Slashdot Mirror
Employees Admit They'd Walk Out With Stolen Data If Fired
Gunkerty Jeb writes "In a recent survey of IT managers and executives, nearly half of respondents admitted that if they were fired tomorrow they would walk out with proprietary data such as privileged password lists, company databases, R&D plans and financial reports — even though they know they are not entitled to it. So, it's no surprise that 71 percent believe the insider threat is the priority security concern and poses the most significant business risk. Despite growing awareness of the need to better monitor privileged accounts, only 57 percent say they actively do so. The other 43 percent weren't sure or knew they didn't. And of those that monitored, more than half said they could get around the current controls."
I recall distinctly during my time with a certain F50 company that they would not only refuse to buy any of the secrets, but that they would be the first to call the FBI on you for trying. The last thing they wanted or needed was to have those secrets unearthed years later, potentially costing them billions of dollars.
Now the gray/black market? Maybe... but that's as much of a jail risk as carrying around an open box full of kiddy porn in front of a police station.
If anything, the things I can see IT employees walking out with are software licenses, images (even hardware!) and crap like that - things they would find useful to themselves later on.
Quo usque tandem abutere, Nimbus, patientia nostra?
The solution to "insider theft" is simple:
Don't hire from the bottom of the barrel just to save a buck, and you won't have to fire people.
Treat your employees like valuable assets and not just cogs, and your people won't quit.
As someone who has been laid off from a job (and forced to wipe the hard drive of my personal laptop before I could leave the building), and who has had to hire and fire dozens of employees over the last 10 years, I can offer a bit of insight:
10% of your employees would never steal from you. Ever. It wouldn't occur to them to do it.
10% of your employees are determined to steal from you. It's why they applied for the job!
The other 80% are swayed by circumstance and opportunity. If you treat them like crap (when they're employed or when you fire them) or make it clear that you're lax on security (often as simple as not paying attention), they're going to steal from you. Treat them well (as employees and as ex-employees... don't just toss them overboard... give them a severance package... give them a nice letter of recommendation... make some genuine effort to ease this life-altering transition and show them that you care about what happens to them after they leave) and maintain good security practices and you will drastically cut down on the number of people who steal from you.
That's why you don't understand.
The title should read: " MANAGEMENT Admits They'd Walk Out With Stolen Data If Fired"
TFS says they surveyed managers and executives, not rank and file.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
And that's why, in turn, employees seem to be developing a "best practice" of keeping the tools to screw over facist companies. Distrust goes both ways, here's the results of treating employees like shit, enjoy.
The real question is "Why?" What purpose does stealing that info have? You could "potentially" sell it to a competitor just like you could "potentially" be thrown in jail. The risk vs. reward without having a pre-existing deal to steal data for another company is not worth it. It's like quitting your job before you've even handed in a resume to another company that has no idea who you are.
here's the results of treating employees like shit, enjoy.
As opposed to the results of shitty employees trying to screw over the company? These people who would steal the data just because they're fired are EXACTLY the people that should be fired. They are the shitty employees that get what they deserve.