London, December 2008 - It would seem desperate times call for desperate measures as a survey released today shows that workers will do almost anything to keep their jobs – but at a cost to the employer!! The survey, into “The Global Recession and its Effect on Work Ethics”, carried out by IT security data experts Cyber-Ark, found that more than one third of the 600 office workers (from New York’s Wall Street, London’s Canary Wharf and Amsterdam, Holland), confirmed they would be willing to work 80 hours a week, with 25% prepared to take a salary cut, if it meant they could keep their jobs. Nevertheless, these workers are conspiring behind their bosses’ backs to download vital, useful and competitive information to take with them if and when they get the push!
Interestingly, 56% of workers surveyed admitted to being worried about losing their jobs. Alarmingly, in preparation, more than half have already downloaded competitive corporate data and plan to use the information as a negotiating tool to secure their next post: 71% of workers in Holland confessed to having already downloaded data, 58% in the US and just 40% in the UK. When confronted with the prospect of being fired tomorrow and ethics go out the door (so to speak), 71% surveyed declared they would definitely take company data with them to their next employer. Top of the list of desirable information is the customer and contact databases, with plans and proposals, product information, and access / password codes all proving popular choices. HR records and legal documents were the least most favoured data that employees were interested in taking.
Redundancy is a sore word and rumours that they were looming would send 46% of the global workers interviewed scurrying about trying to obtain the redundancy list. Half said they’d try using their access rights to snoop around the network and, if this failed, they’d consider bribing a ‘mate’ in the IT department to do it for them.
Adam Bosnian, VP of Products, Strategy and Sales of Cyber-Ark says, “Employers have a right to expect loyalty from their workforce, however this works both ways and in these dark days, everyone is jittery especially with lay offs at the top of most corporate agendas - the instinct is to look out for number one. It would be unthinkable to leave money on a desk, an obvious temptation to anyone passing, instead it is always safely locked away and its time sensitive information is given the same consideration. If times get hard, and they invariably will, companies need to ensure that any cutbacks aren’t deeper then expected when stolen data unexpectedly eradicates any chance of survival – our advice is only allow access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data.”
Surprisingly companies do seem to be heeding the danger that data leakage poses. The study reveals workers globally believe it’s becoming harder to take sensitive information out of the company – 71% in the UK acknowledged it was difficult and 46% in Holland agreed. Yet in the US the message still isn’t getting through with only 38% admitting they had found it difficult to sneak information away.
Memory sticks are the smallest, easiest, cheapest and least traceable method of downloading huge amounts of data, which is why this is often considered the “weapon of choice”. Other methods were photocopying, emailing, CDs, online encrypted storage websites, smartphones, DVDs, cameras, SKYPE, iPods and, rather randomly yet quite disconcerting, in the UK 7% said they’d memorise the important data!
Additionally, the study discloses that universally we’re not all as equally conscientious and prepared to work all the hours available. 50% of US workers were prepared to work that much harder compared to 37% in Holland and just 27% in the UK in favour of an 80 hour week. Additionally, when asked what other lengths they would go to in order to keep their jobs, the data wasn’t just limited to the hours employees were willing to put in. For the US there were no boundaries with 15% admitting they’d consider blackmailing the boss and 26% prepared to buy the next round of drinks for a year! The Brits and Dutch were less dishonest with just 3% contemplating bribery, and only 6% in Holland and 2% in the UK willing to buy the drinks.
“The damage that insiders can do should not be underestimated. With a faltering economy resulting in increased jobs cuts, deferred promotions and additional stress, companies need to be especially vigilant about protecting their most sensitive data against nervous or disgruntled employees,” adds Bosnian.
What many managers and business owners do not seem to appreciate and understand it that a disgruntled employee or one that is being made redundant does not need a suitcase and access to the photocopier for a day or so in order to steal vital information. All he or she needs is a USB flash drive with a couple of gigabyte and access to your computers and Bob's your Uncle.
The damage that can be done in this way is enormous and is nothing compared to the sales rep who was made redundant who takes all his client and contact list with him to the new firm and gets a cushy number because of that.
Material removed in this way can inflict rather serious damage to any business if someone would want to release it. On the other hand such knowledge could be vital to a competitor who may hire that former employee.
While it may nor be a good idea to ban the use of USB sticks and other flash media throughout the enterprise, like it was done by the US DoD because of a cyber attack (which would hardly be launched from the inside via such drives though this could be done), a policy of who can and who cannot transfer files and which files should be put in place. This is especially true in the current climate.
The survey into “the global recession and its effect on work ethics”, was carried out by Cyber-Ark’s team of researchers amongst 600 office workers on Wall Street, New York, Canary Wharf London and at an International event in Amsterdam Holland.
Yvonne Eskenzi/Eskenzi PR & Michael Smith, ICT Review
<>