Code42: With the 'Great Resignation' Comes the 'Great Exfiltration’

We spoke with Mark Wojtasiak, Vice President of Market Research and Strategy, Code42 about how the 'great resignation' -- the boom in job exodus and job hopping occurring -- can pose serious security risks to organizations.

How does the “Great Resignation” and subsequent data migration pose a risk to data security?

There has always been employee turnover and data exposure, but in the wake of the pandemic, employees are feeling more empowered to make employment decisions based on flexibility. More than 4.5 million workers quit their jobs in November, according to the Labor Department. That’s the highest number ever recorded, and it’s on top of 4.4 million who quit in September. This poses huge data risks for companies. When half of your workforce walks out the door, who knows what company data they are taking with them? Code42 telemetry data showed a 61% increase in critical severity data exposure events from Q3 2021 to Q4 2021. Data exposure is peaking at the same time as the US’s massive shift in employment turnover. This is not a coincidence and needs to be taken seriously by organizations.

With nearly 60% of employees moving to a company in the same industry, many find it beneficial to take data with them (63% admit to doing so, but this number is likely much higher). If they think no one’s watching, who’s to stop them? As one example shows, a Code42 customer recently spotted source code, valued at $5M, being taken by a software developer who had resigned. Luckily, it was detected before the employee left, so the crisis was averted.

Many people who started the job hunt last year are now settling into their new roles, and unfortunately, they may have taken along your company data and revenue.

What measures should be in place to ensure you protect your IP and incorporate employee data loss best practices?

Companies need to take a better approach when it comes to data security - prioritizing both transparency and training, which are two of the foundational ways to mitigate insider risk in your organization.

This begins with presuming positive intent - that employees are just trying to get their work done. We take this approach to data protection at Code42 and always strive to educate employees on safer security practices to combat careless or negligent behavior. Education helps employees understand expectations and policies in how to treat company data. That goes hand-in-hand with transparency between you, your employees, business partners, and executive leadership which is crucial because it creates a baseline of trust where all parties are informed of policies in place and processes needed to mitigate Insider Risk. This means explicitly reinforcing with all employees the policies, as well as the programs to track data, what specifically is being tracked and, most importantly – why.

Today, data is highly portable and the file-sharing tech we use makes it even easier to take company property. There are several technologies on the market that can help streamline the process of monitoring for any suspicious file movement. The age-old DLP technology was not made to keep pace with our modern, cloud-based, highly collaborative, off-network workforce. With the right strategy in place, we can protect one very important thing – IP – and therefore gain a competitive advantage.

Why should organizations pay more attention to data migration?

The current data migration is happening in tandem with the worst labor shortage in 50 years. Historically, an employee's resignation is the number one indicator that they are going to take data to use in their new job. High turnover rates are a new reality for American businesses, so it’s up to business leaders to make sure their business is prepared to mitigate insider risk.

We also need to stay vigilant of our new reality. Data today is digital and portable. It’s never been easier to take. Some of the most common exfiltration methods we see are via personal Microsoft OneDrive, Google Drive and email accounts. From Q3 2021 to Q4 2021, we saw a 51% increase in file uploads to cloud services regardless of risk severity. With critical risk severity events, we saw a 44% increase in the same time period. Now is not the time for complacency. Companies need to implement training and technology to tackle the Great Data Exfiltration head-on before any more data walks out the door.

How has remote/hybrid work over the past year changed your approach to Insider Risk Management?


It’s become clear during the past year that any existing stigma surrounding remote work has dissolved. That’s not to say remote work is without risk. Data shows that since the pandemic began, 61% of IT security leaders pin data breaches on remote workers, and employees are 85% more likely today to leak files than they were pre-COVID. While leaders want their distributed workforces to be productive and collaborative, we also need to take steps to protect our proprietary data – customer lists, product plans and personnel information – from falling into the wrong hands. Blocking data movement in real-time is easier said than done in this day and age of collaboration. But too few organizations are wrapping a much needed layer of security around collaboration technologies and, as a result, are leaving their data open to risk. In order to minimize future data risk, it’s critical to educate and be transparent with employees about corporate guidelines and expectations when it comes to protecting IP and sensitive organizational data.


###