Skip Navigation

Insider Threat: Why Employees Steal Data and Ways to Prevent it

For many companies, collecting and protecting data may be the single most important component to give them an advantage over their competitors. Companies invest a lot of money to gather data, store and protect their customers using the data. With the rise of cloud technology, utilizing data for real-world application has never been easier. However, with the benefits of cloud technology, it has also opened a gateway to new dangers, including employee theft or insider threat.

Employees steal data for all different reasons. One reason is corporate espionage. With cloud technology, corporate espionage has been more common than ever. According to IBM’s 2020 Cost of Insider Threats: Global Report, it was found that insider threats have tripled since 2016, with a total average cost of $11.45 million. Out of the 4,716 incidents reported across 204 organizations, 23.4% were from criminal and malicious insiders with an annualized cost of $4.08 million. Another reason is employees being recruited by competitors. When employees are getting ready to leave their current company, they may steal data to take with them to their new company. Additionally, a competitor will poach an employee to take advantage of confidential information they can get ahold of. Employees that start a new company in the same industry may steal profiles or process information to get a jump start to their company. Lastly, an employee may steal out of anger. In some cases, employees leave their company under bad terms and will steal data for revenge. Typically, this happens more commonly in companies that value privacy and confidentiality as part of their business model. CBS News reported in 2017 that a disgruntled staff member from a Beverly Hills plastic surgery clinic who released over 15,000 patient records on social media. Records that include medical history, contact details, and other information of celebrity clients.

Employees will have their own reasoning as to why they stole data from their employer. Companies need to have methods in place to help prevent these actions from happening. The first method of theft prevention is before an employee even starts working. Clearly defining the contract clause will paint a comprehensive understanding of what the employee and employer should expect. It should be plainly stated in the contract that the employee is aware of their responsibilities to protect the company data. While many companies have non-compete clauses on paper, many of those companies do not follow through with them in practice. Another method is implementing intrusion detection systems. Detecting theft within the company requires monitoring software and proper restrictions to ingress like limiting certain employees’ access. Lastly, companies need to have incident response protocols in place for immediate action. Having this protocol in place, will greatly reduce the time to identify and react to the most critical risks.

Prevention is extremely important when it comes to security practices. While companies will have different types of data being “most at risk”, knowing that component will help the company invest in the appropriate detection methods to cater to their needs. While not every employee will steal or cause harm to their employer, companies should have necessary insurances to prevent theft whether it was done maliciously or not.

Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk

ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.

This entry was posted on Friday, September 10th, 2021 at 9:50 pm. Both comments and pings are currently closed.