Look around the office. Employees are the greatest risk when it comes to data theft because they are more likely to take or share sensitive company information when they leave their job. Often, they believe that they have a right because it’s material they created. Also, many companies don’t have the policies or technology to stop them.
What can you do try and stop this from happening?
1. Education
Most survey respondents didn’t accept the categorization of their actions as “theft.” They don’t think taking company data is malicious or even just wrong because—in most instances—they’re taking something they created; they see themselves as co-owners.
Education can go a long way to addressing this aspect of the problem. Talk to new employees about data protection and security. Periodically remind staff about your stance.
2. Establish clear policies (and enforce them)
Where you have policies governing data handling that are clear and comprehensive, you’ll reduce the problem. Put those policies in employment contracts.
Address issues such as the following:
- Using personal devices to create company data
- Using consumer file sharing and collaboration tools
The range of tools survey respondents used to take information ranged from flash drives to Dropbox to simple printing.
3. Keep permissions tight
Establish data classification and access permissions. You don’t want to stifle productivity, but there’s no reason to give access to people who don’t need it. The principle of least privilege is a good rule of thumb.
Moving to the cloud requires special vigilance with tracking permissions and user access. Even keeping a spreadsheet that lists every employee’s access, tools, and apps can help.
4. Be vigilant
Watch for the unusual. Set up alerts for movements of unusual amounts of data or activity at odd hours.
5. Prepare to respond
The survey suggests that some theft—or attempted theft, at any rate—is inevitable. You should prepare for when, not if.
Decide now on how you will respond in the event of an attack or in the event an employee who is leaving the company might be disgruntled. Employees were 22 percent more likely to steal company information if they were fired under “bad circumstances.”
