Gartner 2020 Market Guide for Insider Risk Management Solutions | Get the report →
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support
Code42 Logo
  • Products
    • Incydr™ Data risk detection and response for insider threat Product Overview right arrow icon
      • Features
      • Detection
      • Investigation
      • Response
      • Use Cases
      • Remote workforce monitoring
      • Departing employee monitoring
      • IP theft detection
      • View All
      • Information
      • Product Plans
      • Deployment
      • Integrations
      • Developer Portal
      • Trust & Security
      • Services
    • Incydr™ Gov Insider Risk detection for the federal government
  • Solutions
    • Insider Risk
    • Data Exfiltration
    • Incident Response
  • Company
    • About
    • News
    • Careers
    • Leadership
  • Resources
    • Resource Center
    • Reports, eBooks, Videos
    • Events & Webinars
    • Customer Stories
    • Product Resources
    • Integrations
    • Developer Portal
    • Trust & Security
    Data Protection: Code42 vs. DLP Leave DLP behind with a better, risk-based approach to protect data. Learn more right arrow icon
  • Blog
  • Get Started
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support

INSIDER THREAT

How Business Leaders Can Help Stop Departing Employee Risk


5 MIN READ

SHARE

Todd Thorsen

Director, Governance, Risk Mgmt & Compliance

With insider threat in the headlines every day, how are companies still letting departing employees walk out the door—and right to a competitor—with stolen trade secrets and other valuable information? Because the typical employee offboarding process is riddled with gaps that let the data loss risk fall through unnoticed. 

Here’s an all-too-common scenario: As the departing employee waves goodbye on his last day, HR pats themselves on the back for orchestrating a smooth exit. They have a new hire ready to take his place—and they even caught him trying to take a company stapler. But they weren’t looking when he moved customer lists to his personal Google Drive account a few hours ago. IT might have been able to see that data movement, but they’re busy decommissioning his laptop and removing network access privileges. And besides, data risk is aecurity’s job. Security knows that departing employees present their biggest data loss risk. But they’re not connected with HR’s offboarding process, so they don’t know who to be watching closely—and they don’t have the tools to see everything that IT can see anyway.

Shared accountability is critical for stopping insider threat

Security ultimately holds accountability for data risk and insider threat. But as you can see in the example above, security cannot do it alone. Without partnerships with HR, IT and legal, security is flying blind.

  • HR needs to align with security, so they know who to watch. 
  • IT needs to align with security, so they can watch what really matters: the data. 
  • Legal needs to align with security, so they’re ready to respond immediately and with full information on the incident.

5 Steps to Stopping the Departing Employee Risk

What does the employee offboarding process look like when each team fully understands their discrete responsibilities and shared accountabilities? Take a look:

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

1. TRIGGER

As soon as the departing employee gives his notice, HR immediately triggers an alert to both IT and security. HR could also trigger an alert for other data loss situations, such as a high-risk termination or an employee being placed on a performance improvement plan.

2. ANALYSIS

The security team uses a data visibility tool that’s integrated with IT to ensure full, real-time visibility of all data—across every device, network and cloud, whether online or offline. This enables security to look back up to 90 days before the employee gave notice—when the majority of data loss incidents happen. If you don’t have visibility to this historical activity or if your process doesn’t include analysis of this historical activity, then you have a huge blind spot.

3. ACTIVITY FLAGGED

Security identifies suspicious or risky activity pertaining to a potentially valuable spreadsheet file. Thanks to that comprehensive visibility, including the ability to immediately see the actual contents of the file in question, security can now work with IT and line-of-business (LOB) leaders to dive into exactly what happened and what risk it poses to the business.

4. HR AND LINE OF BUSINESS REVIEW

Security instantly restores the spreadsheet in question and brings it to HR and the LOB manager. The LOB manager confirms that the spreadsheet is a recent customer list—a highly valuable and sensitive document that the employee was not authorized to take with them.

5. ESCALATION

Security reports the confirmed risk to legal, including all relevant contextual information. Depending on company protocol, security, legal or representatives from both teams will confront the departing employee before he walks out the door—armed with full information on exactly what happened, right down to the name on the Google account and the time when the customer list file was uploaded. The employee deletes the file from his Google account under legal supervision, and the data risk is averted.

The critical ingredient in this entire process is shared accountability. Everyone in this scenario—HR, IT, security and legal—has made insider threat a priority. They understand exactly what they’re accountable for and who they’re accountable to. They’re working together to protect the business—and they’re living happily ever after, with both their data and their staplers confidently protected.

Todd Thorsen

Todd Thorsen, CISSP, CISM and CIPP/US, is a director of governance, risk mgmt and compliance at Code42. Previously, Todd led the enterprise third-party security team, where he was responsible for third-party security, privacy and compliance across all retail, banking and healthcare operations.

Code42 logo
Code42 logo

Code42

  • About Code42
  • News + Events
  • Awards
  • Investors
  • Leadership
  • Careers
  • Contact Sales

Learn More

  • Insider Risk Ecosystem
  • Reseller Partners
  • Federal Solutions
  • Higher Education Solutions
  • CrashPlan for Small Business
  • Customer Stories

Support

  • Help Center
  • Code42 University
  • Professional Services
  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • YouTube YouTube
  • Terms of Use
  • Privacy Statement
  • Impressum
© 2021 Code42 Software, Inc. All rights reserved.
Get Started with Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Start Free Trialright arrow icon
Try Incydr at no cost for 30 days to quickly uncover your data blindspots
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon
Explore the deeper functionality of Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon

This website uses cookies to improve your user experience and to provide content tailored specifically to your interests. Detailed information on the use of cookies on this website, and how you can manage your preferences, is provided in our Cookie Notice. By clicking I Agree or continuing to use this website, you consent to the use of cookies. Learn more.

Code42
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.