- More than one-quarter, 27%, of information security leaders don't monitor the data new employees bring to their organization, according to a Code42 survey of more than 1,000 information security leaders and 600 business decision-makers.
- Because employees feel "entitled to personal ownership" of work data, 63% bring data from previous employers to their new workplace. Nearly three-quarters of security leaders agree, saying employees don't just bring corporate data, but also anything they see as their work or ideas.
- Nearly 60% of security leaders say either they or a colleague have intercepted data with the potential of disrupting business, from a risk or legal standpoint.
Unintentional insider threats is a main cause of data breaches.
Similarly, the off-boarding process of an exiting employee is often unintenionally negligent. Job terminations, shared accounts, onboarding and off-boarding, authorization and inactive use are all factors in identity management.
During Code42's employee off-boarding process, the company runs down a checklist that includes data, access removal and return of corporate assets, Jadee Hanson, CISO and VP of information systems at Code42, told HR Dive's sister publications CIO Dive.
"Departing employees pose the greatest data exfiltration risk to employers and the impact of data loss can be significant," said Hanson. "It is important to remember that not all insider threats are malicious."
New employees at Code42 undergo a security awareness training when hired and repeat it annually. The company also deploys phishing exercises monthly.
"One of the most critical elements of our insider threat program is our philosophy of transparency. We tell our employees about our program and have found that alone deters more internal risks than a covert insider threat program," she said.
Though it's likely companies go over proper data use during the onboarding process, managing the data employees bring to — and take from — work is an ever-present risk, with legal, security, financial and reputation ramifications. Hanson suspects that the number of employees who bring former employer data to workplace is higher than the 63% measured from the survey.
"To get a leg up and hit the ground running, new employees can potentially bring almost any data, including strategy documents, process information, or very sensitive proprietary schematics, source code or strategic initiatives," she said.