Market Snapshot
  • U.S.
  • Europe
  • Asia
Ticker Volume Price Price Delta
DJIA 16,408.54 -16.31 -0.10%
S&P 500 1,864.85 2.54 0.14%
NASDAQ 4,095.52 9.29 0.23%
Ticker Volume Price Price Delta
STOXX 50 3,155.81 16.55 0.53%
FTSE 100 6,625.25 41.08 0.62%
DAX 9,409.71 91.89 0.99%
Ticker Volume Price Price Delta
NIKKEI 14,516.27 98.74 0.68%
TOPIX 1,173.37 6.78 0.58%
HANG SENG 22,760.24 64.23 0.28%

Symantec Study Shows Employees Steal Corporate Data and Don't Believe It's Wrong


Symantec Study Shows Employees Steal Corporate Data and Don't Believe It's Wrong

Companies Failing to Adequately Train Employees in Intellectual Property Theft Awareness

MOUNTAIN VIEW, CA -- (Marketwire) -- 02/06/13 -- Half of employees who left or lost their jobs in the last 12 months kept confidential corporate data, according to a global survey from Symantec (NASDAQ: SYMC), and 40 percent plan to use it in their new jobs. The results show that everyday employees' attitudes and beliefs about intellectual property (IP) theft are at odds with the vast majority of company policies.

Employees not only think it is acceptable to take and use IP when they leave a company, but also believe their companies do not care. Only 47 percent say their organization takes action when employees take sensitive information contrary to company policy and 68 percent say their organization does not take steps to ensure employees do not use confidential competitive information from third-parties. Organizations are failing to create an environment and culture that promotes employees' responsibility and accountability in protecting IP.

Read Blog Post: The "Frenemy" Within: Insider Theft of IP

Click to Tweet: Half of ex-employees steal corporate data and don't believe it's wrong: http://bit.ly/14weERW

Survey Highlights


 
--  Employees move IP outside the company in all directions, and never
    clean it up. Sixty-two percent say it is acceptable to transfer work
    documents to personal computers, tablets, smartphones or online file
    sharing applications. The majority never delete the data they've moved
    because they do not see any harm in keeping it.
--  Most employees do not believe using competitive data taken from a
    previous employer is wrong. Fifty-six percent of employees do not
    believe it is a crime to use a competitor's trade secret information;
    this mistaken belief puts their current employers at risk as unwitting
    recipients of stolen IP.
--  Employees attribute ownership of IP with the person who created it.
    Forty-four percent of employees believe a software developer who
    develops source code for a company has some ownership in his or her
    work and inventions, and 42 percent do not think it's a crime to reuse
    the sou
rce code, without permission, in projects for other companies.
--  Organizations are failing to create a culture of security. Only 38
    percent of employees say their manager views data protection as a
    business priority, and 51 percent think it is acceptable to take
    corporate data because their company does not strictly enforce
    policies.

Recommendations


 
--  Employee education: Organizations need to let their employees know
    that taking confidential information is wrong. IP theft awareness
    should be integral to security awareness training.
--  Enforce non-disclosure agreements (NDAs): In almost half of insider
    theft cases, the organization had IP agreements with the employee,
    which indicates the existence of a policy alone -- without employee
    comprehension and effective enforcement -- is ineffective(i). Include
    stronger, more specific language in employment agreements and ensure
    exit interviews include focused conversations around employees'
    continued responsibility to protect confidential information and
    return all company information and property (wherever stored). Make
    sure employees are aware that policy violations will be enforced and
    that theft of company information will have negative consequences to
    them and their future employer.
--  Monitoring technology: Implement a data protection policy that
    monitors inappropria
te access and use of IP and automatically notifies
    employees of violations, which increases security awareness and deters
    theft.

Quotes


 
--  "Companies cannot focus their defenses solely on external attackers
    and malicious insiders who plan to sell stolen IP for monetary gain.
    The everyday employee, who takes confidential corporate data without a
    second thought because he doesn't understand it's wrong, can be just
    as damaging to an organization," said Lawrence Bruhmuller, vice
    president of engineering and product management, Symantec. "Education
    alone won't solve the problem of IP theft. Companies need data loss
    prevention technologies to monitor use of IP and flag employee
    behavior that puts confidential corporate data at risk. The time to
    protect your IP is before it walks out the door."
--  "When it comes to trade secret theft by mobile employees, an ounce of
    prevention is usually worth ten pounds of cure," said Dave Burtt,
    founder of Mobility Legal P.C. "We consistently see departing
    employees who don't understand their obligation to keep trade secrets
    secret, but are just as often faced with companies whose own
    procedures are sorely lacking when it comes to protecting valuable IP.
    But everybody loses when a mobile employee steals trade secrets -- the
    company who invested in the IP, the employee who took it, and the
    organization that receives it, even unknowingly, who most often is on
    the hook for defending the litigation that follows. Before employees
    exit, dust off agreements they likely haven't looked at in years,
    figure out all of the places the employee has stored sensitive company
    information and get it back, and ensure that employees understand
    their continuing obligations not to use or disclose company trade
    secrets."

Symantec's How Employees are Putting Your Intellectual Property at Risk Survey Symantec's survey What's Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk was conducted by The Ponemon Institute in October 2012 to examine the problem of IP theft or abuse by employees in the workplace. The results are based on responses from 3,317 individuals in six countries including the United States, United Kingdom, France, Brazil, China and Korea.

Related


 
--  Report: What's Yours Is Mine: How Employees are Putting Your
    Intellectual Property at Risk
--  Infographic: What's Yours Is Mine
--  SlideShare Presentation: What's Yours Is Mine Global Survey Results
--  Blog Post: The "Frenemy" Within: Insider Theft of IP
--  Data Loss Prevention Solutions

Connect with Symantec


 
--  In Defense of Data Blog
--  Follow Symantec DLP on Twitter
--  Follow Symantec on Twitter
--  Join Symantec on Facebook
--  View Symantec's
 SlideShare Channel
--  Subscribe to Symantec News RSS Feed
--  Visit Symantec Connect Business Community

About Symantec Symantec protects the world's information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment -- from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at: go.symantec.com/socialmedia.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

Technorati Tags Insider threat, IP theft, intellectual property protection, data loss prevention, DLP, security awareness training

(i) Eric D. Shaw, Ph.D., Harley V. Stock, Ph.D, "Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall," 2011, Symantec

CONTACT: Cassie Stevenson Symantec Corp. 415.533.2720 cassie_stevenson@symantec.com

Emily Butler Connect Marketing 801.373.7888 emilyb@connectpr.com

Sponsored Links
Advertisement
Advertisements
Sponsored Links
Advertisement