Employees are quitting at an alarming rate, and they’re leaving a cybersecurity breach in their wake.
Forty percent of US employees have taken data with them when they’ve left a job, potentially exposing the company to a slew of cybersecurity concerns, from data breaches to regulatory fines, according to data from email security company, Tessian. Seventy-one percent of IT leaders agree that the data losses have increased security risks in their organization.
“Oftentimes it’s something very low risk, generally speaking, like a document template that they just don't want to rebuild at their new job,” says Josh Yavor, chief information security officer at Tessian. “But in some cases they'll walk off with things like a strategy document that [outlines] their previous employers’ strategy for the next year or two.”
Read More: Addressing the cybersecurity impact of employee relocation
Data losses also include pictures taken in meetings, emails between colleagues and client information. Many employees don’t even realize they’re taking anything valuable with them (data is often lost via personal devices that have been used for work), and of those that are aware, few do so with malice. Fifty-eight percent took information to help them in their new job, 53% believed that the documents belonged to them, 44% so they could share it with their new employer and 40% to leverage it for more money in their new position.
“They may not be intentionally malicious,” says Yavor. “But they're still making the wrong choices because of either a lack of information or a lack of calibration.”
And with data breaches becoming more popular amidst the pandemic — 45% of IT leaders say that incidents of data exfiltration have increased in the last year as people continue to leave their jobs — the burden of educating employees on the dos and don’ts of intellectual property the falls on the shoulders of employers.
“A lot of times [employees] will get security training and will read and sign on to policies that clarify internal data sharing and external data sharing while they’re employed,” Yavor says. “But what we're not explicitly doing enough is actually acknowledging that employees leave and why it’s important to get ahead of expectations.”
Read More: COVID isn’t the only virus employees could be bringing back into the office
Talking to employees about company data shouldn’t begin and end with the onboarding process, according to Yavor. At the time that they submit their resignation to their manager or to their HR systems, that's an opportunity for employers and HR departments to remind employees and their manager as well of what those expectations and requirements are now that the employee is leaving the company.
And throughout their employment, it’s important to continue to reinforce the company’s policies around things like work devices and where they can actually store and use company information. Reminding them the intellectual property requirements that they agreed on as a condition of their employment.
“There [shouldn’t be] unknowns and misunderstandings around what is appropriate and okay,” Yavor says. “That’s the organization's responsibilities to lean in and make sure that that is well communicated and understood by all employees.”