People are a company’s greatest asset — or are they?
In today’s technology-driven world, a company’s greatest assets lie in its digital data and collateral. And although losing employees can be difficult to manage, nothing is more crippling to an organization than lost or stolen data.
Ransomware and data breaches can severely impact a company, its clients, its employees, and its revenue. Backdoor attacks can cause supply chain issues and even compromise social security numbers and passwords.
However, the biggest threat to companies isn’t backdoor attacks. Instead, companies are losing sensitive data, such as trade secrets, client lists, and intellectual property, right through their front doors.
And how is this happening at an increasing and alarming rate? The Great Resignation.
What is The Great Resignation?
2021 has seen a drastic increase of workers resigning from their current positions, with 4 million Americans quitting their jobs in April alone. This mass exodus of employees leaving their organizations has been coined The Great Resignation.
But why are workers leaving their roles en masse? While natural attrition and factors like retirement account for some of these numbers, the number of people proactively resigning and moving to other companies has drastically spiked. Unsurprisingly, this shocking change in behavior is a direct result of the COVID-19 pandemic.
Americans felt a tremendous amount of uncertainty about the workforce at the onset of quarantine in early 2020. Record highs in unemployment meant that people began to proactively search for more secure jobs.
And something else was at play early on in the pandemic: for employees in corporate America, remote work became the norm — not the exception. Employees got a taste for a unique type of work culture that involved more flexibility and less supervision. For many workers, quarantine forced them to re-evaluate their work-life balance.
Job flexibility is more important than ever, with 46% of the workforce planning to move due to their ability to work remotely.
So now, as companies are requiring their staff to return to the office, more and more workers are submitting their resignation letters. In fact, 95% of employees are currently considering a job change.
Open job roles, however, aren’t the only challenge organizations face when employees resign. The biggest hurdle is not why employees are leaving, but rather what they take with them when they go.
The consequences of The Great Resignation
Employees are leaving en masse, but their skills and expertise aren’t the only valuable assets they’re taking with them. The Great Resignation has uncovered a severe issue in the corporate world: the sharing of confidential company information from ex-employees.
When leaving a job, employees often take sensitive company information they have access to, including:
- Client information: This may include contact details, demographics data, transaction history, or past contracts between your company and various clients.
- Intellectual property: This refers to any copyrighted information your company possesses, such as patents, database rights, or trademarks.
- Trade secrets: This includes protected information pertaining to specific formulas, methods, or processes used by your company.
Companies are most at risk when employees share classified intelligence, but keep in mind not all information is protected. Any documents or media that belong in the public domain are considered non-confidential. This information is not secret and therefore not bound by legal restraints, and former employees are free to share and use this information even after their employment has ended.
How confidential information is shared
The sharing of intelligence isn’t always a top-secret, coordinated effort by a group of hostile employees. While some instances may involve more than one person working together, it’s often lone actors who are responsible for taking and transferring intelligence to third parties.
And it doesn’t always happen overnight (although it most certainly can). Being that 41% of employees are considering quitting their jobs sometime this year, transferring confidential information could be a slow burn that happens over the course of days, weeks, or even months.
Employees usually take sensitive information using common tools and techniques readily available on their digital devices. The most popular ways employees take data are via USB drives (27%), email (24%), cloud storage (19%), SMS messages (15%), and web browsers (13%).
This means that you likely supply your employees with the exact resources they need to access and share sensitive company data.
The truth is, you can’t avoid giving your employees access to digital devices and pertinent company data used to help perform their jobs. But you can mitigate the risk of this data being distributed by current or former employees with stricter security and user access settings.
Stopping the spread of sensitive information
Not every employee who takes and shares confidential info does so maliciously. In reality, the loss of sensitive information uncovers a lack of preparation on the company’s part.
There are two major mistakes organizations make that lead to the spread of sensitive data after an employee leaves their role. First, companies lack documentation and education about what information can and can’t be shared. Second, businesses fail to invest in proper security and IT protection.
The warning signs
It’s easy for company leaders to laser-focus on corporate profits and overlook their own employees’ human capital. Although some resignations may feel unexpected, the warning signs are usually hiding in plain sight.
Below are common signs an employee may be looking to leave their role:
- Different behaviors including a noticeable change in work ethic and more time requested off.
- Expressed dissatisfaction and outward communication about their unhappiness.
- Disengaged with work including a drop in communication during meetings and chat conversations.
- Requests access to information or systems that are not necessary for their role or responsibilities.
When an employee shows these signs, there’s a chance they’ve already begun saving and sharing information. Taking proactive measures is the best way to ensure your company’s most sensitive data is protected.
Employee resignation checklist
Consider the lengths your organization goes to when hiring an employee. From background checks and reference calls to employment verification and confidentiality agreements, a lot of effort and due diligence goes into preparing for an employee’s first day.
Despite the work put into the pre-employment process, organizations often forget to do the same with terminations and resignations.
Companies can protect themselves by putting similar measures in place for when an employee departs the organization. Below is a checklist of activities every company should conduct when an employee resigns:
- Obtain any company-issued devices immediately, including laptops, smartphones, tablets, and USB drives.
- Do not send the devices to the IT department, as the information may be wiped unintentionally and prematurely.
- Do not turn the devices on. This will help keep the device’s history and data trail intact.
- During the employee’s exit interview, confirm they have returned all necessary company data.
- Include language within your company’s release letter that specifically addresses the return of company data. Make sure the employee signs these documents.
- Provide the departing employee with a copy of the confidentiality agreement they signed during the onboarding process.
The purpose of this checklist is to ensure you acquire all company property currently in the employee’s possession. It also ensures that all devices are left untouched in the event that information needs to be recovered and traced.
Enlisting the help of digital forensics experts
Although following the resignation checklist can help mitigate the risk of employees taking confidential information, the process is not foolproof. There may be times where you suspect that sensitive data has fallen in the wrong hands and your company must take action, such as sending a cease and desist letter, having a former employee sign an affidavit, or even filing a lawsuit.
In this case, it’s best to contact a digital forensics expert to analyze the employee’s devices. If data is taken from any of the aforementioned devices, there’s a 99.9% chance a digital trail exists.
Digital evidence exists for nearly every situation, including the sharing of intellectual property, trade secrets, compliance violations, and security breaches. This evidence is invaluable to companies looking to expose how and where their sensitive data is shared.
Find the right digital forensics solutions
Organizations across all industries are feeling the effects of The Great Resignation. As the job market grows increasingly competitive, workers will continue to leverage what they have in order to get ahead. And more often than not, this means your company’s sensitive data is at risk.
Businesses can’t afford to put their valuable digital assets on the line. While precautionary steps are crucial to help mitigate the chance of information sharing it’s equally, if not more, important to invest in reactive measures if you suspect sensitive data has been transferred.
Whether it’s a coordinated effort to steal trade secrets or a lone actor unknowingly sharing sensitive information, you need to do everything you can to protect your digital data.
Uncovering digital evidence is a complex process. Companies looking to properly dissect, understand, and adapt to these compromising circumstances shouldn’t try and tackle the process alone. If you need to uncover the actions of past or current employees, find a trusted digital forensics provider with experience working with compromised data and employment matters.