Is Your Data Walking Out With Your Ex-Employees?

As Americans are quitting their jobs in record numbers this year, is your data going with them?

The exodus is being called the great resignation. We (the U.S.) set new monthly records for the number of workers leaving their jobs three times this year. In September, over 4 million workers quit their jobs.

If you have intellectual property, customer data and partner information, it is likely going out with those exiting employees.

A study by Tessian says that 45 percent of ex-employees ADMIT to downloading, saving or sending work data out of the network before leaving their job. That only represents those who admit to doing it.

Why are they doing this?

Possibly they feel like they own intellectual property that they created.

They may think it will help them in their new job or new start-up company.

Maybe they are disgruntled and want to do harm.

In the worst case, they may be cybercriminals-for-hire who infiltrate organizations with the intention of stealing data.

Maybe your strategy up till now was to hope that nothing important was lost or stolen. Probably not the best strategy.

Waiting until after the employee leaves to examine their computer is also not a great strategy.

Before you start looking for insider activity, figure what you want to do and what you need to communicate to employees.

If you want to be successful, you need to start weeks before the employee leaves.

In fact, many companies have an ongoing data loss prevention program. That is probably the optimal way to handle this because the smart employee will steal whatever he or she plans to take long before he or she tells you they are quitting.

There are tools that will tell you about data in email, data sent to personal cloud servers (like Dropbox) and different tools that can detect files copied to USB drives.

Assuming that you see that an employee is stealing data, what is your plan?

Some employees may not know that downloading company data is a crime.

In the worst case scenario, a lawsuit may be required.

The first thing to do is to scope out the issues and decide what you want to try and do.

For more information, see this Help Net Security article.

Leave a Reply

Your email address will not be published.