Just £1,000 is the price it would take for a quarter of your staff to sell company information, according to new research from a cybersecurity firm.
Deep Secure’s What is the Price of Loyalty report found that almost half (45%) of staff would be willing to sell corporate information to people outside their organisation.
Shockingly, five per cent would give it away for free.
According to the firm, this isn’t just a hypothetical scenario – almost six in ten have admitted to having taken information off corporate networks.
Yet, it isn’t always to give to a third party. Whilst almost 50% of those that had taken information from their firm had then passed it on to a third party, 12% had done so because they wanted to keep a record of their work whilst another 12% had done so because it would be useful for a new role.
Where is the information going?
Of those that have taken information from their current firm, most are taking it to a new employer or employees. However, 17% of the time it’s because they’ve been approached by someone they didn’t know.
How is it being taken?
Although most firms are securely in the age of the digital, some of the ways in which employee data is taken is fairly ‘old school’.
Some individuals report using traditional techniques to take information from corporate networks, including printing, handwriting and taking a photo of the information (11%, nine per cent and eight per cent respectively).
That said, most are being taken by third-party email, direct uploading to personal cloud storage, or given to them on an external storage device.
Eight per cent also reported using cyber tools to hide and exfiltrate company information (such as steganography or encryption).
What should HR know about data breaches?
Under GDPR, HR must report data breaches to the Information Commissioner’s Office (ICO) if it believes a security breach has led to the unauthorised disclosure, or access to, personal data.
So, if staff have stolen company information, HR needs to consider if it is going to put personal data at risk.
According to Verizon’s 2019 Data Breach Investigations Report, 43% of data breaches it found from a global survey involved small businesses – so smaller firms should be more wary.
However, it found that scams and hacks targeted at HR were decreasing compared to the year before.
Yet, threats from inside are a significant worry. Verizon found that a third of data breaches involved internal actors.