Are Your Employees Sharing Company Data on their Devices? This Study Says They Probably Are.

18 Nov Are Your Employees Sharing Company Data on their Devices? This Study Says They Probably Are.

When employees leave your company, most managers are busy trying to make up for a sudden shortfall in labor, or training replacement employees. A new study by Symantec reveals that you need to be far more worried about what your former employees are taking with them and what they do with it. And while in the past employees were likely to take some office supplies or a stapler, according to this study, modern employees are likely to walk out with valuable proprietary information. Even more troubling, according to the report, this slow and silent data leakage often happens even with employees who are still happily employed.

Organizations of all sizes are having to fight harder than ever to keep proprietary information from leaking outside of the company. Meanwhile, as more organizations begin to derive the majority of their value from the IP they generate every day (rather than from the kinds of monumental research projects that characterized companies even a decade or two ago), the leakage of information is getting harder and harder to stop.

Misunderstanding Intellectual Property

The biggest problem, according to the Symantec survey, is that many employees simply don’t understand how intellectual property works. Forty–four percent of respondents to the survey revealed that they thought that a creator of intellectual property maintained at least some ownership of their creation. A slightly smaller percentage, forty–two percent, saw nothing wrong with reusing source code or other IP from a former job at their new place of employment.

Company IP on Non–Company Devices

Just as insidious, though much less malicious, a full sixty–two percent of employees surveyed reported moving company IP to non–company devices. These devices included personal laptops and desktops, tablets and phones, and cloud hosting sites. Most of these people, however, never bother to remove these external copies of proprietary files after finishing with them. This digital detritus presents massive opportunities for your organization’s data to get lost or misappropriated. The problem becomes even more pronounced because most employees, fifty–six percent, don’t see anything wrong with using a former employer’s data in their current job. That can be a big problem if your competitors suddenly have access to your trade secrets, but it can be just as bad if you are the recipient of this stolen information.

How to Protect Yourself

With so many ways for your company IP to get lost or misused, what can organizations do to protect themselves? Based on responses to the survey, it seems that the number one thing that organizations need to do to protect themselves and their intellectual property is to educate your employees on IP laws and regulations. Many employees feel simply having non–disclosure clauses and similar protection in employment contracts is enough to guard against data leaks, however one thing this survey clearly shows is that these clauses are not enough to properly inform employees. It could well be that most employees simply sign employment agreements without really looking through or understanding them. To make the message sink in, make sure that all employees sit down with their manager and go through the employment agreement, stressing the rights and responsibilities employees have in regards to IP. When employees leave, remind them during their exit interviews that all proprietary information needs to be returned to the company, and that sharing such information with future employers is grounds for legal action.

If you DO discover that a former (or current) employee is mishandling information, or sharing it with new employers, do not hesitate to invoke any legal rights you have against them. Non–disclosure agreements and confidentiality agreements mean very little when they aren’t enforced, and being lax with enforcement could cause your other employees to disregard these agreements or give them less weight.

It has long been suspected by corporate information security experts that the biggest threat to organizational data security wasn’t hackers or data thieves, but employees being careless or thoughtless. This survey from Symantec simply confirms these suspicions, and stresses that education, not a metaphorical fence around your organization, is the best defense against wandering data.