According to the findings of a Ponemon Institute survey, over 59% of employees who've changed jobs in the past 12 months have stolen company data. And, the way that they do it suggests that the use of centrally managed encryption solutions like AlertBoot may prevent many of these incidents.
And it's important to prevent these incidents. To begin with, they're considered to be data breaches, which require notification to the state, for most states. This may or may not eventually be publicly disclosed, leading to the embarrassment of the affected firm.
However, as the study points out, the more immediate result is the loss of competitive advantage of the affected firms.
According to the survey (Question 2; link at the bottom), the top stolen data is e-mail lists, followed by non-financial business information, customer information (including contact lists), employee records, and financial information. The totals add up to 202%, which I guess means that most employees steal more than one type of data.
Not surprising, really. My mentors always told me that something worth doing is worth doing right.
First and foremost is paper-based documents (61%), followed by saving information to CDs or DVDs (53%), and to USB sticks (42%), plus other methods. Downloading data to portable devices like an iPod was at 28%. The totals add up to 273%, meaning that people are not picky when it comes to stealing, and will steal corporate data in any way possible.
Considering that there is not much of a difference, hardware-wise, between a USB stick and an iPod, it seems that USB-based breaches account for 70% of information security incidents, easily placing above the theft of paper-based documents.
A majority of survey responders have admitted to using the stolen data to leverage themselves into a new job, and fully intend to use that information.
(Also, something that bears noting: What this survey doesn't tell us is how much damage was incurred via each method. I'm supposing here that it's easier to download massive amounts of information to an iPod than carting it off in boxes, so the former means larger breaches.)
One of the easiest ways to prevent data breaches when outsiders (laptop thieves, for example) are involved is via the use of encryption software. The use of document encryption software or hard disk encryption software would prevent them from accessing the data.
However, this may not be the best option when the problem is an inside job. Logic alone tells you that--if not all, at least some--employees must have access to corporate data in order to perform their duties, meaning they know the authorization codes to the encrypted data.
On the other hand, what you could do with a centralized encryption system is to disable a user's login credentials while he's in the boss's office getting the pink slip. Not the best or most tactful of methods, perhaps, but if your corporate information is important and considered to be a competitive advantage, you don't want to give the soon-to-be ex-employee a chance to steal that data.
However, there is the bigger issue of stealing data before one is fired. Let's face it, a lot of employees know when they're going to get canned. They may decide to steal some contact lists well in advance.
This shouldn't be a problem either, though, not with the correct tools in place. For example, with AlertBoot, an administrator is able to use whitelists and blacklists to block USB ports for specific hardware...and you can get really granular: USB memory stick "brand A" is allowed, "brand B" is not. This way, you can prevent employees from using memory sticks brought from home.
There is another option as well, though. There is a setting in AlertBoot where, if you stick any kind of USB-based storage device, it will automatically be encrypted and will only be decrypted when connected to authorized computers only.
What this means, is that, if an employee connects his iPhone to a corporate computer, it will become encrypted, and outside the office, is about as useful as a brick.
Works wonders for stemming data leaks. Now if we could only find a solution for paper documents...
Related Articles:http://www.vontu.com/uploadedfiles/global/Data_Loss_Risks_During_Downsizing.pdfhttp://money.cnn.com/news/newsfeeds/articles/marketwire/0476303.htm
Pingback from Data Breach Prevention Software Needed 'Cause Over Half Of Ex-Employees Will Steal Corporate Data - AlertBoot Endpoint Security