The Insider Risk. Preventing Critical Data Loss When Employees Leave

After 15 years of loyal service, a long-term Pfizer employee leaves the company to join a competitor, carrying with her a lot more than the acquired skills and experience. As recently discovered, she had uploaded to her personal accounts 12,000 confidential company documents, including research on its COVID-19 vaccine and cancer therapies. Pfizer has filed a lawsuit, alleging breach of confidentiality agreements, and is trying to prevent her from using its proprietary data at her new job.

The Pfizer ex-employee is one of tens of millions of people around the world who have quit their jobs in recent months, as part of a global wave of departures called the “Great Resignation.” As the Pfizer lawsuit underscores, when people change jobs, they often take intellectual property with them. Most of the time, organizations have insider risk management programs, DLP products, and IT and HR processes in place for when employees are terminated. But are you ready for when the employee or contractor resigns?

Here are some sobering facts about the risks of departing employees:

Due to the upheaval precipitated by the pandemic, people are reevaluating priorities, looking for more money or opportunity, different bosses, or to be closer to family or a more desirable location. The departing employees tend to fit into three types of “leavers:” those who are disgruntled or frustrated, ignorant of corporate policy and confidentiality agreements, or feeling entitled to the proprietary data and want to use it to advance at their next job. Just ask Pfizer.

Of course, not every person who quits their job will steal, lose, or misplace your data. But the fact remains that it’s quite easy for anyone with access to download, email, or move valuable IP to their personal devices or cloud accounts. In light of this growing phenomenon, the best defense is a good offense.

 We recommend the following strategy to mitigate the security risk of departing employees and contractors:

  • Prepare for potential data loss as soon as the employee or contractor was hired. If you wait until they resign, it’s too late.
  • Make sure your security program and solution set give you visibility to employee interactions with data. The best insider risk solutions provide user monitoring and a granular timeline of user activity right up to the moment the employee leaves. This timeline should give you insight on web searches for new jobs or resume-writing tips, which are digital tells of a potential job-leaver.
  • Don’t rely on detection of suspicious activity alone. Proactively prevent data theft with analytics that help identify risky behavior—for example, an uncharacteristic transfer of a massive number of files or copy/pasting of sensitive data from one document into another.
  • Use existing investments in security, HR, and communication tools to inform the behavior analytical models, improve accuracy, and further enable proactive action.
  • Integrate the behavior analytics (aka UEBA) and user activity monitoring (UAM) with data loss prevention (DLP) to automate security blocking policies before the breach or loss happens.

By bringing together proactive measures with analytics, user monitoring, and enterprise-wide enforcement policies, you can simplify data security and ensure the right program and tools are in place before and when any employee leaves. Don’t wait until the employee notifies their supervisor or HR to act. The health and viability of your organization depends on your ability to spot risk when employees resign and stop anything bad from happening before they leave.

If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 on the basis of marketing materials provided by our partners/vendors.

 

Follow us to learn more

CONTACT US

Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

7 + 14 =