Departing Employees: A Bigger Threat than Hackers

By Brian Schrader, Esq., president, and CEO, BIA

Staff retention is perpetually on the minds of many employers, but maybe a more pressing concern for them should be data retention.

That’s because the evidence shows that departing employees are actually a much larger threat to a company’s data security than external hackers. Simply put, data theft is more common than employers may think.

A whopping 87 percent of employees who leave a job take data they created, and 28 percent take data that others created, according to a survey from Biscom. Don’t think 28 percent is alarming? Just one person with the right access and credentials could cause irreparable loss. The majority of that stolen data includes corporate presentations and/or strategy documents (88%), customer lists (31%) and intellectual property (25%). In addition, one in five employees has intentionally shared sensitive, confidential corporate data with others by uploading it to an external cloud service, according to a survey by Osterman Research.

Most employees take data inadvertently or because they think it’s their rightful property — wanting to keep a copy of their work, for example. However, a smaller number do so with malicious intent. For instance, they might plan to compete with their former employer and hope to use the data or corporate collateral to gain an advantage.

Data can be stolen in a variety of ways, and the options continue to increase as technology changes. The most common are web-based email apps like Gmail or Yahoo; cloud storage services, like, Dropbox or Google Docs; social media platforms, including Instagram or Facebook; instant message apps, such as WhatsApp, SnapChat or Signal; and physical devices, including external drives, USB keys or cellphones.

Although it might be unrealistic to completely stop employee data theft, companies can take proactive steps to increase the safety of their proprietary data.

Departing Employees: A Bigger Threat than HackersFirst, companies should preserve their data by making a forensically sound copy of a departing employee’s computer, tablet or phone before issuing it to another employee, especially if the departing employee was in a sensitive position such as sales, executives or other such roles that routinely have access to a company’s most sensitive information. This process, called “imaging,” makes a bit-for-bit copy of the entire device’s storage, capturing all active data in addition to essential items like deleted files (even if they’ve been emptied from the recycle bin); fragments of old deleted files; event, system and log files; link files and file access histories; USB device usage; and unallocated, slack and free space.

Taking this precautionary step can improve your company’s ability to prosecute IP theft in the future. However, because of the potential of spoliation or unintentional compromise of the data, it’s crucial that it be done only by licensed, certified personnel or by an external vendor.

Second, companies can proactively protect their data by creating and enforcing data controls. They can begin by making data security a part of their corporate culture so that employees understand from their first day on the job that the organization is serious about protecting data.

Ask your employees to sign an employment contract that includes language that establishes ownership of data and the company’s expectations on how that data is used, protected and secured. The contract should also include a confidentiality clause where the employee agrees not to take or share company information during their employment or after they leave the organization.

Proactive data security should continue once employees are on the job. Companies can put controls in place allowing employees to only access the systems and data that directly relate to their jobs. Employers should also encrypt data and devices wherever possible and employ multi-factor authorization so that data can’t be accessed by unauthorized employees or outside bad actors.

Ongoing education and training programs for current employees can help further underline the importance of data security. And finally, using a departing employee protocol and checklist can help address any remaining security gaps when you’re at the greatest risk of data being stolen.

An overwhelming majority of companies — almost 9 in 10 — have plans to increase their cybersecurity spending in the next 12 months, according to a recent report by Thales Data Security. Yet, as those businesses bolster their defense against external hackers, they may be simultaneously ignoring potential threats from within. The question companies should be asking themselves is this: Who knows your company’s data best?

To continue reading about this subject, view our downloadable, shareable infographic, which accompanies this article.

About the Author

Departing Employees: A Bigger Threat than HackersBrian Schrader, Esq., is president & CEO of BIA (, a leader in reliable, innovative and cost-effective eDiscovery services. With early career experience in information management, computer technology, and the law, Brian co-founded BIA in 2002 and has since developed the firm’s reputation as an industry pioneer and a trusted partner for corporations and law firms around the world. He can be reached at [email protected]

June 3, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...