“Flight risk” employees tend to be:

• employees who are planning to leave their job, whether disgruntled or approaching retirement,
• have a behavior change between two months and two weeks before committing a security breach.

They may cause damage, steal data by sending files to a personal email account, sell proprietary software, or create a security failure by uploading confidential information to a third-party service without permission.

Many of these incidents can happen due to a handful of reasons:

• Businesses that have lax restrictions such as account sharing
• misidentifying data as sensitive or not
• not implementing least-privilege account standards
• and circumvention of IT controls

These behaviors put the organization at a higher risk than others.

One suggested solution is to implement algorithms to detect unusual activity of employees and measuring data volume and transfers to see if any information is traveling where it shouldn't be.