Employees Put Intellectual Property at Risk
By Samuel Greengard
The digital age has radically transformed the nature and value of information. Although intellectual property (IP) has always played a key role in driving business success, the volume of information and knowledge is growing exponentially. A new report from Symantec, "What's Yours is Mine: How Employers are Putting Your Intellectual Property at Risk," outlines a growing array of challenges and threats.
At the heart of the issue: "Employees' attitudes and beliefs about intellectual property theft are at odds with the vast majority of company policies," points out Robert Hamilton, director of product marketing at Symantec. "Trusted employees are moving, sharing and exposing sensitive data in order to do their daily jobs. In other instances, they are deliberately taking confidential information to use with their next employer."
Symantec found that half of employees admit to taking corporate data when they leave a job, and 40 percent say they plan to use the data in their new job. Hamilton says that these employees aren't necessarily malicious; they simply don't know that it's wrong to carry the information with them. In fact, many believe they have some ownership of the IP.
"Even when their employment agreement says otherwise, if they helped to create the IP, they think they are entitled to it," he notes.
The study also found that 62 percent of employees think it's acceptable to transfer corporate data to their personal computers, tablets, smartphones and cloud file-sharing apps. In addition, 56 percent do not believe it's a crime to use a competitor's confidential trade information. Symantec reports that most data that winds up on devices is never deleted, thus ratcheting up the risk of a so-called "data spill."
Further complicating matters, organizations are failing to create an environment and culture that promotes responsibility and accountability in protecting IP. Only 38 percent of employees believe that their manager views data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies. Remarkably, 53 percent said that their company takes no action when employees take sensitive information that is against company policy.
"The emphasis should be on educating employees—many of whom are unaware that what they're doing is wrong—and reinforcing what it means to sign a nondisclosure agreement," Hamilton says. It's also critical to put security protections in place and enforce policies—not only to thwart the direct risk of data loss, but also to dissuade employees from rationalizing that their actions are acceptable.
IP loss, what Hamilton refers to as "contamination," can also put an organization at risk of a lawsuit when an employee starts a new job. This emphasizes the importance of creating a comprehensive policy and addressing IP issues with new hires.
"Ultimately, IP theft puts everyone at risk: the employee who takes the IP, the organization that invested in it and the new employer who unwittingly receives it," he explains. "Everyone can be held accountable, and no one wins."