Some 12 %of staff members take consumer information, health records, sales contracts and other private information when leaving a business, according to DTEX.
Image: Feodora/Adobe Stock A former worker could attempt to sell account qualifications from their previous company over the dark web. A current worker might record a personal presentation by the CEO and after that send a link to that tape-recording to the press. An existing staff member could share a consumer list with a third party, which then was offered for sale to a competitor. These are simply a few occurrences of information theft and insider dangers examined by workforce security supplier DTEX throughout 2022.
Launched on Thursday, DTEX’s 2023 Expert Threat Investigations Report taken a look at the scope of staff member attrition and data theft for 2022. To create its report, the business took a look at numerous examinations carried out by the DTEX Insider Intelligence and Investigations group for the year. The outcomes indicate a boost in corporate IP and data theft.
What company data are employees stealing?
Must-read security protection
The i3 group investigated practically 700 cases of data theft by leaving workers; this was two times as lots of cases as 2021. Based upon the occurrences, DTEX identified that 12% of employees take sensitive info with them when they leave a company. The taken information consisted of client information, employee information, health records and sales agreements.
But, the 12% doesn’t take into account non-sensitive information, such as templates and presentations; based upon anecdotal evidence, DTEX said it believes that majority of leaving workers leave with this type of data.
How are employees stealing information?
Workers utilize a few different approaches to get business information, including screenshots, recordings, and syncing to individual devices or accounts. As simply one example, the worker who sent a link of the CEO’s discussion to journalism used a screen recording tool to catch the private data and then published the tape-recording to a personal account.
What elements add to workers’ data theft occurrences?
Staff member termination was a significant factor to data theft and system sabotage in 2015. In much of the cases the DTEX group examined, staff members who had been terminated still had some type of access to their corporate accounts, even after they had actually been laid off. In some cases, current staff members offered corporate data or account credentials to their previous coworkers without even understanding they had been ended.
SEE: Access management policy (TechRepublic Premium)
Aside from leaving staff members, existing employees can pose a threat. Some employees maintain side gigs for which they use their business devices. The unsanctioned use of third-party work on such gadgets rose almost 200% in 2015. And in a shadow IT situation, the use of unauthorized applications increased by 55% over the exact same time.
Staff member information theft indication
To catch employees who may try to tape-record or copy sensitive info, DTEX suggests watching for specific early caution danger indications. These consist of:
- The anomalous use of screen or video recording software at video conferences.
- Any research study carried out on how to skirt previous security controls.
- Making use of personal file services, such as Google Drive or Dropbox.
- Saving delicate discussions as images.
To stop workers who may be utilizing corporate devices or applications inappropriately, DTEX suggests searching for some indication. These consist of:
- Unusual web browser activity accessing websites not used by the general staff member population.
- Signing into personal social media accounts to hide activity.
- Using numerous non-corporate webmail accounts.
- Administrative access to accounting systems not associated with their job.
- Unusual use of personal file sharing sites.
How to avoid employee information theft incidents
To safeguard your organization versus data theft and comparable threats, DTEX provides the following suggestions:
- Establish policies that plainly define the distinction in between the personal use and business usage of data, gadgets, networks and other assets. Make sure those policies are conveyed to workers, whether they’re brand-new, existing or leaving.
- Carry out a zero-trust state of mind when eliminating information gain access to for leaving employees. Constantly assume that there will be some staying access to sensitive information and systems after a worker leaves. Turn to tools that will create a full audit path need to an issue arise.
- Understand that technology will not be 100% effective in thwarting information theft. That’s why you need to focus on your policies in this area and keep examining your existing procedures for leaving employees.
- Be proactive by taking a look at the early indication of destructive intent and not simply real incidents.
- Preserve a trusted expert relationship with workers. Regard their privacy, interact policies about data gain access to and deal assistance instead of suspicion.
Check out next: 10 finest worker tracking software application for 2023 (TechRepublic)