Juin 30, 2022

Insider Risk and the Great Resignation: Preventing Critical Data Loss When Employees Leave

Mike Crouse

Pfizer recently discovered a long-time employee had uploaded 12,000 documents, including research on its COVID-19 vaccine and cancer therapies, to her personal accounts without permission. She was leaving Pfizer after 15 years to join a competitor. The company has filed a lawsuit, alleging breach of confidentiality agreements, and is trying to prevent her from using its proprietary data at her new job.

The ex-Pfizer employee is one of tens of millions of people around the world who have quit their jobs in recent months, as part of a global wave of departures called the “Great Resignation.” As the Pfizer lawsuit underscores, when people change jobs, they often take intellectual property with them. Most of the time, organizations have insider risk management programs, DLP products, and IT and HR processes in place for when employees are terminated. But are you ready for when the employee or contractor resigns?

Here are some sobering facts about the risks of departing employees:

Due to the upheaval precipitated by the pandemic, people are reevaluating priorities, looking for more money or opportunity, different bosses, or to be closer to family or a more desirable location. The departing employees tend to fit into three types of “leavers:” those who are disgruntled or frustrated, ignorant of corporate policy and confidentiality agreements, or feeling entitled to the proprietary data and want to use it to advance at their next job. Just ask Pfizer.

Of course, not every person who quits their job will steal, lose, or misplace your data. But the fact remains that it’s quite easy for anyone with access to download, email, or move valuable IP to their personal devices or cloud accounts. In light of this growing phenomenon, the best defense is a good offense.


We recommend the following strategy to mitigate the security risk of departing employees and contractors:

  1. Prepare for potential data loss as soon as the employee or contractor was hired. If you wait until they resign, it’s too late.
  2. Make sure your security program and solution set give you visibility to employee interactions with data. The best insider risk solutions provide user monitoring and a granular timeline of user activity right up to the moment the employee leaves. This timeline should give you insight on web searches for new jobs or resume-writing tips, which are digital tells of a potential job-leaver.
  3. Don’t rely on detection of suspicious activity alone. Proactively prevent data theft with analytics that help identify risky behavior—for example, an uncharacteristic transfer of a massive number of files or copy/pasting of sensitive data from one document into another.
  4. Use existing investments in security, HR, and communication tools to inform the behavior analytical models, improve accuracy, and further enable proactive action.
  5. Integrate the behavior analytics (aka UEBA) and user activity monitoring (UAM) with data loss prevention (DLP) to automate security blocking policies before the breach or loss happens.


By bringing together proactive measures with analytics, user monitoring, and enterprise-wide enforcement policies, you can simplify data security and ensure the right program and tools are in place before and when any employee leaves. Don’t wait until the employee notifies their supervisor or HR to act. The health and viability of your organization depends on your ability to spot risk when employees resign and stop anything bad from happening before they leave.

Visit Forcepoint Insider Risk Solutions for more best practices on mitigating risk and preventing data loss from the Great Resignation. Or schedule a demo with a Forcepoint Insider Risk Solutions expert. 

Mike Crouse

Mike Crouse is the Director for Enterprise User and Data Protection at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology...

Read more articles by Mike Crouse

À propos de Forcepoint

Forcepoint est une entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Son objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.