About 12% of employees take customer data, health records, sales contracts and other confidential data with them when they leave, according to DTEX.
A former employee may try to sell their previous employer’s credentials via the dark web. A current employee can record a confidential CEO presentation and then send a link to the recording to the press. An existing employee may share a customer list with a third party, which is then offered to a sales competitor. These are just a few of the data breaches and insider threats investigated by workforce security provider DTEX during 2022.
DTEX 2023 published on Thursday. The Insider Risk Investigations Report examined the scope of employee attrition and data theft in 2022. To create its report, the company looked at hundreds of investigations conducted by the DTEX Insider Intelligence and Investigations team over the course of the year. The results point to an increase in corporate IP and data theft.
What business data are employees stealing?
The i3 team has investigated nearly 700 cases of data theft by departing employees. this was twice as many as in 2021. Based on incidents, DTEX determined that 12% of employees take sensitive information with them when they leave their employer. The stolen information included customer data, employee data, health records and sales contracts.
However, 12% do not consider non-sensitive data such as templates and presentations; based on anecdotal evidence, DTEX said it believes more than half of departing employees leave with this type of data.
How do employees steal data?
Employees use several different methods to capture corporate data, including screenshots, recordings, and syncing to personal devices or accounts. As an example, the employee who sent a link to the CEO’s presentation to the press used a screen recording tool to capture confidential information and then uploaded the recording to a personal account.
What factors contribute to employee data theft?
Last year, a major contributor to data theft and system sabotage was employee termination. In many of the cases the DTEX team investigated, employees who were fired still had some access to their corporate accounts even after being fired. In some cases, current employees have provided corporate information or account credentials to their former colleagues without even knowing they were fired.
SEE. Access Control Policy (TechRepublic Premium)
In addition to departing employees, existing employees may pose a risk. Some employees run side gigs for which they use their corporate devices. Unauthorized use of third-party work on such devices increased by nearly 200% last year. And in the case of the shadow IT scenario, the use of unauthorized applications increased by 55% during the same period.
Warning signs of employee data theft
To catch employees who might try to record or copy sensitive information, DTEX suggests following certain early warning risk indicators. They include:
- Abnormal use of the screen or video recording software during video conferencing.
- Any research conducted on how to bypass security controls.
- Using personal file services such as Google Drive or Dropbox.
- Saving sensitive representations as images.
To stop employees from using corporate devices or applications inappropriately, DTEX suggests looking for some warning signs. They include:
- Unusual browser activity to access websites not used by general workers.
- Access personal social media accounts to hide activity.
- Using multiple non-corporate webmail accounts.
- Administrative access to accounting systems unrelated to their work.
- Unusual use of personal file sharing sites.
How to prevent employee data theft
To protect your organization from data theft and similar threats, DTEX offers the following recommendations:
- Establish a policy that clearly defines the difference between personal use and corporate use of data, devices, networks, and other assets. Make sure these policies are communicated to employees, whether they are new, existing or departing.
- Adopt a zero-trust mindset when removing data access for departing employees. Always assume that there will be some access to sensitive data and systems after an employee leaves. If a problem occurs, turn to tools that will create a full audit trail.
- Understand that technology will not be 100% effective at preventing data theft. That’s why you should focus on your policies in this area and continue to evaluate your existing procedures for departing employees.
- Be proactive by watching for early warning signs of malicious intent, not just actual incidents.
- Maintain trusting internal relationships with employees. Respect their privacy, communicate data access policies, and offer support, not suspicion.
Read next. 10 Best Employee Monitoring Software 2023 (TechRepublic)