Being in the process of buying my first house, I could do with an extra £5,000. Fortunately, I’m an ethical person and would never consider selling IT Governance’s confidential data. But as my girlfriend always tells me, there’s nobody like me (a compliment, I think). Do all of your employees have good ethics? Would any of them sell your data for £5,000?
No? Think again. According to recent research by ClearSwift, 25% of employees would sell information on company patents, financial records and customer credit card details for US$8,000 – just over £5,000.
The research also found that 3% would hand over company data for as little as $155 (about £100), 18% would accept any offer over $1550 (about £1,000) and for 35% it would take $77,500 (about £50,000).
“While people are generally taking security more seriously – 65% of employees said they wouldn’t sell data for any price – there is still a significant group of people who are willing to profit from selling something that doesn’t belong to them. This information can be worth millions of dollars”, said Clearswift chief executive Heath Davies.
Ease of access
Controlling the data your employees have access to is very important. You want to ensure that they have access to everything they need to perform their jobs, but you also want to ensure they can’t access data they shouldn’t – for example a marketer having access to customer payment details.
So, how well are organisations doing at managing access permissions? Not very well, it seems. The research also found that 61% of respondents had access to private customer data, 51% to financial data including company accounts or shareholder information, and 49% to sensitive product information such as planned launches and patents.
Not very reassuring is it? Data worth millions, available to those who’d sell it for £100.