Who is this article for?
Code42 for Enterprise, yes.
CrashPlan for Small Business, no.
This article applies to Code42 cloud environments.
Departing employees pose a data loss risk
When employees leave your organization, voluntarily or not, they often take your data with them, posing an insider threat.
"The Code42 2018 Data Exposure Report showed that roughly half of employees admit to taking IP with them when they leave.
...over 70% of execs admitting to taking IP from one employer to the next."
That's not to say that all departing employees are malicious. Most have good intentions and are often taking data to:
- Pull together their best work to help them land a new job
- Take things like templates or “their” client information to use in their new job
- Delete files to “help” clean up their devices for the next user
- Pull important working files onto a USB drive to share with a current colleague to ensure the project keeps moving forward after they leave
Although well-intended, these actions are still putting your data at risk.
Example departing employee process
When an employee leaves, a company might prepare for the departure using Code42 as follows:
- The employee gives notice, triggering action from their manager or Human Resources to start preparing for the employee's departure.
- The upcoming departure prompts the Security team to set up Code42 to review the employee's activity for suspicious or risky actions.
- The Security team finds a suspicious activity: the departing employee copied a product pricing spreadsheet to a USB drive.
- Security uses Code42 to restore the file and brings it to Human Resources. Human Resources brings it to the attention the employee's manager who confirms that putting the pricing document on a USB drive was not authorized.
- Security asks the employee to remove the file from the USB drive. If the activity is severe enough, it may be escalated to the Legal team.
For more information about how to use Code42 to complete the tasks associated with this process, see Best practices for protecting data when employees leave.
Departing employee resources
Prepare for an employee's departure
- Set up Code42 to prepare for an employee's departure, as described in Best practices for protecting data when employees leave.
- Use the Departing Employees list to see an employee's file activity for the previous 90 days and to be alerted of any suspicious file activity going forward.
- Use the Code42 app to capture file activity on user devices in real time with Enable endpoint monitoring for file exfiltration detection.
- Use Code42 for IBM Resilient to investigate a departing employee via security orchestration, automation, and response.
Use Forensic Search for departing employees and more
Forensic Search can help you mitigate data loss when employees leave. Use Forensic Search to:
- Monitor activity of departing employees before and after they give notice
- Identify cloud files shared with external users
- Search for unsanctioned applications or executable files in unexpected locations
- Search for unwanted distribution of confidential files or malware
Learn more about insider threat
- Visual overview of Code42 workflow: Protect company data when employees quit
- Video: Departing employee use case
- Code42 blog: Mitigating departing employee data loss threats
- Visual overview of Code42 workflow: Protect valuable data during mergers and acquisitions