Read Forrester’s People Analytics Landscape Report –  Download now →

Home / Blog / How to Prevent Data Theft from Departing Employees

How to Prevent Data Theft from Departing Employees

Some employees steal data when they leave thier job. Prevent data theft from employees who leave with these insider threat management strategies.


By ActivTrak

A man carrying a giant login screen, a woman rolling away a giant coin and a man working on a laptop on top of a monitor.

Businesses are wise to anticipate external and internal data theft attempts. Several subsets of internal and external cybercrimes exist, but for this post, we’re focusing on the internal threats posed by departing employees.

It doesn’t matter if a person resigned or was laid off. Previously, we explored how employees with access to company systems can intentionally steal data. It's pretty easy if you don’t have a robust strategy for thwarting their attempts. Don’t be caught off guard! We’ve outlined five steps you should take to prevent the loss of your organization’s digital property.

1. Establish an Organizational Baseline

One of the most important steps you can take to prevent data theft from departing employees is to get a clear understanding of what is “normal.” By establishing an organizational baseline, anomalous behavior is easier to spot. If USB storage devices are prohibited but your activity tracking software alerts you to USB activity, the likelihood of data theft by that person you just let go is high. Know what’s normal so you can detect what’s not.

2. Evaluate and Inventory Privileged Access

You have to know who has access to what at all times. Become informed of all programs and systems in use, which team members use them, and what their various account statuses are. You’ll need to have this information available at a moment’s notice.

3. Block Access to Data Immediately

As soon as an employee is let go, immediately begin the process of removing their access to all data and programs. Refer to your inventory of privileged access and ensure that you cover everything.

Terminate VPN credentials, change passwords, and advise your team to deny any requests for access or information. Think of any ways data be accessed by the employee after they leave the office and prevent them.

4. Implement Proper Off-boarding

You probably have some form of on-boarding process. But what about off-boarding? The steps taken on an employee’s last day is just as important as their first. Collect all equipment and make sure everything is accounted for. Inform them of any post-employment security policies and what’s appropriate to discuss with former co-workers. Finally, create a file containing all recent activity. If you’ve been using a behavior analytics software, you can export a log of every action taken to revisit in the event of an investigation. Not every person who is fired will steal data, but you should prepare as if they will.

5. Continue to Monitor Activity

Your job of preventing data theft isn’t over once terminated employees go out the door. Even if you’ve executed your off-boarding process perfectly, there’s still a chance for malicious activity later on. Maybe you missed an account. Or maybe the employee is a professional hacker. Regardless, continue to monitor all of your organization’s activity using a user behavior analytics software like ActivTrak. Compare ongoing behavior to your baseline. Create alerts when suspicious behavior occurs like USB device usage. Capture screenshots and videos as further evidence for investigations. ActivTrak makes it possible for businesses to remain vigilant in their approach to data theft.

Share this article

Getting started is easy. Be up and running in minutes.