M&A Concern: Is your data walking out the door with employees?
Published 08/25/2015
By Susan Richardson, Manager/Content Strategy, Code42
If you’re at one of the 40,000+ companies a year worldwide that announce a merger or acquisition, your biggest worry may not be combining IT systems. It may be all those employees walking out the door with your data.
Layoffs and voluntary departures are a given after a merger or acquisition. That means stolen data is a given, too: Half of departing employees keep confidential corporate data when they leave organizations, according to a recent study. And 42% believe it’s their right. The BYOD trend just adds insult to injury: departing employees leave with fully stocked devices they own and operate.
So what are employees taking? Some pilfered data is innocuous and already in the public realm. But some of it is classified. A partner at a law firm that specializes in labor and employment law says 90% of the data losses he sees involve customer lists. Not just names and addresses, but confidential information such as buying habits, contract terms and potential deals.
Other classified information could include credit card information, health information, financial records, software code, email lists, strategic plans, proprietary formulas, databases and employee records.
To avoid data breaches by departing employees—and the risk of operational, financial and reputation damage—security experts recommend three key steps:
- Educate employees: Make it very clear to employees that taking confidential information is wrong. Your security awareness training should include a detailed section on intellectual property theft.
- Enforce and clarify non-disclosure agreements: In nearly half of insider theft cases there were IP agreements in place, but the employee either misunderstood them or they weren’t enforced, according to the study. Start by including stronger, more specific language in employment agreements. Then make sure employees are aware that policy violations will be enforced and that theft of company information will have negative consequences—to them and any future employer who benefits from the stolen data. Just as importantly, make sure exit interviews include focused conversations around the employee’s continued responsibility to protect confidential information and return all company property and information—including company data stored on personal devices.
- Monitor technology to catch breaches early: By monitoring all the data that moves with your employees—on any device and in the cloud—you can quickly identify and rectify any inappropriate access and use of confidential data.
A good endpoint backup system, one that can be rapidly deployed to the acquired company via a single platform and managed via one console enables companies to track and audit the content passing through a device. So if there is an insider theft, you have the ability to build a legal case and recover the data. An added benefit? A good endpoint backup system lessens the temptation to steal intellectual property.