It seems like every day we hear of another company falling victim to data threats, but what might surprise you is that nearly 75 percent of breaches are caused by insider threats, according to the news site SecurityIntelligence.
By Brian Schrader
In fact, 87 percent of exiting employees take data they created and 28 percent take data others created, according to a Biscom study. Further, one in five employees has uploaded sensitive and confidential data to an external cloud service specifically to share with others.
So, what can employers do to ensure their company data is safe after employees leave?
Implement clear and simple policies
The easiest way to prevent employee data theft is to be proactive. Create an agreement that addresses data security, stating exactly who owns what data and how employees are expected to handle, store, use and protect that data. The agreement should encompass data created not just at the company on company devices, but anywhere on any device, even on personal devices, as long as it has a connection to the company or its business. Further, the agreement should include a confidentiality clause stating the employee acknowledges that they may not share or take company data at any time during their employment or upon their departure.
Consider including the agreement as part of your employee onboarding process so that your commitment to data security is clear to employees from day one. That alone can go a long way in helping to deter employee data theft.
Also consider adopting a need-to-know approach to data access, limiting the amount of sensitive information at risk of being compromised. Employees need access only to the systems and data necessary to perform their job. While this can be difficult to manage at times, you should – at the very least – implement role-based data access over your most sensitive data.
Other policies you have in place to protect data from outside threats will also serve as a deterrent for insiders. Security solutions like encryption, for example, protect your data, make it clear that the data is highly valued and protected and can be as helpful in preventing employee theft as it is in keeping bad actors out.
Detect and investigate potential data theft
Unfortunately, no matter what protocols you have in place, it’s impossible to fully protect against an internal data breach, so detection efforts are key.
Upon an employee’s departure, it’s good practice to retain their data and devices for at least 90 days to allow any potential data theft to come to light. If there is any suspicion of data theft, the retention of the devices and data should be continued until the matter is resolved, or at least until a forensics team can properly preserve those resources and defensibly collect the data.
With especially sensitive positions like senior executives and others who have access to highly confidential information, some companies may consider creating a forensically sound duplicate – or image – of the employee’s devices before wiping or reissuing them.
It’s important to work with a trained and certified individual on such digital evidence preservation work, as a case can quickly be foiled by a well-meaning technical person (lacking in forensics or evidentiary handling training) who “takes a quick look around” to see what data might have been compromised or stolen.
Once everything has been preserved, a forensics investigator can examine the employee’s data and devices for various types of evidence indicating potential data theft, such as:
- Large volume of copied files – or just one to two highly confidential files that were moved to another device or cloud account
- Recent USB connections to unauthorized or unknown devices
- Proprietary files residing on a device that should not have access to them (like a downloaded customer list from your CRM)
- High levels of activity outside normal business hours
- A significant increase in outbound emails
- Recently added or deleted software, especially ones with data maintenance or wiping capabilities
The discovery of one or more of these activities should trigger immediate action to recover the potentially compromised data.
While it’s important to protect your data from external bad actors, don’t forget that the biggest threat may exist internally. Take the necessary precautions now to protect your data and detect employee data theft.
Brian Schrader, Esq., is president & CEO of BIA, a leader in reliable, innovative and cost-effective eDiscovery services. With early career experience in information management, computer technology and the law, Brian co-founded BIA in 2002 and has since developed the firm’s reputation as an industry pioneer and a trusted partner for corporations and law firms around the world. He can be reached at [email protected]