A big source of theft of corporate data and trade secrets is former employees of the company, a research report said Wednesday.
The survey by the security firm Symantec Corp. found that half of employees who left or lost their jobs in the past 12 months kept confidential corporate data, and 40 per cent plan to use it in their new jobs.
"This means valuable intelligence is falling into the hands of competitors," said Symantec's Robert Hamilton in a blog post accompanying the report.
"Ultimately, this puts everyone at risk – the employee who takes the IP [intellectual property], the organization that invested in it and the new employer who unwittingly receives it. Everyone can be held accountable, and no one wins."
Mr. Hamilton said it was "startling" that many employees "don't think taking corporate data is wrong. Sixty-two per cent of employees think it's acceptable to transfer corporate data to their personal computers, tablets, smartphones and cloud file-sharing apps. And once the data is there, it stays there – most employees never delete it."
He added that "underlying this belief is a lack of understanding who owns the IP. The survey shows that employees attribute ownership of IP to the person who created it," and that companies fail to clearly indicate that they own the data.
Symantec said the report highlights that corporate security must consider how to deal with the threats from within.
"Companies cannot focus their defences solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain," said Lawrence Bruhmuller, Symantec's vice-president of engineering and product management.
"The everyday employee, who takes confidential corporate data without a second thought because he doesn't understand it's wrong, can be just as damaging to an organization."