Departing employees are taking company data with them

In the face of employees leaving the workplace with company data in tow, employers are being warned to think outside the box with their data protection and cyber security frameworks.

Risk management platform Mimecast has warned Aussie organisations about the cyber security risk of departing employees who take company information when leaving a role. Businesses are being exposed to operational, financial, and reputational risks when employees – inadvertently or not – take customer lists, strategic plans, source code, or trade secrets with them.

Especially prevalent in the new year, when all forms of new beginnings – job changes, career resets, resignations, redundancies, and corporate restructures – are rampant, these incidents are shifting the focus from traditional cyber attacks to threats from within.

And they’re on the rise.

John Taylor, chief technology officer for Mimecast in the Asia-Pacific region, highlighted that organisations that are unprepared for this phenomenon “risk serious data exposure, loss of competitive advantage, and costly breaches”.

An issue companies are running into is the unclear definition of theft, which is leaving room for misunderstanding by well-intentioned employees. In connection is the sense of ownership employees feel over existing work. Contributions to a company can feel like IP, and many don’t consider this theft.

Those with more malicious intentions can often easily disguise the potential insider risk they pose.

Taylor warned that “we are seeing more cases where insiders – once trusted with access – walk out the door with critical information because existing controls weren’t built to monitor behaviours tied to changing employment status”.

Everyday actions such as transferring information to USB drives, personal cloud accounts, or unsecured emails can mask intentions, making extraction and exfiltration of sensitive information less obvious for cyber security tools and security teams. The damage is often done before the leak is detected.

So what can employers do to stem this flow?

HR and security collaboration is the key. Establish clear paths for departures with a focus on security, and be proactive around revoking access, monitoring file activity, and quarantining devices. Reminders about data ownership, a culture of accountability and supported offboarding will also lessen the risk.

In addition, businesses are urged to invest in visibility and automated controls that can detect potential leaks.

“Businesses need to think beyond traditional cyber security tactics,” Taylor added. “Insider risk is a human-centric threat.”

And his advice for departing employees? “Don’t do it,” he said.

“Don’t forward or back up work emails to personal accounts, as it can count as data theft. Don’t export contacts or client lists, even if you ‘built’ them, as they’re still company data. Don’t save files ‘for later’ via personal drives, WhatsApp, screenshots or USBs.”