Podcast Transcription

What security risks should companies be thinking about when employees are leaving the company?

Dr. Christine Izuakor:
Welcome to the Veriato Insider, a bi-weekly podcast covering some of the latest trends and things to know in cybersecurity. Reporting to you from Chicago. I'm Dr. Christine Izuakor, your host, and today's podcast is about preventing data leakage as employees transition out of companies. So whether it's voluntary or involuntary, due to layoffs or furloughs or anything like that, it's a valid concern for many companies.

This podcast is sponsored by Veriato, an award-winning Employee Monitoring, and Insider Threat Detection software provider and to talk more about this topic, we have a special guest with us.  Pete Nourse, the chief marketing officer of Veriato is here with us today. Pete has a wealth of experience in the technology marketing space and has focused on cybersecurity for almost 20 years now. Welcome, Pete, and thanks for joining us.

Pete Nourse:
Thanks, Christine. Glad to be here.

Dr. Christine Izuakor:
Perfect. So, much to cover on this topic, so let's get right to it. Now we know these are trying times and no company wants to, you know, make that tough decision. However, in today's economic climate, we're seeing these mass layoffs, which can lead to mass data loss, right? And so, Pete, what security risks should companies be thinking about when employees are leaving the company?

One of the biggest threats is data loss

Pete Nourse:
Yeah, really good question, Christine. When employees are leaving the company, whether it's voluntary or involuntary, one of the biggest threats that a company, runs up against is data loss. The bottom line is that most employees when they leave a company, they end up taking data. The latest stats are 87% of people say that they take data that they created. So they have that- that concept in their head. "I created it. It's mine. It's not the company's."

Then, even more disturbing, 28% that they take data that other people created within the company. So, it's a big, big concern and, as we're going through the pandemic and companies are restructuring, laying off people, um, putting them into furlough situations, there's a big risk, 'cause you have a huge percentage of a workforce possibly leaving the company and so planning for that and making sure you have your security ducks in a row is crucial.

Dr. Christine Izuakor:
Yeah. I agree and even just hearing some of the stories that I've heard around not just data leakage, but people leaving the company and still having this backdoor access, right? Or still being able to access resources for, you know, weeks, months, years after employees are gone, and the damage that can be done there. So definitely a lot to consider. I think another topic that comes up in this space too is what about data on personal devices, because that's a little bit harder to manage, right?

Pete Nourse:
Yeah. It really is. You know it's a slippery slope when you start talking about people with their bring their own device. You know, my security expert friends always say that a company should never let employees use their own device, that there are so many ways that security can be breached, um, with that. You know, what I've seen some companies have, you know ... and then other companies let employees do whatever they want and sometimes they're somewhere in the middle, where a company will say, "Yeah, you can use your own device, but if you're actually gonna get on the corporate network, we have to allow, you have to allow monitoring of your personal device."

I don't know of any companies that are clandestinely, monitoring employees' personal devices. That, that's generally not the way, many companies go. But it is a risky area. If you're letting people, you know ... everyone's personal device is basically a small computer now and if you can be downloading files to a personal device and the company has no access, um, and no visibility into that, it can really be a, you know, a security blind spot.

Dr. Christine Izuakor:
Yeah, definitely. Now businesses have more high-end awareness on this, because of, of course, the current economic climate at this time. Is there anything that should be done differently from a monitoring standpoint, you know, when someone is laid off versus furloughed versus a traditional termination, maybe?

Pete Nourse:
Well, the way I- I think of it is whether- the termination was as a result of the company's decision or as a result of the employee's decision. If it's, you know, whether you're, laying off, furloughing, or just firing someone, the company and the management have control of that. They know ahead of time that this is gonna be happening. So the key, the keys there are to be putting things in place, so that they are able to lock things down before notification, quite honestly. We, you know, you don't want to get to that point where you let somebody go, they go back and- and scoop everything off the servers before they- they walk out the door. You know, this- this is standard security policies for lots of large corporations, going back decades.

So that's- that's one side of it when you know ahead of time exactly what's gonna be happening and who's going to be leaving as of today. The other one is a little trickier. Uh, all of sudden an employee gives a note- gives notice. And, you know, they're going to be there for a week or maybe, you know, only for the next five minutes after they give notice and- and you shut them off the systems. But the difficulty is that employee has probably known they were leaving for weeks and maybe months. They are probably looking for jobs. Um, they, you know, long before there was any inkling or they mentioned it to anyone they were working with, they could have been, you know, scooping data off the networks. The different intellectual property they've been working on, engineering designs. Whatever it might be.

So that's the tricky part. And having the right tools in place that help you identify possible risks, so that you're able to, take some more proactive stances opposed to just a reactive, "Oh, my gosh. He just gave notice and he has access to all of the intellectual property for the new designs." Uh, that- that's not the kind of thing that you, you know, you want to be surprised with. So the ability to monitor and be able to take a proactive stance is really a key.

Proactive methods you can take to reduce data leakage and theft when employees leave

Dr. Christine Izuakor:
Yeah, absolutely. Now, I know you all do a ton of work in this space. So maybe before we even touch on proactive, what are some ways that you all are helping your customers at Veriato to reduce data leakage and theft when employees leave?

Pete Nourse:
The key is visibility, knowledge, and understanding, where the employee ... you know, kind of where their head is at. When employees leave, they're looking for opportunities, a lot of times, to see what they can bring with them to the next position. So the ability to understand that and be watching for that kind of behavior is, can be a real tip-off. If all of a sudden I'm, you know, I'm in customer service, but I happen to be pinging the engineering server, trying to get access to, you know, the credit card data server, things like that, it would be unusual for me. That's something that- that should be being picked up and- and looked at. Why is that person doing that?

Machine learning is doing the heavy lifting

And those are the kinda ways that we're helping our customers. It's really giving them visibility. Identifying people that are starting to act in an unusual way. So, it's behavior analytics. And- and when I say we're helping them see this, it's- it's not really us. It's artificial intelligence, right? Machine learning is watching everybody all the time. And when people start to break their normal patterns, the question is why and is that a sign of threat.

So, with our technology, that's what our customers are able to do. They're able to get notified when things start to change for an employee. Generally, you know, unless it's a- a very strange, of, you know ... maybe there's a big blowup with a- with an employee and a boss and they, you know, say, "That's it. I'm walking out." Great. That's a spur of the moment. But most times when people leave, they're leaving for another job and they've been planning it for a while. So the ability to identify some of those key factors, um, for, especially for someone who's gonna leave and take data is- is a real key.

Dr. Christine Izuakor:
Yeah. That makes total sense. So, I mean, it sounds like ... and you've- you've touched on this quite a bit, already. You definitely want to be more, uh, proactive and try to, essentially, predict when some of these things are going to happen so that you can take proactive measures versus, you know, just finding out after the fact that somebody is leaving and has- has probably already taken whatever they planned to take to begin with.

Pete Nourse:
Exactly. So, by employing behavioral analytics, as I mentioned, we're able to see changes in patterns. But then there's also alerts that can be set for things that are- are signs that data is- is possibly gonna be stolen.

If the person is smart, well maybe they're using something like obfuscation tools. So after they go into the database and pull the intellectual property, they're able to cover their tracks. Well, if we can set an alert, and this may happen two weeks before that they ever plan on leaving the company, well three weeks, if all of a sudden if someone in the organization is testing obfuscation tools, IT security teams should know about that. And that, those are the kind of things that we're able to- to bring to their attention, um, as opposed to it just happening off in the background.

You know, generally when people are- are gonna be taking data, which we're really talking about data theft at this point when they're with or have already left the company, you know, it's not something that generally happens spur of the moment. They've put a plan in place. They've pinged a server to realize, "Oh. I can get access to that. Wow. Okay." And maybe they've downloaded a test file and put it back.

All of those things are unusual behaviors, 'cause the day that they're gonna go to do it, they've probably tested out the software they're gonna use. They've probably tested about the network routes and which servers. Um, they may have been chatting about it with, uh, a co-worker.

All of these things can be identified if you're monitoring employees with user behavior analytics and specialized alerting that allows you to see when sensitive data is being breached when unusual behavior is happening. And even to the point of psycholinguistics, where what we do is we monitor all the communication that, uh, everyone's writing in their email, all of the time. And when people start to decide, "You know what? This is, this company's not for me anymore." I'm- I start to disassociate, to detach from the company. And they start to look for other jobs. And- and when they do that, there are subtle changes in the language and how they write, uh, write their daily emails.

And we're able to actually pick up on that. So we can say, "You know, this person is starting to exhibit, um, dissociative behavior and so you might want to take a look at that." Okay? So now the security team has a heads up that this is, this could be a problem.

Risk scoring aggregates behavioral data

We actually have risk scoring. So it makes it very simple, especially in large organizations. If you have, you know, 1,000, 2,000, 10,000, 100,000 employees, how are you able to judge where you should be putting your security efforts? And with a risk warning, we can say, "Okay. Here are the top 10, the top 20. You know, top people in these departments, with higher risk scores, based on all the behavior, their psycholinguistics, any alerts they are triggering."

So it's looking at all of this in a holistic way, 24/7, and then prioritizing it and- and giving the security team a simple way to move forward and look at the people that are showing the highest likelihood of- of some type of breach.

AI will continue to lead the way In Cybersecurity

Dr. Christine Izuakor:
Very important. And I think AI is gonna continue to make a huge difference in- in this space, especially on the proactive side. Now as we wrap up here, are there any final thoughts that you want to share?

Pete Nourse:
Yeah, I guess just that this is- this is a time to be vigilant, because, you know, you're thinking about your employees and your company and, you know, you've, maybe have laid off some of the people within the organization. So, as we talked about at the beginning, that's a big influx of change. So that's putting stress on all the rest of the workers. Maybe they're not happy to work here anymore because half the, you know, they've doubled their work and they have less people. Um, maybe people have taken salary cuts. Um, it, maybe a person who works here, nothing has changed in their world, but guess what? Their husband or wife just got laid off. So they're in a lot of financial strain and you may not even realize that.

So everybody's under a unique strain, um, you know, just from everyone's, uh, you know, obviously concerned about the health risks and maybe the people in the family have a health issue. But there are seismic changes from people not going to the office anymore and working from home to spouses being laid off to other financial and social impacts.

So when things change, that's when, kind of the danger signals should be going up, because there are stressors on these people that someone just doesn't realize anymore. It's not visible, but with the AI, behavior analytics, and the changes that they're going through are exhibited in their work patterns, what they're doing. And, you know, especially in large, you know, larger organizations with thousands of people, to be able to pinpoint those, being able to watch everybody and looking at it from- from that 24/7. How is this changing day by day, week by week? Is there- is there really a change in behavior and- and why is that happening is a key.

That's the only way you can proactively be taking ... you know, to step in. Maybe it's a, you know, maybe it's a situation where the person is being overworked. So that managers have to come in and take some of the workloads off. And that's all of a sudden that's driven that security risk down. That person's maybe not going to leave anymore. Perhaps not going to do something dumb with the data that they were, that they were planning to do.

So the ability to step in before an incident happens to reduce risk is huge. And these changing times, everyone's level of risk is elevated.

Dr. Christine Izuakor:
Yeah, that's kinda an important part of this highlight, too, in that it's not just about the data leakage, right? It's also, you know, how can some of these tools and technologies help us begin to see when employees are struggling or when there's operational inefficiencies or things going on that are also fueling that change in employee behavior, as well. So well said and thanks for sharing all of that, uh, insight.

Now that concludes the Veriato Insider podcast for this week. Again, this podcast has been brought to you by Veriato, an award-winning cybersecurity company recently recognized by Gartner, whose solutions are anchored around four co-pillars of cybersecurity protection, um, including employee monitoring and web filtering, insider threat detection, employee investigations, and Ransomware support. All tools that can definitely help address some of the concerns around employee turnover and data leakage, uh, that we've talked about today.

So to learn more about how Veriato can help protect your company, check out Veriato.com. Thanks for tuning in and a special thanks to Pete for joining us today. I'm Dr. Christine Izuakor, the CEO of Cyber Pop-up, and it's been our pleasure to share these insights with you. Until next time, stay safe and secure, insider.

Listen To Podcast