If you’re at one of the 40,000+ companies a year worldwide that announce a merger or acquisition, your biggest worry may not be combining IT systems. It may be the risk of data theft as all those employees walk out the door.
Layoffs and voluntary departures are a given after a merger or acquisition. That means data theft is a given, too: Half of departing employees keep confidential corporate data when they leave organizations, according to a recent study. And 42 percent believe it’s their right. The BYOD trend just adds insult to injury: departing employees leave with fully stocked devices they own and operate.
So what are employees taking? Some pilfered data is innocuous and already in the public realm. But some of it is classified. A partner at a law firm that specializes in labor and employment law says 90% of the data theft he sees involves customer lists. Not just names and addresses, but confidential information such as buying habits, contract terms and potential deals.
Other classified information could include credit card information, health information, financial records, software code, email lists, strategic plans, proprietary formulas, databases and employee records.
To avoid data theft and data breaches by departing employees—and the risk of operational, financial and reputation damage—security experts recommend three key steps:
- Educate employees: Make it very clear to employees that taking confidential information is wrong. Your security awareness training should include a detailed section on intellectual property theft.
- Enforce and clarify non-disclosure agreements: In nearly half of insider theft cases there were IP agreements in place, but the employee either misunderstood them or they weren’t enforced, according to the study. Start by including stronger, more specific language in employment agreements. Then make sure employees are aware that policy violations will be enforced and that theft of company information will have negative consequences—to them and any future employer who benefits from the stolen data. Just as importantly, make sure exit interviews include focused conversations around the employee’s continued responsibility to protect confidential information and return all company property and information—including company data stored on personal devices.
- Monitor technology to catch data theft early: By monitoring all the data that moves with your employees—on any device and in the cloud—you can quickly identify and rectify any inappropriate access and use of confidential data.
A good endpoint backup system, one that can be rapidly deployed to the acquired company via a single platform and managed via one console enables companies to track and audit the content passing through a device. So if there is an insider theft, you have the ability to build a legal case and recover the data. An added benefit? A good endpoint backup system lessens the temptation to steal intellectual property. Employees taking data with them is just one of many endpoint data threats. Learn about the backup benefits you haven’t thought of in the The Guide to Modern Endpoint Backup and Data Visibility.