Half of all employees admit to stealing data

Nearly half of employees would take sensitive data from their old company to their new place of work if they thought it would help their job prospects, according to a new survey from security software firm Check Point.

Eighty five per cent of employees admitted that they could easily download competitive information and take it with them to their next job. And this despite the fact that 74 per cent of the companies have a policy specifically stating that company personnel are not allowed to take company information out of the office.

Most of that data is likely to be stored on easily concealed USB flash drives, which have supplanted laptops as the preferred means of taking work home: 33 per cent store work data on their USB stick, versus 14 per cent who now use a laptop.

The fact that USB sticks are easily hidden is not the only problem, however, according to the study.

"They are also far easier to lose in transit - making them a likely target for opportunists who may find them very valuable assets to trade with competitors or use to blackmail the company into keeping quiet about the fact that they lost valuable or sensitive information without protecting it," Check Point warns.

"USB sticks are now more popular than ever, with everyone from children up to the CEO travelling around with data on their USB sticks," said spokesman Martin Allen. "Many can now carry 16GB around with them in their pockets which compares, with 640 reams of paper in your pocket. At this estimation it's not surprising they can become a serious security risk. Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is "going walk about" on people's key rings and a great deal are very happy to download information to take with them to their next job."

Check Point advises organisations to ensure that they lock down computers with vital information and centrally control USB sticks by supplying them to staff with mandatory encryption in place. They should also specify that all staff members have to sign a security policy, to ensure that they will not download sensitive or competitive information or take it to their next job.

"Remember, security is a two way process - you need to have your staff on your side, so complement sensible, workable policies, with centrally controlled security technology combined with trust, education and understanding," the security firm advises.

Check Point Software says it questioned 200 senior IT professionals for the survey.