The American economy is strong and the unemployment rate is at a 17-year low. Depending on which study you believe, either 40 percent or 70 percent of U.S. working people are looking to make a job move soon.
These statistics make security practitioners nervous — let’s be honest we are always nervous. The reason these new stats make us nervous is because we know how much intellectual property and sensitive company material is about to leave with our departing employees. While the news headlines usually cover a single, vengeful employee stealing or destroying high profile ideas and information – the bigger problem is that most employees leave with something. According to the National Cybersecurity Institute:
- 88 percent took company strategy materials
- 85 percent took company materials they had created
- 25 percent took material they did not create
To take it one step further, our own research, coming out in July 2018, shows a large percentage of the those in senior leadership roles are part of the problem. A significant portion of executives — anywhere from 49 to 72 percent — have admitted to taking information, ideas, data and/or IP with them from a previous employer to use in their current organization.
It’s called “insider threat” for a reason. In fact, 89 percent of enterprise data loss is the result of insider action. And with 80 percent of a company’s value tied up in its IP, that means insiders could cost your company more than the most well-connected cybercriminal.
Proactive measures can go a long way toward preventing IP theft/loss from occurring. The problems are preventable, but it’s more challenging than ever. Visibility over system activity to catch unusual behavior is paramount. This is made even more difficult by a dispersed, mobile workforce. Most organizations don’t have the tools in place to effectively mitigate this issue — but they’ll still frequently allow a dangerous level of access in the workforce.
When it comes to an IP breach, though, it really doesn’t matter whether it was unintentional or malicious. Once it’s out there — and that includes sales lists, pricing, spreadsheets, trade secrets, etc. — it’s out of the enterprise’s control and vulnerable to falling into the wrong hands.
So, it’s up to the enterprise to take back control. Taking a proactive approach that combines well-communicated internal controls with innovative technology solutions is the best way forward. These solutions need to provide, if nothing else, visibility. Visibility to where data is saved, moved and modified.
While employees are usually required to sign agreement forms that unequivocally state that all work documents belong to the company – making it illegal to copy and take corporate documents on their way out – even the most well-meaning employees are likely to think that what they’ve worked on is theirs.
Here are four steps enterprises can take to mitigate the risk of an insider threat:
- Take a proactive stance on data security beginning as soon as you hire employees by outlining their security responsibilities as an employee of the company. When employees are terminated because these responsibilities were not met, wait a while and remove specific names, but share these cases with others.
- When employees have submitted their resignation, reply by thanking them for their service, conducting an exit interview where you acknowledge that they’re trusted, remind them about adhering to company policy – and have them sign a document that summarizes IP law and their obligations to safeguard your corporate IP.
- In terms of technology, have the type of solution in place that gives you visibility to data movement throughout the network in real time by identifying files that are moved from a device, who is moving them, and when and where they’re being moved.
- Follow up on all alerts. Communicate what you saw with the employee. It may be a non-malicious or an actual malicious act. At that point, it really doesn’t matter. You’re just protecting your IP.