Threat of the Month: Executive staff/middle management
What is it?
A departing executive or manager could be the most dangerous point of data exfiltration facing your organization.
How does it work?
Executives and managers have access to most, if not all of the information available inside of an organization. When they leave an organization, it is common for sensitive data to leave with them.
Should I be worried?
Yes. Consider how diligently new executives and managers are screened with multiple interviews, background checks and reference checks. When they depart, they may go through a single exit interview. However, when you consider that they have been going through multiple interviews, and offer negotiations, they have had plenty of time to collect customer data, product plans and product designs before tendering their resignation.
How can I prevent it?
- Protect against data exfiltration using a cloud-based DLP tool that can cover data in motion wherever the user is accessing the data from.
- Ensure that every employee signs a NDA and that this agreement specifically addresses the data sets you wish to protect in such a situation.
- Take time to look at their data access over the last three months and explain how use of any stolen data is a legal violation and may be subject to legal action.
- Monitor for any impropriety on that departed employee's part. Any impropriety should be met with a legal cease and desist.
- Ensure that all accounts for the departing employee are deleted.