Sealpath. When an employee leaves, so does your sensitive data
According to data from the “US Bureau of Labor Statistics” some 3 million Americans leave their jobs voluntarily, and according to another study by BambooHR, in a survey of 1000 workers, a third admitted to having spent less than 6 months in a job before changing.
These figures are for the United States, but in Europe the numbers of workers who leave are similar. According to this ADP study, one third of European workers plan to change jobs in the next three years. There is also talk of a war for talent in different sectors such as technology, health services and professional services, in this other Glassdoor report on employment trends for 2020.
Without going into the reasons, advantages or disadvantages of these turnover rates, companies are continually faced with the reality of workers moving to other companies that may or may not be competitors. During the time that workers have been in the company they have had access to private or confidential information to a greater or lesser extent depending on the type of position or company.
Ex-employees often take confidential data and information with them
According to a study conducted by Osterman Reasearch, 69% of the organizations surveyed have suffered a loss of data or knowledge as a result of employee departure: Whether intentional or by mistake, employees may take financial, confidential, customer information, product data, marketing, roadmaps as well as intellectual property to other companies.
There is concern about this type of situation in the management of companies of any size: Employees who go to other companies or to the competition and may carry know-how with them that may lead to loss of competitive advantage. We also find in the press continuously striking cases, but the reality is that it happens every day in different sectors and company sizes.
Sometimes, when a worker leaves the company, they usually see nothing wrong with taking with them data they have been working with during the time they have been in the company. This is true in any sector and any type of job.
For example, a salesperson may see it as normal to take all of the organization’s customer contact data with them, with email, positions, phone numbers, etc. Or if someone works in the engineering field, they may consider it fair to take information about projects, procedures, quality guides, support, designs, etc. that they have been working on. The same applies to software: source code of the applications they have been working on, documentation, projects, etc.
The most common thing is that the person who takes this information does not have any malicious intention. He simply goes to another position in another company, and to do his job well and meet expectations, he considers that at some point he can use this information from the previous position.
How to prevent ex-employees from carrying documents and sensitive information?
The problem is that a good part of companies face this kind of situation when it is already too late. When the employee has left, and it is difficult to know if the sensitive documentation has already been taken, or it is difficult to prove it.
Beyond ethical issues, this is a reality that many companies face on a daily basis. What can be done to prevent this type of situation? We can find different kinds of approaches:
- Notify employees of ownership of information: This is usually done when a person joins the workforce and is given company guidelines or policies or clauses in the contract. The reality is that this is not always read and over time it is forgotten
- Implementing device control tools: Which prevent copying to USBs, etc. These systems have already become obsolete with the boom of the cloud, access to mobile devices, etc. as the information can be anywhere
- With policies to prevent information leaks through DLP systems, CASB, etc: However, many times employees need to work with the information at home, pass it to unmanaged devices, etc. and it is not always possible to prevent sensitive information from being left out of the control of these types of tools.
- Monitoring user behavior (UEBA tools; User Entity Behaviour Analytics) that indicate if a user is having strange behavior patterns regarding the management of sensitive documentation. Perhaps it can be useful if we detect many downloads the week before leaving the company, but many times the information goes out of the control of the company months before, normally, simply because the workers must use it at home, etc.
These methods or systems are limited and often organizations try to use them when it’s too late and the damage has already been done. However, in extreme situations, there is no choice but to use the legal route with the very high costs that this can entail for the organization.
The most effective solution: Data-centric protection
Information can be anywhere, and if it is of value to the company, we must protect it wherever it is. We can protect this type of information through data-centric protection technologies such as SealPath. How so?
- Keep information secure and under control whether it is within the company or if an employee takes it home to work, to other devices etc.
- Limit what others can do with the documents: View only, view and edit only, but not print or copy and paste, etc.
- Have a complete accessibility control: Who accesses it, when, or if someone is trying to open it without permission
- Be able to block access to information in real time even if it is no longer in our hands and is on other computers or networks
[ Know More: DOWNLOAD SEALPATH DATASHEET ]
Protect your sensitive information now, and without waiting for someone to leave and take valuable company data with them. Contact SealPath and we will show you how we can help.