For many companies, data is the lifeblood that gives them an advantage over their competitors. From client databases to campaign strategies, companies invest a lot into making sure they can find, serve, and care for their customers using data.
Through cloud technology, it has never been easier to consolidate and utilize data for real-world applications. However, it has also opened up several new risks, including employee theft. But why might your own employees steal information? And what sort of data do they target?
Why Employees Steal Data
While no one wants to suspect their own team members are capable of stealing company data, it’s more widespread than people think. Here are some key reasons why they do it.
Corporate Espionage
With cloud technology, corporate espionage has never been so common. According to the 2020 Cost of Insider Threats: Global Report from IBM, insider threats have tripled since 2016, with a total average cost of $11.45 million.
Out of the 4,716 incidents reported across 204 organizations, 23.4 percent were from criminal and malicious insiders with an annualized cost of $4.08 million.
Pirated by Competitors
On the other hand, some employees may not have intended to steal data but ended up doing so towards the end of their term with you. When competitors poach employees, they don’t just snag them for their expertise.
Some companies will hire employees from their competitors to take advantage of what information they can access. With employees looking for ways to add value, some may keep documents that they believe might be useful for their next employer.
Starting Their Own Company
These days, it’s never been so easy to start a company. However, part of what makes it easy for some people is that they’re not entirely working from scratch.
Former employees looking to start a business in the same industry can steal valuable client data. These may include profiles and processes that have taken your company considerable time and effort to develop.
Personal Spite
In some cases, employees who leave companies under bad terms can steal data to humiliate an employer. This happens more commonly in companies that value privacy and confidentiality as part of their business model.
In 2017, CBS News reported a disgruntled staff member from a Beverly Hills plastic surgery clinic who released over 15,000 patient records on social media. These patient records included medical history, contact details, and other information of celebrity clients.
Common Types of Data The Employees Steal
Whether it’s to sell, use, or share, here are the common types of data that employees steal.
Collaborative Documents
With many teams transitioning to collaborative tools like Dropbox and Google Drive, these can be used to download and share data externally. Some commonly stolen data in the form of collaborative documents include presentations, contracts, and key visuals.
While at first, the idea of a stolen PowerPoint file doesn’t ring alarms, the severity of a stolen collaborative document can affect companies in several ways.
These documents can include important information like market research, campaign strategies, and timelines. This information can alert competitors on your plans and allow them to either counter or copy them.
Consumer Databases
For companies that make it their mission to nurture customer relationships, consumer profiles make all the difference. Consumer database leaks don’t just share the hard-earned lists you’ve built but also put the privacy of your customers at risk.
In 2018, Lyft employees were rumored to access confidential information about their customers. Some of the data that Lyft employees were said to have stolen include contact details of celebrities, porn stars, and ex-partners.
Depending on the nature of your company, consumer database leaks can reveal details like names, addresses, phone numbers, and credit card details.
Expansive consumer databases with accurate and up-to-date information are sold to competitors and data brokers often for financial gain. In some cases, stolen consumer databases can also violate contract information such as confidentiality agreements.
Research and Development
Research can make all the difference when it comes to staying on top. It’s no secret that many companies invest in finding the best ways to stay ahead. However, exiting employees may seek to get a raise by offering their findings to someone else or passing it off as their own.
In 2016, car start-up Otto was acquired by Uber to help push its vision for self-driving cars. Before founding his own company, Otto founder Anthony Levandowski was an engineer at Google in a division that would eventually become Waymo. A year later, Waymo accused Anthony Levandowski of stealing confidential documents.
These documents included trade secrets to found his own self-driving car start-up, Otto.
According to The Verge, the tech giants settled with Uber paying Waymo 0.34 percent of its equity. At the time, the equity was worth approximately $245 million. Levandowski also received a sentence of 18 months in prison.
How to Prevent Internal Data Theft
Here are some methods that your company can employ to prevent internal data theft by employees.
Defined Contract Clauses
Before beginning their work with you, employees should understand and sign contracts that indicate they are aware of their responsibility to protect company data. While many competitive industries have non-compete clauses on paper, most companies don’t follow through with them in practice.
Aside from having these clauses in employee contracts, you should also routinely check up on high-risk employees who work or founded their own companies within the same industry.
Intrusion Detection Systems
Detecting internal data theft requires a combination of monitoring software and leveled access restrictions. Through limiting data access to only relevant employees, it will be easier to trace leaks. There’s various software that companies can use to monitor possible intrusions.
Incident Response Procedures
Once a threat is detected, companies need to have procedures in place for immediate deployment. While it’s not possible to prepare for every single scenario, identifying which ones you are most at risk for reduces the time necessary to react.
Key aspects of good incident response practices include damage reduction, mitigation, and internal communications. The goal for any incident response strategy is to return operations to normal as soon as possible.
Protect Your Company from Employee Data Theft
When it comes to security practices, prevention is key. Depending on your company, the type of data most at risk will vary. Knowing what data’s most at risk helps your company invest in the most critical detection methods.
It’s important to understand that not all employees will have the intent to steal data. However, it is also possible for corporate data to be stolen simply because of employee ignorance or lax security practices. That’s why it’s important to establish company processes and procedures that reflect how important security is.