backtop

Print 29 comment(s) - last by MarcLeFou.. on Feb 25 at 12:03 PM
Around six in ten people admit they've left a job with confidential information

A survey issued at the start of the week from the Ponemon Institute will likely have companies worried, as it was revealed more than 60 percent of people surveyed admitted they took confidential company information with them when they left.

Researchers surveyed 945 total people who have switched jobs or been laid off in the past 12 months and found that 59 percent of people who stole information, with most of them taking e-mail lists with them. Of those surveyed, 45 percent took non-financial business information, 39 percent took customer information, 35 percent took employee records, and just 16 percent took financial information.

"The survey's findings should sound the alarm across all industries: your sensitive data is walking out the door with your employees," said Larry Ponemon, Ponemon Institute chairman and founder.  "Our research suggests that a great deal of data loss is preventable through the use of clear policies, better communication with employees, and adequate controls on data access."

Around 61 percent of people who took data took it in paper form, with 53 percent burning it to a CD or DVD, and 42 percent transferring the information with them on a USB thumb drive.  Not surprisingly, about 61 percent said they had an unfavorable view of the previous employer, while 79 percent said their previous employers wouldn't allow them to keep the information.

Almost 70 percent of people interviewed said the information they took was confidential, sensitive or proprietary, and could be used to help secure a new position with a different company -- the same amount of people said they planned to use the stolen data to help secure a new job.

As the ability to e-mail, burn or copy information to a portable hard drive or thumb drive continues to become even more convenient, companies will have to try and create safety barriers to properly protect their information from possible theft of exiting employees.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Lines
By clovell on 2/24/2009 3:18:03 PM , Rating: 4
I don't condone stealing from a company, but this sort of thing kind of makes me wonder.

In my work I develop statistical methodologies, write statistical programs, and interact with a lot of sensitive data every day. My work belongs to the company, but I've developed macros and other unique items for the company that make me an asset.

Is taking those with me to serve as an example for future work stealing? I mean, it's not like I can just forget it all. How about keeping the company handbook? The email addresses of my colleagues?

I honestly think that if this were such a big problem, companies would have addressed before this survey was conducted.




RE: Lines
By Dreifort on 2/24/2009 3:22:55 PM , Rating: 3
Most companies have employees who work with confidential info sign non-compete clauses in their contracts.

This give their employer legal cause to threaten with legal action if the employee ever does anything intentional or non-intentional after leaving their company.

When I worked for an investment firm, I had to sign one. While I was not prohibited from seeking employment with other financial firms when I quit, it kept me from approaching curr clients of the firm I left without possible legal action that could be brought against me.


RE: Lines
By clovell on 2/24/2009 3:43:01 PM , Rating: 2
That's interesting. I guess when I think of this sort of thing, I always imagine myself going to work for a competitor, where all my previous work would be directly applicable. That's where things get a bit fuzzy.


RE: Lines
By bankerdude on 2/24/2009 3:52:28 PM , Rating: 2
You'd be surprised. In a selling role, the work you're doing that is directly applicable to your previous job literally means taking customers away from your old firm. Keeping confidential data on those customers can be a key advantage in your new role. That's why most selling positions do require some type of non-compete clause.


RE: Lines
By m0mentary on 2/24/2009 4:16:09 PM , Rating: 2
It happens quite often, where employees take client lists when they leave to work for a competitor or to start their own company.


RE: Lines
By choadenstein on 2/24/2009 4:44:41 PM , Rating: 5
Just a quick FYI on terminology here. There are three different types of agreements being discussed here.

Non-Compete - the non-competition agreement typically means you won't work for a competitor within x miles for y years. This is typically very limited (depending on what state you are in). Many states have a limit of 2 years on non-competes. As for the distance, many states require it to be a rational distance based on the industry. But limiting a noncompete to 20-30 miles is not unheard of.

Non-Solicit - This is what I believe you are talking about, where you agree not to solicit employees or customers / clients of your employer or whomever you are signing the agreement with.

And finally.

The Non-Disclosure (NDA) - Meaning any confidential information you obtain at work or under the agreement, you will not disclose except under the terms of the agreement. I think most people here are familiar with this one, due to the nature of this site. Many tech companies will NDA all their workers / contractors / etc... so that they will be bound not to leak their trade secrets, etc...

Anyway, most interesting is that most ALL the above have been limited in duration by the courts (basing statement on US courts)(NDAs do the best). Mainly because, as cliche as it sounds, freedom. We don't like telling people that they can't work somewhere, or can't associate with others. Limited is fine, but we don't want your employer to fire you and then say "oh well, you can't work in the US as a programmer or scientist or whatever anymore... tough luck." Not very American.

NDAs are probably the toughest to not abuse. As many people have said, what is protected under the NDA and what is just a little something we like to call experience... If you're a programmer and work for a company doing database software and leave after 10 years. You're going to continue doing that type of software (most likely) and how much of that is your ex-employers IP and how much of that is you just becoming an efficient programmer, etc...

That's a tough call.

Just thought I'd give a little insight...


RE: Lines
By Steve1981 on 2/24/2009 3:31:56 PM , Rating: 5
quote:
I honestly think that if this were such a big problem, companies would have addressed before this survey was conducted.


As an IT guy, I do what I can to compartmentalize and restrict data access so people have what they need to do their jobs and little else. However, at some point, you need employees that you can trust not to rip off the data they can access.

As for me, I'm in a position where I could take every bit of data the company has, and no one would be the wiser. Fortunately for my employer, I have some scruples, and I'm aware of the consequences of data theft.


RE: Lines
By clovell on 2/24/2009 3:49:57 PM , Rating: 2
Yeah, but let's say you worked on rolling out a new type of infrastructure to safegaurd that data (I'm not an IT guy, so bear with my shoddy example), and then got hired at another company and they had some problems with their current platform. Would you speak up and say, 'Well, we did this at my last job, we could try it here...' - or would you pretend you didn't know?

Or how about that one time that (brace for another bad example), you spent 3 days trying to resolve an issue between Windows NT and the CITRIX Metaframe, and ended up having to call somebody at CITRIX where they confirmed it to be a known issue and helped you figure out a workaround? Would you keep those emails if you went to a company that had a similar setup?


RE: Lines
By Aloonatic on 2/24/2009 4:08:23 PM , Rating: 2
I don't think that this is the sort of information that the article is referring to, or at least, not the most costly information that can be lost.

I would imagine that the far more valuable information that people are walking out with includes competitive pricing/contract details and contact information/sales leads.


RE: Lines
By clovell on 2/24/2009 4:32:21 PM , Rating: 2
True - I guess I just saw the article under the IT category and that's what made me think along those lines.


RE: Lines
By Steve1981 on 2/24/2009 4:56:47 PM , Rating: 2
Bingo.

Nobody expects you to forget on the job training. They do expect you not to give out trade secrets and the like.


RE: Lines
By Keeir on 2/24/2009 6:29:47 PM , Rating: 2
quote:
Or how about that one time that (brace for another bad example), you spent 3 days trying to resolve an issue between Windows NT and the CITRIX Metaframe, and ended up having to call somebody at CITRIX where they confirmed it to be a known issue and helped you figure out a workaround? Would you keep those emails if you went to a company that had a similar setup?


There is a fine line here from my experience...

You get to keep the knowledge of how to perform you job and write software... however, something that you learned because it is information/resources of the company developed outside your direct experience/talents is definately off limits. IE, a Tip Sheet or guide on how to resolve the issues can not be taken directly in paper or electronic form

I work in structures, and I get to keep the ideas behind the structures I design, but the materials, fasteners, etc that my company spent years developing and testing is information I can not use. I would need new sources of data about materials, fasteners, etc at a new company.


RE: Lines
By itlnstln on 2/24/2009 4:45:38 PM , Rating: 2
I think if I took anything, it would be things like code snippets, but nothing confidental. I work in retail, and there are things people can "steal" that aren't in physical or even digital form. I would be worried that an employee would steal things like pricing strategies and other non-data entities to take to a competitor. This type of stealing, to me, is much more malignant.


RE: Lines
By itlnstln on 2/24/2009 4:47:10 PM , Rating: 3
To clarify, I would take code snippets as reference material, not something proprietary to any software written for the previous company. Just in case that wasn't clear.


RE: Lines
By rcc on 2/24/2009 5:57:36 PM , Rating: 2
If the macros were developed on company time, technically they own them. However, having said that, the knowledge of how to write them is yours. So, while taking actual copies of the macros is pretty iffy, recreating them at a new job is fine.

Most company handbooks have a blurb in them saying they are the property of the company, blah, blah, blah. So they should be returned.

Email addresses of coworkers is ok, client lists and data are no-nos.

This is a huge issue in the sales field. Having your "rolodex" of clients is a big plus when negotiating salary/jobs. It's also it serious abuse in most cases.


what happened?
By Dreifort on 2/24/2009 3:16:59 PM , Rating: 1
What happened to the founding days of corporate technology?

When PCs had locks on the 3.5" disk drives and CD ROMs and USB ports did not exist on PCs? Even some employees were delegated to using terminals with no localized PC.

Oh the good ole' days of secure technology.




RE: what happened?
By mattclary on 2/24/2009 3:36:37 PM , Rating: 2
With a persistent internet connection, it's just as easy to e-mail the data to yourself.


RE: what happened?
By Dreifort on 2/24/2009 3:52:32 PM , Rating: 2
they do make ip filters and web filters that block out websites and even the ability to hide your ip and reroute to your webmail.

But back in the day as mentioned in my above post... there was only ISDN - which meant a direct connection throughout your corporation... no need for outside access. In fact, the internet was still just something ppl used for picking up kids in chat rooms.


RE: what happened?
By Dreifort on 2/24/2009 3:53:31 PM , Rating: 2
oops, forgot to mention the sometimes used Frame Relay connections.


RE: what happened?
By afkrotch on 2/24/2009 3:55:06 PM , Rating: 2
quote:
Around 61 percent of people who took data took it in paper form


Not like having locked drives, lack of usb ports, etc will fix it. Just print the data and take it home.

Don't want stacks and stacks of paper. No prob. Take pictures with your cellphone. Take your netbook and crossover cable to work. Just transfer the data from your work comp right to your netbooks.

There's tons of ways to steal data, if you really wanted to.


RE: what happened?
By Dreifort on 2/24/2009 3:58:14 PM , Rating: 2
lets see... a database of 10,000 names and info. You going to write all that down?

If you print it, I am sure someone would notice the 1000s of pages coming out of the printer.

Yes, you can steal anything if you want too, but HOW MUCH damage can you do with paper and pencil? not that much.

And are you going to write a virus on paper then tape it to the computer screen? That will really damage the network I am sure.


RE: what happened?
By HostileEffect on 2/24/2009 4:24:47 PM , Rating: 2
How big is the text? If the printer and paper is good enough, I'm sure you could get quite a bit on a few sheets.

You could just put it on microfilm and stick it in your glass eye like that one spy-dude did...
http://en.wikipedia.org/wiki/Microfilm#Uses


RE: what happened?
By taber on 2/24/2009 6:48:05 PM , Rating: 2
quote:
Of those surveyed, 45 percent took non-financial business information, 39 percent took customer information, 35 percent took employee records, and just 16 percent took financial information.


I think "non-financial business information" could easily refer to computer code. Lot's of useful programs are just 100's or 1000's of lines of code long, which would frequently only come out to dozens of pages or less.

Honestly though, there comes a point of diminishing returns where the losses from this theft aren't worth the resources required to safeguard it. If you get serious about security lots of convenient things like VPN, OS permissions, thumb drives, webmail, etc go away. Just so long as they're not stealing trade secrets it's not that big of a deal.


RE: what happened?
By afkrotch on 2/25/2009 10:07:49 AM , Rating: 1
Print it out as slides. 2 slides per sheet, bam. 500 pages. 4 slides per sheet, bam. 250 pages. Then you can duplex also. And who's gonna care if you have your own printer in your office.

Pen and paper. You can do a lot of damage. If you can get one bank acct written down, then withdrawl 50 billion dollars, that's a pretty big amount of dmg.

If you have a computer, odds are high, you'll have a network connection. Bring in a small NAS with a virus and upload it, if you want to go that way. That or good old cd-rom. Hell what computers nowadays don't have one.


I wonder...
By MadMan007 on 2/25/2009 3:17:53 AM , Rating: 2
I wonder how, aside from maybe a sales or other 'soft' position where you might be able to subtly hint that you have lots of contacts gathered in a somewhat legitimate way, people figure to stolen leverage information in to a new job? If you go to an interview and are like 'Hey, I've got this sweet confidential info I took from the last place I worked' isn't that a bit of a red flag? It's just saying 'I am willing to take sensitive info from my employer (and that might mean this place when I leave too.)' Or do they try to do it more subtly somehow?




RE: I wonder...
By MarcLeFou on 2/25/2009 12:03:40 PM , Rating: 2
I work in sales and most of what makes you good in sales are your contacts.

Even if you don't physically bring their phone numbers and e-mail address with you (which most people do anyway), the strength of your contacts don't come from the fact that you know how to contact them as that's easy to find out, but in the fact that they'll call you back.

That's why there's No-Solicitation clauses but in most industries it doesn't work as most industries are small vases with limited amounts of companies and customers and nobody is going to wilfully bar himself from his job domain.


CIOrporate
By Kibbles on 2/24/09, Rating: 0
RE: CIOrporate
By teckytech9 on 2/24/2009 7:55:03 PM , Rating: 2
I think you mean CIO. Chief Information Honcho, or the person who is the keeper of the keys. This person also assigns the "company confidential" stuff for safekeeping.

In the old days, the sensitive information was literally burnt. Nowadays, it somehow eventually ends up on thumb drives in China.


By izuka01 on 2/24/2009 9:49:00 PM , Rating: 2
Around six in ten people admit they've left a job with confidential information
http://top-mobilephones.blogspot.com
http://www.top-mobiles.tk
http://www.topmobiles.tk
http://www.jerome-sedurifa.tk




"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher









botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki