Look around the office. One in four of the people will take or share sensitive company information when they leave their job. The findings from a 2016 survey of 600 employees in seven industries by Biscom show that employees are the greatest risk when it comes to data theft.
The survey also found the following:
- 15 percent of respondents said they are more likely to pilfer files if they’re fired.
- 85 percent of those who take data say it’s material they created, so it isn’t wrong.
- Only 25 percent of ex-employees took material they did not create.
The good news
About 95 percent of respondents said taking data was possible because
- Their employer didn’t have policies or technology to stop them, or
- The company ignored its policies.
That’s good news because it means there’s something you can do about it right now if you fall into either of those camps.
Most survey respondents didn’t accept the categorization of their actions as “theft.” They don’t think taking company data is malicious or even just wrong because—in most instances—they’re taking something they created; they see themselves as co-owners.
Education can go a long way to addressing this aspect of the problem. Talk to new employees about data protection and security. Periodically remind staff about your stance.
2. Establish clear policies (and enforce them)
Where you have policies governing data handling that are clear and comprehensive, you’ll reduce the problem. Put those policies in employment contracts.
Address issues such as the following:
- Using personal devices to create company data
- Using consumer file sharing and collaboration tools
The range of tools survey respondents used to take information ranged from flash drives to Dropbox to simple printing.
3. Keep permissions tight
Establish data classification and access permissions. You don’t want to stifle productivity, but there’s no reason to give access to people who don’t need it. The principle of least privilege is a good rule of thumb.
Moving to the cloud requires special vigilance with tracking permissions and user access. Even keeping a spreadsheet that lists every employee’s access, tools, and apps can help.
4. Be vigilant
Watch for the unusual. Set up alerts for movements of unusual amounts of data or activity at odd hours.
5. Prepare to respond
The survey suggests that some theft—or attempted theft, at any rate—is inevitable. You should prepare for when, not if.
Decide now on how you will respond in the event of an attack or in the event an employee who is leaving the company might be disgruntled. Employees were 22 percent more likely to steal company information if they were fired under “bad circumstances.”