.
Lack of loyalty and an increase in remote and mobile workers could be responsible, said Larry Ponemon, whose company published the study. “More and more people seem to feel entitled to information they create on the job, and an increase in mobility in the workforce means many employees don't have a lasting relationship with their employers,” Ponemon said.
“As you have more employees working from remote locations and on home computers, the concept of who really controls this data isn't often clear to people,” he commented.
One sticky point is ensuring network access is cut promptly – too many companies don’t make sure their former staff can’t log on to their network, and don’t continue to receive company emails, according to Kevin Rowney from data loss prevention at Symantec.
“Far too many companies seem to be very sloppy with network access governance,” Rowney said. One mistake that frequently occurs is companies leaving email accounts active in the short term after staff leave, so client messages can be picked up by current staff. However, if a worker had remote access to their account they could still be seeing messages with sensitive information in them until that account is closed or access is restricted.
Best practice tip
Because of common contract clauses banning employees from taking data after they leave, there are usually legal avenues to pursue, but a bit of prevention can prevent a lot of pain.
Make sure your network access is kept up to date, and ensure departing workers understand their obligations and the consequences for themselves and their new employers if they’re caught taking data with them.