Outsiders dominate data theft. The Verizon Data Breach Investigations Report (2012) indicates that external attacks account for 98% of all data breaches; the majority involving computer hacking (81%) or malware (69%). It is hardly surprising, therefore, that companies around the world respond to the growing threat of data loss by shoring up their IT systems. Yet all too often, in the mad rush to install firewalls and desktop security, companies forget about the printer in the corner - the one churning out a confidential customer database that will soon be heading out the door in the briefcase of an employee about to take up a position with a significant competitor.
A recent European study by Iron Mountain found that one in three employees has taken or forwarded confidential information out of the office on more than one occasion. Such data vulnerability increases significantly when people change jobs. The study showed that many office workers, regardless of rank or industry sector, have no qualms about taking confidential or sensitive documents with them when they leave, and most believe they're doing nothing wrong.
Half of European office workers who leave for a new role admitted to helping themselves to confidential customer databases, despite data protection laws forbidding them to do so. Employees leave armed with presentations, company proposals, strategic plans and product/service roadmaps, shows our study - all of which represent sensitive and valuable information, critical to a company's competitive advantage, brand reputation and customer trust. The Iron Mountain study found that in almost all cases employees took the information because they had been involved in its creation, and therefore felt a sense of ownership.
The greatest risk, however, comes from employees who lose their job. As many as one in three office workers said they would deliberately take and share confidential information if they were fired.
The Verizon report suggests that ‘insider' data breaches, whilst small in number, are the most damaging. Iron Mountain urges organisations across Europe to introduce a more ethical and responsible approach to information; to adopt what we call Corporate Information Responsibility. Begin with awareness: help employees understand the potential financial and reputational impact of not keeping information secure. Implement a company-wide program to manage information across all formats. Encourage a culture of information responsibility that makes people the first line of defence in mitigating information risk, rather than a significant threat.
By Peter Eglinton, SVP - UK, Ireland & Norway, Iron Mountain