Wednesday, February 13, 2013

Confidential Data at Risk

In May of last year I blogged about data leaving company networks through non-secure mobile devices  ("Data Breach").  A hot topic, companies are increasingly concerned about losing trade secrets and proprietary information to competitors and thereby loosing competitive advantage. 
 
Conducted by Ponemon Institute in October 2012 and just released is Symantec's survey What's Yours is Mine: How Employees are Putting Your Intellectual Property at Risk.    Survey results reflect that half of employees who left or lost jobs in the last 12 months kept confidential data, 40% planning to use that data in their new jobs.    Only 38% of employees surveyed said their manager views data protection as a business priority, and 51% think it is acceptable to take corporate data because their company does not strictly enforce policies.  More and more we see that employees' attitudes and beliefs about intellectual property (IP) theft are at odds with the vast majority of company policies.

Survey highlights: 
  1. 62% respondents:  Feel it is acceptable to transfer work documents to personal computers, tablets, smartphones or online file sharing applications.  The majority never delete the data they've moved because they see no harm in retaining the information.
  2. 44% respondents:  Feel that a software developer who develops source code for a company has some ownership in his or her work and inventions.  42% respondents do not feel it is a crime to reuse the source code, without permission, for other companies.
As technology continues to evolve, organizations face the growing challenge of protecting stored sensitive data from unauthorized exposure. Surprisingly, most companies do not address the danger of stealing electronic information through the use of smartphones such as iPhone, Android or Blackberry.  Symantec ". . . once mostly forbidden by IT, smartphones are now being used by hundreds of millions of employees throughout the world to access corporation information. . . ." 
 
To protect and prevent against the loss of proprietary information, companies may implement the following:
  1. Well communicated and enforced Confidentiality and Non-Disclosure Agreements
  2. Data Protection Policies that monitor access and use of confidential data
  3. Separation Agreements
  4. BYOD (Bring Your Own Device) Policy
Most importantly, educate your managers and employees!

No comments:

Post a Comment