Is Stolen IP Walking in the Door With New Employees?
More than half of employees who left or lost their jobs in the past 12 months took confidential corporate data with them and most plan to use it in their new jobs, creating the potential for IP contamination. How can you protect your IP?
Fri, February 08, 2013
CIO — Are your former employees walking out the door with your intellectual property? And worse, is your new hire putting your organization at risk by bringing in IP stolen from a former employer? A new global survey by Symantec and The Ponemon Institute finds that half of employees who left or lost their jobs in the past 12 months kept confidential corporate data, and 40 percent say they plan to use the data in their new jobs.
In October and November of 2012, The Ponemon Institute surveyed 3,317 individuals in the U.S., U.K., France, Brazil, China and Korea. The median age of respondents was 35, and the average headcount of respondents' organizations was 7,000.
The Ponemon Institute reports that more than half of employees admit they email business documents from their workplace to their personal email accounts and 41 percent say they do it at least once a week. The same percentage says they download IP to their personal tablets or smartphones.
How Workers View IP and Company Documents
"The majority of employees who transfer work documents outside don't really understand that it's wrong," says Tim Matthews, senior director of the product marketing with the Data Loss Prevention (DLP) Group at Symantec. "A lot of people end up Gmailing stuff home to themselves so they can work on it from their home computer. And we know, for instance, that one-fifth of home computers are infected with malware."
One of the reasons for this issue, according to The Ponemon Group, is that most employees don't believe it's wrong to transfer corporate data to their personal devices or cloud-sharing apps.
"A third say it is OK as long as the employee does not personally receive economic gain, and about half justified their actions by saying it does not harm the company," the survey finds. "Others blamed the companies for not strictly enforcing policies and for not proactively securing the information. These findings suggest that employees do not recognize or acknowledge their role in securing confidential company data."
Moreover, many employees may have a cavalier attitude toward company-owned data because they attribute ownership of IP to the person who created it, according to the survey.
"When given the scenario of a software developer who re-uses source code that he or she may have created for another company, 42 percent do not believe it is wrong and that the person should have an ownership stake in his or her work and inventions," the survey reports. "They believe that the developer has the right to re-use the code even when that developer does not have permission from the company. These findings portray today's knowledge workers as unaware that intellectual property belongs to the organization."