In yet another troubling survey released by the security firm Symantec yesterday, 50% percent of the employees who had left or lost their jobs in the last 12 months kept confidential corporate data and 40% plan to use it in their new jobs. In a blog post accompanying the report (aptly entitled “What’s Yours is Mine: How Employees are Putting Your Intellectual Property at Risk”), Symantec’s Robert Hamilton said it was “startling” that many employees “don’t think taking corporate data is wrong. Sixty-two percent of employees think it’s acceptable to transfer corporate data to their personal computers, tablets, smartphones and cloud file-sharing apps. And once the data is there, it stays there — most employees never delete it.”
The survey was conducted by The Ponemon Institute to examine the problem of IP theft by employees and was based on responses from 3,317 individuals in the U.S., the U.K., France, Brazil, China and Korea. Here are some more troubling statistics that Symantec cites:
• Over half admit to emailing business documents from their workplace to their personal email accounts;
• 41% say they email these documents at least once a week;
• 41% also admit that they download IP to their personally-owned tablets or smartphones, thus compromising the confidentiality of those documents even further;
• 37% use file-sharing apps such as DropBox or GoogleDocs without permission from their employer;
• The majority of employees using these file-sharing apps then fail to delete the documents included in those files; and
• 42% do not believe it is wrong for someone who developed software for his company to re-use the source code for another company.
To combat the attitudes giving rise to this grim study, Symantec advocates greater education of employees, the enforcement of Non-Disclosure Agreements, and the implementation of monitoring technology (such as data loss prevention software that notifies managers in real-time when sensitive information is inappropriately sent, copied or exposed).
Unfortunately, this survey echoes a survey by Harris Interactive (about which I wrote last year) that analyzed employee attitudes about the removal of confidential information from the office. I will say it again: it all comes down to implementing a culture of confidentiality and security and making sure that employees understand the ground rules of IP ownership with their employer. In the absence of that education and culture, employees will default to the dominant culture, which is increasingly reflected in the title of the report: What’s Yours is Mine.