 "Employees Steal Corporate Data And Don't Believe It's Wrong")
Half of employees who left or lost their jobs in the last 12 months kept confidential corporate data, according to a global survey from Symantec, and 40 percent plan to use it in their new jobs. The results show that everyday employees’ attitudes and beliefs about intellectual property (IP) theft are at odds with the vast majority of company policies.
Employees not only think it is acceptable to take and use IP when they leave a company, but also believe their companies do not care. Only 47 percent say their organisation takes action when employees take sensitive information contrary to company policy and 68 percent say their organisation does not take steps to ensure employees do not use confidential competitive information from third-parties. Organisations are failing to create an environment and culture that promotes employees’ responsibility and accountability in protecting IP.
Survey Highlights
Employees move IP outside the company in all directions, and never clean it up. Sixty-two percent say it is acceptable to transfer work documents to personal computers, tablets, smartphones or online file sharing applications. The majority never delete the data they’ve moved because they do not see any harm in keeping it.
Most employees do not believe using competitive data taken from a previous employer is wrong. Fifty-six percent of employees do not believe it is a crime to use a competitor’s trade secret information; this mistaken belief puts their current employers at risk as unwitting recipients of stolen IP.
Employees attribute ownership of IP with the person who created it. Forty-four percent of employees believe a software developer who develops source code for a company has some ownership in his or her work and inventions, and 42 percent do not think it’s a crime to reuse the source code, without permission, in projects for other companies.
Organisations are failing to create a culture of security. Only 38 percent of employees say their manager views data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies.
“When it comes to trade secret theft by mobile employees, an ounce of prevention is usually worth ten pounds of cure,” said Dave Burtt, Founder of Mobility Legal P.C. “We consistently see departing employees who don’t understand their obligation to keep trade secrets secret, but are just as often faced with companies whose own procedures are sorely lacking when it comes to protecting valuable IP. But everybody loses when a mobile employee steals trade secrets- the company who invested in the IP, the employee who took it, and the organisation that receives it, even unknowingly, who most often is on the hook for defending the litigation that follows. Before employees exit, dust off agreements they likely haven’t looked at in years, figure out all of the places the employee has stored sensitive company information and get it back, and ensure that employees understand their continuing obligations not to use or disclose company trade secrets.”
Recommendations
Employee education: Organisations need to let their employees know that taking confidential information is wrong. IP theft awareness should be integral to security awareness training.
Enforce non-disclosure agreements (NDAs): In almost half of insider theft cases, the organisation had IP agreements with the employee, which indicates the existence of a policy alone—without employee comprehension and effective enforcement—is ineffective. Include stronger, more specific language in employment agreements and ensure exit interviews include focused conversations around employees’ continued responsibility to protect confidential information and return all company information and property (wherever stored). Make sure employees are aware that policy violations will be enforced and that theft of company information will have negative consequences to them and their future employer.
Monitoring technology: Implement a data protection policy that monitors inappropriate access and use of IP and automatically notifies employees of violations, which increases security awareness and deters theft.
“Companies cannot focus their defences solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organisation,” said Lawrence Bruhmuller, Vice President of Engineering and Product Management, Symantec. “Education alone won’t solve the problem of IP theft. Companies need data loss prevention technologies to monitor use of IP and flag employee behavior that puts confidential corporate data at risk. The time to protect your IP is before it walks out the door.”
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
