The consequences of data theft can be steep. With the number of cloud-based systems the average business uses today, preventing data theft by employees requires careful planning. At Camargo, we have an “offboarding” process that involves our Administration, HR, Sales, Service, and Finance leaders. In this article we will discuss some of the motives behind data theft, key warning signs that data theft may be occurring, as well as employee data theft prevention best practices.
Data theft is a major risk when employees leave a company, regardless of whether their departure is voluntary or not. Insiders who steal sensitive corporate data can cause severe consequences. These consequences can include direct financial loss resulting from fines and litigation, as well as indirect losses such as reputational damage and disruption to your business operation.
There are several reasons why departing employees may take corporate data.
- Accidentally believing the data is theirs. Sometimes employees may not even realize that the data is not theirs.
- Gain a competitive advantage at their new place of employment. An employee moving to a competitor or starting their own business may be able to use your company’s data to get started or gain a competitive advantage.
- Seek revenge. A disgruntled employee may sabotage data to intentionally create challenges for their former employer.
Warning signs that an employee may compromise sensitive information:
- Using personal devices for business
- Unexplained increases in accessing or exporting data
- Accessing data outside of their normal working hours
- Exporting excessive amounts of data
Preventing employee data theft requires a multipronged approach. Here are a few best practices companies can follow to avoid employee data theft:
- Proactive monitoring for the early warning signs listed above. Proactive monitoring can come in the form of a technology solution or a simple process to routinely check for early warning signs.
- Clear policies and procedures for data including differentiating between personal and business use of data, technology, and devices.
- Assign ownership. A best practice for any important business process is to assign ownership. Ensuring that a specific individual in your organization is responsible for the employee data theft risk, is critical. This person should fully understand the risk, and be empowered with the right authority, tools, and resources to manage it. Connecting your MSP with the individual in your organization that owns employee data theft, can help the individual better understand the risk and leverage any tools or reports that your MSP can provide. Check out our post on The Top 7 Cybersecurity Considerations for more on this.
- Cross-collaboration between departments. At Camargo we have HR software, policy management software, service CRM software, sales software, marketing and prospecting software, claims management software, VOIP phone systems, comparative rating software, messaging, and web chat platforms… just to name a few. These systems cross multiple departments and business functions. It is absolutely critical that our plan ensures cross-collaboration between departments and business functions. Learn more about HR's Role in Preventing Cyberattacks in our recent post.
Small and large businesses alike suffer data theft from departing employees every day. By understanding why employees steal data, businesses can create an employee data theft prevention plan that identifies the early warning signs and stops leaks before major damage is done. For guidance on creating your own employee data theft prevention plan, or to discuss how cyber insurance can protect you in the event of a data breach, contact one of our advisors today.