Reports from the UK indicate that confidential data theft cases have risen sharply in the last year, with the majority of these involving businesses conducting civil claims against former employees. This information follows the results of a UK survey earlier this year, which reported that three quarters of UK employers had no enforceable systems to prevent employees gaining access to privileged data. A further survey from cyber security firm Symantec revealed that half of employees who left or lost jobs in the previous year kept confidential corporate data, with 40 percent planning to utilise it in their next role.
In a recent incident further underlining this threat, three men have been charged with the theft of intellectual property from their employer, the Wall Street trading house Flow Traders. The men, who worked as traders at the firm, allegedly took proprietary computer source code critical to the firm’s automated trading systems, and emailed it to themselves from their work email accounts. They are believed to have intended to start their own trading company utilising the code.
While the theft of intellectual property by foreign cyber espionage groups receives greater attention in the media, firms are at far greater risk of data theft from employees and ex-employees acting on their own initiative. With the increasing uptake of cloud computing, and Bring Your Own Device (BYOD) policies in the workplace we assess that this risk is likely to increase over the foreseeable future. Key factors in reducing this risk are effective information security and intellectual property policies and training, while limiting access to privileged information as far as possible in line with operational needs.