Company secrets can go out the door when employees leave
There’s a one in three chance that your company loses intellectual property when an employee quits, according to a data exposure report from Code42.
And you may not even know what data left with the departing employee.
Consider that nearly three-fourths (71%) of companies don’t know what and/or how much sensitive data departing employees take to other companies, according to the cybersecurity software company’s report.
“People are changing jobs now more than ever,” says Joe Payne, President and CEO of Minneapolis-based Code42, which offers solutions to stop data loss and IP theft from employees and contractors. “That’s when people make bad decisions and take things they shouldn’t.”
Over the past several months, there have been multiple high-profile cases involving alleged stolen intellectual property.
Payne says one of the biggest occurred between Pegasystems, Inc. and Appian Corp. Appian alleged in a lawsuit (https://tinyurl.com/ye8a6etu) that an individual with access to Appian's software passed trade secret information that gave Pegasystems a competitive advantage. A Virginia jury awarded Appian more than $2 billion, Payne says. See https://tinyurl.com/ycx8cvbz
Pegasystems denied the claims: https://www.pega.com/appian-lawsuit-statement.
Contributing to the greater risk of data exposure are such factors as the rapid digitization of business processes, which makes it easy to move information to different places; the abundance and use of data-sharing and collaboration tools like Slack and Dropbox; and more people working remotely and using personal email and devices to move files around, he says.
Payne noted that 37% of workers admit to using unauthorized apps every day and 26% say they use them weekly to share files with their colleagues. Without education and prevention early on, your data is at risk of leaving with an existing employee, he says.
Armando D’Accordo, president of CMIT Solutions of South Nassau, a Merrick-based information technology and security services provider, agrees.
He said many companies are often reactive rather than being proactive and come to him after an employee may have taken or compromised information.
While it’s always been an issue, “we’ve found in the last year people are less loyal to their companies,” D’Accordo says, noting once they leave, it’s hard to tell what information has been taken unless companies take certain preventive measures.
He said it starts with having good written policies in place, including language that says data is owned by the company, and if the employee leaves, no data is to leave the company, which is something he has his own employees sign annually.
Raj Mehta, CEO of Plainview-based Raj Technologies, an information technology company, does the same, noting they have policy language in their employee manual noting that company data is confidential and company property.
Mehta says it's also good protocol that if an employee leaves, their access to any data should be immediately cut off. He noted that it can take weeks at some companies to disable access and that could leave the employer vulnerable.
Beyond policies, there are also various data loss prevention tools you can use, says Michael Maser, Chief Technology Officer at Plainview-based UOTech.co, which provides IT management security and consulting services.
Some are offered through platforms like Office 365 and Google Workspace and can range in functionality from recording data that is transferred from a computer or device to preventing someone from printing documents on unauthorized printers, he says.
“It’s better to have these tools turned on before you need them then trying to do it retroactively,” Maser says.
Code42 also offers preventive solutions including Incydr, which among features watches for employees moving files to untrusted locations and scores the risk of that activity, Payne says.
Flagging risky behavior
If the activity is deemed risky, then through a platform called Instructor, they would be sent a video explaining why the activity was risky and to avoid doing it again, he says.
Other tools that can be helpful Maser says include productivity-monitoring software. One he likes is Zorus. It gives the employer an idea of the types of activities an employee is doing throughout the day like spending time predominantly in Excel or certain websites.
It could be helpful to see this activity in the days or weeks prior to termination or them leaving, he says.
Mehta says his company also takes protections in the office like disabling their computers USB ports so employee's can't insert flash drives, which is another way information can be taken from a computer or device, and puts restrictions on the size of the uploads and downloads employees can make on company computers. USB drives are small and concealable and can provide an easy way for an employee to download data if not monitored, Mehta says.
Consider data segregation tactics where employees only have access to files and data they need access to, says D’Accordo. Also understand at all times what access and equipment has been provided to workers, Maser says.
Fast Fact:
Two-thirds (63%) of employees who admit to taking data with them from one employer to the next are repeat offenders.
Source: Code42 (https://www.code42.com/blog/mitigating-departing-employee-data-loss-threats/)
Outdoor fire ban ... Bicyclist killed in Farmingdale ... Nursing home eyes temporary takeover ... Trampoline fun for kids
Outdoor fire ban ... Bicyclist killed in Farmingdale ... Nursing home eyes temporary takeover ... Trampoline fun for kids