Employers need to be keeping a closer eye on their confidential data when employees leave for new jobs, a new study finds.
Research from Symantec revealed that half of employees worldwide who left or lost their jobs in the last 12 months kept confidential corporate data, with 40 percent of those planning to use it with their new employer.
The study discovered employees not only think it is acceptable to take and use confidential data when they leave a company, but also believe their employers do not care if they do so. Despite putting their new employer at risk, 56 percent of employees do not think it is a crime to use a competitor's trade secret information.
The research shows part of the problem lies with employers, who are failing to create an environment and culture that promote employees' responsibility and accountability in protecting intellectual property. Only 47 percent of those surveyed said their organization takes action when employees take sensitive information contrary to company policy, with 68 percent saying their organization fails to take steps to ensure employees do not use confidential competitive information from third parties.
Lawrence Bruhmuller, vice president of engineering and product management for Symantec, said companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen intellectual property for monetary gain.
"The everyday employee, who takes confidential corporate data without a second thought because he doesn't understand it's wrong, can be just as damaging to an organization," Bruhmuller said. "The time to protect your (intellectual property) is before it walks out the door."
Some steps Symentec advises companies to take to ensure their confidential data is kept safe include:
- Employee education: Organizations need to let their employees know that taking confidential information is wrong. Intellectual property theft awareness should be integral to security awareness training.
- Enforce non-disclosure agreements: Include stronger, more specific language in employment agreements and ensure exit interviews include focused conversations around employees' continued responsibility to protect confidential information and return all company information and property, wherever it may be stored. Also, make sure employees are aware that policy violations will be enforced and that theft of company information will have negative consequences to them and their future employer.
- Monitoring technology: Implement a data-protection policy that monitors inappropriate access and use of confidential data and automatically notifies employers of violations.
"When it comes to trade secret theft by mobile employees, an ounce of prevention is usually worth 10 pounds of cure," said Dave Burtt, founder of Mobility Legal P.C. "We consistently see departing employees who don't understand their obligation to keep trade secrets secret, but are just as often faced with companies whose own procedures are sorely lacking when it comes to protecting valuable (intellectual property)."
The study was based on surveys of 3,317 employees in six countries: the United States, United Kingdom, France, Brazil, China and South Korea.