Tips to prevent data theft by employees
- Limit access to data
- Implement USB device management
- Retain access to user accounts
- Recognize and investigate red flags
- Revoke access for exiting employees
One of the biggest threats to your company’s data isn’t hackers. It’s your own employees.
More employees are stealing data than ever before. According to research by cybersecurity company Code42, data exposure events leaped 40 percent between the second half of 2020 and the first half of 2021. There was also a 61 percent quarter-over-quarter rise in data exposure events in the first half of 2021.
Whether you face a disgruntled ex-employee trying to leak data on purpose or someone unintentionally taking sensitive data with them on annual leave, there are steps you can take to prevent data theft by employees.
5 steps to prevent data theft by employees
From limiting employee access to recognizing the red flags of employee data theft, companies can do several things to keep their data safe.
1. Limit access to data
Give people an inch, and they’ll take a mile. Or, in the case of employee data theft, if you give employees a bit of access, they might just steal a bunch of gift cards. That’s what happened to an e-commerce company when an employee tried to prove the organization’s CRM lacked security settings, explains Alexey Kessenikh, the chief information security officer at cybersecurity company Soveren.
One of the best ways to prevent data theft by employees is to limit access. Grant them access only to what they need to do their job. Known as a zero trust approach, this strategy of restricting user access permissions means employees have little to no ability to steal data.
Not giving employees administrative access to their devices is one way to implement this strategy. This can prevent them from switching Wi-Fi networks or installing applications, malicious or otherwise, on their devices. Removing built-in storage capabilities can also make it harder for employees to download and walk away with sensitive data.
2. Implement USB device management
As part of your access limitation strategy, pay particular attention to USB device management. Copying company data from your server to a thumb drive is one of the easiest ways employees can steal data. A USB device management system will alert you when suspicious or unknown devices are connected to work laptops and computers, control access to the devices, and block them.
3. Retain access to user accounts
Take steps to retain access and ownership of data wherever employees have their own user accounts. This often happens on SaaS platforms where each employee has their own access. When that’s the case, look for a provider that offers dedicated cloud servers. Not only will this prevent data theft, it will also make sure your business complies with privacy laws like HIPAA, GDPR, and CCPA.
4. Recognize and investigate red flags
As well as restricting employees’ access to data, employers should be on the lookout for several red flags that may suggest employees are stealing data. These include regular emails to personal accounts, unusual requests to access data, and logins to company servers from different IP addresses.
5. Revoke access for exiting employees
When employees leave your company, follow an offboarding checklist. That includes revoking their access rights, changing their login credentials, and deleting individual accounts as quickly as possible. If you don’t do this, you’re leaving the door wide open for data theft.
Businesses should also provide clear instructions to employees concerning company-owned devices. Many instances of data theft aren’t malicious, and reminding employees to hand in their devices can help keep them from inadvertently walking off with valuable company assets. If you don’t part ways with employees on good terms, consider having HR or security take devices from employees before escorting them from the building.
Disabling access to individual users is easy to do in Jotform Enterprise, thanks to its multiple users feature. Administrators can easily revoke a user’s access to avoid them copying information from forms or tables. That’s just one of the features that makes Jotform one of the most secure online form providers.
Photo by Christina Morillo
Send Comment: