Over the past few months, millions of people worldwide either lost their jobs or were indefinitely furloughed due to the coronavirus pandemic. Companies are being forced to make extremely difficult decisions about how to keep on staff during this time of crisis. But what has this got to do with data security or data loss prevention (DLP)?
With an increased rate of employee turnover comes a higher risk to data safety, one that companies of all sizes should be cognizant of. Read on to learn about the dangers to data security that layoffs and employee turnover present, and how you can ensure that your organization stays protected at this critical time.
Internal Data Security Threats
Before we even get to the specifics of the threat to data security posed by employee turnover, we need to recognize the gravity of the internal threat in general.
Research indicates that over a third of data breaches occur at the hands of an insider. This makes sense since it is often insiders that have access to sensitive data. According to the 2019 Data Risk Report, 53% of companies have sensitive files and data accessible to every employee in the company. This is a rise of 41% since last year.
Other key findings from this report include:
-
- 80% of companies with over 1 million folders found over 50,000 folders open to every employee
- 58% of companies found over 1,000 folders that had inconsistent permissions
- 27% of a company’s users had removal recommendations and were likely to have more access to data than they require
- Only 5% percent of folders were sufficiently protected
The data security threats get more serious when employee turnover gets thrown into the mix.
Why Does Employee Turnover Pose A Threat?
Layoff and employee turnover have always been part and parcel of running a company. But the layoffs and furloughs caused by COVID-19 have made the security threats more apparent, and urgent. According to research, 87% of employees admitted to taking their sensitive data and maintaining their access after leaving a company. Not only that, but 28% even admitted to taking data created by other employees.
Even though it can sometimes be malicious, it often is not. In many cases, employees keep their access to corporate data when they leave a company accidentally. Many companies also allow employees to work from home, especially nowadays. This can often mean that employees are using their own computers and devices to store corporate data.
Moreover, when employees are accessing cloud storage platforms, there are automatic back-up procedures that occur in the background without the knowledge of the employee.
As we saw earlier, companies that don’t mitigate the insider threat will have a harder time dealing with the threat to data security posed by employee turnover. Without proper data security protocols, employees may not even be aware that sensitive and confidential data remains in their possession.
But sometimes, it can be malice rather than simple negligence. Employees might feel that the projects and data that they produced rightfully belong to them. This can make them feel entitled to take the data with them when they leave. Or worse still, terminated employees might want to take revenge on their former bosses or try to steal data to gain favor with competitors or share with others to damage their previous employer.
Clearly, these threats to data security must be dealt with effectively.
Best Practices For Dealing With These Threats
For starters, make sure that data permissions are set only to those employees that require it. Especially when it comes to sensitive data, access should be on a strict need-to-know basis.
Additionally, having an employee departure checklist and protocol is an important practice. Make sure that immediately after employees are terminated, their access is revoked. Having loose ends and unnecessary users with file access can result in a data security nightmare.
ITsMine’s powerful Beyond DLP™ solution protects company data against insider threats as well as the threat of employee turnover. It does this by planting thousands of SoftwareMines™ throughout your data, both on-premise and in the cloud. When a SoftwareMine™ gets opened outside of the organization, or by a user without the necessary credentials, the system administrator immediately receives critical forensic information about the breach in real-time.
It also provides File GPS and Call Home capabilities to ensure you never lose touch with critical data.
Finally, ITsMine’s Beyond DLP™ provides forensic information on any data issue to ensure full regulatory compliance.
In securing data when it comes to a decentralized workforce, layoffs and employee turnover, ITsMine is your solution to keep your data protected.
To schedule a demo, reach out here.