Pfizer recently discovered a long-time employee had uploaded 12,000 documents, including research on its COVID-19 vaccine and cancer therapies, to her personal accounts without permission. She was leaving Pfizer after 15 years to join a competitor. The company has filed a lawsuit, alleging breach of confidentiality agreements, and is trying to prevent her from using its proprietary data at her new job.
The ex-Pfizer employee is one of tens of millions of people around the world who have quit their jobs in recent months, as part of a global wave of departures called the “Great Resignation.” As the Pfizer lawsuit underscores, when people change jobs, they often take intellectual property with them. Most of the time, organizations have insider risk management programs, DLP products, and IT and HR processes in place for when employees are terminated. But are you ready for when the employee or contractor resigns?
Here are some sobering facts about the risks of departing employees:
Due to the upheaval precipitated by the pandemic, people are reevaluating priorities, looking for more money or opportunity, different bosses, or to be closer to family or a more desirable location. The departing employees tend to fit into three types of “leavers:” those who are disgruntled or frustrated, ignorant of corporate policy and confidentiality agreements, or feeling entitled to the proprietary data and want to use it to advance at their next job. Just ask Pfizer.
Of course, not every person who quits their job will steal, lose, or misplace your data. But the fact remains that it’s quite easy for anyone with access to download, email, or move valuable IP to their personal devices or cloud accounts. In light of this growing phenomenon, the best defense is a good offense.
We recommend the following strategy to mitigate the security risk of departing employees and contractors:
By bringing together proactive measures with analytics, user monitoring, and enterprise-wide enforcement policies, you can simplify data security and ensure the right program and tools are in place before and when any employee leaves. Don’t wait until the employee notifies their supervisor or HR to act. The health and viability of your organization depends on your ability to spot risk when employees resign and stop anything bad from happening before they leave.
Visit Forcepoint Insider Risk Solutions for more best practices on mitigating risk and preventing data loss from the Great Resignation. Or schedule a demo with a Forcepoint Insider Risk Solutions expert.
Michael Crouse is the Director for Enterprise User and Data Protection at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology...