Around half of employees have not signed a non-disclosure agreement (NDA) with their employer, nor were unsure whether they had.
According to a survey by Varonis of 120 companies at Microsoft TechEd events in June, 44 per cent had not signed an NDA, while 29 per cent admitted to deleting data upon leaving a job. Speaking to IT Security Guru, director of inbound marketing at Varonis Rob Sobers said that this shows that businesses do not have a proper identity protection program and they should communicate with staff with training about the correct ways to handle confidential information.
“Also if you leave a job, you should return the information that is in the cloud, and this is why you need proper access controls and enforce it as to be successful in control you need to put in measures and control to ensure that not everyone has access,” he said.
The survey indicated that having an NDA in place can help reduce the number of employees who upload sensitive data to their cloud accounts without company approval to 13 per cent from a current average of 18 per cent.
Andy Green, technical content specialist at Varonis, said that nothing is done at the start of a person’s employment and five years later, no one is checking security procedures as employees use cloud-based storage and file sharing technologies and email work outside the perimeter to complete at home, as no-one has told them how to do this safely.
Sobers said that while the insider threat is an issue, as they can cause much more economic damage than a hacker, this can be better mitigated with proper access controls.
Asked if they store corporate data in personal cloud environments, 27 per cent said they did, while five per cent admitted to uploading “confidential” data to the cloud. Sobers said: “We find that with large organisations such as banks, the file sharing infrastructure involves petabytes of data, so just taking it and moving it to the cloud is a big issue and not likely to happen. It is not about decommissioning a data centre, so we offer technology to do the file management.”