Some 12% of employees take customer contact information, health records, sales contracts and other confidential data when they leave a company, according to DTEX.
A former employee might try to sell their former employer’s account credentials on the dark web. A current employee could record a confidential CEO presentation and then send a link to that recording to the press. An existing employee could share a customer list with a third party, which was then offered for sale to a competitor. These are just a few incidents of data theft and insider threats that workforce security provider DTEX investigated throughout 2022.
Released Thursday, DTEX’s 2023 Insider Risk Investigation Report examined the extent of employee attrition and data theft for 2022. To generate its report, the company reviewed hundreds of investigations conducted by the DTEX Insider Intelligence and Investigations team for the year. The results indicate an increase in intellectual property and data theft in companies.
What corporate data are employees stealing?
The i3 team investigated nearly 700 cases of data theft by departing employees; that was twice as many cases as in 2021. Based on incidents, DTEX determined that 12% of employees take sensitive information with them when they leave an employer. The stolen information included customer data, employee data, medical records and sales contracts.
But, the 12% does not take into account non-sensitive data, such as models and presentations; based on anecdotal evidence, DTEX said it estimates more than half of departing workers leave with this type of data.
How do employees steal data?
Employees use different methods to retrieve company data, including screenshots, recordings, and synchronization with personal devices or accounts. For example, the employee who sent a link of the CEO’s presentation to the press used a screen recording tool to capture confidential data, then uploaded the recording to a personal account.
What factors contribute to employee data theft incidents?
Laying off employees was a major contributor to data theft and system sabotage last year. In many cases the DTEX team investigated, employees who had been terminated still had some type of access to their company accounts, even after being terminated. In some cases, current employees provided company data or account credentials to their former colleagues without even knowing they had been terminated.
SEE: Access management policy (TechRepublic Premium)
In addition to departing employees, existing workers can pose a threat. Some employees maintain side gigs for which they use their corporate devices. Unauthorized use of third-party works on such devices has increased by nearly 200% in the past year. And in a phantom computing scenario, the use of unauthorized applications increased by 55% over the same period.
Warning signs of employee data theft
To catch employees who might try to save or copy sensitive information, DTEX suggests being on the lookout for some early warning risk indicators. These include:
- Abnormal use of a screen or video recording software during videoconferences.
- Any research conducted on how to circumvent security controls.
- Using personal file services, such as Google Drive or Dropbox.
- Saving sensitive presentations as images.
To prevent employees who might be using company devices or apps inappropriately, DTEX suggests looking for certain warning signs. These include:
- Unusual browser activity accessing sites not used by the general employee population.
- Logging into personal social media accounts to conceal activity.
- Using multiple non-work webmail accounts.
- Administrative access to accounting systems not related to their work.
- Unusual use of personal file sharing sites.
How to Prevent Incidents of Employee Data Theft
To protect your organization against data theft and similar threats, DTEX offers the following recommendations:
- Establish policies that clearly define the difference between personal and business use of data, devices, networks and other assets. Make sure these policies are passed on to employees, whether new, existing or leaving.
- Set up a zero trust mindset when removing data access for departing employees. Always assume that there will remain access to sensitive data and systems after an employee leaves. Look to tools that will create a full audit trail if something goes wrong.
- Understand that technology will not be 100% effective in thwarting data theft. That’s why you need to focus on your policies in this area and continue to evaluate your existing procedures for departing employees.
- Be proactive by looking at early warning signs of malicious intent, not just actual incidents.
- Maintain a trusting insider relationship with employees. Respect their privacy, communicate data access policies, and offer support rather than suspicion.
Read next: 10 Best Employee Monitoring Software for 2023 (TechRepublic)