Your Fired Employees Are Stealing Your Data

from the taking-more-than-a-stapler dept

Mon, Feb 23rd 2009 7:12pm — Carlo Longino

It probably shouldn't come as a big surprise that a new study says 60 percent of employees keep corporate data after they leave a job. The most common types of retained data are things like contact lists and non-financial information, with the ex-employees usually thinking it will help them in their next job. While this sort of stat will probably get blamed on the state of the economy, it's likely that rising unemployment probably only exacerbates it. A more worrying stat from the study is that a quarter of respondents said they were able to access data on their former employers' computer networks after they left the company. This corresponds to earlier research saying that "malicious insider" attacks are on the rise as the number of disgruntled employees and ex-employees grows. With so many companies focused on cutting costs by reducing headcount, effective data security could also fall by the wayside.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data theft, employees

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Rose Garcia, 23 Feb 2009 @ 7:22pm

Couldnt this also called an off-site backup? /sarcasm

But honestly though, some employers of small companies actually offer to continue paying a (not fired, but just had no more work available for that person - or could not continue to pay them as much as they wanted) former-employee's health insurance in exchange for that employee performing a regular data backup every few weeks and keeping that data off-site. It's better than being unemployed, without health insurance and could also be great for helping to keep connections to future employers in the same business industry.
[ link to this | view in chronology ]
Anonymous Coward, 23 Feb 2009 @ 7:35pm

Link is down?
Sixty percent sounds a bit high, perhaps they have something to sell? Nothing sells new security stuff like a bit of scare tactic.

Should I have to delete the code I wrote at home, on my own time, but then took to work in order to make my job a bit easier?

What about all the new and cool stuff I learned at work? Would I have to forget it?
[ link to this | view in chronology ]
- Kevin, 23 Feb 2009 @ 8:13pm
  
  Re: Link is down?
  Sixty percent sounds a bit high, perhaps they have something to sell?
  
  That could be the case. Or the threshold of "taking your employer's data with you" is ridiculously low. The post mentions "contact lists". I know that every time I've left a job I've exported my contacts from Outlook (not the entire address book, just my personal contacts) and taken them with me. Most of the time they are vendor contacts, but they've proven useful in the future. Also, a lot of times someone will take an export of their email box and copies of any archives. In some cases it could be about stealing secrets/business, but in others it could simply be a case of CYA. If your employer deletes your email 30 days after you leave, you have no way to prove that you sent a particular message is a question comes up later unless you kept a copy.
  [ link to this | view in chronology ]
ChurchHatesTucker (profile), 23 Feb 2009 @ 7:47pm

BSA
Isn't this the BSA's business model?

Or have they patented a "method of pillaging a former employer?"
[ link to this | view in chronology ]
Overcast, 23 Feb 2009 @ 8:03pm

What about all the new and cool stuff I learned at work? Would I have to forget it?

I think if many groups had their way - yes.
[ link to this | view in chronology ]
Anonymous Coward, 23 Feb 2009 @ 8:07pm

I left my employer 8 months ago...but they failed to disconnect my phone where I can still check voice mails and can still dial in to the network. What is even more amazing is that it went Ch. 11 last week and I can still do this today. I haven't stolen any data or used my access other than to see if they have disconnected me yet...apparently they laid off the people responsible for overseeing this stuff.
[ link to this | view in chronology ]
Stefanie, 23 Feb 2009 @ 8:38pm

I thought 60% sounded LOW...
I don't know any halfway intelligent, career-minded person who DOESN'T take a list of contacts with them, and most people I know take some form of company data that will show their achievements or provide a sample of their work.

Still, the article is way overblown. People are stealing far more valuable information in their brains than what they're taking out on disks and paper, in most cases.
[ link to this | view in chronology ]
Adam Wasserman (profile), 23 Feb 2009 @ 9:32pm

Stealing?
I would think that a Techdirt writer would know better than to use the word stealing here... there is no theft in this story.

If there was a confidentiality agreement, then there is breach of contract. If there was no confidentiality agreement...

There is no such thing as ownership of data.
[ link to this | view in chronology ]
John Duncan Yoyo, 24 Feb 2009 @ 5:01am

People take information in their heads
What about the information that people carry around in their heads? What is to stop them from call Sid at Amalgamated Widgets after looking his contacts online and offering him a cheaper better stapler than the one you had been selling for your previous employer?
[ link to this | view in chronology ]
jon, 24 Feb 2009 @ 5:16am

theft of service
A bit off topic, but, how about an X-employee that uses a company login for an online service, or continues to use say their company vonage line. I thought I had all the bases covered on removing logins and changing passwords only to find an X-employee who now works for the competition using an aftermarket automotive tech service to obtain wiring diagrams on a company login. Add another password to change anytime someone leaves the company list. Funny part is that he was not supposed to have access to that service even when he was here (the co worker who gave it to him has been appropriately admonished). A lot more than one kind of data that an x-employee can take with them. So, what is theft and what isn't? Let's take it a step further......what is prosecutable and what isn't?
[ link to this | view in chronology ]
:Lobo Santo, 24 Feb 2009 @ 6:22am

Your Fired Employees Are Stealing Your Data
Yes vato, yes we are.
[ link to this | view in chronology ]
Overcast, 24 Feb 2009 @ 6:34am

This is where a stable and loyal IT staff pays off.

But that's ok, keep outsourcing. It's a wonder this question didn't come up sooner.
[ link to this | view in chronology ]
batch, 24 Feb 2009 @ 9:47am

Hi, lets work together
I'm part of an outsourced IT Department and all too often, one of our customers will lose an employee for whatever reason and they don't notify me so I can change their passwords and disable accounts as needed. To make things even better many of these people have VPN access or RDP access. You try and explain the need to communicate that someone left the company to us, but some people just don't get that its a huge risk to wait.
[ link to this | view in chronology ]