With high attrition, the possibility in leakage of confidential information has become a common problem. The impact of information leakage on business profitability is huge and unaccountable. The leakage may also result in the damage to the reputation of the company. When any data reaches the wrong person who can use it for a stepladder and pull you down, it may result in huge losses.
Invisible threat
In most cases, such leakage happens from management level employees. Singh explains, "Most of the time, upper management people are responsible for leakage, as confidential information is accessible only to them." U Suresh Kumar, CEO, Karthik Business Machines, agrees.
|
Real threat: Ex-employees
|
|
|
With globalisation a greater percentage of a company's activity is conducted over the Internet, and as most confidential information is stored on company servers, organisations are vulnerable to misuse of their data by ex-employees. "The chances of leakage of information from an ex-employee depend on the scenario in which the employee left. If he left amicably then the chances are few but if it is not that way then of course the ex-employee poses a threat to the company," confirms Irvinder Singh, CEO, CI Infotech, a solution provider from Delhi U Kumar of Karthik Business Machines insists, "Once the employee has left he should never be entertained again by the company, as he might not be trustworthy." Tips for reducing the potential damage from ex-employees
Companies can greatly reduce the threat from ex-employees by planning effective security checks before and after employees leave. A few sensible steps can ensure mitigation in leakage of confidential information from current and ex-employees. |
Malicious or accidental
Whether the leakage is malicious or an innocent act of employees is difficult to answer. If the employees' innocent behaviour leads to the leakage of information then it could be ignored no matter how much it cost the company but when it is malicious then ignoring becomes impossible. "When leakage happens accidentally or by an innocent act of employees, then we need to give them the benefit of doubt," comments Singh of CI Infotech. He adds that immaturity of employees should be blamed for such behaviour. It depends on the circumstances in which the information has got leaked, observes BV Singh, CEO, Compunet Service, reseller from Delhi.
Loyal employees can also unintentionally leak sensitive data or information by accident. The awareness on part of both companies and the employees about the potential risks of communication and IT usage practices is a must to overcome this problem. However, the employees who accidentally leak information should not be penalized or fired as it may mean loss of good talent and also negatively impact the employe morale in the company.
Damages
Any information or data leakage from an organization damages the company's reputation and credibility. It takes little time for an employee to leak client details or company information via web-based email, P2P, forums or via electronic chat rooms for bribe or for revenge. The reason may be any.
"Leakage of information may result in even up to 20 per cent loss in a company's revenues," says Irvinder Singh. These costs do not include indirect costs that result from brand damage, loss from customer trust etc. Another adverse impact may be seen in terms of reputation and continuity of the business.
|
‘It’s all about the immaturity of employees’
|
|
|
Leakage of business-critical information hampers indirectly, if not diretly always, according to Irvinder Singh, CEO, CI Infotech, Delhi
When we are talking about leakage of information then it is basically related to confidential information, which is not accessible to employees in the company's lower hierarchy. So the real threat is from the upper management people who all are well-aware of the company's financial status, events and strategic initiatives, and also about the projects undertaken. What type of information gets leaked? We are working in a surrounding where everything is done on computers. Email could be still considered as the primary vehicle for communicating sensitive information into or outside of the organization. Password hacking is quite popular, people are fairly technology savvy and that also becomes a threat. So even if vendors come up with latest products to keep our systems and information secure, the very next moment some intelligent person finds a way to hack into the system. Only option for us therefore, is following some best practices to keep our information safe. The policies must be made to handle the confidential data safely. All types of information as specified above is the target. Basically business road maps, strategy, financial details, customer transaction details, customer contact numbers and profiles are attractive targets of employees who want to steal information. What could be the major reason for such behaviour of employees? I believe it's all about the immaturity of employees. The quality of people we get today looks deteriorated. People are more interested in short term gains rather than the long term success. Leakage of information may give them a little monetary or non-monetary benefit, but that may also prove harmful to their careers in the long run. By doing this they also spoil their image in the market place. What kind of damages do companies suffer because of such behavior of senior employees? Information leakage may not hamper business directly, always. However, it does have several indirect impacts. For example, if somebody leaks my project or tender information then there is a loss of revenue which I would have earned by bagging that order. Leakage also hampers a company's goodwill in the marketplace. According to me the critical signal to look for is the way an employee has exited the organization. If the person has left with a warm handshake then the chances are such an employee will not intend or do any harm to you. But if the employee has left following a dustup, then better watch out. What is the solution? Best solution is prevention. Leakage of information may be avoided by creating a good environment at the work place. Improve the internal systems by focusing on becoming employee friendly. Organized reviews on a monthly basis and take feedback from the employees regularly. That may help you prevent any such negative impacts. |
Prevention is the best solution
The best approach to such issues is prevention, believes Rajiv Sethi, CEO, Liberty Automation, a corporate reseller in Mumbai. Bringing in the best practices with regards to information security and management controls are some of the ways one can curb information leakage, he says.
However, one may not impose a blanket ban on all employees. The employees need timely access to data–the right information at the right time. They are the real value creators, so blocking them from a valuable source of information is not the right answer.
Sums up R Mohan, CEO, Cache Technologies, a solution provider from Bangalore, "The company environment and working conditions in addition to the best practices play an important role in reducing the posibility of leakage of confidential information."