MINNEAPOLIS -- Headlines about cybersecurity breaches and data theft from government agencies and companies such as Caribou Coffee, Target and Medtronic in recent years can inspire fear of bad guys exploiting the internet from dark places on the web.
However, most of the online swiping comes from insiders.
"Organizations are overlooking the most harmful data-security threat: their own employees," said Code42 CEO Joe Payne.
The Minneapolis-based data-security firm commissioned the 2019 Global Data Exposure Report of 1,028 information security leaders and 615 business decision-makers by Sapio Research of the United Kingdom.
"Fifty years ago, if you were going to leave General Motors, you couldn't take the plant with you," Payne said last week. "And the critical information about the production line was locked in a cabinet."
Now, the ideas and other proprietary information is all digital. Companies have done a good job of sharing the information across the workforce, using tools such as Google Drive, Drop Box, Slack and e-mail to improve collaboration.
"The problem is that now our most important information, whether it's sales prospects or customer lists or source code ... is spread across the organization and is highly portable on a thumb drive or e-mail," Payne said. "Information is less 'siloed.' But there are unintended consequences. Our study basically shows that 63% of people admit that they took data from their last job and brought it to their current job. Our work indicates it's closer to 100 percent."
To be sure, Code42 has a vested interest in this one.
The company sells data-loss protection products that are designed to detect insider threats, satisfy regulatory compliance and help investigators respond quickly to loss incidents.
It also has a good point. In the increasingly digital workplace, people and data are fluid. Job tenure is declining. There's more work from remote locations, and employers empower employees and spur productivity with easy-to-use data-sharing platforms.