February 7, 2013
Half of employees who left or lost their jobs in the last 12 months kept confidential corporate data, according to a global survey from Symantec and 40 percent plan to use it in their new jobs. The results show that employees’ attitudes and beliefs about intellectual property (IP) theft are at odds with the vast majority of company policies. Employees not only think it is acceptable to take and use IP when they leave, but also that companies don’t care. The survey reveals 62 percent believe it is acceptable to transfer documents to PCs, tablets, smartphones or file sharing applications and the majority never delete the data they’ve moved because they do not see any harm in keeping it.
“Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organisation,” said Lawrence Bruhmuller, vice president of engineering and product management, Symantec
Most employees do not believe using competitive data taken from a previous employer is wrong and only 38 percent of employees say their manager views data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies.
Explained Dave Burtt, founder of Mobility Legal P.C. “We consistently see departing employees who don’t understand their obligation to keep trade secrets secret, but are just as often faced with companies whose own procedures are sorely lacking when it comes to protecting valuable IP.”
Only 47 percent say their organisation takes action when employees take sensitive information contrary to company policy and 68 percent say their organisation does not take steps to ensure employees do not use confidential competitive information from third-parties. Organisations are failing to create an environment and culture that promotes employees’ responsibility and accountability in protecting IP.
Advises Burtt: “Before employees exit, dust off agreements they likely haven’t looked at in years, figure out all of the places the employee has stored sensitive company information and get it back, and ensure that employees understand their continuing obligations not to use or disclose company trade secrets.”