Intellectual property often differentiates organizations from the competition and is the sole idea under which most business models are created. In the wrong hands, the information can not only be used by competitors to beat you at your own game but also as a source of information on how to best launch attacks on your IT assets. As such, the task of retaining your intellectual property within your organization shouldn’t be taken lightly.
Sadly, every employee you hire or fire increases the risk of your intellectual property falling in the wrong hands. In fact, 69% of surveyed companies experienced some form of a data breach after the loss of an employee, according to Market Wire. With the right access control procedures, however, it can be quite easy to mitigate the instances of such situations.
Here are some resourceful tips on how to deal with the challenge that disgruntled employees pose:
Prevent Without Impeding Productivity
Prevention methods such as having strong access rights management policies should take center stage when it comes to dealing with this threat. However, you shouldn’t place security ahead of usability as this will impede productivity. The modern business environment yearns for the ease of transfer of data from one source to another.
Employees need to easily access and share data with minimal barriers whether it is through using company networks or simply copying them on flash disks. While promoting flexibility in the access of data is vital, it can easily bite you in the back. Employees who realize they are on the verge of losing their job can easily start collecting data long before they leave the company to use it to their advantage. This is why continuous monitoring is essential.
Look for Signs of Data Exfiltration
While you might make it easy for employees to transfer this data, you should also monitor the document trail left behind. Access control will play the obvious role of ensuring that they do not access data that they aren’t authorized to access, but what about the authorized data? You should invest in security solutions that allow you to detect even the slightest misappropriation of data.
Additionally, you should also watch out for any common signs that an employee has hidden agendas:
- The additional interest in a particular intellectual property even though they do not have an excuse for accessing it
- The insertion of unauthorized USB drives
- The opening and copying of data within unauthorized USB devices
- Employees staying later than usual to work at their desk
- An increasing number of hardcopy print jobs by the suspect
While all these signs could be wrong, it is never harmful to investigate the situation. In case an employee was at fault, they should be reprimanded and punished.
Early Reaction is Key
Once the suspect gets fired, they might have already made copies of the data they needed. This increases the difficulty level of tracking and containing the breach. The earlier you identify signs of exfoliation, the better. You should work to correct the situation as soon as possible by involving your forensics team.
What if You Notice the Breach Later?
In the case of a successful data exfiltration, you need to start working on ways to regain control of your intellectual property. The best approach should be to get a court order which allows you access to the ex-employees devices and start your forensic investigation. You should assess all their devices and delete any data that can easily lead to the loss of your intellectual property.
The suspect should also sign a written undertaking to confirm that no more copies of the stolen data exist. This should at least give you some peace of mind.
Conclusion
With the continuous evolution of technology, there is no telling what method employees might use to steal company secrets. However, having strong data security and access management policies in place offers you some control. Be consistent in monitoring all employees’ actions to prevent the theft of your intellectual property.
Leave a Reply