When an employee leaves an organization, HR and IT are quick to make sure they’ve returned company property: laptop, monitor, building access-card, mobile device. But to prevent data theft, who’s making sure departing employees aren’t taking the organization’s most valuable asset – company data?
Many organizations have moved to cloud-based technologies as a central point of business operations due to its scalability and convenience. Solutions such as Salesforce started off as a CRM but have grown to manage the workflow and data of an entire organization. As a result, employees have access to a bevy of sensitive data i.e. detailed customer, prospect, ordering systems, and financial information.
In a survey by Osterman Research, 69% of organizations polled cited data loss when an employee leaves their organization. Often-times, this data contains highly sensitive information, such as proprietary code, customer, and prospect information. Employees may not intend to take data out the door in certain incidents, but this may not always be the case. Some former employees may be looking to gain a competitive advantage in their future endeavors. This is why organizations need to take proactive efforts to prevent data theft from departing employees.
In a study by Gartner that examined malicious insider incidents, 62% involved employees looking to establish a second stream of income from their employers’ sensitive data, 29% of departing employees stole information on the way out to help with future endeavors, while 9% were saboteurs.
Before you get out your giant lock and key, be aware that protecting your organization’s data takes a multi-layered approach:
6 ways to take a proactive approach to prevent data theft and secure your organization’s data:
1) Assess what data you need to protect most
Your organization most likely uses multiple applications, third-party partners, and a largely expansive workflow. The reality is that your data is probably not contained within a few secured systems. Taking the time to conduct a comprehensive risk assessment will give you an idea of where you need to focus your security strategies. Knowing where your data is located and who has access to it, will give you a foundation to build upon with other security tools and data protection strategies. Below are some questions you can focus on answering:
- What sensitive data does my organization store, use, and transmit?
- Who has access to what data?
- Who controls database access?
- Is my data secure when it’s not in use?
- Is my data secure in transit?
- What regulations/laws do I need to comply with? i.e. FINRA, HIPAA, PCI, FFIEC, NY State Cybersecurity Rule, GDPR, and FCA.
2) Policies and procedures
It’s every employees’ responsibility to protect company data and prevent data theft. Create transparent and explicit data security policy. This will help keep employees accountable for securing your sensitive information. Below are a few essential topics to cover in your policies and procedures:
- Data privacy– make sure your employees are fully aware of the laws they must comply with when handling your organization’s or customer’s data.
- Govern Email Usage– ensure that your employees are trained on thwarting social engineering tactics. The majority of cyber-attacks originate through email. In a study of 150,000 phishing emails by Verizon, 30% of recipients opened the infected messages and a staggering 11 percent opened the attachments.
- Password Protection– keeping strong password protection to your internal systems will help prevent breaches. Of confirmed data breaches, 63% involve using weak, default, or stolen passwords.
- Mobile Devices– it’s a world gone digital. Creating a mobile device policy that requires employees to password protection and secure usage will reduce risk.
3) Application Monitoring
Once you have a clear understanding of where your most sensitive data is located, you should monitor WHO is accessing it and WHAT they are doing with it. With the growth of cloud-based apps such as Salesforce, company data is often- times easily accessible within the application due to its position as the central point of the business network. Defending against internal threats requires monitoring user activity and utilizing behavior analytics that provides insights into who, where, why, when, and what insiders are doing. Gaining insights into your business-critical applications allows your security team to be proactive in detecting, investigating, and isolating security incidents. Monitoring technology will provide your organization with the ability to trust your employees, but verify that they are not violating your acceptable use policies and putting your organization at risk.
For example: If a departing employee is exporting large amounts of company data out of Salesforce, your security team can isolate the incident, and prevent data theft or even a full-blown breach.
*Read more about Securing Your Sensitive Information in Salesforce: Data Protection for Cloud Security using Event Monitoring and FairWarning for Salesforce*
4) Physical Security
Although cybersecurity remains a pressing concern for most organizations, physical access to your network should not go ignored. When an employee departs your organization, physical access should be cut off immediately. Multi-layer authentication, requiring both a password and a physical token, to gain access to technology and organization perimeters provides an extra layer of physical security to your networks.
To further protect your organization and provide transparency for new hires and existing employees, an organization should have a well-defined sanctioning policy in place. Specific penalties should be defined for those who do not adhere to the Acceptable Use Policy of the organization. Management should have a clear understanding as to what the implications are for employees who misuse organizational access. In your sanctioning policy, communicate to employees that their activity is being recorded through monitoring technology and that they are held accountable for any misuse of the organization’s resources.
Employees are either the greatest vulnerability to an organization or the best line of defense. Implementing a culture of security and accountability will help secure your organization. The idea is to move towards preventing security issues rather than discovering problems when the damage has already been done. Training through LMS systems on your acceptable use policies, monitoring technology, current cyber threats, and sanctioning will aid in defining a strong culture of security.
Protecting your organization against insider threats means monitoring employee access and activity. This gives you the ability to take proactive action when suspicious behavior is detected. Coupling user activity monitoring with other data security safeguards will give you a well-rounded approach to securing your most sensitive information. Part of running a business means trusting your employees, but organizations must verify that employees aren’t misusing data because when a team member becomes an ex-employee, you want to ensure the only thing they’re taking out of the door with them is their own belongings.
Hear from our customers on how they prevent data theft with user activity monitoring for cloud security: Here