When employees leave a company, there is an increased risk of data theft, which is also known as data leakage or exfiltration. This risk exists regardless of whether an employee’s departure is voluntary or not.
The consequences of data theft by insiders can be severe, as an organization’s most valuable data assets and secrets are vulnerable. Data breach incidents can affect a company’s finances through lost business and intellectual property, and they can lead to reputational damage, litigation and fines.
Departing employees may have different motives for stealing sensitive company data, and it is critical to be aware of and look for warning signs that an insider may be engaging in this impropriety. This article provides more information about warning signs and includes steps businesses can take to prevent these occurrences.
Reasons why sensitive data can be stolen
There are several reasons why departing employees may take company data. While some may be intentional, other incidents may be the result of accidents or misunderstandings. The following are common reasons why a departing employee may take company data:
- To secure a new job or compete with a previous employer— A company̵7;s trade secrets or intellectual property rights may be valuable to a competitor. A departing employee can leverage this information to get a new job or gain an advantage in a new position by using it to compete with their former employer.
- For personal financial gain— A former employee may be able to sell the data they capture, or they may use it to kick-start their own business.
- Seeking revenge– Departing employees may be unhappy or frustrated with the circumstances surrounding their transition. This can lead to the deliberate destruction of data to sabotage or disrupt their former company’s operations.
- In the event of an accident—Data exfiltration may not always be the result of malicious actors. Departing employees may mistakenly believe the data was theirs, or they may mistakenly retain it by not sufficiently wiping the devices they used for business purposes.
Warning signs for data theft
Businesses can work to prevent data theft by proactively monitoring warning signs. Indicators that an employee may compromise sensitive information include actions such as:
- Engaging in suspicious web-based activities, including using incognito browsers, having multiple webmail accounts, investigating how to bypass security, and using personal file-sharing platforms
- Use of unauthorized personal devices for business activities
- Access to business data at unconventional times or repeatedly
- Download or transfer an unreasonable amount of data
- Request access to information outside the scope of their job description
- Record or take screenshots of business meetings
- Acting out of character or in a manner contrary to company policy
- Attempts to deceive or pressure employees to access their data
Tips for data theft prevention
Organizations can implement the following strategies to reduce the risk of employee data theft:
- Be proactive. Look for warning signs to stop data theft before it happens.
- Establish clear policies and procedures. Policies should delineate the line between personal and business use of data, devices, networks and other technology. They should also include procedures for how this information will be disseminated to new, existing and departing employees.
- Assign ownership of insider threat risks. Designate someone within the organization to be responsible for updating the data theft prevention program, conducting employee training and maintaining a data theft incident response plan.
- Have a zero-trust mindset when employees quit. Assume that a departing employee will retain some access to sensitive information after they leave. Use tools that create a full audit trail should a problem occur.
- Recognize that no system will be completely effective in stopping all data theft. No matter how advanced, technical data loss prevention systems are not capable of preventing all cases of data exfiltration. Continually update your policies and regularly test your procedures.
- Encourage cross-collaboration between business units (eg HR and IT). This can be particularly useful during offboarding to ensure that equipment is returned on time and that departing employees’ access to data is restricted where necessary.
We can help
Data theft from departing employees represents a significant exposure, and companies need to be aware of warning signs and techniques to mitigate the risks. If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your business from all risks associated with data theft in the workplace. You can download a free copy of our eBook, or if you’re ready to make Cyber Liability Insurance part of your insurance portfolio, request a quote or download and get started with our Cyber & Data Breach Insurance Application and we will work for you.