More than half - 59 per cent - of US workers made redundant or who left their job last year admitted swiping confidential corporate data, such as customer list, before they left, a new study claims. A web-based survey of 1,000 workers who lost or walked out of their jobs in 2008 by the Ponemon Institute and Symantec found the …
I walked off my last job as a sysadmin with a full list of passwords, and left a backdoor into the network as well. Just as well, as I had spent eight years putting that system in place, and my successor had a fortnight to learn it all. If she hadn't been able to ask me back in to sort out some issues, her job would have been almost impossible.
Not everyone who leaves with company data does so with malign intentions.
How is this shocking to anybody but the Suits? Ask almost anyone who works in retail whether they care about "shrinkage" of stock - if the corporation is basically regarded as a necessary enemy to whom one must swallow one's pride and suck up to in order to survive, of course they're going to shank the corporation in the back at the first opportunity. And tightening your controls over the survivors isn't going to make them want to do that any less... quite the opposite.
If your insiders regard you as a bigger enemy than they regard your competitors, you have a problem. Perhaps you shouldn't be taking Dilbert cartoons as some sort of instruction manual?
Yeah for those who tied in their PDA or Black berry then they enever delte the data or have the IT dept visit them mwhile still employed.
Not just the employees fault but just as much as an equal fault of the employer.
Some people do their entire job VIA their PDA/blackberry/iphone.
What's the world coming to?
A couple of staplers and a hole punch in an inside pocket should be enough for any self-arranged leaving present. If you can also key the CEO's car on the way out, its as good as a carriage clock.
Stupid -Of Course This is Being Pimped by a Security Vendor
If you want employees to do their jobs, then you have to entrust them with data.
There will always be ways to get data from your workplace (unless you work at Fort Mead).
The trick is to -now this is heresy, I know- NOT FIRE STAFF UNLESS IT IS A LAST RESORT!
Hire well, treat them well, don't betray them, don't play games with them, and be real careful how you let them go.
You can also have them sign all kinds of docs that criminalizes this kind of thing. Won't stop that many of them, but a couple of heads on pikes should slow things down a bit...
OOOH Knowledge is Power.
and the fact they are bringing home a piece of information should be worrying because they never had access to that information before ??? And they never had a chance to take a full copy of their HDD before being fired.
Well ... looks like Cimentech is playing the scaremonger to sell some MIB like Memory-erasing devices.
We nicked them too, including the Scrupler and a scruple removal tool.
Polar Bears really do shit where it's cold, the Pope is Catholic, and the most shocking revelation: Water is wet /gasps. I mean come on did we really need another "study" showing that information routinely walks out with ex employees? Seriously any study obviously backed by a company punting products they sell to prevent the results outlined in said study should be taken with more than a grain of salt.
But stay tuned tomorrow when I break details of the most shocking story of all time. Are you ready for this? Hold on to your hats people, the sun rises in the east and sets in the west. The results of an enormously expensive and detailed study proving this conclusively will appear tomorrow.
Paris cus even she would read this article and say "Duh! Thanks for the input captain obvious".
All those laid-off assembly workers at GM had gobs of data on--what? The GM dealership structure? The specs of the Chevy Suburban? And I bet the laid-off construction workers are hauling just GBs of confidential data away.
Yes, it's a good idea to keep your data from walking out the door. But do three of five employees have access to sensitive data? It seems unlikely to me.
My responses to this
A) Super classy guys. I'd never CONSIDER walking off with confidential data. The golden rule applies -- would you want some guy to walk off with YOUR data? I did not think so.
B) Not too surprised. Many US companies just treat people like replaceable cogs rather than people. Employees know when they are not valued but treated as cogs, and react accordingly -- by swiping whatever they can on the way out.
CDs, DVDs, USB Drives, amateurs!
Pros use a parakeet trained in Navajo and binary, if you are going to do it, do it with style, eye patch and crutch optional.
And, it seems, the majority of such leaks could be avoided just by treating the employees right. But of course that'll never come up as a potential solution.
Seems to me that the employees are just following the lead of their management in most cases. The concept of "corporate ethics" is a joke that is followed more in the breach.
I also wonder if they're also counting employees copying the data so they can keep in touch with the people who actually gave a damn about them - their customers - rather than actually intending to use the data for so-called "nefarious" ends.
All in all, sounds like another press release by a company trying to sell me something.
Been there, done that
Took a cut of my teams source code home with me on USB stick before I left. Nothing nefarious in mind however. My memory is like a sieve, and if I want a quick way to do X, I don't want to 'reinvent the wheel' and have it come out as a square. I wanna quick squiz at the old code and and go 'ah yes, that's right!' and continue on happily.
Now obviously the 'real' developers out there have their own personal utils libraries to call on, ones they'd developed over the years in their spare time, beavering away in their dark rooms after getting home from work, generally ignoring life around them etc etc. Those people will scoffing at me I'm sure. Scoff away.
LOL! I want to sell you something so...what's best technique? Scare you to death! :-)
If someone don't want their former staff leave with confidential information, easy, don't fire them!! LOL
The sacked employees are showing the same loyalty to the company that it showed them.
Statistics and such...
More than half stole information? I find it hard to believe that half even had access to said information let alone had the poor morals to steal it! What I do believe is that here we have another bit of self serving 'statistical' information that is totally made up to suit the needs of someone who wants to sell some kind of product or service.
So Symantec paid for a survey and got the response they were looking for... big surprise.
You better buy our stuff or it's going to cost you!
I'm guessing they pre-screened the survey for sales staff only.
""The survey's findings should sound the alarm across all industries: "
No, the surveys findings just go to show what has been known since the dawn of man. "Fuck with me and I'll fuck with you"
What a stupid survey. We are all a bunch of thieving bitches - we just don't like to admit it.
Anyway - what is the difference, tell me, between taking a day to copy info from the yellow pages or simply taking a file from a companies PC? NONE if you ask me, just saves effort.
Go on little man, take the pointy stick, go forth and multiply (insert cloned stick man here)
All hail the inventive businessman/entrepreneur :-)
Hangs head in shame
I admit I first read this as "Pokemon Institute".
I need my brain scrubbed and washed.
"The survey's findings should sound the alarm across all industries..."
And so it should - someone is about to try to swindle you out of cash based on spurious and misrepresented data.
Oh no, the CEO removes confidential information from the company *every day*!
Security is irrelevant to corporations. All that matters is risk.
Arrgh! I be Symantec and I be plundering yer dubloons while ye be scanning the horizon for sea monsters.
Wot? Steal stuff?
Symantec says so?
No conflict of interest THERE then.
This isn't news, it's a sales pitch.
Just like that nice man from PGP magically appearing every time a laptop goes walkies.
There is no undo
You cannot take back information.
I've worked on a load of projects where the requirements demanded otherwise, but "I want doesn't get", as any five year old knows.
It's a people issue, so deal with it in the time honoured fashion - Threats and Intimidation (or Legal and HR as they like to be called).
In any case, "corporate knowledge" ages badly, and once your ex-employees stop drinking from your water cooler they'll probably realise it was all bollocks anyway.
Symantec managing to do something? naaaaah!
Ponemon Institute and Symantec found the most commonly purloined records taken included email lists, employee records, and customer information (such as contact lists).
I'm surprised Symantec managed to find there way our of bed!
Right, like most companies don't already know this?
One former employer hired the new guy explicitly FOR his copy of clients that he had worked with in the past.
Like the wobblies say
The working class and the employing class have nothing in common.
21st century class struggle FTW.
Windows ME revenge
One of my previous employers made me use a PC with Windows ME installed on it - and this was in 2005!!!
If only they'd had anything worth stealing...
Mind you, I did leave a chicken sandwich in the fridge which is probably still there.
great commenting as per usual folks.
my perspective on this is a simple one. never take what does not belong to you. what goes around comes around..
all these people with all this information, and unless a.) they're staring their own related business, or b.) has/will have an unethical employer who wants that info, the data is generally useless. if they're caught with it, then what?
if they told a potential employer they have this information, they would never be hired (unless specifically to get that information), because the interviewer would immediately realize that this potential employee will most likely steal their data.
whatever happened to simple honesty and trustworthiness?
it doesn't matter if you have been mistreated. that doesn't give the right to mistreat in return. nobody ever said that life was fair, so don't expect it to be.
when you fight fire with fire, what do you get?
wow, I guess the problem isn't real
If the figures are that high, the leavers don't seem to be doing much damage with the data.
They may as well have said...
The government workers are careful with your data.
Re:Right, like most companies don't already know this?
I know a guy this happened to. His former employee wanted to downsize so, not wanting to fork out a redundancy payout, they contrived to stitch him up and sack him.
Trouble was he was bloody good at his job (it was mostly jealousy from certain senior reps that got him targeted), so when he went, he went with fully half of their customers, right into the arms of his very grateful current employer.
He's now on a very good earner, and his previous employer went tits-up a few months after he left.
Re: Windows ME revenge
Tape a mackerel under the bosses desk.
Re Alacrity Fitzhugh
And that my son is why you will never be CEO of a large multinational company,
How are you going to justify your large bonuses and those of the other self-gratifying board members, if you havent shat over all your staff?
Now I am reading it a pokemon :(
Lots of smiles
I love stories that draw scads of, "If-they-would-only-treat-their-employees-right-then-this-wouldn't-happen." comments.
Utter bolleaux. Most employees who utter such phrases are, in my experience, whining, money-for-nothing-seeking, juvenile twerps who wouldn't think they were being "treated right" if their employers gave them seven-hour lunchbreaks and a free pass to the local house of ill-repute.
Nicking the company's christmas-card list has naff-all to do with how the employer treated the employee and all to do with how the employee perceives the value of the information to a buyer or in his or her next job.
"In only they treated the employees right." What a laugh!
When I leave
When I leave my curent job I will make a concious effort to forget everything I have ever learned here. In fact I'll probably need re-education in how a company is supposed to be run and therapy to help me forget how bad it was.
.. employs (both perm and contract) a LOT of people who have access to a LOT (pretty much EVERYONES, all in all, "Private" too, so not just the serfs) personal medical information (history, pharma requirements, ailments, lifestyle) as stored on, ahem, "super high security clinical systems" ( which they only get access to by, er, asking for the login details of a friendly doc, or practice manager...that's if it's not just commonly %systemname% / %blank% or similar).
I can see why the PCTs may want to retain as many of their IT staff as possible, and as Alacrity suggests, treat em well - certainly those who work on clinical systems day in day out, as many do. Or at least make any parting of ways amicable, if at all possible.
One could envision a situation where the disgruntled tech might be inclined to siphon off and sell that information to less scrupulous...oh hang on, I mean, insurance companies, just for example. Or worse (arguably) to criminal organisations (other than insurance companies and governments), who could punt cheap drugs at them, blackmail, extortion etc. Still, if the Gov'ts get their way with all their supergay uber databases, ( Spine, National CRS etc ), I'm quite sure the `big boys` will get all the unfettered access they desire anyway. "Secure".... Meh. : /
It's the (many many) techs at varying levels who work on the clinical systems in the NHS that you should worry about - they have access to lots of VERY personal information on ALL of you (Private and NHS, so not just the peasants this affects...).
And THOSE systems are nowhere near as secure (technically or practically) as many would like to think. Individuals medical records are VERY revealing and presumably worth quite a bit commercially to unscrupulous criminal organisations ,insurance companies, for example, and so on.
John - Tsk, it's not the `Christmas card list ` as you put it that we need to worry about!
Still, all this is pretty much irrelevant if the Gov'ts get their way with their retarded Orwellian information age uber databases, such as the Spine and National CRS, as these will ultimately, almost beyond any doubt, be open to the `highest bidder` or most shadowy QuaNGOs anyway. What a wonderful world! :)