Check Point Software Technologies, developers of the ZoneAlarm security range, has announced the results of research which suggest that half of all staff will happily walk away from employment with competitive information about your business in their pockets. That they are walking straight into another job with it should be cause for concern to any employer worth his or her salt.

85% of employees questioned said that they could easily download useful information and data and take it with them when they moved job. This despite the fact that 75% of the companies they worked for having a competitive intelligence policy for departing staff. Perhaps the small matter of 75% of them not having a matching security policy to prevent data walking out of the door has something to do with the discrepancy?

At the heart of the problem would appear to be the fall in price and rise in capacity of USB memory sticks. The survey found that 33% of people store work data on a USB stick compared with just 14% using the company laptop. That’s 14% using the often highly secured company laptop compared to 33% using an USB stick that the company don’t even know exists let alone has applied any security thought to.

Of course, a USB stick is not only cheap and easy to carry, it’s also easy to lose. And if you take the top end of the market, a 16Gb capacity stick, that’s the equivalent of being able to carry 640 reams of paper around!

As Check Point spokesman Martin Allen points out “Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is “going walk about” on people’s key rings and a great deal are very happy to download information to take with them to their next job.”

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

11 Years
Discussion Span
Last Post by Gilette

far more damaging is all the information those people carry out in their heads!
All the years of training you spend on them, all the secrets about your company processes and products they accumulated through creating them.

Must not allow your people to take their heads out of the building!


Even the smartest employee is unlikely to have a head that can remember all the contact details and personal notes relating to 5000 customers and potential customers.

Even the dumbest USB memory stick can.


Some (not all, of course) of this kind of thing would be eliminated, or at least minimized, if companies put as much effort and sincerity into treating their employees fairly and right as they do enriching some of these CEO's to sit on their dead behinds all day.


Vista clients can be configured to prevent this theft possibility.

As a previous poster pointed out, yes good treatment of employees is a great practice for infosec but sometimes this comes down to dollars and potential profit for the thieves.

Great article.


Information is becoming the key to it all. Whether a company continues to provide access to the level of information currently able to be sourced on a USB key remains to be seen. But something has to change, or we can probably expect to see an international court case about stolen company information.

Now zonelabs are just about my favourite antispyware tool, next to Dr spyware - so I anxiously await the new Vista version of zonelabs.


Very little has changed. In the past people could walk out the door with boxes full of copied documents from the company archives and noone would blink, today they copy those same documents to a flashdrive or CDR (yes, ever more people have CDR drives in their systems at work).

The idea is to not allow people access to things they have no need to see, and to make them happy enough that they have no incentive on leaving to steal things (and make sure they know the consequences if caught).

My father could easily have walked out on his job as a tax/business consultant at a major firm with damning information about hundreds of companies (including the one he worked for and all the customers of his department) and noone would have noticed.
At the time his only computer access was a mainframe terminal and a 5150 series IBM luggable which he can't carry because of his bad back...
But as a senior consultant he had access to all the archives as well as having copies of ALL client files for his department in his office and a photocopier just around the corner in the hallway.
He also had the keys to the building so he could work nights and weekends.

Noone ever checks who takes boxes of paper and other small stuff from store rooms and noone ever checks who uses photocopiers (in most companies, there are some where you have to swipe a keycard to use them at all, mainly to enable billing per department), so making copies would have gone unnoticed.
Do it over a weekend and he could have done it.
It could have brought him a LOT of money too most likely, but he never even dreamed of doing it.

People who do dream of doing such things however won't be stopped by pretty much anything set up to prevent them. They'll always find a way. All you can do is make it harder for people who should not have had access to the information in the first place to find the information, but once you've found it you can always take it out one way or another.

And indeed, maybe you can't cram into your head what you can cram onto a flashdrive. Not in one go at least...
But you will have time, take it out in bits and pieces.
Less chance to get noticed too...


There is nothing that can be done about this from the technical side. It will always be possible. If you lock down the computers to the point that they can't do this, they won't be able to get any work done either.


There is nothing that can be done about this from the technical side. It will always be possible. If you lock down the computers to the point that they can't do this, they won't be able to get any work done either.

Windows Vista clients can be configured to prevent this theft possibility. I don't understand how inserting and using a foreign/unauthorized USB memory stick interferes with someone's ability to get work done.


One reflection on this is that the discussion seems to cover technical limitation pros and cons over the business agenda. Another corner is the juridical view on rights and wrongs. Yet a picture is the unaltered behavior regardless of the technology changes paradigm counted. When I looked into the area of informatics, awareness about this issues is a fact. Dealing with data is technically one thing, another is the consensus making it useful information, and at last the trust in business and as long as business is built on trust, business and customer data is of most importance.

It is easy to conclude that information produced stating a person shopping behavior or something likewise is sold to third party country and someone made a great deal of money on it. It is tested and confirmed that radio Lan is available to crack into right outside the shop, and it doesn't take that amount of time either. It's rather easy. Customers are completely unaware about this and trust the mall. What can they else do? The first one making inquiries about it is showed the door. Most people have no understanding of this area and if enlightened about it, they rather trust the mall because it is easier to do that. All of this goes to the regular behavior society wise. When someone finds and can prove an illegal irregularity of usage, it will be a juridical case out of it. Bottom line is that behavior and understanding doesn't count until it is proved by means of justice. Seeing it all this way says that we have come nowhere at all since ages ago in the way we look upon ourselves. We rely on trust and that is why we have useless rules and technology demands.

If we started to learn more about ourselves we can hire the right people to do information sensitive work and protect it better. Still today, we understand ourselves from the society of production when we already are in the era of information. It is a big difference in between and the marker came already in the 80'th last century, defining overproduction for real. We still regard people able to reproduce yesterdays event as profitable and reliable. New times tells us to identify more than before, changing procedure more often than before, vary oneself as well as vary the production more intensive than before. Irregularity becomes a daily agenda as we regard the people following this trend as insecure and not trustworthy. I think we need a new awareness in this age of information, breaking the bonds to the simple man of production reproduce.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.