Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protecting Corporate Data When an Employee Leaves: Survey and Best Practices

660 views

Published on

Employees leave organizations each year, but did your sensitive data leave with them? Osterman Research found that 39% of companies are not sure that they have recovered all corporate data assets, posing a significant risk in terms of data breach, regulatory and compliance implications, while leaving IT trying to locate and contain sensitive information.

This presentation with Michael Osterman, president of Osterman Research, as he shares new research, and Drew Nielsen, Director of Enterprise Security, Druva. Key learnings include:

* Understanding your organization's data vulnerabilities for data exfiltration
* Recommended technologies, policies, and procedures to protect critical information
* Preparation that can save IT time from potential audits, investigations or litigation

Listen to the webcast: http://bit.ly/2loQU33

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Protecting Corporate Data When an Employee Leaves: Survey and Best Practices

  1. 1. Protecting Corporate Data When an Employee Leaves
  2. 2. Our Speakers Today Michael Osterman Principal Analyst Osterman Research, Inc. @mosterman Drew Nielsen Director of Enterprise Security, CISSP, CISA, ISSAP, ISSMP, CCSK Druva, Inc. @virtualkjell
  3. 3. About Osterman Research • Focused on the messaging, Web and collaboration industries • Practice areas include archiving, security, encryption, content management, etc. • Strong emphasis on primary research conducted with decision makers and influencers • Founded in 2001 • Based near Seattle ©2017 Osterman Research, Inc.
  4. 4. Your company has sensitive, confidential and valuable data Employees have access to that data (and IT often does not) Employees leave your company Your sensitive, confidential and valuable data leaves with them Why We’re Here Today ©2017 Osterman Research, Inc.
  5. 5. Employee Turnover is a Fact of Life • The typical company can expect 24% turnover of its employees each year • In 2016, the average employee tenure was 4.2 years • In 2014, it was 4.6 years • Turnover among Millennials is much higher than for older workers • Good economies result in high levels of employee turnover • Involuntary terminations are also common • Individual terminations • Mass layoffs • Company closures ©2017 Osterman Research, Inc.
  6. 6. Protecting Data is a Major Problem Companies face a wide range of problems in retaining corporate data when employees leave…and even knowing if they have done so ©2017 Osterman Research, Inc. Percentage of Respondents Indicating a Significant or Major Problem
  7. 7. When Employees Leave, What is Retained? Most companies retain employees’ files and emails when they leave But they retain little else! ©2017 Osterman Research, Inc.
  8. 8. Why Do Employees Take Data? • They do so unintentionally • BYO devices/applications/mobile apps/storage make it easy for employees to depart with corporate data and not realize it • They don’t think it’s wrong • Many employees believe that “their” clients, prospects, intellectual property and social media contacts belong to them, not their employer • They do so maliciously • Some are angry with management or feel they were wrongly terminated ©2017 Osterman Research, Inc.
  9. 9. What are the Consequences? • The biggest problem is loss of intellectual property • Trade secrets, customer lists, marketing plans, financials, reputational damage, etc. • Some examples: • The day before and of his resignation, an employee of Leica Geosystems downloaded 190,000 files, deleted 54,000, and downloaded another 190,000 • An ex-employee of Ferguson Enterprises allegedly kept customer information and used it to set up a competing company • A soon-to-be-terminated employee of BlueScope downloaded the company’s trade secrets before her departure • An employee installed Google Chrome Remote Desktop without IT’s approval and used it to access the corporate network at least 16 times in order to exfiltrate sensitive data • An employee at Expedia’s Hotwire division kept a company laptop and used it to hack into company executives’ email accounts and devices ©2017 Osterman Research, Inc.
  10. 10. Other Consequences • Lawsuits and other litigation • Loss of regulated data and data that could be subject to legal hold requirements • Loss of corporate reputation • Loss of competitive advantage • Data breaches ©2017 Osterman Research, Inc.
  11. 11. Signs to Look For • Employees copying or downloading significant amounts of information to the cloud, USB drives, personal drives, personal email accounts, personal file sync-and-share accounts, cloud storage, etc. • Employees deleting a significant number of documents or emails • Odd timing of employee access to email, data repositories or facilities • Employees communicating with competitors • Anomalous levels of email activity ©2017 Osterman Research, Inc.
  12. 12. Are Good Processes and Systems in Place? Many companies have not implemented the appropriate processes and procedures to manage employee departures ©2017 Osterman Research, Inc.
  13. 13. So, What Can You Do About It? • Make sure your sensitive corporate data is under the control of IT, not just employees • Content archiving is a key technology that will put the company in control • Consider limiting employee access to data • Does every employee need access to every piece of corporate data? • Encrypt sensitive and confidential data • In-transit, at-rest and in-use • Use the right authentication for sensitive and confidential data • Risk-based authentication should be considered ©2017 Osterman Research, Inc.
  14. 14. What Else Can You Do? • Manage mobile devices and laptops properly • Can all of your devices be wiped after employees leave? Even personally-owned devices? • Your data needs to be backed up • Backup and archiving are both essential best practices • Make sure employment contracts contain confidentiality provisions • Develop, implement and update proper-use policies for EVERYTHING • Monitor and audit employee behavior ©2017 Osterman Research, Inc.
  15. 15. Even More Things You Can Do • Conduct initial and ongoing employee training • Don’t allow employees to be their own administrators • This allows employees to decide where sensitive corporate data will be stored • Establish the ownership of social media contacts • Make sure that “ownership” of Twitter and other social media followers is well understood • All managers must understand their employment contracts fully • Data this created during employment, acceptable use policies, etc. ©2017 Osterman Research, Inc.
  16. 16. Technologies to Consider • Information governance • Centralized logging and reporting • File analytics technology • DLP • Encryption • Mobile device management • Content archiving • Virtual desktops • Windows to Go • Employee activitity and content monitoring • Solutions to prevent the offloading of data • BYO replacements ©2017 Osterman Research, Inc.
  17. 17. We now efficiently manage the full lifecycle of data across time, device and geography. Druva makes this possible. “ ”Shah Nawaz, Director of IT, Shire Enterprise Customers 4,000+ Data Under Management 25PB+ Amazon Storage Partner Top 5 In Cloud Data Protection Gartner#1
  18. 18. 2000 2005 2010 2015 2020 2025 Cloud Endpoints Remote Sites Data Centers 40 Exabyte Increasing Data & Business Risks Insider Threat & IP Theft Corruption & Loss Legal Exposure & Sanctions Compliance Infractions Ransomware & Malware
  19. 19. Druva : Cloud Information Management
  20. 20. Improve Business Agility, Reduce Risk & Cost Single Pane of Glass Improve Data Visibility Reduced Infrastructure Dependency Lower Overall TCO
  21. 21. Summary • Employee turnover is common • So is the departure of corporate data when employees leave • Most companies are not adequately prepared to deal with two key issues • The employee departure process • The aftermath of data loss, data breaches and the other consequences that can result from not protecting data • There are steps that can be taken and technologies that can be implemented that will almost entirely solve the problem ©2017 Osterman Research, Inc.
  22. 22. For More Information Osterman Research, Inc. +1 206 683 5683 +1 206 905 1010 info@ostermanresearch.com www.ostermanresearch.com ostermanresearch.blog @mosterman ©2017 Osterman Research, Inc. Druva, Inc. +1 650 241 3501 +1 800 375 0160 info@druva.com www.druva.com www.druva.com/blog @druvainc

×