When employees leave a company, whether voluntarily or involuntarily, it is quite common for them to take sensitive and confidential data with them. This paper examines this problem in detail and provides solutions for employers to mitigate the risks. For example:
- A survey published by Biscom in late 2015 found that 87 percent of employees who leave a job take with them data that they created in that job, and 28 percent take data that others had created. Among the majority who took company data with them, 88 percent took corporate presentations and/or strategy documents, 31 percent took customer lists, and 25 percent took intellectual property.
- A survey of 1,000 employees in the United States and Europe found that one in five had uploaded sensitive and confidential corporate data to an external cloud service specifically for the purpose of sharing it with others.
As just one example of data theft by departing employees, in September 2016 the US Office of the Comptroller of the Currency (OCC) detected the November 2015 theft of more than 10,000 records by a retiring employee that may have exposed personal information about OCC employees.
Here are some of the important takeaways from a white paper we recently published on this topic:
- Employee turnover is a fact of life: the typical organization in the United States, for example, can expect that 24 percent of its employees will leave each year, although some companies in the Fortune 500 experience much higher turnover[i].
- Employees who leave their employers, regardless of the reason for their departure, often take with them sensitive and confidential information, such as intellectual property or trade secrets, that belongs solely to their employer.
- The theft of this information can damage a company in a variety of ways, including putting them at risk of a regulatory violation, forcing them to take legal action against former employees, harming their competitive position, and negatively impacting their revenue.
- To reduce the risk of employees taking information with them when they leave, employers should establish detailed and thorough policies and procedures focused on ensuring visibility into employee practices, limiting employee access to data, requiring encryption of sensitive data, managing devices properly, ensuring that data is backed up and archived properly, requiring the use of enterprise apps (since these apps and any associated offline content can be remotely wiped, even on personally managed devices), and ensuring that IT has access to all corporate data to which it should have access (some confidential data, such as HR data, should not be available to IT in all cases.)
To support these policies and procedures, organizations should evaluate and deploy various technology solutions. Technologies that should be considered, but not all of which need to be deployed, include content archiving, backup and recovery, file sharing and collaboration, encryption, mobile device management, employee activity monitoring, data loss prevention, logging and reporting, virtual desktops and other solutions that will minimize the possibility of employees misappropriating corporate data upon their departure.
You can download the white paper here.