Top 5 Reasons Why Departing Employees Can Be a Security Nightmare

Employees taking sensitive company information with them when they leave their jobs might seem like the stuff of nightmares, but it’s actually a common true horror story. Biscom’s research, for example, found that one in four respondents took data when leaving a company. It’s easy to find examples in the headlines; just look at the recent cases with Uber and Google or Gucci.

What’s more, in today’s digital world, the problem of data theft by departing employees goes far beyond stealing the names of a few customers or a product design sketch. It can mean the loss of gigabytes of critical corporate intelligence and legally protected information like customer cardholder data. And ex-employees have even more avenues for using the data they steal — they can use it against their former employers, leak it to competitors, sell it to the highest bidder or simply publish it on the internet.

Organizations are getting wise to this threat: According to Kaspersky’s IT Security Risks Survey 2017,  52% of businesses say that employees are their biggest weakness in IT security, with their careless actions putting business strategy at risk. If you’re not in this 52% yet, it’s high time to start treating departing employees as a real threat.

But taking effective action requires understanding why employees who are about to leave can turn into the villains in your security horror story. Here are the five top reasons:

1. HR is from Venus and IT is from Mars

In many organizations, communication between HR and IT is so difficult and rare that they might as well be on two different planets. This disconnect creates a great environment for malicious employees who are about to depart. If the IT team is not notified promptly about terminations, malicious insiders have time to use their privileges to copy sensitive data they want to take along with them, or erase important data they don’t want to leave behind. Of course, lack of communication isn’t the only way departing employees retain access privileges after they leave. Sometimes, the IT team is so overburdened and understaffed that they fail to promptly deactivate accounts even though they know an employee has departed. Either way, the result is the same: a gaping security hole.

2. There’s no Idiot’s Guide to help them know better

Failure to educate employees about what they are and are not allowed to do can easily lead to cybersecurity incidents. In fact, Kaspersky’s 2017 IT security risk survey found that careless or uninformed employees are second only to malware when it comes to causing a serious security breach, playing a role in 46% of cybersecurity incidents. Given that HR departments often don’t make it priority to educate staff about what is behavior is acceptable and what is illegal, it’s no surprise that some departing employees are simply unaware they are doing a bad thing when they take documents or a list of contacts with them to another employer.

3. What to expect when you’re inattentive

According to the Biscom report, 90% of respondents indicated that the primary reason for the data theft upon departure was the fact that their employer did not have a policy or technology in place to prevent them from doing it. Even if they are not motivated primarily by malicious intent towards the employer, many people will consider taking confidential information with them that may be of use in their new role. The Biscom research found that with 85% of employees who stole data took only things they had created, following the philosophy, “what was made by me belongs to me.” 25% percent of them even took data they had not created. If there’s no strict policy in place on the actions that have to be taken when an employee is about to depart, it’s almost impossible for IT teams to even track what data has been copied or deleted until it’s too late. The growing popularity of BYOD adds to the problem, especially if device management is poor. For example, when an employee’s contract is terminated, the IT department rarely asks that employee to display their personal devices to ensure all the critical assets have been erased and can’t be assessed later.

4. A series of unfortunate accounts

Too often, an employee who leaves still knows passwords to team accounts used to access important systems or apps, such as Cloud Share or Dropbox. For personal reasons or upon the request of a new employer, the former employee can use those credentials to access and misuse your data. Changing the passwords to shared accounts frequently, and especially whenever an employee leaves, can reduce the risk of unauthorized access to critical data, but few organizations make it a priority to faithfully follow this best practice.

5. 50 shades of conspiracy

The scariest story is when employees from other companies, such as competitors, conspire with employees who are about to leave to steal trade secrets in order to advance their business. We’re all witnessing the drama between the two corporate giants Uber and Google, in which investigators are trying to figure out how exactly Google’s self-driving car trade secret got leaked to Uber and whether Uber’s former CEO conspired with a Google engineer to steal the information as he left the company.

As you can see, the variety of scenarios of how ex-employees can steal corporate data and the reasons that come into play could fill any bookshelf. Eager to know what you can do to minimize the risk of insider threats? Check out how to mitigate the risk of employee data theft.

Learn more about user termination best practices to properly say farewell to your employees.

Product Evangelist at Netwrix Corporation, writer, and presenter. Ryan specializes in evangelizing cybersecurity and promoting the importance of visibility into IT changes and data access. As an author, Ryan focuses on IT security trends, surveys, and industry insights.