Get new articles and guides, a curated list of events and job openings, and more. Sign up now.
A Successful Security Strategy Is All About Relationships. Here’s How to Build Them.
Security efforts are not limited to security teams. High impact strategies need to engage everyone from employees to the board of execs, DevOps teams and IT. Learn how how to become not just an effective partner but a trusted advisor across an organization.
Stateful Machine Learning is Our Best (And Only) Bet
Traditional machine learning methods that are used to detect threats at the machine layer aren’t equipped to account for the complexities of human relationships and behaviors across businesses over time. There is no concept of “state” — the additional variable that makes human-layer security problems so complex.
While – yes – data exfiltration, “bad leavers”, and insider threats have been top of mind for security leaders for decades, there’s suddenly a renewed sense of urgency to solve these problems. Why? Three words: The Great Resignation.
What is the Great Resignation?
The Great Resignation, also known as the Big Quit, and more recently as the Great Re-Evaluation is an ongoing economic trend in which employees have voluntarily resigned from their jobs en masse, beginning in early 2021.
The trend has continued well into 2022, with record high numbers of people quitting their jobs and seeking opportunities for better positions, better pay, better work/life balance and even exploring a career in a completely new industry.
Is the Great Resignation really a problem for security teams?
While the Great Resignation does not introduce new problems, it does significantly increase the risks associated with employee departures for many organizations.
According to a recent survey 55% of people are considering leaving their current employer this year, with two in five (39%) workers currently working their notice or actively looking for a new job in the next six months. These numbers didn’t shock me. In fact, I’d argue the number is likely much higher.
45% of IT leaders say incidents of data exfiltration have increased in the last year as people took data when they left their jobs. And we have every right to be worried. One in three (29%) employees admitted to having taken data with them when they quit. The figures were much higher in the US, with two fifths of US employees (40%) saying they’d taken data with them when they left their job.
But I’m not a glass-half-empty sort of guy. So, instead of looking at the problem, let’s talk about the solution.
There are of course various security solutions that can help you monitor and limit data movement. But the problem doesn’t start when employees get itchy feet. It goes all the way back to onboarding.
That’s because many employees don’t even know that taking certain data is a problem. So when they take data (whether it’s a list of contacts, a sales deck, or a scorecard), their behavior is often intentional, but not malicious.
They don’t actively want to cause harm to the organization that they’re leaving. They (generally) don’t have plans to sell data to a competitor – although it has certainly happened. They simply have a belief that because they worked on it, it’s theirs to take and, more often than not, are just trying to be the best employee they can be for their new gig. We can all relate.
This distinction between intention and malice is very important, and underscores the value of clearly communicating expectations and boundaries from the outset.
So, what does this look like? It starts with a company culture thats values and champions transparency.
At the security-level, it’s important to communicate the consequences of data exfiltration for both the individual and the company, without threatening employees or “making an example” of previous mistakes. Likewise, direct managers must constantly reinforce the importance of data protection, and clearly define what is actually acceptable to move outside of the company network (if anything).
At every level, the key is to make it clear that data exfiltration attempts are unethical, could represent an illegal data transfer, and could land everyone involved in regulatory hot water.
Best practice for offboarding checklists
A lot of the heavy lifting can (and should) be done early in the employee lifecycle, we absolutely cannot overlook the importance of a thoughtful, comprehensive, and closely monitored offboarding process that reinforces expectations at the time notice is given.
Here are 5 must-haves for every offboarding checklist:
Give people an approved and secure way to get personal documents (like family photos or tax documents) off their work laptop ahead of offboarding
Communicate offboarding expectations and needs with both the employee and their manger
Ensure that offboarding from core and critical systems happens as soon as possible
Have a plan in place for how you’ll address any post-employment data requests from former employees
Ensure that all critical systems have audit logs to enable you to identify any mistakes, or malicious activity, that may occur leading up to an employees last day
Chief Information Security Officer, Tessian
Josh is CISO at Tessian, leading information security, threat intelligence, and security research. Most recently he served as CISO for Cisco Secure and led cloud security for Duo Security, with earlier stops at Facebook, Oculus, and iSEC Partners. Josh is an aspiring woodworker and recovering middle school teacher.