Employee Offboarding Data Exfiltration Detection SaaS
Businesses frequently face the risk of departing employees taking sensitive data (data exfiltration). Traditional Data Loss Prevention (DLP) solutions can be complex or overkill for many SMBs, or they might miss more subtle data exfiltration methods, especially during the critical offboarding period. A SaaS platform could specialize in monitoring and alerting for suspicious activity related to employee departures. The product would be a cloud-based platform integrating with corporate systems (e.g., M365, Google Workspace, endpoint agents) to monitor file access, email attachments, cloud syncs, and unusual data transfers for employees flagged as departing. Key features would include behavioral baselining, anomaly detection (e.g., mass downloads, transfers to personal accounts), offboarding workflow integration for heightened monitoring, and detailed logging for forensic readiness. Expected revenue would target SMBs and mid-market companies with a per-user or per-endpoint pricing model, e.g., $5-$20/employee/month. This addresses a critical and costly business risk.
Origin Reddit Post
r/lawyertalk
Employee sent confidential docs to self on last day… with a twist
Posted by u/UndergroundNotetakin•07/28/2025
Top Comments
u/ElephantLanky1723
Is it possible she's just clumsily backing up stuff for malpractice CYA?
Just ask the person what they're doing. Why isn't that the first step? "Hey, you got flagged by IT for emailing a bu
u/_learned_foot_
Doesn’t matter if it’s their policy to do so, that policy then is a breach. Merely sending it an unsecured device is a breach. When you download your case plan over the courthouse Wi-Fi that’
u/bows_and_pearls
I realize you may be out of your comfort zone but data beaches are serious matters so you should treat it like one. Does your firm or company have cyber insurance? If so, literally contact yo
u/_learned_foot_
Sue, seize the device in injunction. And this one is emergency level.
u/UndergroundNotetakin
Unfortunately, I am the person whose job it is to handle shit like this.
I don’t know that she saved the docs on her own machine, so i was thinking of sending an email asking her to please e
u/Ready-Pay-137
As a litigator who occasionally handles non-compete/restrictive covenant litigation…. I’ve sued over less egregious conduct.
u/ElephantLanky1723
Is it possible she's just clumsily backing up stuff for malpractice CYA?
Just ask the person what they're doing. Why isn't that the first step? "Hey, you got flagged by IT for emailing a bu
u/Thencewasit
We had an attorney working for police department who just got disbarred for doing this.
u/leftwinglovechild
You’ll need to have a forensic analysis done to see if she initiated any downloads of that material. Good first step.
u/DrSnowballEsq
Yeah the I-9s alone kick this in to “immediately notify people whose job it is to handle shit like this” territory. This is a nightmarish amount of confidential information and PII. Good luck
u/bows_and_pearls
I realize you may be out of your comfort zone but data beaches are serious matters so you should treat it like one. Does your firm or company have cyber insurance? If so, literally contact yo
u/JustCallMeSteven
Unauthorized access is a requirement for a "data breach" in my sector (technology). Our firm has an entire playbook from notifying the CISO to contacting the FBI. Poor data handling absent ev
u/Legallyfit
How did this come to your attention that she downloaded all this? I agree the first step is a forensic analysis to see where the docs went, but I’m curious how this came to light.
u/LasVegasASB
Seems like the law firm needs an employment lawyer
u/AccomplishedFly1420
Most employer privacy policies reserve a right to demand access to a personal device if there is a reason to believe company information is on the device
u/UndergroundNotetakin
My point was only that I don’t have proof. Which is why I am paying for an investigation now
u/shermanstorch
u/LasVegasASB
Seems like the law firm needs an employment lawyer
u/Low_Trust2412
How does a regular employee even have access to this stuff? Isn't it restricted to only the people in your HR department?
u/_learned_foot_
Still would. A current employee downloading it to their personal computer unsecured, or even their phone over public work, is in fact a data breach concern.
u/shermanstorch
What are they gonna do when she refuses? Fire her?
u/UndergroundNotetakin
I wish she had just been taking templates. You don’t take 27 score sheets from interviews if you just want the template. Again; don’t know she downloaded it. She emailed it to her work email
u/_learned_foot_
There is data she should not have and has no purpose for backing up. She sent it to herself, which also has no purpose except for a transfer. She then hid her tracks. What other reasonable co
u/_learned_foot_
Still would. A current employee downloading it to their personal computer unsecured, or even their phone over public work, is in fact a data breach concern.
u/immabouncekthx
Gotcha! Best of luck to you.
u/JustCallMeSteven
OP stated it's their practice to store data this way. I'm not sure if a person having access/authority to email files to their own corporate account creates a sufficient nexus for a data bre
u/JustCallMeSteven
Unauthorized access is a requirement for a "data breach" in my sector (technology). Our firm has an entire playbook from notifying the CISO to contacting the FBI. Poor data handling absent ev
u/AwkwardBailiwick
That's how it should work.
If you find yourself at a work place where this amount of information is available to you, IT can probably set a custom log level and retention policy for your acc
u/MikeAndAlphaEsq
I’m not sure I understand. Does your IT team allow you to access work email and download work documents onto a personal device? In the corporate environment I work in, that’s not even possibl
u/_learned_foot_
No. This ain’t the time to let a criminal (yes it’s potentially that) know. Your malpractice must know, experts must be hired to dig into it, clients may need contacted, the bar obviously nee
u/immabouncekthx
Respectfully, saying that you just need a forensic search sounds like you're downplaying the amount of potential legal obligations and implications here. Because this doesn't seem in your whe
u/Fluffychipmonk1
This right here.
u/UndergroundNotetakin
I wish she had just been taking templates. You don’t take 27 score sheets from interviews if you just want the template. Again; don’t know she downloaded it. She emailed it to her work email
u/_learned_foot_
I think this attorney has decided the rules needed updating and created the test case.
u/Legallyfit
How did this come to your attention that she downloaded all this? I agree the first step is a forensic analysis to see where the docs went, but I’m curious how this came to light.
u/MikeAndAlphaEsq
I’m not sure I understand. Does your IT team allow you to access work email and download work documents onto a personal device? In the corporate environment I work in, that’s not even possibl
u/immabouncekthx
Respectfully, saying that you just need a forensic search sounds like you're downplaying the amount of potential legal obligations and implications here. Because this doesn't seem in your whe
u/JustCallMeSteven
Be very careful about assuming bad intent without evidence. All they have to say is they emailed the files to themselves to archive them internally before leaving. If you jump the gun and it
u/_learned_foot_
No. This ain’t the time to let a criminal (yes it’s potentially that) know. Your malpractice must know, experts must be hired to dig into it, clients may need contacted, the bar obviously nee
u/shermanstorch
What are they gonna do when she refuses? Fire her?
u/Gold-Sherbert-7550
So you think she sent all of this to her work email for fun?
u/Fluffychipmonk1
This right here.
u/JustCallMeSteven
A lot of assumptions in OP's post and your answer.
u/UndergroundNotetakin
Tiny agency. Files were all related to her in some way. Jr atty case list, I-9 she signed, etc.
Again I don’t know for sure but why else would you send files to yourself after you quit? I t
u/_learned_foot_
Reasonable security systems would be a secured network over any unsecured you’re using, not doing so is a violation. Those major venders offer such security allowing it, but actually so does
u/_learned_foot_
I think this attorney has decided the rules needed updating and created the test case.
u/Low_Trust2412
How does a regular employee even have access to this stuff? Isn't it restricted to only the people in your HR department?
u/UndergroundNotetakin
Changed her account password for security. I went to change the auto reply and the inbox had an automated message from MS365 about deleting such a huge amount of data. So I went to look and d
u/Thencewasit
We had an attorney working for police department who just got disbarred for doing this.
u/immabouncekthx
I think for your firm's counsel, malpractice insurance, and the state bar ethics committee to figure out.
u/AccomplishedFly1420
Most employer privacy policies reserve a right to demand access to a personal device if there is a reason to believe company information is on the device
u/JustCallMeSteven
Not if she's a current employee.
u/Gold-Sherbert-7550
So you think she sent all of this to her work email for fun?
u/leftwinglovechild
You’ll need to have a forensic analysis done to see if she initiated any downloads of that material. Good first step.
u/shermanstorch
u/_learned_foot_
Unauthorized access is a prong for multiple federal and state level laws, the fact that a criminal prong is where you think your ethical duty starts is concerning. Me leaving the file in my c
u/DrSnowballEsq
Yeah the I-9s alone kick this in to “immediately notify people whose job it is to handle shit like this” territory. This is a nightmarish amount of confidential information and PII. Good luck
u/_learned_foot_
Doesn’t matter if it’s their policy to do so, that policy then is a breach. Merely sending it an unsecured device is a breach. When you download your case plan over the courthouse Wi-Fi that’
u/brogrammer1992
I agree the facts above are a breach, but your interpretation is either tech illiterate or tech literate but incompatibile with reality.
If you are not working within a bespoke case manageme
u/UndergroundNotetakin
Unfortunately, I am the person whose job it is to handle shit like this.
I don’t know that she saved the docs on her own machine, so i was thinking of sending an email asking her to please e
u/_learned_foot_
Sue, seize the device in injunction. And this one is emergency level.
u/UndergroundNotetakin
So far this is correct. There is no evidence anything left out system. Immediate forensic investigation is next.
u/Barshont
Do you have data breach insurance? You should seek a PI against her touching those files any further and get a forensic investigator in place. Imo for things like this going in hard is better
u/UndergroundNotetakin
I meant “just” as in just need to do it. Not as in that “alone” will do.
I am taking it seriously. I put it up here because it was a Sunday night and I couldn’t contact an employment or ethi
u/UndergroundNotetakin
So far this is correct. There is no evidence anything left out system. Immediate forensic investigation is next.
u/AEHAVE
There is no way this isn't "proven violation" of policy. Where I work, this could implicate state security breach protocols if any clients are individuals, privilege protocols etc. If walking
u/MandamusMan
Not to be that guy, but this might also implicate data breach notification requirements
u/AccomplishedFly1420
Most employer privacy policies reserve a right to demand access to a personal device if there is a reason to believe company information is on the device
u/frongles23
And keep the invoices. Make sure outgoing EE is aware the cost to former ER.
u/_learned_foot_
Unauthorized access is a prong for multiple federal and state level laws, the fact that a criminal prong is where you think your ethical duty starts is concerning. Me leaving the file in my c
u/SamizdatGuy
I think you should talk to an ethics attorney. She was probably taking templates and doesn't realize the scope of what she did. You might just be able to ask for it back, depending on what et
u/JustCallMeSteven
A lot of assumptions in OP's post and your answer.
u/Ready-Pay-137
As a litigator who occasionally handles non-compete/restrictive covenant litigation…. I’ve sued over less egregious conduct.
u/JustCallMeSteven
While the "transfer" (internal emails) raises questions, it's equally plausible to me that she could claim administrative error (mitigated by deleting), unclear policy ("I was actually backin
u/JustCallMeSteven
Be very careful about assuming bad intent without evidence. All they have to say is they emailed the files to themselves to archive them internally before leaving. If you jump the gun and it
u/_learned_foot_
There is data she should not have and has no purpose for backing up. She sent it to herself, which also has no purpose except for a transfer. She then hid her tracks. What other reasonable co
u/JustCallMeSteven
My analysis relies on the facts...unauthorized access and no evidence data left the firm. There’s no breach or ethical violation at this point. If that changes, so would my analysis. It would
u/UndergroundNotetakin
New theory! Some of the files may have been on her old laptop (she had two company laptops) and for whatever reason she emailed them, then uploaded the docs instead of trying to move the file
u/immabouncekthx
I think this is for your firm's counsel, malpractice insurance, and the state bar ethics committee to figure out.
u/_learned_foot_
Reasonable security systems would be a secured network over any unsecured you’re using, not doing so is a violation. Those major venders offer such security allowing it, but actually so does
u/JustCallMeSteven
OP stated it's their practice to store data this way. I'm not sure if a person having access/authority to email files to their own corporate account creates a sufficient nexus for a data bre
u/immabouncekthx
I think this is for your firm's counsel, malpractice insurance, and the state bar ethics committee to figure out.
u/JustCallMeSteven
Not if she's a current employee.
u/UndergroundNotetakin
Tiny agency. Files were all related to her in some way. Jr atty case list, I-9 she signed, etc.
Again I don’t know for sure but why else would you send files to yourself after you quit? I t
u/JustCallMeSteven
While the "transfer" (internal emails) raises questions, it's equally plausible to me that she could claim administrative error (mitigated by deleting), unclear policy ("I was actually backin
u/UndergroundNotetakin
New theory! Some of the files may have been on her old laptop (she had two company laptops) and for whatever reason she emailed them, then uploaded the docs instead of trying to move the file
u/DrSnowballEsq
Yeah the I-9s alone kick this in to “immediately notify people whose job it is to handle shit like this” territory. This is a nightmarish amount of confidential information and PII. Good luck
u/MandamusMan
Not to be that guy, but this might also implicate data breach notification requirements
u/SamizdatGuy
I think you should talk to an ethics attorney. She was probably taking templates and doesn't realize the scope of what she did. You might just be able to ask for it back, depending on what et
u/immabouncekthx
Gotcha! Best of luck to you.
u/UndergroundNotetakin
I meant “just” as in just need to do it. Not as in that “alone” will do.
I am taking it seriously. I put it up here because it was a Sunday night and I couldn’t contact an employment or ethi
u/frongles23
And keep the invoices. Make sure outgoing EE is aware the cost to former ER.
u/AEHAVE
There is no way this isn't "proven violation" of policy. Where I work, this could implicate state security breach protocols if any clients are individuals, privilege protocols etc. If walking
u/AwkwardBailiwick
That's how it should work.
If you find yourself at a work place where this amount of information is available to you, IT can probably set a custom log level and retention policy for your acc
u/UndergroundNotetakin
Changed her account password for security. I went to change the auto reply and the inbox had an automated message from MS365 about deleting such a huge amount of data. So I went to look and d
u/JustCallMeSteven
My analysis relies on the facts...unauthorized access and no evidence data left the firm. There’s no breach or ethical violation at this point. If that changes, so would my analysis. It would
u/brogrammer1992
I agree the facts above are a breach, but your interpretation is either tech illiterate or tech literate but incompatibile with reality.
If you are not working within a bespoke case manageme
u/MandamusMan
Not to be that guy, but this might also implicate data breach notification requirements
u/UndergroundNotetakin
My point was only that I don’t have proof. Which is why I am paying for an investigation now
u/Barshont
Do you have data breach insurance? You should seek a PI against her touching those files any further and get a forensic investigator in place. Imo for things like this going in hard is better