Data breaches are all over the news, but those stories most often cover high-profile cybersecurity breaches that result from the malicious efforts of hackers or other outsiders. Just as insidious, and more likely to occur, are insider breaches in the form of the theft or disclosure of confidential company information by a current or recently departed employee.
Employee theft of company data may be motivated by a desire to monetize that data, to embarrass or retaliate against an employer, or by simple ignorance. For example, a Tufts Health Plan employee recently pled guilty to data theft after stealing customer information for more than 8,000 Tufts customers in a scheme to collect fraudulent Social Security benefits and tax refunds. In another recent case, a disgruntled employee of Morrison’s, a large UK supermarket chain, stole payroll information for thousands of the company’s employees and posted it online as a “concerned Morrisons shopper,” in addition to mailing copies to local newspapers. Finally, in one of the largest of the recent employee data theft cases, a Morgan Stanley financial advisor apparently obtained data from 350,000 Morgan Stanley clients by running internal reports on data he was not authorized to access. Some portion of that data was later uploaded online, possibly by a third party, and offered for sale.
A surprisingly large number of employee thefts, however, result from simple ignorance. In a recent Ponemon Institute survey, over half of the more than 3,000 respondents stated a belief that using competitive information taken from a previous employer was not a criminal act, reasoning that ownership of such information resides in its creator rather than the former employer. The respondents further justified transferring corporate data to their personal computers, tablets, smartphones, or to “the cloud” because of a belief that it didn’t harm the company, because the company didn’t enforce its policies, because the information was unsecured or generally available, or because that employee wouldn’t receive any economic benefit from doing so. Worse, in this same survey, more thanhalf of the employees surveyed admitted to taking information from a former employer and 40 percent of those employees admitted they intended to use it in a new job.
These disturbing statistics raise the question: What can employers do to prevent these losses? While there is no absolute preventative measure, steps can be implemented to greatly reduce the risk of such thefts and to detect any ongoing employee theft. (Article from Launch to Thrive by Brooke L French/for full article click here)