Skip to main content
Part of complete coverage on

The enemy within: Who's stealing your company's secrets?

By Rose Hoare, CNN
August 7, 2012 -- Updated 1026 GMT (1826 HKT)
Nearly a third of workers would take information to a new job if they were fired, according to a new study.
Nearly a third of workers would take information to a new job if they were fired, according to a new study.
  • Study: One in seven European workers have taken confidential information to new job
  • Employees are most inclined to take documents they've worked on
  • Almost a third confessed they would deliberately take files if they were sacked

London (CNN) -- When considering risks to their business, employers tend to worry about hackers or burglars, but the biggest threat to security might come from within.

According to a study conducted by information management company Iron Mountain, a third of 2,031 European office workers surveyed admitted that they had taken or forwarded confidential information out of the office, and one in seven had taken confidential information with them to a new job.

Another 31% said they would deliberately remove and share confidential information if they were fired.

Data breach is a common concern for businesses, but Peter Eglinton, Iron Mountain's Senior Vice President for UK, Ireland & Norway, says they tend to focus too much on monitoring for attacks from outside, while "the people side of the organization and the hard copy are forgotten about."

You can see who's hacking in and taking information, but people don't leave a trail.
Peter Eglinton, Iron Mountain

"You can see who's hacking in and taking information, but people don't leave a trail," he says. "Therefore, if you don't have good policies in place, it's very difficult to work out what has happened with information."

Although we may not always consider the data we work with day in and day out to be particularly exciting, Eglinton says that in any given business there are several functions that might use or create information that's commercially valuable or subject to privacy laws.

"HR or finance will have an awful lot of access to very sensitive information," Eglinton says. "Sales and marketing will have access to customer data, and some of the service organizations will have a lot of information about their patients or their customers."

See also: Work skills you'll need to survive the 'conceptual age'

Of the workers who admitted to taking confidential information to a new job, half said they believed they had a right to take information, and most said they took information because they had been involved in its creation.

Although pervasive, this sense of ownership is misguided, says Eglinton. "The information you create in your daily work doesn't belong to you because you created it," he says, "it belongs to the organization that's paying you to do that job."

The study also revealed that most of those who had taken information when they left a job had relieved their employers of customer databases.

See also: Have you got the career X-factor?

This, according to Chris Pounder of UK data protection training organization Amberhawk, is "a dangerous thing to do." Privacy laws vary from country to country, but in the EU, for example, any processing of information that relates to a living person is a breach of the Data Protection Directive.

Although some consultants and lawyers might be able to negotiate permission to transfer clients with them when they leave a company, Pounder says: "If an employee took a database of customers without the consent of their employer, they are risking a criminal offense.

"And if they did it to set up their own business, they're also vulnerable for someone taking a civil case for damages."

The information you create in your daily work doesn't belong to you because you created it.
Peter Eglinton, Iron Mountain

Besides, making a gift of illegally obtained information is unlikely to ingratiate you to a new boss. Pounder points out that a new employer who knowingly receives personal data obtained in breach of data protection laws could also be liable for damages caused.

So, what can businesses do to protect their data?

Information management companies offer solutions ranging from encryption software to systems that allow organizations to track the whereabouts of files across multiple sites. But Eglinton thinks simply communicating policies regarding information ownership is a good first step towards alleviating the problem.

"I don't think you need to have security guards on the door every day, but reminding people of the policy, and auditing those processes, would go a long way towards managing information more securely," he says.

Regardless of how information leaves a company -- whether due to malice, professional pride or as more businesses allow telecommuting -- Eglinton believes there is always cause for concern.

Even those who take documents home for entirely legitimate reasons and with their employer's consent might be endangering security. "How do you manage information created on the train on the way into work?" he asks. "And how do you manage that information thereafter? If people are taking information out of the office, how do you know that information comes back or is securely destroyed?"

Eglinton predicts that, as the volume of information created grows, executives need to consider "not just the value you get from information, but how you protect it, because it's a hugely valuable asset, but often nobody has responsibility for it."

Part of complete coverage on
Route to the Top
November 3, 2014 -- Updated 0235 GMT (1035 HKT)
When CEOs wish the mic wasn't on. Can you match the gaffe to the boss?
October 27, 2014 -- Updated 0638 GMT (1438 HKT)
Pump up the bass and 2 Unlimted can have a powerful effect on your work performance. For the better.
October 22, 2014 -- Updated 1402 GMT (2202 HKT)
Unleash your inner rock god, find the right partners and be a better boss, says Gene Simmons.
November 3, 2014 -- Updated 0234 GMT (1034 HKT)
Is this what the best business leader would look like?
October 13, 2014 -- Updated 0312 GMT (1112 HKT)
A design studio has found a way to make employees happier and more productive by taking away their desks.
October 8, 2014 -- Updated 1122 GMT (1922 HKT)
Ten statements that when uttered only mean career suicide.
October 2, 2014 -- Updated 1110 GMT (1910 HKT)
How emotional agility is key to being a better boss.
October 1, 2014 -- Updated 1009 GMT (1809 HKT)
It's a common saying that one day all our jobs will be done by robots, but CEOs may not have expected their position in the C-suite to be under threat so soon.
March 28, 2014 -- Updated 1023 GMT (1823 HKT)
A woman passes the logo of WEF on the second day of the World Economic Forum annual meeting in Davos on January 27, 2011.
Women now account for a fifth of FTSE 100 executive board members -- but is the glass ceiling in Britain finally beginning to crack?
March 25, 2014 -- Updated 1558 GMT (2358 HKT)
Julia Hobsbawm is known the "queen of networking." We ask her how she connects with people in the digital age.
March 18, 2014 -- Updated 1057 GMT (1857 HKT)
What can the world's leading bosses teach you about leadership? Check out our interactive to find out.