Half of employees take confidential data from old employer to new employer, says Ponemon

Majority do not believe practice is wrong
Tools

The security concerns around the BYOD trend are not unfounded, according to a survey of 3,317 individuals by the Ponemon Institute on behalf of security firm Symantec, because half of employees who left or lost their jobs in the last year admitted to keeping confidential data. In addition, 40 percent plan to use that data at their new job.

Surprisingly, 56 percent of respondents do not believe using confidential data from a previous employer is wrong. This would suggest that enterprises need to do a better job of educating employees about the proprietary nature of intellectual property and the potential criminal consequences of taking IP.

Close to two-thirds of respondents said a coworker hired from a competing company has offered confidential documents from the former employee for their use.

"Chief information security officers are certainly concerned about intellectual property leaving but they are also concerned about being the unwitting recipient of confidential data that a new employee has taken from their former employer," Robert Hamilton, director of product marketing with Symantec's Data Loss Protection group, told FierceEnterpriseCommunications.

According to the survey, many employees do not believe taking IP is wrong because they attribute IP ownership to the person who created it, not the company the person worked for. Close to half of those surveyed did not think it was a crime to reuse software source code without permission in projects for other companies.

"There is this idea among people that they helped create the data or information, and they attribute some ownership rights because of that… This is at odds with their employer's belief that the corporation owns the data," Hamilton observed.

This widespread belief contributes to the trend of software theft around the globe. According to the latest study by the Business Software Alliance, the commercial value of pirated software reached $63.4 billion in 2011, up from $58.8 billion in 2010. A full 57 percent of PC users admit to using pirated software, the study found.

In addition, a majority of respondents do not delete corporate data they have transferred to personal computers, mobile devices and online file-sharing sites when they leave the company.

Only 38 percent of respondents said their managers consider data protection a priority, and half said their company does not strictly enforce data protection policies.

"This problem continues because the organizations are failing to prioritize the protection of intellectual property and create a culture of security. Employees do not think that they are going to get caught or their organizations care," said Hamilton.

Symantec recommends that enterprises educate their employees about IP theft, enforce non-disclosure agreements and implement a data protection policy and data monitoring technology.

For more:
- check out the Ponemon/Symantec survey (reg. req.)
- read the BSA software piracy study

Related articles:
Security firm Lumension acquires CoreTrace to beef up APT prevention products
Verizon: Data breaches soared in 2010