Everyone who's ever had anything to do with data security or end user support know a company's employees are its biggest security risk.
The fine-tuned deductive logic of many in IT security, however, has been warped by months or years spent in direct end-user support to the point that even the most effective threat detectives tend to consider the danger from herds of sheeple in userland to be primarily that they will crush the servers in a stampede toward birthday sheet cake or, if left unsupervised, unplug the firewall so they can download files more quickly from MusicalMalware.com.
They are much more devious than that, however, and much more aware of the potential value of the knowledge to which they're privy when they're not avoiding work by hiding in the privy.
In a survey of 3,400 employees in the U.S., U.K. and Australia, Harris Interactive found that large percentages of them would be happy to send private corporate data to people who don't work for the company, or take it with them when they left the company themselves.
You would think the 10 percent of American and 12 percent of Australians polled polled would have some skulduggery in mind if they planned to give secret data to non-employees; it's always possible they would do it out of simple cluelessness, however.
That's the danger of working too long with end users who don't know or care how the computer works as long as you can fix it so they can get their work or shopping done before going home.
Asked specifically if they'd actually sell corporate data on the Internet for a profit, five percent of American and 4 percent of Australians said yes.
How do you tell which are fools and which are scoundrels?
Judging by the data, you can just listen for the accent.
Twenty seven percent of British employees said they'd send data to someone outside the company – more than twice as much as either of the other two nationalities. Fully a quarter more than both of them combined, in fact.
The pattern continues through all the other questions. Asked if they'd copy data to take away when they quit, 9 percent of Americans and 8 percent of Australians said yes.
Britons? 24 percent.
Keep in mind that, for centuries England dealt with criminals by sending them out of the country, mainly to America and Australia. So if the British are a lot more criminally inclined when it comes to data security, they are that way after having already skimmed out much of the criminal element of their society and relocated it so its offspring couldn't be skewing these results.
If the Brits hadn't transported their criminals, they'd probably be even worse.
There wouldn't be any unstolen data in the whole country.
There wouldn't even be the same history. The British army never could have gotten all the way across Europe in WWII, for example. They'd have had to stop and steal too often to keep up with the Americans.
Think that theory doesn't hold up from the rest of the questions?
Asked if they would feel comfortable doing "something" unauthorized with corporate data, 48 percent of Brits said yes, compared to 22 percent of Americans and 29 percent of Ozzies.
Asked if they would sell data on the Internet – consciously and purposely, with no question that they were acting illegally and profiting by violating the trust of their employer, mind you, without all the mealy mouthed approximations in the other questions – 5 percent of Americans and 4 percent of Australians muttered "yeah" out of the corner of their mouths while continuing to polish their gats.
The Brits just kept looking prim and sounding Proper even as fully 24 percent – six times the rate of the criminally ancestored Australians – said they would to it.
Don't underestimate your users. Incompetence is far more likely a motivator when something goes badly wrong than evil intent.
Just don't forget that, sometimes, there's evil intent, too. And it usually speaks with a British accent.