Don't panic, but 23% of your staff are stealing from you

Don't panic, but 23% of your staff are stealing from you

If dodgy employees all looked like this, they'd be easy to spot.

A staggering one in ten employees has stolen important data from their employer after handing in their notice, reveals a new study from IT security specialist LogRhythm.

It seems that downloading a company's customer database onto a USB stick or copying crucial documents to CD is much more common than you might have thought. Of the 2,000 employees studied, the survey found that a massive 23% had taken confidential data from their workplace.

Often, people steal client details or product information in the hope that it'll give them a head start with their new employer. But 14% of people who admitted taking data did so to help set up their own rival company. And 23% did it out of revenge, because they felt undervalued and poorly treated.

Employers know the problems

Clearly, anyone stealing data from their employer is in the wrong. But that doesn't mean businesses should make it easy for employees to get their hands on the good stuff.

This research also surveyed employers, 47% of whom said they don't have any system in place to stop staff accessing confidential information or taking data.

So, all-too-often it's lax security and a lack of concern that makes it easy for staff to walk away with crucial company assets.

Worse, 60% of employers said they never change passwords or access codes, which is a little like leaving the door wide open for former employees to come and grab what they like.

You wouldn't let a staff member keep their keys to the office after they've left, so why would you let their passwords keep working?

Are you at risk?

If this survey is at all representative, there's a good chance your business is at risk of data theft. So, what are you going to do about it?

• Restrict data access. Sensitive data like customer information should only be available to employees who absolutely need it. It should never be sent by email or stored in shared locations.
• Close user accounts promptly. If a member of staff has been sacked, close their network account immediately and revoke all their access rights.
• Don't share passwords. Shared passwords are the enemy of good security. Not only can people continue to use the password once they've left, but it's also much harder to tell who's been accessing the data.
• Rotate access codes regularly. If you have a PIN-entry system for your building or a wireless network with a password, make sure you have a system to change them regularly - probably every month.

Finally, there's an aspect to this that leaves a nasty taste in the mouth. The research found 53% of people who've stolen data use it to get a head start in their next job, or to impress their new boss.

If the new employer decides to make use of that data, what sort of message does that send? And do they really think that employee isn't going to do the same to them when the time comes?

In short: if you've ever benefited from a data theft, don't be surprised if you end up suffering sometime too.

• Data protection policy template
• Your data protection obligations
• Perform an IT security risk assessment