Here's a guide to preventing data from walking out the door with departing employees:
Know your people and keep them happy. Get to know your employees and determine who may pose more of a risk, whether because they have their fingers on your crown jewels or because they seem unhappy or volatile. Be suspect of new employees who offer to deliver customer lists or other secrets from their previous employer. You could get the same treatment when they move on again, Ponemon warns.
And cultivate a happy work environment. Content employees tend to be more loyal, while the disgruntled have fewer qualms about taking things. The Ponemon study found that 61 percent of respondents who were negative about their company stole data, while 26 percent with favorable views did so.
Set expectations. Spell out rules of acceptable and unacceptable use of company information and create a culture of confidentiality. When crafting policies, begin by asking yourself: "What is valuable to your organization?" says Carrie Gates, an engineer at Islandia, N.Y.-based CA Labs. For example, a jewelry company concerned about its designs might want to prohibit employees from transferring design documents to personal email or Dropbox accounts. To boost compliance, explain the reasons for your rules, emphasizing the company's data-control needs rather than communicating distrust of your workers, she says.
Have employees sign an agreement that affirms their understanding of the rules and the need to keep company secrets confidential. You might consider having employees in particularly sensitive roles sign separate confidentiality and non-compete agreements, says Teresa M. Thompson, an employment attorney at Fredrikson & Byron in Minneapolis. Such agreements can set a tone of seriousness that can prevent misbehavior and strengthen your legal hand in trying to compel a pickpocket to return what he or she took.
"Smaller companies … could go under if they don't take an aggressive position," Thompson says. If companies in competitive fields don't take precautions, "they're just open game for people to come and pluck their information and their people."
Put technology controls in place. Protect your sensitive data with technology controls that limit access. Salespeople, for example, shouldn't have access to design blueprints. Use tools such as Active Directory from Microsoft or more advanced identity-management software available from Microsoft and many others.
You also may want to protect sensitive data itself. Microsoft provides tools for protecting documents with passwords, encrypting files and folders, and designating who may access a file. Also consider WatchDox, which offers higher-end controls for documents on computers and mobile devices (prices vary). Installing software on laptops and smartphones can allow you to wipe their contents remotely.