Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

M&A Concern: Is your data walking out the door with employees?

Home
Industry Insights
M&A Concern: Is your data walking out the door with employees?

Blog Article Published: 08/25/2015

By Susan Richardson, Manager/Content Strategy, Code42

Code42_Blog_Is_your_data_walking_out_the_doorIf you’re at one of the 40,000+ companies a year worldwide that announce a merger or acquisition, your biggest worry may not be combining IT systems. It may be all those employees walking out the door with your data.

Layoffs and voluntary departures are a given after a merger or acquisition. That means stolen data is a given, too: Half of departing employees keep confidential corporate data when they leave organizations, according to a recent study. And 42% believe it’s their right. The BYOD trend just adds insult to injury: departing employees leave with fully stocked devices they own and operate.

So what are employees taking? Some pilfered data is innocuous and already in the public realm. But some of it is classified. A partner at a law firm that specializes in labor and employment law says 90% of the data losses he sees involve customer lists. Not just names and addresses, but confidential information such as buying habits, contract terms and potential deals.

Other classified information could include credit card information, health information, financial records, software code, email lists, strategic plans, proprietary formulas, databases and employee records.

To avoid data breaches by departing employees—and the risk of operational, financial and reputation damage—security experts recommend three key steps:

  1. Educate employees: Make it very clear to employees that taking confidential information is wrong. Your security awareness training should include a detailed section on intellectual property theft.
  2. Enforce and clarify non-disclosure agreements: In nearly half of insider theft cases there were IP agreements in place, but the employee either misunderstood them or they weren’t enforced, according to the study. Start by including stronger, more specific language in employment agreements. Then make sure employees are aware that policy violations will be enforced and that theft of company information will have negative consequences—to them and any future employer who benefits from the stolen data. Just as importantly, make sure exit interviews include focused conversations around the employee’s continued responsibility to protect confidential information and return all company property and information—including company data stored on personal devices.
  3. Monitor technology to catch breaches early: By monitoring all the data that moves with your employees—on any device and in the cloud—you can quickly identify and rectify any inappropriate access and use of confidential data.

A good endpoint backup system, one that can be rapidly deployed to the acquired company via a single platform and managed via one console enables companies to track and audit the content passing through a device. So if there is an insider theft, you have the ability to build a legal case and recover the data. An added benefit? A good endpoint backup system lessens the temptation to steal intellectual property.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.