Departing employees are apparently taking more than fond memories with them when they leave.
According to UK’s SecurityPark.net, McAfee research in Europe revealed that over 50% of employees surveyed said they would take company data with them when they walk out the door.
Even more troubling is the proliferation of portable memory devices (such as thumb drives) in the workplace, which makes it easy to remove large amounts of data and are easily concealed. What is interesting is that the most common method of removing documents is very old-school:
Company email remains the most common means of sending information externally with 86% admitting to forwarding documents regularly by email. However, many employees are also using methods which corporate IT departments have little or no control over. A quarter (26%) of those that have sent customer information outside of the business admit to using web-based email services such as Yahoo or Hotmail to do so while a significant proportion (83%) are printing customer records out to remove from the business.
Few companies have policies governing bringing portable memory devices into the workplace; fewer still have policies about the use of web-based mail services. In fact, some companies may unwittingly encourage the use of such services by warning employees against using company email for personal matters.
And it’s likely that company data is the least of compliance worries. The widely reported breaches of employee and retiree data can pose civil penalties and reputational risk.
There is a feeling out there that for every publicized data breach there are many others that are never reported. Or worse, detected.
Locking down company data will be an increasing headache for corporate IT departments. And corporate legal departments better be looking over their shoulders from time to time.