Preventing Internal Theft With Cybersecurity Measures

By Devin Partida, Editor-in-Chief,

It’s becoming increasingly common for departing employees to take data when they leave a company. Often, such instances are not malicious, and they occur by accident. For example, someone might use a personal USB drive to store some workplace files and realize that they still possess that content after their last day at work. 

In other cases, the theft might be more purposeful. Perhaps a person in charge of ordering supplies purchases a bit more than necessary, then takes the excess home for themselves, believing supervisors won’t miss it. 

Additionally, there are the more extreme types of theft, such as when a disgruntled employee accesses confidential information and uses it as leverage when making demands at the workplace. Fortunately, cybersecurity can help prevent all these instances and others. Here are some strategies to try. 

Set Clear Data Usage and Ownership Policies 

One cybersecurity firm’s analysis of 700,000 company devices found approximately 65 million attempts from employees to take source code from their companies in three months. The total number of exposure events, where any sort of data was taken, reached almost 590 million in the second quarter of 2021 alone. 

The research also showed that the most common way to take data was via USB sticks, followed by transferring it to cloud-based storage services, such as Dropbox. A good starting point is to ensure employees know how to use the information and who owns it. Sometimes, people have difficulty separating ownership from the work they do. 

People might think, “If I wrote this source code, it’s mine.” However, the company likely owns it since the creator was paid to do it as part of their job. These are cases where it’s beneficial for cybersecurity policies to spell out what people can do with a company’s data and who owns it. 

These cybersecurity specifics should also apply when a person works remotely. For example, can they download a company file to a personal laptop, or must it be a workplace-owned machine? Being transparent about the policies won’t stop all instances of internal theft. However, it should greatly reduce the ones where people genuinely didn’t know that how they intended to use data is not allowed.

Employees should ideally learn about these internal policies during onboarding and be reminded throughout the rest of their time at a company. Moreover, being explicit about the policies gives a company more grounds to take legal action against workers for internal theft. 

Use Software to Gain Visibility

Investing in software can also help a company strengthen its cybersecurity and curb employee theft. Many cloud-based tools have history logs that can help verify expected usage. A manager that sees an employee place an unusual order outside of business hours could be a red flag for potential theft. 

Employee monitoring software can also help track file-related thefts. Many tools show the details of workers’ file transfers. Some even give real-time, browser-based alerts of those instances so IT teams can intervene when necessary. 

A company’s cybersecurity team should always encourage employees to be upfront with them if they want to do something and are not sure whether it’s in line with the policies. Similarly, business decision-makers should always try to balance security and user trust.

Workers that feel their employers are watching everything they do could quickly become frustrated and may not stay at the company for very long. That’s why it may be overreacting to write up an employee for one unauthorized file transfer, but more appropriate when there’s a clear pattern of such behavior. 

Limit Employees’ Access as Appropriate 

Employees will likely find it harder to steal when their overall access to company resources only extends to the necessities. One study found that 58% of organizations had more than 100,000 folders accessible to all employees. Additionally, 41% had at least 1,000 sensitive files that every worker could access. 

Such situations leave data unnecessarily exposed. Additionally, if a company experiences a major theft of internally stored information, all that access could make it prohibitively difficult to track down the responsible parties. There are also more opportunities for user errors. Someone with access to thousands of files not applicable to their jobs means a higher likelihood of accidentally sending the wrong one to a recipient. 

Another study showed that one-third of workers still had access to files from a previous employer. That statistic highlights the importance of ensuring workers’ access matches their relationship with a company. It should end when they leave or change if they go into another role. 

Using cloud-based access control platforms is one of the easiest ways to follow such protocols. Those tools limit the need to make manual changes and often allow granting or revoking access with one click. They could also manage threats. Perhaps a just-terminated employee left the company very upset and threatened to take its data elsewhere. Access control measures could prevent them from doing that. 

Take a Proactive Approach

Many of a company’s internal assets are essential to its success and competitiveness. As these examples and statistics show, theft happens often, even if it’s not intentional. These cybersecurity tips can help cybersecurity teams limit the potential damage from such incidents.

Devin Partida is an industrial tech writer and the Editor-in-Chief of, a digital magazine for all things technology, big data, cryptocurrency, and more. To read more from Devin, please check out the site.




Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.