So, do you think your employees may be stealing your business IP? Do they even realize it?

I came across a great resource from Symantec – a whitepaper titled “What’s Yours is Mine: How Employees are Putting Your Intellectual Property at risk”. Data listed in the whitepaper is based on the survey was conducted by The Ponemon Institute to examine the problem of IP theft or abuse by employees in the workplace. The results are based on responses from 3,317 individuals in six countries: United States, United Kingdom, France, Brazil, China, and Korea.

If you haven’t thought of  loss of your business IP yet, think about it: according to the study, companies today are losing valuable IP on a regular basis – and not all of it is attributed to business espionage or hacking. While many security initiatives focus on threats posed by cyber criminals, a less obvious threat is often overlooked: your employees. Most of the time employees are using sensitive data in order to do their job tasks. In other cases, they are taking business confidential information to use to their own advantage, or with their next employer. Sometimes employees do not realize it may be wrong or even illegal. All three parties involved – the employee, the former employer and the new organization – are all putting themselves at risk.

Some Statistics on Intellectual Property Theft

  • 50% of employees admitted taking confidential information from their former employer when changing jobs.
  • Employees are moving IP outside the company in all directions – over 50% send business data to their personal email accounts; about 41% download your business data to their personal devices.
  • Employees are not aware they are putting themselves and their companies at risk – over 50% of respondents believe taking confidential information does not harm the company, while 44% feel that your IP is generally available and not secured.
  • About 60% believe ownership of IP belongs to the person who created it, not the company they were employed with.

Is your organization failing to create a culture of security?