Security firm claims up to 75% of IT staff “steal data”

 

Gallery

By Darien Graham-Smith

Posted on 29 Apr 2010 at 10:35

Three quarters of tech staff could be breaking the law by making personal copies of their employers’ proprietary information, according to security specialist Ipswitch.

In a 2009 survey by the Ponemon Institute, 38% of recently terminated tech employees admitted to sending company documents to personal email accounts. But Ipswitch vice president L. Frank Kenney, speaking to PC Pro at the 2010 InfoSec expo, warned that this wasn’t the full story.

We carried out a survey at the last RSA security conference and we found that more than 70% of executives have absolutely no visibility into files moving out of their organisations

“That’s 38% who admitted it. Double that number and you get a more likely picture,” he pointed out.

“We carried out a survey at the last RSA security conference and we found that more than 70% of executives have absolutely no visibility into files moving out of their organisations. Most people had no policies in place for moving files. So it’s maybe not staff being malicious.”

“For example, let’s say I want to send you a huge PowerPoint file from my work email. It’s so big it bounces back, so what do I do? I put it in Gmail. But suddenly I’ve given the company’s information over to Google, or to Yahoo or Hotmail.”

Kenney believes technology can be part of the solution, but that managers need to be more aware of the risks, and stricter with their data protection policies.

“I can give you all the technology you need,” he concluded, “but you had better have policies in place and be prepared to enforce them. In some cases that might mean blocking a file transfer, in other cases you might need to let someone go. A policy without enforcement is a dog with all bark and no bite.”