Employees Are More Apt to Take Company Data than a Stapler
The title of this post is taken from the headline of a press release from SailPoint as reported in NetworkWorld. While it is a great headline, more importantly it should tell us that no organization’s data is safe, especially for those laying off employees.
For me the takeaway from SailPoint’s survey is that companies should not trust their employees, especially when layoffs are on the horizon. I have spoken to many companies in the past three years who have laid off workers. Some have implemented some strategy to protect that data (technology or otherwise), but most have proceeded with the layoffs without any method for ensuring the safety of their sensitive data.
In the SailPoint survey, they found that 29% of US workers admitted they would take customer data. This is consistent with my recent personal experience. A banking customer confessed to me that many of the home lending staff they had laid off apparently took the bank’s customer list to use as a sales prospecting list–presumably along with personally identifiable information (PII). One trucking company that contacted me for data loss prevention was concerned that their competitors would somehow gain access to their customer contacts (read: “from their former employees”).
The problem could be exacerbated by a bad economy and the personal impact on individual finances. While the survey did indicate that 45% of the US respondents claimed this tendency to steal from an employer was not influenced by the recession, there were slightly less than .5% of US respondents who said they would try to sell confidential data. Using these stats, one out of every 200 employees, would try to sell your confidential data. All it takes is one to end up like TJX.
This is not the first survey of its kind with similar findings. For me, this confirms what I’ve felt for years: that data loss prevention technologies will eventually become part of every network security plan.