Information Risk – Serious Business
When is information at risk? One way, that I am not sure is addressed by organizations, is information leaving the company through employee attrition. Sales, are typically escorted out the door on the day of resignation. Although, for the previous 3 weeks, they were emailing the customer database, and pertinent emails to a personal email account. According to a survey by Iron Mountain 87% of executives in Europe do not believe that employees take information with them when they leave. Really?
There were two comments in the article that I thought were particularly interesting, “Employees, it revealed, happily take highly confidential or sensitive documents and databases with them, and many believe they’re doing nothing wrong”. The second comment, “Two thirds said they had taken or would take information they had been involved in creating, and 72 percent said they believed the information they took would be helpful in their new job.”
According to the article, employees are taking presentations, proposals, strategic plans, product or service roadmaps, and 51% are taking customer databases.
Of course, organizations may feel that it just isn’t worth it to put processes in place to prevent this from happening. But it is still information at risk. I would guess that most former employees are taking information that will be useful in new positions, and not taking information to blackmail, or publish confidential information. But the risk does exist.
Do you think this is just over-protection and the organization has way more important priorities? How would you stop it? Then, you have employees who have access to confidential information, and really don’t need it. Interestingly, those who have secure access to corporate emails, spend time reading them. But that’s another blog.