Insiders pose 'accidental' threat to business data, Symantec says

Blurring lines between home and office lead to data leakage

Valuable intellectual property is leaving companies every day and languishing at insecure locations where it can scooped up by unauthorized parties.

That was one of the findings in a study released this week by cyber security software maker Symantec of Mountain View, Calif.

Half the employees in businesses regularly send work documents to their home computers using a personal account, such as Google's Gmail, according to Symantec. That can be problematic because home networks are typically less secure than those at offices. Gartner reported last year that 20 percent of consumer-grade endpoints are compromised by malware.

Fully 40 percent of employees download work files to a personal mobile devices -- a tablet, for example, or smartphone -- and a third of workers move files using file-sharing apps, like Dropbox, without proper permission, according to Symantec

"The almost ubiquitous availability of storage in the cloud has made it easier than ever to move data around, whether it's for stealing data or taking it home," Tim Matthews, Symantec's senior director for product marketing said in an interview.

[See also: 5 (more) key cloud security issues.]

Most of the workers who move files outside the workplace, he said, don't delete the files after they've finished with them. "Because you have unlimited storage, what we find is employees never think to delete anything or clean it up, so you end up having intellectual property just left in places."

"That will cause data leakage or IP [Intellectual Property] leakage issues down the line," Matthews said.

Commingling personal and work data also contributes to the loss of corporate control over data, he said. "It increases the amount of accidental data leakage when people lose their phone, or they share a Dropbox folder and don't set permissions on the folder properly," he said.

To some extent, businesses contribute to the problem by refusing to recognize the blurring line between their workers' home and office lives, said Paul Stamp, product marketing director at RSA in Bedford, Mass. "Many organizations still have a mindset of inside-the-corporate-network, outside-the-corporate-network," Stamp said. "That's an outdated concept."

The tendency of workers to play fast and lose with their company's intellectual property isn't surprising in light of another finding by Symantec. Nearly half (44 percent) of employees believe that someone who develops the source code for a company has some ownership of it.

What's more, 42 percent of workers don't think it's a crime for the developer of that source code to use it in projects for other companies without permission from the company that paid the developer in the first place.

Those attitudes are reinforced by weak enforcement by companies of policies governing the movement of sensitive information. More than half (53 percent) of companies don't take any action when an employee flouts such policies, Symantec discovered.

"When employees see companies not enforce their non-disclosure agreements or their confidentiality agreements or their IP agreements, it helps them rationalize that companies don't care, so they're not hurting anybody," Matthews explained.

While companies should be concerned about data leakage from employees, insider threats, as a whole, aren't as significant as external threats, according to Stamp.

"Three years ago, people would have said that insider threats were the worst," he observed. "In the last few years, we've seen an upswing in activity from external actors that have bumped them up, although internal abuse is still a big driver for us."

Even the line between external versus internal attacks has blurred in recent years, said Marc van Zadelhoff, vice president of strategy for IBM Security Systems.

"When someone does a spear-phishing attack on an employee, suddenly they may get the credentials of that employee and appear to be an insider," he said.

Read more about cloud security in CSOonline's Cloud Security section.

Join the PC World newsletter!

Error: Please check your email address.

Tags GartnerapplicationssymantecdropboxGoogleData Protection | Cloud Securitysoftwaredata protection

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Gadgets & Things

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >


Learn more >

Family Friendly

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Stocking Stuffer

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?