How to combat departing employee-induced data loss
Editor's note: The following is a guest article from Brian Rutledge, principal security engineer at Spanning.
Employee-induced data loss — whether intentional or not — can wreak havoc on businesses and has become an increasingly common occurrence thanks to high employee turnover rates.
Businesses run the risk of incurring substantial data loss each time an employee leaves their organization and, with research indicating the average job tenure for U.S. employees is just over four years and most organizations experience approximately 24% turnover in their workforce each year, it's a risk businesses can't afford to ignore.
The high costs of data loss
Every time an employee leaves an organization (willingly or not) and takes company data with them (either knowingly or not), businesses face significant cost and time losses.
According to a recent report by the Ponemon Institute, the average cost per lost or stolen record is $148 and the average data breach can range from a low of 2,500 compromised records to over 100,000.
Further, a recent survey of over 400 U.S. workers found that seven out of ten respondents admitted to accidentally deleting files in SaaS applications, such as G Suite and Microsoft Office 365.
Overall, nearly half (48%) of SMBs that have experienced a security incident in the last two years attribute it to human error.
Clearly, this is a critical issue and one that is costing organizations dearly. In addition to the financial burden of data loss, the time it takes to recover from lost data can cause organizations to fall short of key goals and lead to business continuity disruption.
Employee-based data loss can also introduce serious legal risks. If the data in question includes protected health information (PHI) or personally identifiable information (PII), for example, exfiltrated data and/or data deletions could make it difficult to comply with regulatory litigation holds and legal e-discovery.
In conjunction with legal risks, businesses also face reputational risks should their partners and/or customers be directly affected by a data loss incident.
5 best practices for reducing risk
Findings from Osterman Research show that one in five organizations have no way of recovering data that's under the control of employees when they leave. To prevent departing employee-induced data loss from occurring in the first place, consider adhering to the following five best practices:
- Establish clear policies. According to CSO Online research, 84% of departing employees thought there were no policies that prevented them from taking company information with them. Tech leaders can work with Legal and HR teams to put comprehensive policies into place that specify that all information, documents and data created by any employee are property of the organization and that they may not be taken.
- Educate employees. Make sure all offer letters, onboarding forms and employee handbooks include data ownership and data handling policies. This way, even before they begin their employment, employees will understand that all information created while at the organization is proprietary and confidential.
- Limit access. Establish procedures to limit all employee access and control sensitive and confidential data based on an employee's role, function or need-to-know status.
- Build offboarding processes. To retain control of company data once an employee leaves, design strict offboarding processes that include obtaining custody of physical items that contain organizational data and access to company systems. Also, have departing employees sign a document that indicates they've returned all corporate data assets.
- Implement backups. Leverage granular, point-in-time backups that can quickly be restored to a departing employee's manager's control, as then managers can easily access their departing employee's content archives and continue to ensure data security moving forward.
Data restoration is key
The unfortunate reality is that employee-induced data loss can never be entirely prevented, so it's imperative that organizations backup their data and recover it quickly.
If an organization uses popular SaaS applications like Microsoft Office 365, G Suite or Salesforce, it needs to confirm that all application data is being backed up and test the restore process, so it's not left high and dry should an employee delete a shared folder or any customer records.
Also, archive all email, files, social media and SMS message content to maintain a legal record should a departing employee attempt to delete any important data.
Malicious, hacker-induced data breaches are devastating and widespread enough. Don't add to your organization's cumulative cyber risk level by neglecting to also consider the dangers internal factors pose.
Business leaders should establish clear policies and procedures to systematically reduce employee-based data exfiltration and loss, educate employees and prospective hires on those policies and limit access based on roles. Most importantly, they need to implement a combination of archival and backup-and-restore approaches to ensure critical business data can always be recovered.