​How do you know when an employee is going to leave with all your corporate data?

As the boundaries between work and leisure blur, it becomes an increasingly problematic question to answer. No longer it is the case the all files remain physically within the building; in truth corporate data is accessed from many locations and devices.

The real question remains – do we know when an employee is going to leave with corporate data? What clues exist to help you prevent this from happening?

I do recall some analytics that were run around which employees were the biggest users of external internet access. At the time it was just my team monitoring whether the recently changed policy of removing usage quotas was being abused or not.

My own observation at the time that there was a correlation between most of the Top 10 users and what I knew from Management Committee meetings to be many of the lowest performers in the organisation.

It’s the Quiet Ones

Often proven to be true, it is the individuals that you don’t suspect that actually are the staff that you need to actually monitor more closely.

This is particularly true when it comes to employees that are about to leave. Often they are the ones that are not taking leave. They may also be the diligent ones that are always working back when others have already left the office. Or in the case of mobile workers they are the staff that are logged in from home.

I’ve also seen firsthand that what the normal person who consider to be acceptable use of corporate assets – actually gets misinterpreted and remember a staff member who ‘borrowed” laptops to fund his gambling habit. Yes, and I did say ‘borrow’, that was the way he explained the situation.

However at the time I was more concerned about the potential data loss than the physical asset.

Silver Bullets

For most organisations, the approach to stop employees leaving with your data usually revolves around deployment of a Data Loss Prevention (DLP) Tool and or Email Filtering Tools. The real question is how effective are such tools in preventing the company’s secrets from leaving the building?

There is in reality very few silver bullets, these tools can be effective however they can provide 100% prevention. Just like an umbrella's that is expected to keep you dry when it rains. Clearly you are better with an umbrella but you will still get wet.

A DLP tool can prevent staff that are using an expected path to remove information and that’s where the story ends.

Gaps and Holes

It is the unexpected where the damage can be performed. Most organisations also try to prevent unauthorised use of Dropbox, Google Drive and other similar tools. The logic is sound that by blocking access of these tools to their user group it will prevent files being sent outside of the firewall without permission.

The truth is that there are a multitude of tools that can provide such functionality and the static ‘black list’ is just not dynamic enough.

Read more: Tesla patches Model S, nabs security head from Google’s Project Zero

It is only when you go to some of the major Indian outsourcers that you see that disabled USB and smartphones with cameras are outlawed. For the most part, we see that iPhones and Samsung phones are everywhere – thus taking a simple photo of a screen of data is the way such sensitive information can literally walk out the door.

What about old fashion print copies? Yes, while printing is monitored we really don’t check suitcases for removal of documents.

Social Media analysis

There are clues that can be found from mining Linkedin, Facebook Activity etc to see correlate poor performers and what these staff are posting on social media. There are specialist companies that do amazing forensics to understand who is connected to who. This analysis can look back in history and see patterns even when friends and connections have been undone.

Taking a larger data set, not quite big data of negative social media posts along with poor performer ratings, absenteeism can give you some interesting insights.

Yes, you can predict your employees engagement and more specifically when employees are going to leave with corporate data.


Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?


Join the CSO newsletter!

Error: Please check your email address.

Tags Social Media analysisdropboxdata loss prevention (DLP)LinkedInGoogle DriveDavid GeeemployeeFacebookcorporate dataManagement Committee

More about DLPDropboxFacebookGoogleSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place