No wants to assume that the funny guy in the office chat is actually stealing company information. However, data theft often comes in unexpected ways and is carried out by unlikely people.

When you suspect an employee is stealing data, it's a bit of a tricky situation. Unless you're certain that a breach has occurred, you want to avoid ruining the relationship with your employee and sow distrust among your team.

But before you can roll out your incident response procedures, here are five signs that your employee might be stealing data from your company.

1. Large File Transfer Across Encrypted Server Alerts

While data encryption should be a standard for everyone using corporate devices or internet, there's a reason why some employers snoop around it. While it's normal for people to send small files like documents, photos, or screenshots to teammates, there is a such a thing as an alarming number of files moving around.

If the large file transfers occur on company-accessible networks, it can be easy to determine whether it was a routine act, necessary internal action, or questionable activity.

Related: What Are Encrypted Messaging Apps? Are They Really Safe?

However, when someone sends large file sizes over encrypted servers such as secure messaging apps or emails that are self-destructing, it should ring a few alarm bells. For this reason, you should work to spot large file sizes through metadata and conduct a proper investigation if the employee cannot justify what it was for.

In fact, even if it's not a company-related document, there are still risks involved with large files in general.

For example, if an employee downloads pirated movies or TV shows on company devices, it can put your device or network at risk of malware. Aside from this, you may get in trouble with authorities if illegal content becomes linked to your company, especially if your country has stringent anti-piracy laws.

2. Use Alert Word Notifications

When it comes to internal threat detection, it can be hard to determine what is considered standard employee access versus critical data breach. One way to stay on top of important documents is having a triggered notification for specific words associated with critical information targeted in data breaches.

For example, you can set alerts for terms like “contact database”, “client information”, and so on. Then, you can create scenarios wherein you either receive a report weekly or monthly.

On the other hand, you can also have an immediate notification if a person such as an intern or someone from an unrelated department is sending and downloading documents that they shouldn't have access to.

Related: Tools to Track What Others Do on Your Computer Behind Your Back

There are numerous pieces of software that can track words through email communications, browsing activities, and even keystrokes. When setting up alert word notifications, make sure that your employees are aware how much surveillance they are subjected to, as a matter of both consent and to discourage them from even thinking about stealing data.

3. Data Exfiltration Alerts

As much of our work goes online, so do the risks of the various technology we utilize for our convenience. When it comes to data exfiltration, there are some programs that are used that aren't part of everyone's regular tool box such as FTP sharing sites, screen sharing or clipping programs, and cloud applications.

Aside from this, popular cloud applications like Salesforce and HubSpot make it easy to exfiltrate data related to customers, such their position in the pipeline and contact details. On the other hand, many developers also use sites such as GitHub to control their web development process.

While it may not seem like a big deal, even code in plain text can be a source of data theft when used to access intellectual property or database locations.

4. Monitor Hard Copies

Documents

Hard copies are essential to your data decentralizing process. After all, just because everything can be stored on the internet, it doesn't mean it should be. However, in a world becoming increasingly digital, it can be easy to overlook how hard copies can still be a potent source of data theft.

According to the American Journal of Managed Care, 65 percent of breaches in hospitals still happen with paper files and films. Because of this, there is still merit in monitoring printed files and following good physical file security and disposal practices, especially if you belong to an industry that uses legacy filing methods.

Aside from locking up important documents, you can also benefit from installing security cameras where they are kept and keeping an eye on employees attempting to access things that they shouldn't be.

Make sure you also shred sensitive documents before disposal and PDF-encrypt any digital copies that can be scanned or printed.

5. Encourage Whistleblowers

Man Whistling

While we all know that no one wants a rat, employees should be incentivized to report individuals who are endangering everyone with their actions. Many teams work hard to build products, databases, and client relationships, so they would not appreciate when someone just gets all the information and sells it online.

However, reporting office mates can be a difficult experience, especially when teams are afraid to make enemies unnecessarily. For this reason, you should open anonymous or safe channels wherein people can report possible data thieves without announcing their identity to the rest of the company.

By taking out the emotional aspect of reporting co-workers, responsible employees will have every incentive to do what is right for everyone involved. With this, they don't have to worry about being wrong, and you'll be thankful when they're right.

Keep Your Company Data Safe

When it comes to data theft by employees, you need to be both effective and efficient. Your success when it comes to mitigating data theft issues comes down to policies, processes, and practices that should be established long before a breach ever happens.

Data thieves are becoming more cunning with their attempts, and it can involve sending someone to infiltrate your company from the inside. Make sure that your company is ready to find these people before they do any damage.