How to prevent employee data theft

Issue 4 2021 Information Security

According to the Ponemon Institute’s global study of insider threats, almost one in four internal compromised data incidents in 2020 were caused by criminal and malicious insiders. Given the increased number of employees working remotely due to the global pandemic, business owners must stay alert to avoid potential risks.

“Employee data theft is a difficult attack to defend the organisation against because it comes from the employees you trust by nature, so it always hits unexpectedly,” explains Oliver Noble, a cybersecurity expert at NordLocker, a data encryption solution. “Although you can’t predict them, understanding why and how employee data thefts are carried out might help you prepare better.”

Most internal actors are financially motivated as they try to cash in on the information they steal. Also, an employee might hold a grudge against their employer and steal data out of spite or revenge. Finally, we get to those who embezzle what’s confidential to start a competing business or benefit their future employer. Unknowingly, you may also have hired an inside agent acting on behalf of some external party.

“Whatever their reason might be, malicious insiders are a ticking bomb once given trusted access to the organisation’s resources,“ says Noble. “They know how valuable and critical the information your company handles is and they are on the mission to steal or leak it.”

What ways are used to steal information?

A new report found that 35% of corporate data leaks include photographs or screenshots taken by insiders. In 13% of cases, wrongdoers make physical copies of documents, whereas 30% of leaks occur through instant messengers, e-mail, or social networks.

Moreover, an employee can infect your company’s computers with malware that may sit there undetected for days or even months before starting damaging your systems or leaking information.

“Every solid business has information of value which may be attractive to other parties, like customer databases, client contracts, confidential project schemes etc.,” Noble points out. “To get it, insiders would do anything, even if it takes them long months of studying your systems and observing their colleagues. Thus, every respected organisation should have some data theft prevention in place to eliminate potential risks as much as possible.”

How can you avoid malicious inside jobs?

Even though it is impossible to completely prevent inside jobs as you might not be aware of malicious insiders plotting something, the following measures may help mitigate the risks:

Establish the Principle of Least Privilege (POLP). It limits who has access to your critical data depending on employees’ roles and functions.

Implement an intrusion prevention system (IPS). It analyses real-time traffic and packet logging to help you detect and respond to any suspicious network traffic flows.

Store data backups in an encrypted cloud like NordLocker in case of ransomware. This ensures the data doesn’t get leaked and access to it isn’t lost.

Get data loss prevention (DLP) software. It detects potential data breaches, information exfiltration and destruction. The solution monitors, detects, and blocks sensitive data while in use, in motion and at rest.

Install digital signatures to sign every critical action within your organisation’s systems with a secure mark of authenticity so it’s easier to find the culprit if an incident occurs.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.