Employees Will Steal Your Data – Are You Protecting the Right Stuff?

We in the security industry talk a lot about the risks of data theft and/or loss, especially by an insider. A quick look through the recent entries into the Open Security Foundation’s DataLossDB makes that case more concrete, be it via an innocent mistake (like losing a laptop) or outright theft (like the Countrywide case, where an insider stole 20,000 records a week for a couple of years by downloading them onto a USB stick). And we’ve talked here before about how the insider risk seems to have increased in these recessionary times of late.
And so it is that a new survey of insider attitudes towards taking company data when leaving a company. In this online survey by Harris Interactive of about 1600 workers in the US and UK with access to their organizations’ IT network, we learn that:

49% of US workers and 52% of UK workers admitted they would take some form of company property with them when leaving a position;
29% (US) and 23% (UK) would take customer data, including contact information;
23% (US) and 22% (UK) would take electronic files;
15% (US) and 17% (UK) would take product information, including designs and plans; and
13% (US) and 22% (UK) would take small office supplies.

In addition, we learn that if they were mistakenly given (continue reading...)