Safeguard Data When Employees Leave

Uploaded on 2017-04-19 in TECHNOLOGY--Developments, JOBS-Careers, FREE TO VIEW

Employee turnover is unavoidable. According to CompData Consulting, the average employee turnover rate in 2015 in the US was 16.7 percent, and this number was significantly higher in such industries as hospitality (37.6%) and banking and finance (18.6%). 

While employee turnover and terminations come with a variety of corporate, financial, and logistical hurdles, they also create a wide range of data protection and data management problems.

A survey published by Biscom in 2015 found that 87 percent of employees take the data they created over the course of their employment when they leave, and 28 percent take data that others had created. 

That includes confidential financial data, customer information, intellectual property, price lists, marketing plans, sales data, company directories, competitive intelligence, product design specifications, all of which belong to the business. 

Employee theft is damaging for a company in multiple ways, such as violating national and international regulations, harming their competitive position, or affecting the bottom line. And it could force the company to take legal action against former employees.

While employees take data with them for many reasons, the motivations tend to fall into three main buckets:

Accidental. The cloudification of business and the rise of bring your own device (BYOD) policies means that departing employees could be taking substantial amounts of corporate data and not even realize it. Because a growing portion of employees do some (or all) their work from home, they often maintain a rich source of corporate data on their personal computers or in public cloud services.

Entitlement. Many employees knowingly take information with them because they feel they’re entitled to it, or that it won’t affect the company. If an employee who worked on a flagship account created valuable intellectual property, they may feel justified in taking that information with them. 

This problem is further compounded by the lack of security or monitoring technology to protect against data exfiltration.

Malicious. Employees angry with company management because they were laid off or fired could be motivated for revenge by destroying valuable data. 

Alternatively, a departing employee looking for a quick way to get ahead in a new position at a competing company might be inclined to take a few trade secrets with them. While this group may represent only a small portion of data loss in a company, the damage could be significant.

A perfect example of malicious data theft is the recent story of an IT employee who was fired by Indianapolis-based American College of Education. Before the employee left the College, he intentionally changed the login credentials to an important Google document that stored emails and course materials for 2,000 students. 

Once the College and its students realised they no longer had access to the Google document, the fired IT worker was more than happy to provide the password, once his former employers paid him $200,000. The two parties are now fighting it out in court.

Best practices for retaining data

Data protection should be an ongoing effort, not just a priority when employees leave. To reduce the risk of employees taking information with them when they leave, organisations will need a combination of frequently updated policies and procedures, as well as technology solutions. Most importantly, it needs to be enforced. 

Here are a few best practices for ensuring that data doesn’t leave the office with your departing employees.

Ensure ongoing visibility of sensitive corporate data

It’s crucial for organisations to keep tabs on sensitive corporate data across all areas of the network, including cloud applications or other repositories where data might be stored. Deploying a content archive to capture and index data is an important first step. It will also enable monitoring and auditing to give insight into how employees are accessing data.

Limit employee access to data and develop policies on proper use of platforms 

It’s essential for companies to have acceptable use policies regarding proper use of corporate email, company-owned and personal devices, cloud applications and other platforms where corporate data may be stored. Additionally, companies can set parameters for who has access to what data on a need-to-know basis, ensuring IT has greater control over sensitive information.

Encrypt data at all stages and require authentication

Whether it’s in-transit, at-rest or in-use, sensitive and confidential data should always be encrypted, regardless of its location. Authentication can further protect data by preventing access to unauthorised parties. This alone can prevent much of the data loss that occurs when an employee leaves a company.

Find the right technologies

Content archiving makes corporate data tamper-proof, and makes it easier for data managers to retain, search for and appropriately manage data assets. 

Enterprise Content Management systems are another way to prevent data theft from departing employees because they provide businesses the ability to control access to and understand where corporate data resides. Another option is virtual desktops, ensuring that no data is stored locally.

Look for signs of unusual employee behavior

When employees are planning to steal corporate data, they often exhibit a few warning signs. For example, managers may notice a spike in the volume of information copied to the cloud, USB drives, personal devices, etc. 

The employee may have recently deleted a significant number of documents from their computers or other data repositories. Access to CRM systems at odd hours of the night may also indicate a potential data theft in progress.

Employee turnover is a fact of life, but data loss due to departing employees should not be. Most businesses are not adequately prepared to deal with repercussions of employee data theft, or have the capabilities to mitigate these risks before they occur. 

Blending strong corporate policies focused on the proper handling of sensitive information with the right technology tools that best meet the organisation’s needs can minimise, if not eliminate, the threat of employee data theft.

Cloud Tweaks

You Might Also Read:

Directors Report January 2017. Cyber Security Checklist For Management (£):

Are Employees Your Weakest Link When It Comes To Security?:

Four Steps To Managing Cyber Security Better:

Why SMEs Need Cyber Insurance:

How To Eliminate Insider Threats:

 

« London Terrorist Attack Is A Wake-Up Call For Social Media
FBI’s International Framework On Encrypted Data Access »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Institute for Cyber Security Innovation - Royal Holloway

Institute for Cyber Security Innovation - Royal Holloway

The Institute for Cyber Security Innovation aims to bring together Academia, Industry and Government to be a catalyst for applied research and innovation in cyber security policy and solutions.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

Option3

Option3

Option3 (formerly Option3Ventures - O3V) primarily seek control investments in the growing cybersecurity mid-market, seeking to build champions with the scale to bring cutting-edge products to market.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.