Prevent Disgruntled Employees from Stealing Your Data

by Tony Bradley, TechSpective

People don’t like getting fired. When an employee learns that he or she is being terminated, any company loyalty that may have existed instantly is dissolved in most cases, and the now-disgruntled employee may look for ways to boost his or her prospects at a new employer or at least inflict some harm on the company.

It’s important for companies to be aware that departing employees represent a serious risk to sensitive data and intellectual property. I wrote a blog post about the threat posed by departing employees:

Employee turnover is a fact of life. It’s hard enough to make sure proprietary information and sensitive data are properly protected when a person works for the company, but enforcing security policies with ex or soon-to-be-ex employees can be nearly impossible. It’s important to have tools in place that enable the organization to monitor the data the employee has access to, and review recent activity to determine if there is anything to be concerned about.

The scenario of a disgruntled employee stealing corporate data when leaving the company has received national attention recently due to ongoing litigation between TPG Capital LP – a venture capital firm – and Adam Levine – a former spokesperson for the firm. TPG is suing Levine and alleges that stole confidential documents and other sensitive media after being denied a promotion.

According to a story from Reuters, “TPG is seeking to recover confidential and proprietary information that it believes Levine may have, an injunction blocking him from distributing or destroying that information, and compensatory damages.”

Notice that TPG believes Levine “may have” confidential and proprietary information. It apparently doesn’t know for sure. Shouldn’t it know?

Mike Tierney, COO for SpectorSoft, shared, “Case data shows that an organization’s risk is greatest at the point of employee termination. Combine a departing employee with the fact that they were disgruntled, and you have a perfect recipe for problems.”

Read the full article, which includes steps to take, at CSOOnline.com.

Does your company have a system in place for monitoring employee activity? Do you think it’s reasonable for an organization to monitor and review online behavior, or is that stepping over the “spying” line and infringing on employee privacy?

Tony Bradley is a respected authority on technology. He writes for a variety of online and print media outlets. He has authored or co-authored a number of books, including Unified Communications for Dummies, Essential Computer Security, and PCI Compliance. He has been a CISSP (Certified Information Systems Security Professional) for over 10 years, and he has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows and Windows security for 9 consecutive years. Before founding Bradley Strategy Group and launching TechSpective.net, Tony Bradley was Chief Marketing Officer for Zecurion – a leading data loss prevention company. For more information, visit www.techspective.net.

Reprinted with permission.