cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Balancing the Great Resignation with data security

Of all the changes that have occurred as a result of the global COVID-19 pandemic, one of the most significant has been the decision taken by many people to switch jobs, Michael Bovalino of LogRhythm writes.

user iconMichael Bovalino
Mon, 26 Sep 2022
Balancing the Great Resignation with data security
expand image

Frustrated by restrictions and the requirement to work from home, workers are handing in their resignation and looking for new opportunities. Rather than being a short-term trend, it’s something that’s likely to continue for some time.

While the trend has significant implications from an HR perspective, it’s also causing challenges when it comes to IT security. Organisations need to be sure that staff who are leaving are not taking sensitive data with them.

Managing insider risk


To achieve this goal, organisations need to have in place tools that can monitor the movement of data and whether it is being accessed by people without the authority to do so.

First is a cloud access security broker (CASB) which sits between cloud platforms and the users who are accessing them. It can continuously monitor data movement and flag any incidents that appear to be unauthorised or unusual.

The second tool is data loss prevention (DLP) software. DLP detects potential data breaches and exfiltration transmissions and prevents them from being completed. It can ensure that users cannot send sensitive or critical information outside a corporate network.

Enterprises can also review profiling and deviations from normal behaviour leveraging user and entity-based analytics (UEBA) tools. These tools make use of the rapid advances being made in artificial intelligence and machine learning to assist security teams in overcoming the challenge.

The most effective need to be able to detect and respond to three key things: insider threats before fraud is perpetrated, compromised accounts before more systems are taken over, and privileged account abuse before sensitive data is accessed or operations are affected.

All these tools should be used in conjunction with a defined corporate governance framework. This should incorporate staff training to ensure that everyone understands the rules around proper use of company resources and data.

The framework should also establish acceptable procedures for data use and movement as well as an escalation process that is followed should misuse be identified. As well as the IT team, this will involve senior managers, HR, and legal teams.

The evolution of protection

During the past decade, the challenge of protecting data from insider threats has evolved. Where initially attention was focused on protecting in-house resources, it has now shifted to include data stored on a range of cloud platforms and endpoints.

This has changed the game for security teams. Rather than focusing on establishing a secure perimeter within which data is protected, they need to deploy rules and tools that offer protection for data regardless of its location.

The security challenge is increased further because unauthorised data usage is not always caused by malicious parties. Often, staff can unintentionally misuse data by sharing files externally or leaving them stored on an unprotected device.

Some threats are also caused by departing staff who may be looking to achieve a personal gain. This could be by sharing sensitive data with a new employer or offering it to a third party for financial compensation.

For this reason, continuous and comprehensive monitoring of data movement is needed. Such monitoring is vital if the risks posed by staff movement are to be eliminated.

Improving insider risk management

An effective insider risk management strategy needs to comprise four distinct stages. Together, the phases can reduce the likelihood that sensitive data will be exposed outside an organisation. The stages are:

  1. Identify: All movement and usage of data should be monitored at all times to determine the level of risk of unauthorised exposure.
  2. Define: Definitions should be developed of what is to be deemed trusted versus untrusted activity. This will help an organisation to establish what it will regard as risk tolerance when it comes to data usage.
  3. Prioritise: Data should then be prioritised to ensure the most critical is given the most protection.
  4. Automation: Finally, monitoring processes should be automated to ensure they can be undertaken around the clock. This is particularly important in larger organisations where significant volumes of data are involved.

By taking these steps, organisations can be in a much better position to withstand the security challenges posed by the “great resignation”. While staff changes are likely to continue for the foreseeable future, data security can be maintained.

Michael Bovalino is the ANZ country manager of LogRhythm.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.