Bethany Alvaro 
As the new year hiring and firing begins, Mimecast is reminding employers and organisations of the importance of keeping sensitive data and information safe from potential cyber security breaches caused by outgoing employees.
“January has always been a time of change for businesses and for workers themselves,” said chief technology officer for Mimecast, John Taylor.
“Unfortunately, that natural churn offers an opportunistic window for departing employees to take sensitive data with them, either unintentionally or maliciously.
“Organisations unprepared for this data theft season risk serious data exposure, loss of competitive advantage, and costly breaches.”
Mimecast emphasised how data such as customer lists, strategic plans, source code, and trade secrets are increasingly being extracted by employees before their departure from a company, posing a major cyber security threat to companies.
The company suggested that employers can strengthen HR and security collaborations by establishing clearer workflows when an employee’s access to certain information is set to be revoked, remaining timely, and implementing automated controls to ensure IP remains with the company are all measures that can be taken to reduce the risk of data theft.
“Protecting corporate data isn’t just about stopping external hackers … It’s equally about understanding how data moves within your organisation, and intervening ahead of time when someone’s role changes or ends,” Taylor said.
However, Mimecast stressed that this type of data theft does not always have a malicious intention behind it and that employees may inadvertently leave with data from USB devices, cloud drives, and unsecured emails.
“Don’t forward or back up work emails to personal accounts, as it can count as data theft. Don’t export contacts or client lists, even if you ‘built’ them, as they’re still company data,” Taylor said.
“Don’t save files ‘for later’ via personal drives, WhatsApp, screenshots, or USBs. Make sure you do a clean exit checklist: delete downloads, return devices, revoke access, and ask HR if you are unsure.”
Mimecast also noted that new employees are more at risk of business email compromise (BEC) scams, and employers should adequately inform employees about fraudulent communications that may come their way.