- Workers are taking sensitive
data from their companies increasingly often, a Code42 report says. - The report says
source code exposure has jumped threefold over preceding quarters. - Code42 says high
turnover is a factor as workers take patent applications, customer lists, and more.
When workers walk away from their jobs, they're not just taking their last paycheck with them. They're increasingly bringing home sensitive company data, a new report finds.
Cybersecurity software company Code42 found that there was a 40% increase in "data exposure events" between the first half of 2020 and the first half of 2021. It also concluded that, within the first half of this year, there was a 61% jump in data exposure events quarter-over-quarter. Code42's findings were previously reported by the Financial Times.
Code42 analyzed anonymized data from more than 700,000 company devices from the first half of this year. The analysis examined insider risk, or the security risk that an organization faces from within, such as from its own employees.
The analysis teased out "a direct correlation between resignations, departing employees, and exposure events," the company said in a blog post.
"The number one indicator someone is going to take data is that they plan to leave the organization," Joe Payne, president and CEO of Code42, told Insider.
The Great Resignation is partly to blame. The number of Americans quitting their jobs hit a record 4 million in April and has remained elevated ever since. The resulting high turnover is a big factor in data exposure events.
"Data exposure peaked at the same time the US experienced a massive shift in employment," Code42 wrote in its post.
The company says the portability of data was another factor in the growing frequency of data exposure events. Removable media, primarily USB drives, was the most commonly used means of stealing company data. Google Chrome also was frequently used to take company information: It accounted for 52% of all application exposure that wasn't tied to removable media or a cloud sync agent.
Employees walked away with sensitive company information like source code, customer lists, and patent applications. Source code exposure in particular increased threefold over preceding quarters, Code42 found.
Nearly half of all of the source code exposure in the past calendar year came from Q2 2021, which began in April, the month in which quit rates reached their highest point in 20 years.
Code42 says the prevalence of hybrid work is another reason for the increase in workers stealing company data.
Payne has two suggestions for ways companies can curb data exposure events.
"First, they need to train employees on how to handle data and use authorized collaboration tools properly; spell out for employees what data they can and cannot take when they leave," he said. "Second, companies need to put in place new cloud-based insider risk management technologies that verify that employees are working within the boundaries that have been outlined for them."
Between the Great Resignation, the growing portability of data, and looser employee supervision in remote work, Code42 says insider risk has never posed a bigger threat.
"There have never been more ways for employees and contractors to drop some source code in a personal GitHub repository, upload a customer list to a personal cloud storage system, or save a product presentation on a USB drive," Payne said. "Now is the time to get in the driver's seat before any more data walks out the door."