When workers walk away from their jobs, they're not just taking their last paycheck with them. They're increasingly bringing home sensitive company data, a new report finds.
Cybersecurity software company Code42 found that there was a 40% increase in "data exposure events" between the first half of 2020 and the first half of 2021. It also concluded that, within the first half of this year, there was a 61% jump in data exposure events quarter-over-quarter. Code42's findings were previously reported by the Financial Times.
Code42 analyzed anonymized data from more than 700,000 company devices from the first half of this year. The analysis examined insider risk, or the security risk that an organization faces from within, such as from its own employees.
The analysis teased out "a direct correlation between resignations, departing employees, and exposure events," the company said in a blog post.
"The number one indicator someone is going to take data is that they plan to leave the organization," Joe Payne, president and CEO of Code42, told Insider.
The Great Resignation is partly to blame. The number of Americans quitting their jobs hit a record 4 million in April and has remained elevated ever since. The resulting high turnover is a big factor in data exposure events.
"Data exposure peaked at the same time the US experienced a massive shift in employment," Code42 wrote in its post.
The company says the portability of data was another factor in the growing frequency of data exposure events. Removable media, primarily USB drives, was the most commonly used means of stealing company data. Google Chrome also was frequently used to take company information: It accounted for 52% of all application exposure that wasn't tied to removable media or a cloud sync agent.
Payne has two suggestions for ways companies can curb data exposure events.
"First, they need to train employees on how to handle data and use authorized collaboration tools properly; spell out for employees what data they can and cannot take when they leave," he said. "Second, companies need to put in place new cloud-based insider risk management technologies that verify that employees are working within the boundaries that have been outlined for them."
Between the Great Resignation, the growing portability of data, and looser employee supervision in remote work, Code42 says insider risk has never posed a bigger threat.
