The Software Engineering Institute at Carnegie Mellon University has conducted new research exploring the issue of IT security at American businesses. It has long been known that ‘insider crime’ conducted by employees of a business poses a significant threat to information security, but the new study indicates that a disproportionate amount of such activity occurs within 30 days of the employee's departure from the organization. More than 600 cases of employee IT malfeasance were examined over the course of the study.
Common types of data that were compromised during an employee's final month on the job included lists of customers, business plans, and other documents that legally remain the property of the business, not the workers employed to create or work with them. Much of this pilfering of intellectual property caused significant harm when ex-employees attempted to use the data in a competitive manner, sometimes setting up their own firms and trying to steal customers.
The study highlighted the need for organizations to develop plans and protocols to follow when dismissing or laying off employees or dealing with voluntary resignations. Such plans are in existence in many organizations, but they typically leave out any IT considerations, focusing instead on physical elements such as keys to the premises.
Businesses should consider hiring an IT company to advise them on needed plan revisions. Such enhancements could be done on a project work basis. An outside firm has a large advantage in this situation because it may be able to identify security issues that are such a part of the institutional culture that in-house staff may not see their pitfalls.