[BreachExchange] Safeguarding Data When Employees Leave The Company

Inga Goddijn inga at riskbasedsecurity.com
Wed Feb 15 19:35:53 EST 2017 

http://cloudtweaks.com/2017/02/safeguarding-data-employees-leave-company/

Employee turnover is unavoidable. According to CompData Consulting, the
average employee turnover rate in 2015 in the US was 16.7 percent
<http://blog.compdatasurveys.com/turnover-trends-by-industry-2015>, and
this number was significantly higher in such industries as hospitality
(37.6%) and banking and finance (18.6%). While employee turnover and
terminations come with a variety of corporate, financial, and logistical
hurdles, they also create a wide range of data protection and data
management problems.

A survey published by Biscom
<https://www.biscom.com/security-is-top-of-mind-in-our-2015-it-survey-results/>
in 2015 found that 87 percent of employees take the data they created over
the course of their employment when they leave, and 28 percent take data
that others had created. That includes confidential financial data,
customer information, intellectual property, price lists, marketing plans,
sales data, company directories, competitive intelligence, product design
specifications – all of which belong to the business. Employee theft is
damaging for a company in multiple ways, such as violating national and
international regulations, harming their competitive position, or affecting
the bottom line. And it could force the company to take legal action
against former employees.
While employees take data with them for many reasons, the motivations tend
to fall into three main buckets:

   - *Accidental.* The cloudification of business and the rise of bring
   your own device (BYOD) policies means that departing employees could be
   taking substantial amounts of corporate data and not even realize it.
   Because a growing portion of employees do some (or all) their work from
   home, they often maintain a rich source of corporate data on their personal
   computers or in public cloud services.


   - *Entitlement.* Many employees knowingly take information with them
   because they feel they’re entitled to it, or that it won’t affect the
   company. If an employee who worked on a flagship account created valuable
   intellectual property, they may feel justified in taking that information
   with them. This problem is further compounded by the lack of security or
   monitoring technology to protect against data exfiltration.


   - *Malicious.* Employees angry with company management because they were
   laid off or fired could be motivated for revenge by destroying valuable
   data. Alternatively, a departing employee looking for a quick way to get
   ahead in a new position at a competing company might be inclined to take a
   few trade secrets with them. While this group may represent only a small
   portion of data loss in a company, the damage could be significant.

A perfect example of malicious data theft is the recent story
<http://www.ksdk.com/mb/news/fired-it-employee-offered-to-unlock-data-for-200000/386683543>
of an IT employee who was fired by Indianapolis-based American College of
Education. Before the employee left the College, he intentionally changed
the login credentials to an important Google document that stored emails
and course materials for 2,000 students. Once

the College and its students realized they no longer had access to the
Google document, the fired IT worker was more than happy to provide the
password – once his former employers paid him $200,000. The two parties are
now fighting it out in court.
Best practices for retaining data

Data protection should be an ongoing effort, not just a priority when
employees leave. To reduce the risk of employees taking information with
them when they leave, organizations will need a combination of frequently
updated policies and procedures, as well as technology solutions. Most
importantly, it needs to be enforced. Here are a few best practices for
ensuring that data doesn’t leave the office with your departing employees.

   - *Ensure ongoing visibility of sensitive corporate data.* It’s crucial
   for organizations to keep tabs on sensitive corporate data across all areas
   of the network, including cloud applications or other repositories where
   data might be stored. Deploying a content archive to capture and index data
   is an important first step. It will also enable monitoring and auditing to
   give insight into how employees are accessing data.


   - *Limit employee access to data and develop policies on proper use of
   platforms.* It’s essential for companies to have acceptable use policies
   regarding proper use of corporate email, company-owned and personal
   devices, cloud applications and other platforms where corporate data may be
   stored. Additionally, companies can set parameters for who has access to
   what data on a need-to-know basis, ensuring IT has greater control over
   sensitive information.


   - *Encrypt data at all stages and require authentication.* Whether it’s
   in-transit, at-rest or in-use, sensitive and confidential data should
   always be encrypted, regardless of its location. Authentication can further
   protect data by preventing access to unauthorized parties. This alone can
   prevent much of the data loss that occurs when an employee leaves a company.


   - *Find the right technologies.* Content archiving makes corporate data
   tamper-proof, and makes it easier for data managers to retain, search for
   and appropriately manage data assets. Enterprise Content Management (ECM)
   systems are another way to prevent data theft from departing employees
   because they provide businesses the ability to control access to and
   understand where corporate data resides. Another option is virtual
   desktops, ensuring that no data is stored locally.


   - *Look for signs of unusual employee behavior.* When employees are
   planning to steal corporate data, they often exhibit a few warning signs.
   For example, managers may notice a spike in the volume of information
   copied to the cloud, USB drives, personal devices, etc. The employee may
   have recently deleted a significant number of documents from their
   computers or other data repositories. Access to CRM systems at odd hours of
   the night may also indicate a potential data theft in progress.

Employee turnover is a fact of life, but data loss due to departing
employees should not be. Most businesses are not adequately prepared to
deal with repercussions of employee data theft, or have the capabilities to
mitigate these risks before they occur. Blending strong corporate policies
focused on the proper handling of sensitive information with the right
technology tools that best meet the organization’s needs can minimize, if
not eliminate, the threat of employee data theft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170215/5c5fa8ec/attachment.html>

More information about the BreachExchange mailing list