People don’t like getting fired. When an employee learns that he or she is being terminated, any company loyalty that may have existed is instantly dissolved in most cases and the now-disgruntled employee will look for ways to boost their prospects at a new employer or at least inflict some harm on the company that is letting them go.
It’s important for companies to be aware that departing employees represent a serious risk to sensitive data and intellectual property. I wrote a blog post about the threat posed by departing employees:
Employee turnover is a fact of life. It’s hard enough to make sure proprietary information and sensitive data are properly protected when a person works for the company, but enforcing security policies with ex or soon-to-be-ex employees can be nearly impossible. It’s important to have tools in place that enable the organization to monitor the data the employee has access to, and review recent activity to determine if there is anything to be concerned about.
The scenario of a disgruntled employee stealing corporate data when leaving the company has received national attention recently due to ongoing litigation between TPG Capital LP—a venture capital firm—and Adam Levine—a former spokesperson for the firm. TPG is suing Levine and alleges that stole confidential documents and other sensitive media after being denied a promotion.
According to a story from Reuters, “TPG is seeking to recover confidential and proprietary information that it believes Levine may have, an injunction blocking him from distributing or destroying that information, and compensatory damages.”
Notice that TPG believes Levine “may have” confidential and proprietary information. It apparently doesn’t know for sure. Shouldn’t it know?
Mike Tierney, COO for SpectorSoft, shared, “Case data shows that an organization’s risk is greatest at the point of employee termination. Combine a departing employee with the fact that they were disgruntled, and you have a perfect recipe for problems.”
Read the full post at CSOOnline: Make sure ex-employees don’t walk out the door with your data.
Does your company have a system in place for monitoring employee activity? Do you think it’s reasonable for an organization to monitor and review online behavior, or is that stepping over the “spying” line and infringing on employee privacy?
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022