Data Investments in 2025 and Beyond

Employee transitions and data risks

Shifts in the market, corporate funding, technology and competition directly correlate to what’s happening with an organization’s data. At this very moment, there’s a great chance that someone in any given organization is getting ready to leave or join the company, and gain or retain personal possession of proprietary information. Customer lists, pricing schedules, product specifications, software code and other types of highly valuable information are flowing, unchecked, in or out of organizations more frequently, at an accelerated pace. Often, this is occurring not as a result of external threats, but due to the activities of people who have privileged access to that data. These insiders, whether intentionally or not, can pose a material risk. 

Competitive pressures, financial incentives and productivity mandates continue to compound in every industry, sometimes triggering employees to bring proprietary data with them as they make career moves between different organizations. While most employees are trustworthy and controls can be designed to prevent data leakage, that doesn’t mean information isn’t at risk for exposure or creating unknown risks. Employees may believe they earned the right to keep information they created for a company or simply misunderstand the rules and guardrails that determine permissions for data ownership and access. 

Nearly every organization that looks for this kind of data misuse will find some questionable outbound data flow in connection with upcoming or recent employee departures. Similarly, in many instances where a new joiner brings information with them from a former employer, there tends to be information about other prior employers, thereby compounding the new employer’s risk of unintentionally possessing competitive information or infringing on intellectual property. Knowing how high the likelihood of data infiltration or exfiltration is, mitigating actions should be considered an imperative for corporate guardians.

Safeguarding data amidst market shifts and corporate changes

Of course, company value is under some of the most intense pressure when facing change in ownership or structure. Data-driven risk and opportunity are so frequently overlooked or underestimated during corporate optimization, due diligence, mergers, acquisitions and divestitures. Partners and salespeople leave with pricing, competitive strategy and customer lists. Research, development and data about proprietary products are lost, left behind or improperly transferred. Databases full of valuable contracts, sales and financial information become inaccessible or are wrongly disposed. Workflows, technical debt, information protection, business continuity and data integrity are glossed over or misunderstood. These examples occur all the time and they represent critical opportunities to prevent value erosion. 

Enhancing the approach to data risk management

There are a variety of ways data risks arise without detection. Likewise, there are a variety of tools and technologies within reach that can be better used to help mitigate the risks of inappropriate data use and data loss. Microsoft 365, for example, provides numerous tools specifically designed to help address these risks. Many organizations simply lack the capacity or experience to optimally implement the right solutions and address the shortcomings of some common technology platforms. 

Organizations can enhance the approach to containing data risks many ways. Some effective measures include the following:

• Define high risk job categories and amend data monitoring practices for both outgoing and incoming employees in those roles. Employees frequently begin transferring data a few months before they give notice. Evaluate two to three months of data activity prior to resignation or termination. In addition, monitor outgoing employees until their official departure and company system access is turned off. Trustworthy companies and employees are able to accomplish these things in a transparent manner, where all parties can communicate about the sensitivity, ownership and transfer of information that rightfully belongs to the company or the employee.
• Evaluate and amend available technology use to detect and contain data risks. Most corporations have a myriad of controls in place, but these are often designed to address malicious, external attacks on information security. Data loss prevention tools are commonly used in limited ways because many monitoring systems have historically flagged many false positives or are plainly considered to be an inconvenience.
• Amend corporate protocols to address key data-driven considerations during corporate optimization, due diligence, mergers, acquisitions and divestitures. Companies need to know precisely how and where data, i.e. valuable intellectual property, is generated and stored to optimize continuity in operations and protect company value. 

Businesses are operating in a prolonged period of volatility in technology, society, politics and economics, where the velocity of change is exceptional. There is significant market opportunity to capitalize on. Fear, uncertainty and doubt about data can be mitigated. Frankly, it needs to be for the sake of better business outcomes. Find help. Protect data to protect company value and prevent expansive legal risk. 

Related topics:

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.