It’s been referred to as the Great Resignation, the Big Quit, and the Turnover Tsunami: Millions of workers quitting their jobs since the start of 2021. In November alone, nearly 4.5 million Americans called it quits, the largest one-month exodus of U.S. employees on record.

For many organizations – especially those in the service industry – it’s an uphill battle to attract and retain talent. For others still, that’s not the only hill to be climbed, as the data risk associated with the Great Resignation is keeping many a chief information officer and risk manager up at night.

The Data Security Risks of Employee Turnover

Whenever any employee leaves an organization, the risk of a possible data breach rears its ugly head. If you believe your employees are different – and more trustworthy – then download a copy of Code42’s Data Exposure Report and give it a thorough read. If you don’t have time to dive into this report, then we’ll give you the most important passage here:

“63% of employees say they brought data with them from their previous employer to their current employer. Sometimes recruiters take org charts and salary information. Engineers might take source code. Sales reps may nab customer lists. And more than half the time, these employees are leaving for a competitor. This was already a growing problem, with people changing jobs more frequently than ever. Now, record unemployment levels, economic uncertainty, and the seeming privacy of working from home are creating a perfect storm for departing employee insider risk.”

Whether the data theft of exiting employees is accidental or malicious, the potential consequences are the same – loss of revenue, loss of proprietary information, loss of trust, and so much more. The Great Resignation is not only the largest human resources issue to confront corporate America in a generation, but also possibly the biggest insider threat facing these organizations during that same period.

It’s Not Just Those Who Leave, Either

The data security risks of the Great Resignation are being compounded by the move to remote working brought on by the pandemic. Bring-your-own-device (BYOD) adoption surged since 2020, and the proliferation of removable media – such as USB flash drives and external hard drives – has made it easier for cybercriminals to ply their craft.

How much exposure is out there? Check out these two data points from an April Techjury blog:

  • 67% of employees use personal devices at work, regardless of the company’s official BYOD policy – even if it’s prohibited.
  • 87% of businesses are dependent on their employees’ abilities to access mobile business apps from their smartphone.

Plus, this one from Code42’s Data Exposure Report:

  • 71% of organizations admit they don’t know how much sensitive data exiting employees take with them when they leave the company.

If it sounds like the perfect storm is brewing, that’s because it is.

How to Mitigate Data Security Risks

Mitigating the data security risks of the Great Resignation takes a two-pronged approach.

First, adopt the Zero Trust Security model, especially if employees are working remotely. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Zero Trust makes all data held by the organization available on a need-to-know basis only, limiting the number of accounts that have access to sensitive data and decreasing the chances of an insider threat emerging.

Second, to defend against data loss associated with removable media – those devices that must connect through an open computer or network port – the easiest and simplest strategy is to physically block your computer ports with USB port locks. These nifty little devices cost a couple bucks each and are the cheapest insurance policy you can buy to protect yourself during the Great Resignation – not to mention from employees who unintentionally lose USB flash drives and other portable media after downloading sensitive company files.