The on-set of COVID has seen new waves of business security being undermined, one area to be aware of is how you can stop your employees from taking your data, because believe us, employee data theft has been reported and has increased during the last year.

There are generally two types of employee data theft that can cause untold damage to a business, both financially and by damaging its reputation. They are the rogue employee (someone who undermines the business that employs them by failing to comply with its business rules and policies) and an entrepreneurial employee, who is looking to set up their own business.

Below we break down the most common ways employees exfiltrate or leak data (from both technical and non-technical users).

Removable media.

A very common way for your business to be exposed to employee data theft is via removable media as it can so easily be taken from a building, without anyone knowing. It is so simple these days to grab a USB and export the required data. Technical users can also intentionally introduce malware onto company machines using the same process as extraction.

Hard copies.

Not quite so common these days but certainly still something to be aware of, keeping track of physical data can become a major issue for businesses, how do you control who is printing and what and where they are taking it? Ways to monitor this include checking print frequency, locking down physical records and shredding sensitive documents.

Cloud storage.

Sharing your cloud storage with employees is on the rise and these services can be accessed by employees and contractors without IT security teams being involved. In this instance make sure you are aware of who is accessing the documents and check if they are being shared by unauthorised users.

Personal emails.

Personal emails can be used to bypass corporate systems and exfiltrate data – whilst sometimes this is unavoidable (remote workers accessing personal email) it can be a costly risk. Businesses should monitor email traffic between business and personal accounts to try and stop leakage of any personal or business information.

Mobile devices.

A common threat, these days as everyone has a mobile device, they pose a significant threat to businesses data because of their multi-purpose use as recording devices, cameras and storage devices. A solid [policy should be put in place around mobile devices and access during working hours.

Developer Tools

Technical users often access web-based hosting sites for version control of code, or sites that store code snippets in plain text. These sites make it easier for developers to collaborate on projects but can be a major problem for leaking intellectual property and proprietary source code. Again, monitoring activity and establishing a data policy around these sites will help to control access.

Cloud applications

Cloud application use is, again, on the rise and is a major source of data extraction. Solutions such as Salesforce, SharePoint and other business apps contain a huge amount of sensitive business data. Businesses also allow the use of Shadow IT solutions such as WeTransfer where data can be shared externally with minimum security issues. It is vital that businesses monitor user access and activity on all cloud apps and discontinue use immediately if there is found to be a breach of any type.

Setting stringent policies in place to monitor data security should, hopefully, deter employee data theft, but as we know the rules get broken. A second layer of security you can implement is the ability to predict potential data exfiltration. Identifying the potential for something to happen is better than trying to manage the aftermath.

Microsoft Service Trust Portal is one technology that can help you manage insider risk capability (IR) it allows you to:

– Detect user feelings – what is the tone of their messages? Are they giving off negative vibes? Are they criticising your business?

– Run retrospective queries on a user’s behaviour, for example in the 30 days before their redundancy notice (over the consultation period).

– You can even link the Insider Risk feature to your HR portal. As soon as an exit date is set, IR will automatically run a retrospective investigation, to see if there are any changes in the individual’s actions. For example, downloading more than they typically would.

The information delivered by IR will allow you to see if that person may have a propensity to do things they shouldn’t, giving you the time to take preventative measures.

IR data is anonymised and delivered ready for human investigation – if the investigation finds just cause, the identity of the individual is revealed. This anonymisation protects you from defending your organisation from the accusation of heavy-handed or invasive monitoring in any legal action or tribunal case.