BY MITCH MAC DONALD, GROUP EDITORIAL DIRECTOR outbound
a downturn in ethics
IT’S NOT AS IF WE NEED ANYTHING MORE TO WORRY ABOUT
as we try to steer through the “perfect storm” of the global financial
crisis. Unfortunately, though, there are some threats that cannot be
ignored. One of them is the soaring risk of internal data theft.
At a time when wave upon wave of layoffs is hitting corporations,
a new study reveals that many companies are losing more than
workers. They’re also losing important company information,
much of which, if leaked, could be extremely damaging to their
operations.
Already faced with the stressful and unpleasant task of having to
reduce their workforce, many folks are apparently forgetting to take
steps to secure their data and systems when employees depart. And
their companies could end up paying a high
price for that oversight. A survey by IT security specialist Cyber-Ark suggests that an
astounding six out of 10 laid-off or fired
workers are taking company trade secrets
with them.
To be precise, 58 percent of New York City
office workers admit that if faced with the
prospect of losing their jobs, they would take
valuable data with them if they could get
away with it! And it gets worse: It seems that
the mere rumor of a workforce reduction
prompts people to start preparing for the
worst by downloading proprietary information—just in case. In fact, more than half say
they have already downloaded sensitive company information right under their bosses’ noses in anticipation of
losing their jobs.
As if that finding weren’t disturbing enough, consider that of
those who admit to downloading—essentially, stealing—
confidential and proprietary info from their current employer, more than
half say they would use it as a negotiating tool to secure their next
post because they know the information will be very attractive to
future employers.
What kinds of data are they stealing? At the top of the list are customer and contact databases. That’s followed by strategic plans and
proposals, product information, and access or password codes.
The weapon of choice in this new wave of corporate crime is
reportedly the tiny little memory stick, also called a jump drive or
flash drive. They are small. They are cheap. They are easy to conceal.
And according to some IT experts, they’re the least “traceable”
method of downloading huge amounts of data.
But it’s not just memory sticks that employers must beware of. The Cyber-Ark survey
finds that employees also steal data via photocopying, e-mailing, burning CDs, accessing
online encrypted storage Web sites, and using
smart phones, cameras, and iPods.
“The damage that insiders can do should
not be underestimated,” said Adam Bosnian,
vice president of products, strategy, and sales at Cyber-Ark, in a
press release announcing the survey’s results. It can take just a few
minutes for a database that has
taken years to build to be copied
to a CD or memory stick, he
warned. “With a faltering economy resulting in increased job cuts,
deferred promotions, and additional stress, companies need to be
especially vigilant about protecting their most sensitive data
against nervous or disgruntled
employees.”
As for how companies can pro-
tect themselves, Bosnian urges employers to
limit access to sensitive information to only
those who really need it, to make sure that
information is “locked down” in a digital
vault, and to use the most current encryption
technology available to secure highly sensitive data.
Always good advice, but perhaps even more
important than usual as we try to ride out the
current perfect economic storm.
