Research shows that many employees would be happy to make a copy of private company information, just in case it comes in handy at a new job.
The survey, carried out by Texas-based security company SailPoint Technologies Inc., questioned over 1,000 UK workers.
The research shows that 53% of workers would take some company property with them – such as office stationery – while 23% admitted they would also take company data with them.
However, the motive does not appear to be monetary gain. The survey asked the workers what they would do if they were given access to a confidential file by mistake. While 57% said they would look at the file, only 1% said they would attempt to sell the information.
Jackie Gilbert, vice president of marketing for SailPoint, said, “It poses a problem for companies, as they tend to keep their intellectual property in electronic form – customer lists, sales plans, production pipelines, even software.”
She said it remains a “moral grey area” that employers need to clarify. “Companies need to be more heavy-handed with policy and education. They should make people aware that the company’s policy absolutely forbids this. If you make the policy explicit and make it clear you will be monitoring to enforce it, it has a psychological impact,” Gilbert said.
She added that companies tend to allow users access to more information than they need. “You tend to get entitlement creep. Someone gets a new job so they just acquire the same privileges as some similar workers. You end up giving people far more access than they really need. It’s common because it is hard to manage,” she said.
This could prove particularly concerning amongst third party services such as managed hosting and it is for this reason that UKFast employs the controls set out in the ISO 27001 information security standard.
As well as providing a blueprint for managing how much information users can access, ISO 27001 also provides a checklist of actions employers should take when employees leave. This includes making sure all equipment is returned as well as sending out a letter to remind the former employee that terms of confidentiality and information ownership still apply, even after they have left the company.