Laid off workers stealing company data
By Simon Thorpe on Feb 24, 2009
More news articles published this week are raising awareness of risks involved with sensitive information leaving your organization when employees are laid off. Another research study from the Ponemon Institute, in conjunction with Symantec, surveyed 945 adults in the United States who were laid-off, fired or changed jobs in the last 12 months. It found 59% of employees who leave or are asked to leave are stealing company data, such as contact lists, employee records, financial reports, confidential business documents and software tools
Kevin Rowney from Symantec told the BBC that, "The intellectual property of a company can represent the crown jewels and are almost worth more than the building. This is the core asset of a company and any breach or loss can be very expensive... The industry has concentrated on the protection of the containers where the data is stored like firewalls, access, controls and end point security systems... The end result is that most security teams are protecting the containers not the data itself. And that is a core flaw in the security methodology of many practitioners today,"
Symantec sponsorship obviously highlights their DLP solutions which allows for the detection and control of information as it flows across devices such as firewalls and network files servers onto desktop and laptop computers, and ultimately onto removable USB devices.
Without question i'm going to state that IRM is a perfect compliment to DLP to provide a robust solution to protecting, controlling and reporting on the use of sensitive content. DLP has its limitations and IRM fills those holes, combine this with the total set of security technologies from Oracle and a smart company could ensure the recent increase in risk can be reduced and controlled for a fraction of the cost from the repercussions of loosing all this data.
Another comment I found interesting was, "It is not enough that I will be laid off, that I will have to sell my home and possessions at a loss - I am now considered a 'thief' for'stealing' (ie taking work home with me) intellectual property. Why is the worker blamed for everything that goes wrong with a company?"
Oracle IRM has positive solutions for both problems. It first provides an organization with the ability to have absolute control over documents, not only by limiting who can print (and therefore steal paper copies) but also by removing access to content when an employee no longer works for the organization.
Secondly it can actually help the employee... Oracle IRM allows for a balance of usability and security that allows people to use sensitive content on the move and from home locations. Leaving a company and knowing they are responsible for removing your access rights, frees the ex-employee from all responsibility. If the organization is able to revoke all rights to content, then the end user no longer feels under the spot light when they leave.