Is an Employee Resigning? Chances Are They’re Taking Some Company Data With Them
Data security an unforeseen casualty of The Great Resignation.
When an employee is leaving the organization, it is possible that they are stealing some data on their way out, as Code42 found. The company noted an increased prevalence of data exfiltration in H1 2021, a period that saw the highest resignations in a decade. Code42 also outlined three other trends with respect to data exposure.
Data security solutions vendor Code42 discovered that there exists a direct link between employees leaving an organization after resigning, and exposure events. As employees leave a job and by extension the organization they work at, Code42 noted an outflow of sensitive organizational data such as source code, patent applications, and customer lists.
Code42 dubs this phenomenon as The Great Resignation, wherein the cybersecurity vendor observed four trends in the first half of 2021. Insider risk is not unheard of. Most of the insider risk is usually a result of negligence on part of the organization and the employees themselves.
However, there are instances wherein disgruntled employees or anyone privy to an organization’s data exfiltrate it before resigning or terminating the relationship with the organization. Needless to say, this imperils an organizations’ competitive position with respect to finances, reputation, and/or operations.
And just to turn the knife a little, the number of employees turning in their resignation in 2021 has touched an all time high in the last decade between 2011-2021.
Why Are Employees Resigning?
According to data from the U.S. Bureau of Labour Statistics (BLS), approximately 21.748 million people quit their jobs in H1 2021. This is almost 29% higher than the numbers from the same period last year.
This is natural considering a major chunk of the U.S. and global economy is reopening after a tumultuous economic slowdown amidst the Wuhan virus pandemic. “When there’s uncertainty, people tend to stay put, so there are pent-up resignations that didn’t happen over the past year,” explained Anthony Klotz, an associate professor at Mays Business School, Texas A&M University, to Forbes.
But more than that, people are rethinking their work considering they are going through what’s possibly the most profound global event in a century. The existential dread has had professionals seeking flexibility in an era of uncertainty. More importantly, employees haven’t lost productivity in teleworking.
Harvard Business School Online (HBSO) executive director Patrick Mullane said “The past year has been difficult for everyone, but what’s surprising is how well people feel they’ve performed at work, while at home. Now, as we’re preparing to get back to ‘business as usual,’ it seems professionals don’t want ‘business as usual.’ Instead, they want flexibility from their employers to allow them to maintain the new work/home balance and productivity they have come to enjoy.”
According to HBSO, 81% of professionals that worked remotely between March 2020 and March 2021 either don’t want to go back to the office or prefer a hybrid work environment.
Can This Have an Impact on Organizational Data?
Well, yes and no. There are professionals who are being required to return to offices. These professionals, who believe they have been wronged, may have a bone to pick with their employer. As such, there is a chance the employee may exfiltrate data before tendering in their resignation.
However, not all will have the drive, and frankly, the privilege or even the skills to take home a treasure trove of company data besides memories, and their last salaries.
See Also: White House Summit: Tech Titans Promise Billions in Cybersecurity Investments
What Did Code42 Find?
Code42 concluded the existence of four trends driving data movement and exposure across organizations.
Trend #1 Resignations vs data exposure
Going by the collated data, Code42 Incydr drew a parallel between data being exposed at the time when employees leave their jobs. Code42 noticed a 40% rise in data exposure events in H1 2021 vs H1 2020. As noted earlier, the number of employees who resigned during H1 2021 rose ~29% half-over-half.
The second quarter of the 2021 calendar year saw the highest number of resignations. At the same time, Code42 also recorded a 61% rise in the number of exposure events. Q2 2021 also stands out having accounted for 86% of all exposure events across all vectors since July 2020.
Trend #2: Organizations are losing source code
Insider risk to source code exposure increased three times in Q2 2021 vs Q1 2021. Source code accounted for 11% of all data exposure events.
Q2 2021, a period wherein April alone saw almost four million resignations, is also noteworthy for recording 47% of all source code exposed in the year past.
Trend #3: Removable media widely used in data exfiltration
Removable media such as USB drives are the “most widely used single exposure vector.” Removable media were used to exfiltrate data even more than cloud sync, which is now the second-biggest exfiltration vector.
Removable media for exfiltration were leveraged in 42% of all exposure events while data downloaded from organizational cloud services made up 37% of exposure events. It probably has something to do with the portability factor.
Trend #4: Top web browser used
Google Chrome was used by most outgoing employees to exfiltrate data. Google Chrome made up 52% of all application exposure instances which were unrelated to a cloud sync agent or removable media.
Closing Thoughts
It is a tad difficult to ascertain if an employee is accessing data with the intention of exfiltrating it. This is simply because there is no way of knowing if they are going to quit. Moreover, even if an organization knows that a particular dissatisfied employee may go down this path, there’s a certain degree of risk involved when it comes to confronting the employee.
So how can organizations stay wary of the issue at hand? Joe Payne, president and CEO of Code42 has something to say.
“First, they need to train employees on how to handle data and use authorized collaboration tools properly; spell out for employees what data they can and cannot take when they leave,” he told Business Insider. “Second, companies need to put in place new cloud-based insider risk management technologies that verify that employees are working within the boundaries that have been outlined for them.”
Essentially, taking preemptive measures to plan for insider risk as part of the broader cybersecurity governance is the key here.
Note: Code42’s report is based on anonymized telemetry data collected between January 1 and June 30, 2021, from more than 700,000 endpoints running Code42 Incydr.
Let us know if you enjoyed reading this story on LinkedIn, Twitter, or Facebook. We would love to hear from you!
