Advertisement

May 21, 2013

Are Your Employees Stealing Your Data?

Risk Management Magazine / Risk Managment Montitor a publication of RIMS
Jared Wade
Risk and Insurance Management Society, Inc. (RIMS)
Tuesday, July 26, 2011
Communications, Media & Internet / Criminal Law / Business Crimes / Intellectual Property
All Federal / All International
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

One of the biggest exposures in IT systems is the simple fact that too many people have access to information that they don’t need access to. The military has long kept everyone on a “need to know basis,” but companies in the digital age have been less effective in maintaining levels of data clearance.

Usually, this isn’t a problem. Most employees are honest people who wouldn’t do anything malicious with any corporate data. But as this information becomes increasingly valuable to outsiders, that temptation can be too much to overcome for some workers.

And according to a new survey from SailPoint, the number is troubling — especially in the U.K.

Of nearly 3,500 employees surveyed, a full 10% of U.S. employees (compared to 8% of Australians and 27% of Brits) said they would forward electronic files to a nonemployee. Furthermore, 9% of Americans (compared to 8% of Australians and 24% of Brits) would copy electronic data and files to take with them when they leave a company.

I’m not sure whether U.K. employees are more devious or just more honest, but even the lower totals in the United States and Australia shows the enormity of the risk. That’s just a ton of people who have no qualms about leaking — if not outright thieving — data.

“Organizations should be very concerned about the number of employees that openly admitted to misusing proprietary data,” said SailPoint cofounder Jackie Gilbert. “These results show that insider threats represent a significant risk to the business. Some of the biggest and most costly data breaches have been directly tied to company employees. Having a written policy is not enough to ensure data security. Organizations need to have automated controls in place to monitor and manage user access controls in order to minimize the risk of insider theft or sabotage.”

What all this means is that while IT directors do need to figure out how to keep the outside hackers from getting into the network — they also must determine how to keep those already within from exposing information to the outside.

As Gilbert says, access controls are a good start.

Risk Management Magazine and Risk Management Monitor. Copyright 2013 Risk and Insurance Management Society, Inc. All rights reserved.

About the Author

Jared Wade
Senior Editor

Jared Wade is the senior editor of Risk Management magazine and the Risk Management Monitor blog.

www.rmmagazine.com
212-655-5919
www.rmmagazine.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.