February 23, 2009, 12:22 PM — A survey of 945 individuals who were laid off, fired or quit their jobs in the past 12 months shows that 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job.
That's according to the "Jobs at Risk = Data at Risk" survey published Monday by Ponemon Institute. The research firm found that 61% of respondents who felt negatively about the company took data while only 26% of those with a favorable view did. Only 31% of those surveyed said they had "trust" in their former employer to "act with integrity and fairness," 25% were "unsure" and 44% did not have trust.
Of the 945 individuals in the survey, which was sponsored by Symantec, 37% said they were asked to leave, 38% said they had found a new job and 21% moved on because they anticipated lay-offs.
The respondents described their work roles as 20% corporate information technology, 10% financial and accounting, 24% sales, 8% marketing and communications, and the remainder spread across fields that include general management, logistics and transportation, research and development, and human resources. They came from close to two dozen vertical industries, such as manufacturing or healthcare, as well as education and government.
"There are many tragic scenarios now where people are under tremendous pressure," says Kevin Rowney, founder of the DLP division at Symantec, which sponsored the survey because it wanted more insight into the data-theft problem.
Rowney says he personally knows of a bank using the Symantec data-loss prevention products where employees on the day they were laid off all tried to grab corporate information about high-worth individuals thinking it could help them in the future.
According to the survey, taking e-mail-related information and hardcopy files were the most popular types of documents to walk away with, according to the survey. Least popular were PDF files, accessing database files or stealing source code outright. Theft was carried out by simply walking out with paper documents or transferring data onto a CD, DVD, USB memory stick or sending documents out as e-mail attachments to a personal e-mail account.
Some admitted they knew taking information with them was wrong, but 79% of those who did admit to taking information without permission offered various reasons why they did it, including "everyone else does," the information may be useful in the future and "the company can't trace the information back to me."
Rowney says he believes a lot of this behavior is "emotional in a time of stress" rather than "sneaking individuals" carefully plotting a data heist over months. "A lot is in the heat of the moment, people make unwise decisions," he believes.
Surprisingly, 24% of these former employees responding to the survey said they still had access to their former employer's computer systems after they left, with over 50% citing between one day to a week, but 20% more than a week.
While Rowney acknowledges "there is no silver bullet" to prevent all paper and electronic data theft, there are many steps that companies can take to use technology and enforcement of clearly-defined data-protection policies to prevent a lot of the problems.