Unless you’ve have checked out of reading the news for the past three months (and there’s good reason why), you have likely witnessed first hand the impact of The Great Resignation. With an abundance of low-cost capital, a shortage of skilled workers and an opening up of remote talent pools, there is a real merry-go-round happening in today’s business environment. Talent is faced with incredible new opportunities – ones we’ve never seen before. Whether they want to work full-time remotely, are looking for a great new title, can’t say no to 20-30% more compensation or are simply no longer engaged in your organization after 18 months of zoom meetings, employees are changing jobs like never before.
As a business leader, you’re worried about the ability to bring on new talent, of the institutional knowledge that’s walking out the door, about the sudden rise in your cost of labor…but are you also thinking about the actual IP that’s leaving along with your employees? Probably not. Like most organizations, your HR and IT teams are focused on getting their corporate cards, shutting down their system access, collecting their laptops, and posting the backfill position…and you’re thinking about how to restructure the work or who to recruit.
Unfortunately, the data shows that your employees are not just leaving with their memories and experiences. They’re siphoning off source code, product plans, patent applications, customer lists and financial analyses. And those new employees or contractors you’ve just recently brought on? Well they’re bringing some of this data into your organization too.
Let’s examine the three types of employees that are creating Insider Risk for your organization. What do we mean by Insider Risk? Insider Risk is the risk to valuable data (regardless of employee intent) that jeopardizes the well-being and competitiveness of an organization and its employees, customers or partners. And while Insider Risk Management allows your security teams to identify, define, prioritize, investigate and respond to data risk regardless of intent, actually focusing on the human intent and behaviors can help us as business leaders understand how urgent and widespread this risk really is. Let’s call our Insiders, the Unaware, the I don’t Care, and the Catch me if you Dare.
The Unaware is the most common type of insider. In today’s world, most of your newly hired (often remote) employees fall into this bucket. They are well intended, want to drive to results quickly and don’t yet understand your approved corporate collaboration tools like Slack, Google Drive or OneDrive. They just want to add value…fast. They may be infiltrating data from the company they just left or trying to collaborate with their teams, but 37% of them use non-approved tools like DropBox or personal email on a daily basis. Educating and training the Unaware, not just when they’re onboarding, but continuously throughout their first year is the answer here.
Next let’s focus on the I don’t care. These employees are out to do what’s best for them. They could be one foot out the door, but most of all they’re not engaged (remember that annual engagement survey you just conducted?). They’re printing off documents, airdropping lists to their personal device, or using their personal Google Drive because you never know when they need to access the great work they’ve done. They’re always on the hunt for that next job opportunity or maybe planning to start their own company. Educating won’t help much here – in fact, they are usually very tech savvy. A highly reliable IRM tool that rapidly identifies exposure to data, allows for a fast and thorough investigation and offers automated options around the right response is your security team’s best answer here.
Finally the Catch me if you dare. If you’re lucky, the odds may be with you of not having the next Bernie Madoff, Charles Ponzi or Edward Snownden walking your halls. But in today’s global interconnected world, that’s not a gamble we’d want you to take. Fact is that if your company is highly innovative, provides critical services, is connected to a global supply chain and operates internationally, you’re at risk. And while your company processes include NDAs, your security teams likely have a DLP solution in place, and your audits come across clean in terms of controls and compliance, these malicious insiders are hard to outwit, outsmart and outmaneuver. Over 1,400 cases of IP theft are filed each year in the US alone, and the average case takes 790 days to litigation. That’s more than two years during which damage to your brand, to your competitiveness can be done. Cloud-native IRM solutions allow for agility, fidelity, comprehensive scale, and speed that traditional DLP (Data Loss Prevention) solutions simply can’t match.
The pandemic has created unprecedented challenges and opportunities for businesses. As business leaders, we’re navigating new waters and we need to keep our eye on serving our customers, enabling and engaging our talent, innovating at speed and returning to or accelerating revenue growth. Insider Risk is real, but it’s also really easy to solve for. Don’t let the great resignation become your great data migration.