Published on October 29, 2023, 8:49 pm

TLDR: Companies in Hong Kong are facing high turnover rates due to a wave of emigration, particularly affecting middle-ranking employees. Increasing salaries may not be a comprehensive solution, so organizations must assess the information left behind by departing staff and take appropriate action. There is an increased risk of data breaches or exposures caused by insiders, both malicious and compromised. Research indicates that there is significant data movement occurring prior to an employee's departure, highlighting potential risks associated with disgruntled employees. Balancing employee privacy and company data protection is essential, requiring organizations to be familiar with local laws and regulations regarding monitoring systems. Cloud migration and remote working present additional challenges for managing data security during turnover. Addressing these challenges requires prioritizing safeguarding valuable information while respecting privacy regulations.

Companies in Hong Kong are currently facing a major challenge: a wave of emigration that has led to turnover rates surpassing 20%. This exodus is particularly affecting middle-ranking employees and is causing significant disruptions within organizations. As the CEO of the Hong Kong General Chamber of Commerce, George Leung Siu-kay has shed light on this issue.

While increasing salaries might seem like a quick solution, it is not a comprehensive fix as not all organizations can afford to engage in a wage war. Both heads of departments and HR professionals are left grappling with the aftermath of staff departures. They must assess what information has been left behind, deliberate on whether it was taken intentionally or unintentionally, and determine the best course of action to restore business as usual.

The difficulty in recruiting the right talent is often cited by Human Resources and Chief Information Officers (CIOs). However, little attention is given to what happens when employees leave an organization and the potential access they have to sensitive information and data during their remaining days with the company—and even after that.

The Proofpoint 2023 Voice of the CISO report revealed that there is an increased expectation among CISOs that insiders, whether malicious or compromised, pose a higher risk of causing data breaches or exposures within the next year (43% believe malicious insiders would be responsible while 40% believe compromised insiders would be responsible). This suggests that more employees may be intentionally exposing data. In fact, 82% of CISOs reported that employees leaving their organization had contributed to data loss events.

Dagmawi Mulugeta, senior threat research engineer for Netskope APAC, conducted a study involving 58,000 people across 33 industries who left their jobs between July 2022 and April 2023. The study found that insurance had the highest number of flight-risk users at 17%, followed closely by technology at 16%. Additionally, the 2020 Securonix Insider Threat Report discovered that 60% of insider threat cases involved a flight risk user, with 2% of them stealing organizational data upon departure.

When it comes to managing data security in the face of employee turnover, Mulugeta identified three critical indicators: the nature, direction, and volume of data. Monitoring for policy violations through introspective analysis of files can help organizations identify potential data violators.

Mulugeta also highlighted the security issues that arise from disgruntled employees. Research indicates a high level of data movement occurring approximately 50 days prior to an employee’s departure. This pattern is concerning, signaling potential risks associated with employees leaving organizations.

Nevertheless, Mulugeta stressed the importance of balancing employee privacy and company data protection. Organizations must be familiar with local laws and regulations regarding monitoring systems to ensure compliance while being transparent about monitoring sensitive data and privacy elements within company resources.

Cloud migration and remote working present additional challenges for organizations. Identifying threats within large-scale cloud environments becomes especially challenging when multiple cloud applications are involved.

Overall, there are several pressing questions that need addressing:
1. Is the data left behind by departing employees safe?
2. How can companies effectively manage data security during times of turnover?
3. What security threats do disgruntled employees pose to organizations?
4. Are companies breaching privacy laws through monitoring potential leavers?
5. What other challenges do companies face following mass layoffs or influxes of new hires?

As Hong Kong grapples with these issues, it is essential for organizations to prioritize safeguarding their valuable information while respecting privacy regulations. By adopting proper security measures and closely monitoring data movements, businesses can navigate the complexities surrounding staff turnover successfully.

For more insights on how organizations can address these challenges related to staff turnover, listen to Dagmawi Mulugeta’s take on PodChats for FutureCIO: Picking up the data after staff turnover.


Comments are closed.