Threat Management, Incident Response, Network Security, TDR

Insider data theft exacerbated by economic crisis

Updated Tuesday, Feb. 25, 2009 at 11:05 a.m. EST

The majority of individuals laid off, fired or changing jobs in the last 12 months stole data from their former employer, according to a new survey from the Ponemon Institute and Symantec.

Some 945 individuals in the United States who were fired or left their job willingly were surveyed and 59 percent admitted to taking company information when leaving. And it seems, according to the survey, email lists are most susceptible to theft. Typically, a bad impression of the company increased the odds of theft; few companies are taking the proper steps to prevent this problem, the survey found. Further, a portion of companies did not revoke employee access to computer systems right away, Larry Ponemon, chairman and founder of the Ponemon Institute, told Monday.

Mike Spinney, senior privacy analyst at the Ponemon Institute, told Tuesday in an email that the economic crisis plays a role in these findings.

“As news reports and rumors swirl related to a falling economy and job-loss anxiety grows, people feel greater pressure to make rash decisions based on a fear of finding themselves in dire financial circumstances,” Spinney said.

In times of economic hardship, people are tempted to do things they normally wouldn't do, and that includes stealing confidential data, PhilNeray, vice president of strategy for database security companyGuardium, told Tuesday.

“Economic situations tend to make people forget their ethics,” Neray said.

But, the economic crisis is not fully to blame though, he added. Economic incentives to take confidential data continue to increase.

Spinney agreed, noting employees recognize that information they have access to is valuable, either as a means to land a new job, start a new venture, or undertake more nefarious activities.

Of those who took information, 79 percent said they did not have permission to do so. Some 16 percent said they had permission to take the information, because, according to most, “others were doing it” or they “had a hunch it was okay,” Ponemon said.

Regardless of employee age or level in the company, there was a common attitude that many people felt “entitled” to the information they took because they created the spreadsheets or the data they stole. The pervasive attitude was that the information was “theirs for the taking.” Sixty-seven percent said they used this data at a new job, Ponemon said.

The most common type of electronic or paper files taken were email histories (64 percent), followed by hardcopy files (62 percent), then word processed documents (48 percent), digital photos (41 percent), electronic spreadsheets (39 percent) and software programs or tools (32 percent).

Perceptions by departing staff of their former employers played a role in their actions. Most of those admitting to taking data stated they believed their former employers failed to act with integrity and fairness, said Ponemon. Employees who said they trusted their employer stole far less than those who said they did not trust their employer, Ponemon said.

“This suggests that people do stuff maliciously when they really view former employers in a negative light,” Ponemon said. “And the inverse is true -- when you are viewing them in a positive light you are less likely to commit unethical acts.”

Despite the increasingly dire economic situation and rising layoffs, the survey also found that companies are not taking the adequate measures to prevent data loss. 82 percent of respondents said their former employer did not conduct an audit of the paper and electronic documents they took with them when leaving. In addition, few businesses scan what is on employees' removable media devices before they leave with them.

Some companies are even taking a week or longer to revoke former employees' access to company systems. Unsurprisingly, 24 percent of respondents admitted to accessing corporate systems after leaving, according to the study. Of these, 15 percent said they accessed the system one week later and 20 percent said they accessed it more than a week later.

Experts suggested solutions such as data-loss prevention (DLP) and to monitor the locations, such as databases, where sensitive information lies.

“Times are tough, but given that this is a pervasive problem in the U.S., organizations need to reconsider whether they have adequate investment in the right security technology,” Ponemon said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.