Data is leaking as employees leave in “Great Resignation”

New data shows a direct correlation between resignations, departing employees, and data exposure events. This is of particular interest to organizations currently as companies experience what’s been called “the Great Resignation.” As employees leave their companies, they oftentimes — intentionally or otherwise — take valuable source code, patent applications, and customer lists with them.

Code42, an insider risk detection and response company, recently unveiled these findings from its Incydr software solution, reporting that insider data leaks and theft contribute to losses up to 20% of revenue annually and due to widespread job exits, this problem might get worse before it gets better. According to Code42, from April-June of 2021 there were 61% more data exposure events than the previous quarter, and that same time frame accounts for 86% of all exposure events experienced by organizations throughout the first half of the year.  In addition, the telemetry data shows that source code exposure has increased 3x over the past year. According to Code42, during the second quarter of 2021, source code accounted for 11% of all data exposure events. However, this quarter also accounted for 47% of all source code that was exposed within the last year, leading to the belief that this massive resignation and employee turnover, have a strong correlation with the leaking of valuable information.

According to Joe Payne, CEO of Code42, the number one indicator that an employee is going to take data is that they plan to leave the organization and, unfortunately, it has never been easier to take data than it is right now. “Data is digital and portable, so I can sit at home, open a browser, and send myself the crown jewels to my personal Google Drive account,” Payne began, “Nearly all (91%) of security leaders we recently surveyed believe that users are exfiltrating data through personal cloud accounts, yet nearly half (49%) don’t have a tool to differentiate personal and corporate cloud application uploads.”

 Payne believes that the best way to tackle this problem is with a comprehensive and effective insider risk management program that consists of three key elements: transparency, training, and technology. According to Payne, the transparency element works to ensure that employees are living up to their obligations in terms of data protection. The training aspect works in collaboration with this by establishing a well thought-out policy and teaching team members the right way to handle data. Lastly, technology works in the background, alerting organizations when important data gets moved to untrusted destinations so that those instances can be evaluated further. All of this combines to create the best possible protection measures for important data within an organization.

According to Payne, organizations must give employees thorough training on their data and handling policies so that everyone knows what guidelines they are expected to follow from the start. In addition to this, it is important for companies to ensure that their employees have full knowledge of their collaboration policies when it comes to data. “They must also define their authorized collaboration tools and teach employees how to properly use those tools. Many organizations allow employees to take some data when they leave – but it’s critical to be transparent about what data that does and does not include,” Payne explained. 

Another important measure organizations can take to ensure that they don’t fall victim to what Payne is calling “the Great Data Exfiltration” has to do with the technology they have in place to protect their data. “Companies need to put in place new cloud-based insider risk management technologies that verify when employees are – and are not – working within their organization’s guidelines,” Payne said. Utilizing this kind of technology provides a safety net for important data and allows organizations to be proactive in protecting said data. 

With this, Payne warns that now is the time for organizations to be vigilant and decisive when it comes to securing their data, especially in the remote working world we currently live in. “The truth is … There are countless ways for employees and contractors to drag product specs and plans to a USB drive, drop some pricing details into personal cloud storage or leave source code in a personal GitHub repository,” he began, “Now is not the time for complacency. Companies must take the Great Data Exfiltration head-on before any more data walks out the door.”

According to Payne, organizations need to turn their focus inward when it comes to security practices to prevent data leaks. “Our research shows that two-thirds of all breaches involve an insider, and yet 90% of our security budgets are focused on external attacks,” he explained, pointing out the shift to an internal focus that needs to occur to prevent organizations from feeling the effects of data loss. “The data is walking out with employees who are leaving the organization – when they quit, more than 60% admit to taking data to use in their next role.” Payne said.