While most of us think of security attacks and data loss come from hackers in some Bulgarian basement, the sad truth is that organizational insiders also pose a threat. In the 2015 Vormetric Insider Threat Report, 89% of respondents felt that their organization was now more at risk from an insider attack. A recent survey done by Veriato, a company that makes internal threat detection and employee monitoring software, may offer an explanation.
According to the Veriato survey:
- A third of all employees believe they own – or share ownership of – the corporate data they work on, with half thinking they can take the data with them when they leave.
- 60% of the 400 random employees surveyed saying they have never signed a confidentiality agreement or they never even knew one existed
- 13% of respondents said it was acceptable to take login credentials with them
- 47% said it was suitable to take work product
- 7% said it was OK to take customer data
- 6% said it was OK to take marketing data
- 6% said it was OK to take sales lists
- 5% said it was OK to take financial data
Not all bad news for employers, though:
- 95% would turn down an offer of money from a competitor for confidential data
- Only 5% of respondents acknowledged taking corporate data with them for financial or personal gain.
- Another 7% had been offered money in exchange for confidential information—18% of those offers being $5,000 or more
- 92% of employees would not take corporate data if they knew their activity was being monitored
- 79% believing their company has the right to monitor their activity.
While I am not sure why 47% said it was OK to take work product while only 5% acknowledged that they actually did so for financial or personal gain, the fact that almost half of employees think it is OK is a security concern.