Education, technology and policy tips to help you prevent theft.
When an employee leaves your company, whether voluntarily or otherwise, there's a 50% chance that she's taking your intellectual property along with her, according to a recent study conducted by computer security firm Symantic. What's more, 40% of these employees say they plan to use the data in their new job.
Malicious theft? Not necessarily. Many of these security breaches begin when employees transfer company files to a personal device, outside email account or cloud-based storage service to collaborate with colleagues or work away from the office. But the study uncovered a pervasive perception among knowledge workers that there is nothing wrong with using such confidential data in a new job. Justifications for such theft range from the belief that the information isn't valuable to the assumption that intellectual property, such as computer code, belongs to the creator rather than her employer. The best approach to preventing theft, then, involves a multipronged approach including education, technology and policy:
Educate your employees on the ethics and legality of transferring intellectual property. While a malicious employee can almost always circumvent access controls, simply making clear what constitutes confidential material and who owns intellectual property can prevent a significant amount of theft. Set and enforce clear policies on how documents, data and code are handled, and make sure that non-disclosure is a clear component of any employment agreement. It makes sense to review these policies and agreements at the moment of separation as well.
Implement data security procedures to reduce transfer to unsecured devices and services. Set clear policies that restrict data to company owned or approved devices and networks while also making sure that these systems meet the collaboration and mobility needs of your employees. Sensitive documents should have role-based permission levels attached so that only authorized users can make copies or changes. Automated system-wide password policies, requiring periodic changes and minimum character requirements, can also prevent unauthorized use and reinforce the importance of locking down data.
Monitor data usage with data loss-prevention software to gain insight into where and how data is being accessed and transferred. Monitoring systems tag individual files and notify managers when information is being inappropriately handled, while "remote wipe" technology allows IT departments to remove sensitive information from lost or stolen mobile devices and laptops.
As you work to keep your intellectual property safe, remember that most of your employees want to do the right thing. By understanding how they prefer to work to get their daily job done, you can tailor your security efforts to maximize efficiency and collaboration while minimizing the risk of data loss.
The article you read was prepared for general information purposes by McMurry. These articles are for general information purposes only and are not intended to provide legal, tax, accounting or financial advice. PNC urges its customers to do independent research and to consult with financial and legal professionals before making any financial decisions.These articles may provide reference to Internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products, or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed, and links provided by these resources are not investigated, verified, monitored or endorsed by PNC.