Data is everywhere; it’s like air. And the volume of data companies are accumulating is growing at an exponential rate. It is estimated that by 2020 every human will create 1.7 megabytes of information each second. This works out to more than 2.5 quintillion bytes of data a day. With data accumulating at such a rate, employee data theft is becoming more of an issue for organizations. Quest research found that 90% of organizations believe they’re vulnerable to “insider” theft. We often only hear about external data breaches, but the ramifications of an insider data breach can be just as destructive – if not more.
Alarming stats about employee data theft and loss
- 27% of data breaches are caused by human error. (IBM)
- 87% of employees who leave a job take the data they have created with them. (Biscom)
- 8% of employees leave with data other employees have created. (Biscom)
- 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
- 15% of companies found 1,000,000+ files open to every employee. (Varonis)
- 55% of security professionals believe privileged IT users or admins are the most dangerous insiders. (Crowd Research Partners)
- 25%+ of employees say they leave their computer unlocked and unattended. (Shred-it)
- 1 in 4 executives and 1 in 5 small business owners said that a trusted vendor/partner was the cause of a data breach at their company. (Shred-it)
So what’s driving employees to steal data? In Verizon’s 2018 Data Breach Investigations Report, Verizon found that almost a third of all data breaches were insider jobs, and 75% of these were driven by profit, with ‘pure fun’ another top motivation.
The Verizon 2019 Insider Threat Report outlines the top 5 most common types of malicious insiders (not in any order):
- Careless workers
- Inside agents
- Disgruntled employees
- Malicious insiders
- Trusted third party’s
Preventing employee data theft
Limit access to your organizations sensitive data. 75% of employees say they have access to data they shouldn’t. Segregate sensitive or confidential data from your other data and limit access. Also, encrypting sensitive data is a good idea.
Automatically remove access
Create an automatic process for removing employees or vendors access to systems and data when they leave the organization or change roles. First of all, consider access to devices like computers and mobile phones, but also other areas like servers, intranets, business applications (email, ERP, CRM) and SaaS based software. A report from Ostermann Research found 67% of organizations couldn’t be sure they would detect if an employee who left was still accessing corporate resources. Even more alarming is 76% have no way of knowing when third parties such as contractors stop working on an organization’s systems and data.
Monitor systems and behavior
Watch for suspicious network traffic, including large volumes of outbound activity, remote connections or off-hours activity. Monitor employee behavior including the use of external storage devices, cameras and cellphones.
Secure all computers and devices with passwords. Ensure password best practices are followed, including updating passwords when an employee leaves an organization.
Secure network access
Secure network access with a firewall and ensure employees are remotely accessing the network through a Virtual Private Network. Additionally, encrypt and secure your Wi-Fi networks.
Train all employees on cybersecurity, proper data handling and storage, and password protection practices. More importantly ensure employees understand the value of data and who owns the data.
Use the cloud
Protect your data by backing it up to the cloud. Backup best practices recommend you to keep 3 copies of data – one primary, two backups (usually 1 is a primary backup and 1 is mirrored on disaster recovery equipment). Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.