Employees Data Theft – What You Need To Know
[Editor’s Note: Today’s post comes from Rick Weber, president of Elijah, LTD.]
Data thefts from hackers make headlines, but the bigger risk to companies is walking out of the door each day. A recent survey of over 200 organizations found that 69 percent experienced data theft incidents involving corporate insiders, a figure rising to 77 percent within technology and media companies.
Motives for insider data theft are varied, but common scenarios include at least one of the following:
- Competition: In the classic scenario, a departing salesperson copies customer information to make it easier to compete. A single misappropriated spreadsheet could contain the proverbial keys to the kingdom.
- Intellectual Property: Formulas, source code, or other intellectual property are copied to save the time and money associated with developing such materials independently.
- Espionage: Both foreign and industrial, including direct actors and more commonly those looking to make a fast buck by selling stolen date.
- Extortion: Using the threat of releasing embarrassing data to secure compensation.
- Punishment: Not everyone likes being fired. Some people steal data to maliciously publish it without financial remuneration.
- Inadvertence: Many employees keep personal photos, videos, and music on company devices. Business documents accidentally could be transferred during that process.
Given the magnitude of the problem, what practical steps can business take to safeguard their data from departing employees?
- Adopt and Update Computer Usage Policies: Adopting easily understandable computer usage policies, promoting awareness, and maintaining a culture of enforcement can go a long way towards deterring insider data theft. Technology changes rapidly, and such policies periodically should be revised to keep pace.
- Improve End of Employment Processes: Exit interviews represent a perfect opportunity to request return of electronic storage devices, ask if company data is stored in personal devices or accounts, and seek a written commitment that all such data has been returned.
- Perform Targeted Investigations: Certain classes of employees pose particularly high risks for data theft, such as salespeople and senior executives. Forensically analyzing the equipment of key personnel as part of the departure process can result in identification and resolution of data theft issues before damage becomes extensive or irreversible.
- Establish Digital Forensics Provider Relationships: Building a trusted relationship with an outside computer forensics provider can yield substantial dividends. Skilled digital forensic experts can help identify data theft, provide clear reports and testimony, and help identify best practices to minimize organizational risks.
Build an Effective “Exit Strategy”
Evidence shows that companies are most vulnerable to employee data theft when employees quit or get fired. Knowing what an outgoing employee is doing in the days and weeks leading up to their departure is often the most critical time to be policing.
To help build an effective off-boarding program, companies often turn to Elijah Ltd for their The Data Loss Detection managed Service offering. To learn how to minimize the risks of employee data theft and its potential impact on the organization, please visit https://www.elijaht.com/.
Share this Post: