Companies need to protect intellectual property to maintain a competitive advantage in the modern business world. Unfortunately, employee data theft has become an increasingly prevalent risk to the security of proprietary data thanks to mass layoffs in the technology industry, reduced visibility during transitions to hybrid work models, and general economic turmoil.
As businesses continue to navigate these challenges, safeguarding proprietary information has become increasingly difficult. The growing threat of insider breaches, especially through employee data theft, requires companies to implement proactive measures to mitigate this threat to their operations.
Employee data theft isn’t nearly as uncommon as many may believe. In fact, a study by DTex Systems found that as much as 12% of employees take IP with them when leaving jobs. Considering that mass layoffs create a pool of disgruntled employees and desperate ex-employees, these figures will naturally climb, particularly among the tech and finance sectors as they have trade secrets and other proprietary data with significant value. Considering that many companies rely on the value of their trade secrets to remain competitive in the marketplace, we simply cannot understate the costs of trade secret theft.
Why employees steal intellectual property
The 2023 Verizon Data Breach Investigations Report found that 89% of data breaches caused by privilege abuse were financially motivated. While it's a prevalent motivation in instances of employee data theft, there are other motivations to consider as well:
- Competitive advantage: Ex-employees often steal intellectual property to gain favor with a competing company.
- Revenge: Employees who are being terminated, denied a raise, or passed over for a promotion are more likely to steal corporate data as an act of retaliation.
- Entitlement: Employees may feel entitled to corporate data that they hand a hand in developing, such as source code.
Despite the incredible value of IP and the prevalence of insider data theft, a staggering 71% of companies in a 2022 Code42 report admitted they lack visibility over what sensitive data former employees take to other companies and how much they take with them.
Organizations need to implement monitoring systems that can help identify high-risk and anomalous interactions with sensitive data, especially when it comes to involuntary terminations and flight risks. For example, Cyberhaven's Insider Risk Report found employees are 69% more likely to take data right before they formally resign, when companies are less likely to monitor them.
To mitigate these risks, HR needs to ensure that IT department members are aware of upcoming terminations and anticipated flight risks so they can monitor user activity more carefully and later ensure that ex-employees do not retain access to internal systems and data. Other critical safeguards for an insider risk management program include:
- Privileged access management: Prevent unauthorized access to IP by limiting access only to those that truly need it and regularly reviewing data access permissions to avoid privilege creep.
- Employee training: Make employees aware of the top signs of an insider threat and empower them to report suspicious activity before it escalates. They must also must know about who owns the rights to their work and the severity of transferring company data outside of approved channels.
- Restrict data egress points: Proactively prevent access to the most common exfiltration vectors, such as personal cloud storage, personal webmail, corporate email to an inappropriate recipient, and removable media such as USB storage drives.
Employee data theft has become an ongoing threat for businesses that handle sensitive information. With vigilant offboarding practices, enhanced visibility into user activity, and a cybersecurity strategy that includes an insider risk program organizations can more effectively mitigate vulnerabilities and respond to insider threat incidents.
Neel Lukka, president, CurrentWare
Dale Strickland, marketing coordinator at CurentWare, also contributed to this column.