Nearly 60% of terminated or laid off employees steal proprietary company data when leaving, says a new study released by the Ponemon Institute, an Arizona-based research company. Most employees take hard copies or paper documents but they also admit to downloading and saving data and sending information as attachments to personal emails.
The study does not indicate whether this trend is on the rise but I’d venture to guess that it is, based only on my clients’ experiences. It’s become very common for an employer to discover that an exiting employee emailed himself sensitive information prior to his exit. The study reports that approximately 25% of the employees who admitted to taking data admitted that they were able to access the company’s network even after they’d left. This is obviously the first step when preparing to terminate an employee–remove their access to all confidential data, whether in electronic or paper form.
It’s best to have IT turn off electronic access prior to the termination meeting. And, at the same time, have them scan his emails to determine whether the employee has sent any emails in the last couple of weeks to his personal account, such as a G-Mail, Yahoo!, or AOL account. And determine whether these emails contained any attachments. If so, you should determine just what it is exactly that the employee forwarded in those emails before the termination meeting.
If the termination is a particularly contentious one (i.e., this is a “problem” employee), you should also consider whether you want to preserve all of the individual’s incoming and outgoing emails if you don’t have a system in place to do that automatically. Users of the full version (i.e., not Reader) of Acrobat 9 can do this in a flash by converting all emails to a single PDF document. Or you can forward all of the emails to an HR or other secure email account. Should the employee later file a claim, his emails could very well be the key to your defense so don’t risk losing them.
The founder of the Ponemon Institute suggested that employees steal data because they think they are entitled to it as something they helped to create. Other theories include that employees want to use the information in their portfolios or to otherwise help them seek other work. Of course, the traditional school of thought says that employees steal to “get back” at the employer in response to the wrong they perceive has been done to them. Whatever the reason, employers cannot afford to take this lightly. Confidential and proprietary information belongs to the organization–not to the employee–so the organization must be diligent in preventing the loss of its rightly-owned data.