Business risks in employee offboarding
On 23 February2009, the Ponemon Institute released an independently conducted research study called Data Loss Risks During Downsizing3, which documented the business risks associated with laid off employees by conducting surveys of laid off employees.
The research study showed a particular problem with data theft even from employees who left the organization on good terms with their employer. According to the study:
“More than 59% report that they kept organization data after leaving their employer. It is very interesting to note that employees who do not trust their former employer to act with integrity and fairness are more likely to take the data. Sixty-one percent of respondents who were negative about the organization took data while only 26% of those with a favorable view took data.”
The research study also asked the laid off employees how they took the data:
“It is interesting that most employees (61%) who stole valuable customer and other business information are taking it in the form of paper documents or hard files. The next most popular means of transferring data is by downloading information onto a CD or DVD (53%) or onto a USB memory stick (42%) followed by sending documents as attachments to a personal e-mail account (38%).”
Furthermore many employees who left were well aware that their IT credentials had not been revoked:
“Employees were able to access their former employer’s computer system or network after departure. According to 24% of respondents, their ability to access data continued after they left the organization creating a data security risk. Of these respondents, 32% say that they accessed the system and their credentials worked and 38% say their co-workers told them that their access rights continued. In the case of 35% of the respondents, access to the system continued one week or longer.”
Even though the respondents were assured of their anonymity, the actual numbers may be under-reported due to the sensitive nature of the questions.
The financial impact of these malicious incidents can be huge. On 6 October 6 2009, ComputerWorld posted an article Former DuPont researcher hit with federal data theft charges4 relating the latest charges against Hong Meng, a former top researcher. Meng is accused of downloading hundreds of DuPont trade secret level documents regarding organic LED (OLED) technology with the intent of taking them with him to his next employer.
The study can be found at the following Web site: http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Data%20Loss%20Risks%20During%20Do wnsizing%20FINAL%201.pdf This article can be found at the following Web site: h t t p : / / w w w . c o m p u t e r w o r l d . c o m / s / a r t i c l e / 9 1 3 9 0 1 4 / F o r m e r _ D u P o n t _ r e s e a r c h e r _ h i t _ w i t h _ f e d e r a l _ d a t charges a _ t h e f t _