What is it?
A departing executive or manager could be the most dangerous point of data exfiltration facing your organization.
How does it work?
By the nature of their job, executives and managers have access to most, if not all of the information available inside of an organization. When they leave an organization, it is common for sensitive data to leave with them.
Should I be worried?
Yes. Consider how diligently new executives and managers are screened before entering the organization. They go through multiple interviews, background checks, and reference checks. When they depart, they may go through a single exit interview. If they are leaving to a competitor, they may be out the door much more quickly to ensure that they no longer have access to systems or data. But when you consider that they have been going through multiple interviews, and offer negotiations, they have had plenty of time to collect the necessary data before tendering their resignation. Things like customer info, product plans, and product designs could already be out the door before they ever tender their resignation. In some cases the data exfiltration can continue long after they leave via accounts that are left open as seen in the case between two Major League Baseball franchises.
How can I prevent it?
1. Protect against data exfiltration using DLP. This should be a cloud based tool that can cover data in motion no matter where the user is accessing the data from.
2. Ensure that every employee signs a non-disclosure agreement and that this agreement specifically addresses that data sets you wish to protect in such a situation.
3. When an employee tenders their resignation, take the time to look at their data access over the last 3 months. Have there been any downloads of large data sets? Have they been sending large email attachments to a private home address? Essentially, you should be as proactive in investigating a departing employee as you are in hiring a new one. If reviews of data access showed impropriety take immediate legal action to retrieve the data.
4. During the exit interview, review the previously signed NDA with the departing employee. Explain how use of any stolen data, including customer lists, product information and designs, or company plans in their new endeavors is a legal violation and may be subject to legal action.
5. Monitor for any impropriety on that departed employees part. Any impropriety should be met with a legal cease and desist.
6. Ensure that all accounts for the departing employee are deleted.