By Daniel Hains
We are often engaged to locate and report upon incidences of theft of data or sensitive electronic files by an ex-employee.
Theft of IP
Typically, after an acrimonious departure, a business owner will find out that that former employee is now trying to grab as many clients as possible to take with him to his new job. There are then often stories that arise of use of cloud storage applications or disks being used to transport data from the workplace to their home. Vincents role is to forensically image and analyse the available devices including actions online to find the evidence before confronting the ex-employee.
The extent to which deleted data and historical activity may be recoverable varies on a few factors, but generally the sooner that steps are taken to preserve the data (whether on desktop computers, tablets or mobile phones), the better.
On occasion, our analysis has been defeated simply by the fact that we were engaged too late after the fact, when if we were called in sooner, a computer can be forensically imaged and the evidence assessed in good time.
Preservation is better than the cure
We now have clients who engage us to take a snapshot of a departing employee’s computer as a matter of course, even if there aren’t any concerns at the time of their departure. If suspicions arise in the future, then we can proceed with analysis, but if not, then the image can be disposed of after a suitable period of time.
Our expertise in computer forensics can and does play an important role in exposing the malicious acts of people who will seek to do the wrong thing by their employer. As the use of technology continues to advance, as long as there are basic internal controls and a policy on the use of data in the workplace, it will make it more difficult for people to hide their wrongful acts and easier to have them held responsible.
Simple controls and IT Policy
Invest in Prevention
The take away message is Prevention.
- Be aware of what and where your sensitive data is and identify the risks.
- Tracing an occurrence of data theft is difficult and requires expert assistance. But, if there are little or no security protections then with the passage of time, actually retrieving sensitive, stolen data is made more difficult.
Invest in Prevention
Spend time on constructing and enforcing a strong IT data policy that works for your business model and requirements.
- Educate all employees to make them aware of the policy. In 99% of cases, the human is the weak link in a computer network.
- Simple controls are often the best:
- Strong passwords;
- Restrict access to important data only to those who need it;
- Place controls on files, such as; making files read only, restrictions on printing or editing a file;
- Completely removing USB disk access or cloud apps is possible but may make a network difficult to use
- A policy on proper IT use gives you recourse in the event of suspected theft.
Invest in Protection
Consider using application monitoring for sensitive information.
- Cost / benefit analysis would be important here;
- Resist “Bring Your Own Device” situations. This means you may lose information that you need to rely upon later;
- If you suspect an acrimonious departure, secure the staff workstation and phone and have them properly imaged – think of this process as insurance against future loss.
Consider professional assistance with enforcement
If you think that you have suffered a loss as a result of theft of data or a similar action:
- Resist the urge to try to investigate yourself – this could alter important evidence and won’t be able to be relied upon later;
- Remember the policy and controls that you put in place – any breach may be enough for action against a current / former employee;
- Securing ex-employee data (discussed earlier) can be the difference when action is necessary later on;
Important to make a decision on enforcement sooner, if possible.
An Important Message
While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents. Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.