How to protect corporate data when an employee leaves

Sooner or later, employees leave – and in almost all cases, they take their organisation’s sensitive data with them.

You might think this threat is limited to employees who have been sacked or feel mistreated, but it’s a far more widespread problem. According to one report, 87% of departing employees take corporate data with them.

It doesn’t matter if they’ve given you years of dedicated service or have only been around for a few months, employees pose a security threat, and organisations must take steps to prevent data breaches.

We discuss how you can do that in this blog, explaining:

• Why staff take corporate data;
• The signs that an employee is misusing your information; and
• The processes and technologies you can implement to prevent employee theft.

Why do employees take data with them?

The most widely cited reason for employees taking sensitive information is when they have been fired or made redundant and want revenge.

Employees may also steal sensitive data if they’ve been passed over for a promotion or have a grievance with their boss.

In either case, staff who have been forced out or who are thinking about leaving are the most likely to steal data.

Even if they’re not doing it to retaliate, they may be under the impression that stealing trade secrets will give them an advantage when looking for work.

These incidents will comprise only a small fraction of the total data theft you experience (presuming the majority of your staff don’t fear for their employment), but because the data is being deliberately misused, they are the most damaging.

By contrast, the most likely circumstance for data theft is employees inadvertently misappropriating the information.

In an era where data is more portable than ever, many employees store company data on personal email accounts, in the Cloud, on their mobile phones or on USBs.

The extensive nature of remote working means staff could also have physical and digital files in their home offices and on personal laptops.

As such, departing employees can retain vast amounts of personal data without realising it.

Although organisations can reasonably assume that the employee won’t use this data maliciously, it may well fall into the wrong hands – particularly when it isn’t subject to the protections offered by your security team.

A third reason employees are liable to take corporate data when they leave is because they don’t think it’s wrong to do so.

National Insider Threats uses the example of an employee who leaves a company after building client relationships over several years. In their mind, they created the intellectual property and are justified in taking it with them.

Unless you have specific provisions stating otherwise, this isn’t true. Information that employees collect as part of their job belongs to the organisation.

If anyone retains a copy after they leave – whether they feel it’s reasonable to do so or not – it is considered a data breach.

Signs that an employee is taking sensitive data

As with any other kind of data breach, there are ways for organisations to detect that an employee is appropriating company data.

The most obvious sign is if they copy information to the Cloud, a USB device or a personal email account.

This generally means that they intend to access the information outside of its usual storage place.

There might be a perfectly innocent reason for this – perhaps your organisation has a BYOD (bring your own device) policy and they are moving documents to a new device, or maybe they are having Internet connection issues and want access to the information offline.

Nonetheless, it puts organisations at risk, because they no longer have visibility of their data and don’t know what the employee is doing with it.

Another sign – often found in conjunction with the first – is if the employee is accessing corporate accounts at unusual hours.

This suggests that whatever they are doing isn’t related to their day-to-day tasks, or that they don’t want the organisation to notice their actions.

Again, there may be an innocent reason for this, especially with remote working promoting flexible hours, but it should put employers on alert.

How to stop employees misusing corporate date

Organisations should use a combination of processes and technologies to mitigate the risk of corporate data theft.

One technique is to give employees company laptops and phones. This means they no longer have a reason to copy information onto personal devices, making it easier for organisations to track where personal data is stored.

It also means that employees must return their devices when they leave the company, mitigating the risk of sensitive data being accidentally stored on their personal computer.

Organisations should also consider placing strict limits on the use of removable devices. They are one of the most common ways that employees exfiltrate data, which is why some IT teams implement technologies that prevent computers and laptops from reading such devices.

Another useful technology is data seeding. This involves planting dummy details in a database, which are then tracked.

This enables organisations to detect data breaches and also acts as a preventive measure: if employees know that stolen data can be traced back to them, they are less likely to attempt anything untoward.

You can find out more about this process with DQM GRC’s dedicated data seeding services.

Aimed at commercial data owners, our data seeding services have been used successfully for the past 20 years to track the use of valuable data assets on behalf of their owners.

We provide unique seed records for you to add to your data supplies and then monitor how your data is being used by your partners, resellers or direct end clients.

The service works for email, physical mail, landlines and mobiles, building a detailed picture of the real use of your data.