40 percent of employees take data with them when leaving a job

New research from email security company Tessian finds that 40 percent of US employees have taken data with them when they’ve left a job.

This potentially exposes the business to a raft of cybersecurity concerns, from data breaches to regulatory fines. When asked why are they taking data 53 percent of employees say they worked on the document so therefore believe that it belongs to them.

Other reasons for taking data include, to share information with their new employer (44 percent), to help them in their new job (58 percent) and to make money (40 percent).

Those aged between 25-34 are most likely to take data with them and employees in marketing are most likely to take data with 63 percent of these that admitting to doing so. Among HR workers and IT workers 37 percent are likely to take data when leaving.

“It’s a rather common occurrence for employees, in certain roles and teams, to take data when they quit their job,” says Josh Yavor, CISO at Tessian. “While some people do take documents with malicious intent, many don’t even realize that what they are doing is wrong. Organizations have a duty to clearly communicate expectations regarding data ownership, and we need to recognize where there might be a breakdown in communication which has led to a cultural acceptance of employees taking documents when they leave.”

The report also shows that 71 percent of IT leaders in the UK and US agree that the Great Resignation has increased security risks in their organization. 45 percent say that incidents of data exfiltration have increased in the last year as people left jobs. 71 percent of IT leaders report having visibility into incidents of data exfiltration while 24 percent don’t.

“The Great Resignation, and the sharp increase in employee turnover, has exposed an opportunity for security and business leaders to consider a more effective way of addressing insider risk,” adds Yavor. “It comes down to building better security cultures, gaining greater visibility into data loss threats, and defining and communicating expectations around data sharing to employees — both company-wide and at a departmental level. Being proactive in setting the right policies and expectations is a key step before investing in preventative controls.”

You can read more on the Tessian blog.

Image credit: Highway Starz/depositphotos.com

Author: Martha Meyer