Survey: Axed Employees Often Walk Out with Corporate Data
Sometimes employees walk out with more than their walking papers when they clock out for the last time.
A study by the Ponemon Institute found that more than 59 percent of those surveyed kept corporate data after leaving their jobs. The survey, which was sponsored by Symantec, included responses from 945 adult employees who had lost or left a job in 2008.
The most commonly stolen pieces of information were e-mail lists and non-financial business information, taken by 65 and 45 percent, respectively, of the respondents who took something. Thirty-nine percent admitted taking customer information such as contact lists.
Among those who stole data, more than half said they did so because they thought it would be useful in the future - for example, at their new job. Roughly 60 percent of those who kept data had an unfavorable view of their company, and thirty-seven percent of the survey's participants said they left because they were fired. Thirty-eight percent, meanwhile, said they simply found a new job, while another 21 percent left because they were expecting layoffs.
Are they employees from hell? Maybe. But either way, Larry Ponemon, chairman of the Ponemon Institute, found the statistics surprising.
"I'm not sure that malicious intent and future employment are mutually exclusive," he said. "Clearly the responses show that obtaining future employment was a significant motivating factor, but when we see a high percentage of individuals who took information knowing full well they were acting in violation of company policy, that hints strongly at the presence of malice."
Sixty-one percent of the employees who stole business information took it in the form of paper documents or hard files. The next most popular method was downloading data onto a CD or DVD, which was done by 53 percent. Just fewer than 40 percent did it by sending documents as attachments to a personal e-mail account.
Equally troubling from an IT security perspective is that almost a quarter of the participants had the ability to access data even after they left the company, with 32 percent of these respondents admitting they accessed the system and their credentials worked.
"Most of this data loss is preventable," said Rob Greer, senior director of product management for Symantec Data Loss Prevention. "While the majority of data loss is still due to accidental insider actions or broken business processes, this survey highlights preventable issues exacerbated by a slowing economy."