We take a look at the growing issue of insider content leaks, the workplace trends causing their growth, and what features you should include in your content delivery system to reduce the severity and regularity of leaks once they occur.

The two phrases most synonymous with the post-pandemic workplace zeitgeist – hybrid working and ‘The Great Resignation’ – which have come to symbolise increasing worker autonomy to decide how, when, and where we work, are simultaneously raising concerns among many businesses for a different reason: the loss of intellectual property.

This concern is felt acutely amongst providers of high-value market analysis. With content selling for thousands of dollars, any sharing of information with competitors from former employees or those working outside of the controlled office environment is costly.

As employees working from home need access to more information with conventional information-sharing networks eroded outside an office setting, the democratisation of corporate information has become a necessity. This newly granted openness, combined with high staff turnover is understandably causing concern.

If left unchecked, the combination of high employee churn and hybrid working can create a perfect storm of accidental leaks of high-value data and content as well as more nefarious dissemination caused by ‘insider attacks’, where employees purposely share reports and data with new employers, friends at other analyst firms, or rivals.

What is the information industry saying?

Various research reports should read as warning signs for business information firms. A report from the Ponemon Institute documenting data breaches found that 75% of employees say they have access to data they shouldn’t and 25% of employees are willing to sell data to a competitor for less than $8,000. Ponemon also found that insider incidents have grown 47% in just two years.

In its 2021 Data Breach Investigations Report, Verizon found that a massive 44% of all breaches in organisations of less than 1,000 employees were insider jobs. They also discovered that 93% of breaches were driven by profit, while ‘pure fun’ was another top motivation.

In our recent article, Securing high-value content: How to ensure the right content doesn’t fall into the wrong hands, we looked at the three types of external intellectual property thieves analyst firms are vulnerable to, but the same behaviour can be committed in a similar fashion by internal employees.

Three personas of ‘insider’ information sharers:

The internal sharer –  occurs (often accidentally) when an employee distributes high-value information into an unauthorised area of the internal knowledge centre or sends it to colleagues who don’t have permission to view the content. This results in a higher likelihood of valuable information leaks.

The external distributor – this offence arises (often maliciously) when a user shares content with friends outside of their organisation or with members of their new organisation. Commonly caused by corporate accounts not being fully closed once employees have left the company.

The home driver saver – involves fewer people and is a less immediate threat but still takes the content out of the publisher’s possession and could evolve into the other two distributors in the future.

75% of employees say they have access to data they shouldn’t and 25% of employees are willing to sell data to a competitor for less than $8,000. Insider incidents have grown 47% in just two years.

Research from the Ponemon Institute

Reducing the likelihood of insider content leaks

The question for analysis providers operating in the hybrid working age therefore is: how can ‘insider attacks’ and accidental leaks be stopped in practice without disrupting analysts’ ability to produce reports or find critical information?

Here are four features you should ensure are present in your content repository to reduce the regularity and impact of these leaks on your valuable intellectual property:

1. Prevent full download

This is a helpful preventative measure that limits the amount of data internal users can take offline and disseminate among friends and colleagues at other organisations. This measure, combined with workflow tools that allow for the creation of custom deliverables, means that users – both internal and customer accounts – will not need to download whole reports and will only export the sections they need. Accidental shares of full-length reports will become less common and purposeful dissemination more difficult and time-consuming to commit.

2. View online only

In a similar vein to preventing full downloads (although this method prevents even partial downloads!), setting your content in ‘View Only’ mode means your information and data are safely secured in your content repository and can’t be moved into an unmonitored offline space. A workable middle ground is to set certain content as ‘View Only’ and others as downloadable, depending on the user and what level of access they need to certain information.

3. Licensing

The ability to set different access management rights depending on individual user requirements is underpinned by a flexible licensing system and is critical to the wider issue of protecting internal assets. Licensing systems are now highly flexible and allow administrators to set tailored licenses based on the user’s exact needs and requirements. Administrators can regularly audit and review usage and set personalised access rights depending on seniority, department, or individual need.

4. Content Usage analytics

This can be a difficult concept to convey to employees as you don’t want to create an atmosphere of surveillance and suspicion. However, the ability to track user behaviour and analyse what content has been downloaded from your content library is invaluable when identifying a breach’s origin if you do suspect a data leak.

Finding the balance in the hybrid working era

Publishers of market analysis must be particularly aware of the risks associated with our increasingly hybrid, fluid working world due to the high value and sensitivity of their digital content.

Analyst firms can, of course, completely lockdown their internal content repositories and only allow a select number of system administrators or lead analysts to access resources. But what purpose would this serve? It would plague your employees with inefficiencies, leading to frustration with the lack of information at their disposal.

Instead, investment in a full-stack content repository and delivery system that possesses the threat-mitigating features listed above, when combined with regular reviews and audits of access permissions will reduce the severity and frequency of accidental content leaks and purposeful insider attacks.