Employees who leave their companies -- whether voluntarily or by force -- are now more likely to steal confidential company information on their way out, especially if they don't trust their employer, according to a recent survey.
The report, "Jobs at Risk = Data at Risk," is based on a Symantec Corp. and Ponemon Institute survey of 945 participants located in the U.S. who have been laid off, fired or changed jobs in the last 12 months. It found 59% of employees who leave or are asked to leave are stealing company data, such as contact lists, employee records and other business documents.
Rob Greer, senior director of product management at Symantec, said often times when company security policies are unclear, some employees feel they are entitled to take data with them when they leave as parting gifts because they helped build or create the data. However, there are also instances where malicious insiders may take being laid off or let go personally and try to inflict harm on the company.
The report found that 61% of respondents who had negative feelings about their company took data, while only 26% of those with a favorable view of their company took data. Employers should focus on communicating with their employees to prevent negative sentiments that may result in malicious activity and stolen information after a layoff, Greer said.
The financial crisis has sent the economy spiraling, resulting in increased layoffs in many industries. The U.S. unemployment rate is at 7.6%, the highest in more than 16 years. Banks and other financial institutions have been especially hard hit with layoffs and could face the greatest risk of data leakage from insiders. The highest percentage of survey responses came from the financial services industry, Symantec said.
"Generally speaking when thinking about companies that are dealing with this economy and laying people off, if [employers] focus more on communicating and being more open as to what's going on within the company as much as they can, the likelihood of having employees take data would be less likely as [employees] are not constantly wondering about the status of their job," Greer said.
Companies are failing to take proper measures to stop employee data theft. Eighty-eight percent of respondents reported their company did not do an electronic scan of devices such as portable data-bearing equipment or USB memory sticks before they left.
Greer advised companies to be proactive in managing their data and to form a comprehensive prevention strategy to prevent data loss.
"Know where your data is, how it is being used, and the best way to prevent its loss and do that across all three threat vectors -- endpoint, network, and storage -- and lastly, be consistent with the policy," Greer said.
Employee education is also instrumental in preventing data loss, Greer said.
"Employees should know what the company's polices are and be aware of their actions and what actions might be used against them in the future," Greer said.
Another way to prevent employees from stealing data is implementing a solution that monitors end users, Greer said.
"If people know they're being monitored, they'll be less likely to do foolish things if they end up getting laid off."
While employees are taking information without permission, the majority are not looking to ruin the entire company, he said.
"You may have some employees that are very upset and more focused on damaging the employer, but the majority [of employees], based on the information in the survey, are more focused on utilizing that information in the future [for another job]," Greer said.