When an employee leaves an organization, HR and IT are quick to make sure they’ve returned company property – laptop, monitor, building access card, mobile device. But to prevent data theft, who’s making sure departing employees aren’t taking the organization’s most valuable asset – company data?
Many organizations have moved to cloud-based technologies as a central point of business operations due to its scalability and convenience. And cloud solutions like Salesforce have become more mission-critical than ever – Salesforce began as a CRM but has grown to manage the workflow and data of entire organizations. As a result, employees have access to a bevy of sensitive data like customer, prospect, ordering system, and financial details.
Data loss and the origins of insider threats
In a survey by Osterman Research, 69% of organizations cite data loss when an employee leaves. Often, this data is highly sensitive, such as proprietary code or customer and prospect information. In some cases, employees may not intentionally take data out the door, but often, malicious intent is involved. Former employees may seek to gain a competitive advantage in their future endeavors. Others may have an axe to grind after being let go. Insider threats are one of many reasons why organizations must take proactive efforts to prevent data theft from departing employees.
According to the 2020 Insider Threat Report, insiders that pose the most significant threat are privileged IT users and admins at 63%. Not far behind are regular employees (51%), contractors, service providers, and temporary workers (50%), followed by privileged business users and executives (50%). These threats may look to establish a second stream of income from their employers’ sensitive data, departing employees may steal information on the way out to help with future endeavors, and others may simply want to sabotage their employer.
Before you lock down all user access to your cloud applications, be aware that protecting your organization’s data requires a multi-layered approach. To help you start, here are six proactive strategies to prevent data theft and secure your organization’s data.
1) Assess what data you need to protect most
Your organization most likely uses multiple applications, third-party partners, and an expansive workflow. The reality is that your data is probably not contained within a few secured systems. Taking the time to conduct a comprehensive risk assessment provides you with an idea of where to focus your security strategies. Knowing where your data is located and who has access to it will give you a foundation to build upon with other security tools and data protection strategies. To guide your focus, try answering these questions:
- What sensitive data does my organization store, use, and transmit?
- Who has access to what data?
- Who controls database access?
- Is our data secure when it’s not in use?
- Is our data secure in transit?
- With which regulations and laws do we need to comply? (CCPA, GDPR, HIPAA, FINRA, PCI DSS, FFIEC, NY State Cybersecurity Rule, FCA, etc.)
2) Policies and procedures
It’s every employee’s responsibility to protect company data and prevent data theft. To help them do their part, create a transparent and explicit data security policy that holds everyone accountable for securing sensitive information. Below are essential topics to cover in your policies and procedures:
- : Make sure your employees understand the laws they must comply with when handling organization or customer data.
3) Application monitoring
Once you have a clear understanding of where your most sensitive data is located, you should monitor who is accessing it and what they are doing with it. With the growth of cloud-based apps such as Salesforce, company data is easily accessible due to its position at the center of any business network. Defending against internal threats requires monitoring user activity and utilizing behavioral analytics that provides insights into the who, what, where, when, and why of your user’s actions. Gaining visibility into your business-critical applications allows your security team to proactively detect, investigate, and isolate security incidents. Monitoring technology enables your organization to trust employees, but also verify that they’re not violating your acceptable use policies and putting your organization at risk.
Example: Karen in Sales is leaving your company and joining the competition. Before she goes, she’s planning to gather prospect records to use at her new job. If this departing employee exports large amounts of company data out of Salesforce, user activity monitoring will identify the abnormal behavior and alert your security team, who can then isolate the incident and prevent data theft or even a full-blown breach. This type of monitoring can be used in Salesforce or other applications that house sensitive data, such as Office 365, Box, Google Drive, and more.
4) Physical security
Although cybersecurity remains a pressing concern for most organizations, physical access to your network should not be ignored. When an employee departs your organization, cut off physical access immediately. Multi-layer authentication – requiring both a password and a physical token to gain access to technology and organization perimeters – provides an extra layer of physical security to your networks.
To further protect the company and provide transparency for both new hires and existing employees, an organization should have a well-defined sanctioning policy in place. In this policy, it’s essential to define specific penalties for those who do not adhere. Management should have a clear understanding as to what the implications are for employees who misuse organizational access. In your sanctioning policy, communicate to employees that their activity is being recorded through monitoring technology, and they will be held accountable for any misuse of the organization’s resources.
6) Culture and training
Employees are either the greatest vulnerability to an organization or the best line of defense. Implementing a culture of security and accountability secures your organization by making trustworthy behavior the default. The idea is to proactively prevent security issues rather than discovering problems after the damage is done. Self-paced training through a Learning Management System like Docebo or Asentia on your acceptable use policies, monitoring technology, current cyber threats, and sanctioning will facilitate and define a robust culture of security.
Protecting your organization against insider threats means monitoring employee access and activity. This gives you the ability to take proactive action when suspicious behavior is detected. Coupling user activity monitoring with other data security safeguards provides a well-rounded approach to securing your most sensitive information. Part of running a business means trusting your employees, but organizations must verify that employees aren’t misusing data. When a team member becomes an ex-employee, you want to ensure the only thing they’re taking out of the door with them is their own belongings.