You can’t take it with you: Stop data exfiltration now

With or without malicious intent, employees have a bad habit of downloading proprietary information, an unfortunate practice exacerbated by the work-from-home shift.

Amid reports that the US is facing its worst labor shortage in 50 years comes this shocker from Microsoft’s 2021 Work Trend Index: 40% of global workers are considering leaving their employer this year. A record 4 million people quit their jobs in April alone seeking more money, flexibility, and happiness after doing some soul-searching during lockdowns, according to NPR.

The trend should cause some executive heartburn at companies that have intellectual property to protect, particularly in light of recent stories about insider theft of data and trade secrets at places like Tesla, Apple, the Federal Reserve, General Electric, and Abbott Labs.

The risks of sensitive data exposure due to deliberate or accidental employee action are growing. Forrester Research expects the number of insider-related data exposure incidents will make up 33% of all breaches this year. There’s a term for this—data exfiltration—that refers to the unauthorized transfer of data.

COVID magnifier

The rapid shift of vast amounts of data from inside corporate walls and to home PCs, Dropbox accounts, and Google Drives over the past 15 months has magnified the problem. A report by insider risk detection company Code42 late last year found that employees were 85% more likely to leak files during lockdowns than before the pandemic struck.

With record numbers of people on the lookout for new opportunities right now and statistics showing that most stay in the same industry, the risk of trade secret exposure is especially high. Yet few companies make a serious effort to monitor or even ask about the data outgoing employees take with them. That’s even though 45% of employees download, save, send, or otherwise appropriate work-related documents before leaving their jobs, according to a survey by security firm Tessian.

“IT groups work hard to get your badge and laptop back, but no one checks on the data,” said Joe Payne, CEO of Code42.

The exfiltration problem is probably much bigger than the numbers indicate. “Our research shows that 63% of people admit that they took data from their last job to use in their current job, but our experience shows it’s closer to 90%,” Payne said.

Employees surveyed by Tessian admitted that they are less likely to follow safe data practices when working from home. “What’s more, workers believe they can get away with riskier cybersecurity behaviors when working remotely, with one of the top reasons being that they feel they aren’t being watched by their IT teams,” said Henry Trevelyan Thomas, vice president of customer success at Tessian.

Risks have been further elevated in recent years with the explosion of cloud-related tools for collaboration. “All the security tools we’ve used historically were designed to block access. That flies in the face of what CIOs want to do today, which is share,” Payne said.

Innocent intentions

The good news is that data exfiltration is usually unintentional, Thomas said. But intent matters less than outcomes. If confidential data makes its way into a competitor’s hands, it can land an employee in a mess of trouble.

It isn’t just technical documents and engineering plans that create risk. If you work in human resources and inadvertently leak a spreadsheet of employee salary information to a competitor, your company’s ability to recruit and retain people could be compromised. Any customer data in your Salesforce.com account should also stay there. If the information a customer gave you when you worked at one company comes back to them from a competitor, you could be on the hook for trade secret theft.

Education is part of the solution. Employees should be aware that proprietary information can include such things as customer records, sales forecasts, software macros, and a host of other assets. “We find a lot of younger people, in particular, think they own the source code they wrote on the job or that it’s OK to use Dropbox when it isn’t the corporate standard,” said Code42’s Payne. Sharing should be encouraged but only using the platforms and processes the company supports.

Technology can help. Tessian’s Human Layer Security platform uses machine learning to understand human behavior and relationships so it can then detect activity that may pose a data exfiltration risk. It alerts employees who appear to be about to exfiltrate data so they can reconsider before IT gets involved. Haystax takes a similar approach from a network telemetry perspective.

Code42 wraps around the tools people are already using both on-site and in the cloud to watch for risky behavior such as the use of consumer cloud storage or email services and large data transfers. It then reports activity that bears investigation to administrators.

Using anti-exfiltration technology tends to reinforce good practices, said Code42’s Payne. “We see that a year after customers put our technology in place that the number of people taking internal data goes from 90% to less than 5%,” he said.

Next read this:

Related:

Copyright © 2021 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
 
Shop Tech Products at Amazon