Walking Out the Door: Why Employees Are 69% More Likely to Take Data Before Resigning

Employees come and go from their employers every day, but would you know if an employee was taking some information with them when they left? Studies show that employees are 69% more likely to take data right before they resign. Some might not even realize they’re doing anything wrong—grabbing files for their portfolio or saving their work for future reference. Others, however, have more harmful intentions, like taking intellectual property (IP) to a competitor or even sabotaging company data.

Today we’ll break down why employees take data, what kind of data is most often stolen, and real-world cases that highlight why businesses need to stay vigilant when employees clock out.

‍

Why Do Employees Take Data Before They Leave?

‍

Innocent or Accidental Data Exfiltration

Not everyone who takes company data before leaving has bad intentions. Some of the most common reasons employees take data include:

• Portfolio Building: Employees may want to showcase their past work in future roles and don’t realize they’re taking confidential data.
• Reference Material: Workers may save project details, emails, or notes they think will be useful down the line.
• Personal Archives: Some employees feel attached to their work and want a record of their contribution.

‍

Even when there’s no ill intent, taking company data can still pose security and compliance risks—especially when proprietary information or personal data is involved.

‍

Malicious Data Theft

Unfortunately,not all cases of data exfiltration are accidental. Some employees intentionally steal data for personal gain or to harm the company. Common malicious scenarios include:

• Taking IP to a Competitor: Employees moving to a rival company might take trade secrets, client lists, or proprietary designs to give themselves a leg up.
• Sabotage or Revenge: Disgruntled employees might delete, corrupt, or leak sensitive information before leaving.
• Selling Data: Some employees steal data to sell on the black market, especially if it includes personally identifiable information (PII) or sensitive business data.
  ‍

The consequences of malicious data theft can be devastating, leading to regulatory fines, reputational damage, and competitive losses.

‍

What Kind of Data Do Employees Take?

When employees take data, it usually falls into one of these categories:
‍

1. Company Intellectual Property (IP)

• Proprietary software, research papers, and product roadmaps.
• Trade secrets, patents, and internal strategy documents.
  
  ‍

2. Email and PST Files

• Emails with confidential discussions.
• Large PST files containing years of corporate communications.
• Attachments with PII, contracts, or financial reports.
  ‍

3. Client and Contact Lists

• Customer databases and sales leads.
• Vendor and supplier contacts.
• Partnership agreements.
  ‍

4. Employee and Payroll Information

• Salary records and benefits details.
• Employee PII (Social Security Numbers, addresses, etc.).
• HR investigations or performance reviews.
  ‍

Even if an employee doesn’t intend to misuse the data, its loss can still create security and compliance risks for the company.

‍

‍

Real-World Case: The GlaxoSmithKline Data Theft Incident

One high-profile example of employee data theft comes from GlaxoSmithKline (GSK),one of the world’s largest pharmaceutical companies. In this case, an employee with privileged access to company secrets managed to filter highly sensitive data out of GSK’s environment prior to her resignation.

What Happened?

• Before resigning, the employee requested a new company laptop, which was loaded with highly sensitive proprietary data.
• She then emailed confidential GSK files to her personal email account from the laptop.
• Shortly before leaving, she began transferring large amounts of data onto an external storage device.
• GSK discovered the unauthorized data movement and had to take legal action to retrieve the stolen trade secrets and secure its intellectual property.
  ‍

Key Takeaways from the GSK Case

1. Employees Can Exploit Trust: The employee’s request for a new laptop disguised her intent, showing how insider threats can be subtle but highly damaging.
2. Data Exfiltration Can Happen in Multiple Ways: Emailing files, using external storage devices, and unauthorized downloads all played a role in this case.
3. The Importance of Proactive Detection: If GSK had data loss prevention (DLP) tools monitoring for unusual data transfers, they might have caught the issue sooner.
4. Legal Action May Be Necessary: GSK was forced to pursue legal measures to try and recover its stolen data, demonstrating the importance of having strong legal safeguards in place.
   ‍

This case is just one example of why businesses must take proactive measures to protect their sensitive data.

‍

How to Prevent Employee Data Theft& How Technology Can Help Minimize Your Exposure

With data theft so common during the resignation process, businesses need strong security measures in place to mitigate risk. The right technology can play a vital role in reducing exposure to these risks.

1. Control Access to Sensitive Data

• Restrict access to confidential files based on job role.
• Regularly audit and update permissions.
• Use multi-factor authentication (MFA) for added security.
  ‍

2. Monitor and Detect Suspicious Activity

• Deploy user behavior analytics (UBA) to flag unusual data access.
• Use data loss prevention (DLP) tools to track and block unauthorized file transfers.
• Watch for large downloads, email forwarding, or USB usage.
  ‍

3. Enforce Strict Off-boarding Policies

• Conduct exit interviews to reinforce data policies.
• Immediately revoke access to company systems, emails, and cloud storage.
• Require employees to return all company devices before their departure.
  ‍

4. Leverage Advanced Security Technology
‍

A solution like InnerActiv can help minimize data theft risks by:

• Detecting abnormal data usage patterns that indicate potential insider threats.
• Monitoring employee sentiment to identify disgruntled employees before they act.
• Tracking sensitive data movement to ensure compliance with security policies.
• Integrating IT and HR systems to flag potential risks when employees resign.
• Automating security enforcement to prevent unauthorized file transfers in real-time.
• Identifying fraudulent use of company resources that could lead to significant losses
  ‍

By integrating these tools, businesses can detect, prevent, and respond to data theft more effectively.
‍

Signs an Employee May Be Tampering with Data Before Leaving

Detecting potential data theft before it happens is crucial. Here are a few red flags to watch for:

• Unusual Downloading or Copying Activity: Large file transfers to personal devices or cloud storage can indicate data exfiltration.
• Increased Use of External Drives or Email Forwarding: Employees sending work-related files to personal email addresses or copying data onto USB drives is a major warning sign.
• Accessing Data Outside of Normal Work Hours: A sudden spike in after-hours activity, especially accessing sensitive data, could be suspicious.
• Attempts to Bypass Security Measures: Employees who try to disable monitoring tools, encrypt files, or change permissions may be covering their tracks.
• Disgruntled or Disengaged Behavior: Employees who express frustration with the company or seem disengaged may be at higher risk for malicious actions.
  ‍

Protect Your Business with InnerActiv

Preventing employee-driven data theft isn’t just about technology—it’s about fostering a culture of security, awareness, and accountability. InnerActiv provides cutting-edge data protection, risk monitoring, and insider threat detection solutions to safeguard your most valuable assets. Contact us today to learn how we can help secure your business.

‍

Are you concerned about what data could be leaving with your employees? Let InnerActiv help!

Contact Us:

info@inneractiv.com

888.798.7792