A Successful Security Strategy Is All About Relationships. Here’s How to Build Them.
Security efforts are not limited to security teams. High impact strategies need to engage everyone from employees to the board of execs, DevOps teams and IT. Learn how how to become not just an effective partner but a trusted advisor across an organization.
Your Legacy Phishing Solution Isn’t Enough to Protect Your Organization
CISO Josh Yavor explains why legacy phishing solutions aren't effective in preventing successful attacks, and what you can do about it.
9 Things I’ve Learned Writing Phishing Emails
Ethical hacker, Craig Hays, explains why copywriting, timing, and context are all essential "ingredients" in crafting a phishing attack.
Employee Burnout Will Probably Cause Your Next Data Breach
Understanding how stress impacts cybersecurity behaviors could significantly reduce the chances of people’s mistakes compromising company’s security.
Stateful Machine Learning is Our Best (And Only) Bet
Traditional machine learning methods that are used to detect threats at the machine layer aren’t equipped to account for the complexities of human relationships and behaviors across businesses over time. There is no concept of “state” — the additional variable that makes human-layer security problems so complex.
How Easy Is It to Phish?
You don't have to be tech savvy to become a "hacker". This blog outlines how to create a phishing campaign, and was designed to help security leaders protect their organizations.

Explore Human Layer Security.

Learn About Our Mission
Subscribe to our newsletter
Explore Me
Read More
Data Loss Prevention

How to Minimize the Risk of Data Exfiltration During The Great Resignation

Josh Yavor

Illustrations by Susan Haejin Lee

While – yes – data exfiltration, “bad leavers”, and insider threats have been top of mind for security leaders for decades, there’s suddenly a renewed sense of urgency to solve these problems. Why? Three words: The Great Resignation.

What is the Great Resignation?

The Great Resignation, also known as the Big Quit, and more recently as the Great Re-Evaluation is an ongoing economic trend in which employees have voluntarily resigned from their jobs en masse, beginning in early 2021.

The trend has continued well into 2022, with record high numbers of people quitting their jobs and seeking opportunities for better positions, better pay, better work/life balance and even exploring a career in a completely new industry. 


Is the Great Resignation really a problem for security teams?

While the Great Resignation does not introduce new problems, it does significantly increase the risks associated with employee departures for many organizations.

According to a recent survey 55% of people are considering leaving their current employer this year, with two in five (39%) workers currently working their notice or actively looking for a new job in the next six months. These numbers didn’t shock me. In fact, I’d argue the number is likely much higher. 

45% of IT leaders say incidents of data exfiltration have increased in the last year as people took data when they left their jobs. And we have every right to be worried. One in three (29%) employees admitted to having taken data with them when they quit. The figures were much higher in the US, with two fifths of US employees (40%) saying they’d taken data with them when they left their job.

But I’m not a glass-half-empty sort of guy. So, instead of looking at the problem, let’s talk about the solution.

Share this Article

Prevention is better than cure

There are of course various security solutions that can help you monitor and limit data movement. But the problem doesn’t start when employees get itchy feet. It goes all the way back to onboarding.

That’s because many employees don’t even know that taking certain data is a problem. So when they take data (whether it’s a list of contacts, a sales deck, or a scorecard), their behavior is often intentional, but not malicious. 

They don’t actively want to cause harm to the organization that they’re leaving. They (generally) don’t have plans to sell data to a competitor – although it has certainly happened. They simply have a belief that because they worked on it, it’s theirs to take and, more often than not, are just trying to be the best employee they can be for their new gig. We can all relate.

This distinction between intention and malice is very important, and underscores the value of clearly communicating expectations and boundaries from the outset.

So, what does this look like? It starts with a company culture thats values and champions transparency.

At the security-level, it’s important to communicate the consequences of data exfiltration for both the individual and the company, without threatening employees or “making an example” of previous mistakes. Likewise, direct managers must constantly reinforce the importance of data protection, and clearly define what is actually acceptable to move outside of the company network (if anything).

At every level, the key is to make it clear that data exfiltration attempts are unethical, could represent an illegal data transfer, and could land everyone involved in regulatory hot water. 

Best practice for offboarding checklists

A lot of the heavy lifting can (and should) be done early in the employee lifecycle, we absolutely cannot overlook the importance of a thoughtful, comprehensive, and closely monitored offboarding process that reinforces expectations at the time notice is given. 

Here are 5 must-haves for every offboarding checklist:

  1. Give people an approved and secure way to get personal documents (like family photos or tax documents) off their work laptop ahead of offboarding
  2. Communicate offboarding expectations and needs with both the employee and their manger 
  3. Ensure that offboarding from core and critical systems happens as soon as possible
  4. Have a plan in place for how you’ll address any post-employment data requests from former employees
  5. Ensure that all critical systems have audit logs to enable you to  identify any mistakes, or malicious activity, that may occur leading up to an employees last day