Your Fired Employees Are Stealing Your Data
from the taking-more-than-a-stapler dept
It probably shouldn’t come as a big surprise that a new study says 60 percent of employees keep corporate data after they leave a job. The most common types of retained data are things like contact lists and non-financial information, with the ex-employees usually thinking it will help them in their next job. While this sort of stat will probably get blamed on the state of the economy, it’s likely that rising unemployment probably only exacerbates it. A more worrying stat from the study is that a quarter of respondents said they were able to access data on their former employers’ computer networks after they left the company. This corresponds to earlier research saying that “malicious insider” attacks are on the rise as the number of disgruntled employees and ex-employees grows. With so many companies focused on cutting costs by reducing headcount, effective data security could also fall by the wayside.
Filed Under: data theft, employees
Comments on “Your Fired Employees Are Stealing Your Data”
Couldnt this also called an off-site backup? /sarcasm
But honestly though, some employers of small companies actually offer to continue paying a (not fired, but just had no more work available for that person – or could not continue to pay them as much as they wanted) former-employee’s health insurance in exchange for that employee performing a regular data backup every few weeks and keeping that data off-site. It’s better than being unemployed, without health insurance and could also be great for helping to keep connections to future employers in the same business industry.
Link is down?
Sixty percent sounds a bit high, perhaps they have something to sell? Nothing sells new security stuff like a bit of scare tactic.
Should I have to delete the code I wrote at home, on my own time, but then took to work in order to make my job a bit easier?
What about all the new and cool stuff I learned at work? Would I have to forget it?
Re: Link is down?
Sixty percent sounds a bit high, perhaps they have something to sell?
That could be the case. Or the threshold of “taking your employer’s data with you” is ridiculously low. The post mentions “contact lists”. I know that every time I’ve left a job I’ve exported my contacts from Outlook (not the entire address book, just my personal contacts) and taken them with me. Most of the time they are vendor contacts, but they’ve proven useful in the future. Also, a lot of times someone will take an export of their email box and copies of any archives. In some cases it could be about stealing secrets/business, but in others it could simply be a case of CYA. If your employer deletes your email 30 days after you leave, you have no way to prove that you sent a particular message is a question comes up later unless you kept a copy.
BSA
Isn’t this the BSA’s business model?
Or have they patented a “method of pillaging a former employer?”
What about all the new and cool stuff I learned at work? Would I have to forget it?
I think if many groups had their way – yes.
I left my employer 8 months ago…but they failed to disconnect my phone where I can still check voice mails and can still dial in to the network. What is even more amazing is that it went Ch. 11 last week and I can still do this today. I haven’t stolen any data or used my access other than to see if they have disconnected me yet…apparently they laid off the people responsible for overseeing this stuff.
I thought 60% sounded LOW...
I don’t know any halfway intelligent, career-minded person who DOESN’T take a list of contacts with them, and most people I know take some form of company data that will show their achievements or provide a sample of their work.
Still, the article is way overblown. People are stealing far more valuable information in their brains than what they’re taking out on disks and paper, in most cases.
Stealing?
I would think that a Techdirt writer would know better than to use the word stealing here… there is no theft in this story.
If there was a confidentiality agreement, then there is breach of contract. If there was no confidentiality agreement…
There is no such thing as ownership of data.
People take information in their heads
What about the information that people carry around in their heads? What is to stop them from call Sid at Amalgamated Widgets after looking his contacts online and offering him a cheaper better stapler than the one you had been selling for your previous employer?
theft of service
A bit off topic, but, how about an X-employee that uses a company login for an online service, or continues to use say their company vonage line. I thought I had all the bases covered on removing logins and changing passwords only to find an X-employee who now works for the competition using an aftermarket automotive tech service to obtain wiring diagrams on a company login. Add another password to change anytime someone leaves the company list. Funny part is that he was not supposed to have access to that service even when he was here (the co worker who gave it to him has been appropriately admonished). A lot more than one kind of data that an x-employee can take with them. So, what is theft and what isn’t? Let’s take it a step further……what is prosecutable and what isn’t?
Your Fired Employees Are Stealing Your Data
Yes vato, yes we are.
This is where a stable and loyal IT staff pays off.
But that’s ok, keep outsourcing. It’s a wonder this question didn’t come up sooner.
Hi, lets work together
I’m part of an outsourced IT Department and all too often, one of our customers will lose an employee for whatever reason and they don’t notify me so I can change their passwords and disable accounts as needed. To make things even better many of these people have VPN access or RDP access. You try and explain the need to communicate that someone left the company to us, but some people just don’t get that its a huge risk to wait.