Data Loss Risks During Downsizing
Sponsored by Symantec Corporation
Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009
Ponemon Institute© Private & Confidential Document
Data Loss Risks During Downsizing
As Employees Exit so Does the Corporate Data
Presented by Dr. Larry Ponemon, February 23, 2009
Executive Summary Whether they are losing theirjobs because of the current recession or simply looking for better opportunities, there are significant numbers of people exiting their current position. In addition to the HR issues, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. This type of data loss problem may be putting companies at risk for a potential databreach. Moreover stealing proprietary data, such as customer lists, can put the company at a competitive disadvantage. Sponsored by Symantec, Ponemon Institute independently conducted this national study entitled, Data Loss Risks During Downsizing to understand what employees are doing with the data on the laptops their employers provided them. According to our findings, 59% of employees who leaveor are asked to leave are stealing company data. Moreover, 79% of these respondents admit that their former employer did not permit them to leave with company data. Our study reveals that companies are doing a very poor job at preventing former employees from stealing data. Only 15% of respondents’ companies review or perform an audit of the paper and/or electronic documents employees are taking.If they conduct a review, 45% say it was not complete and 29% say it was superficial. It is also surprising to learn that 67% of respondents used their former company’s confidential, sensitive or proprietary information to leverage a new job. Approximately 68% are planning to use such information as email lists, customer contact lists and employee records that they stole from their employer. Notonly is this putting customer and other confidential information at risk for a data breach but it could affect companies’ competitiveness and future revenues. The survey focused on the following issues: Do laid-off or terminated employees keep sensitive or confidential information? If so, how pervasive is this problem? If they do take the data, how do they justify their actions? What types ofdata or information is most susceptible to employee theft? What can organizations do to protect themselves from this issue? We surveyed 945 adult-aged participants located in the US who were laid-off, fired or changed jobs in the last 12 months. All participants were assigned a desktop or laptop computer for their use in the workplace and had access and use of proprietary information such ascustomer data, contact lists, employee records, financial reports, confidential business documents, software tools or other intellectual properties. The overall demographics for respondents are summarized at the conclusion of this report. Implications and recommendations for companies All companies share the potential risk of having a data breach because of the actions of former employees. In addition,they have allowed competitive information about customers, business partners and other intellectual property to walk out the door putting them at a competitive disadvantage. We recommend that companies immediately assess the potential data loss from former employees who had access to sensitive and confidential data as part of their job.
Ponemon Institute© Private & Confidential DocumentPage 2
Other recommendations to implement immediately include the following: Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. This includes information on laptops, other data-bearing devices and paper documents. The policy should outline what information is considered sensitive and...
Ler documento completo
Por favor, assinar para o acesso.