Digital Forensics to Prevent Data Theft
One of the unwanted things about departing employees is that they leave with the company’s valuable data and intellectual property. Studies show that half of departing employees leave with confidential company information — either deliberately or unintentionally. Though there are several factors that motivate employees to steal company’s data, financial gain is the most common.
Most organizations nowadays store data electronically, and employees have the access to it via company or personal digital devices. The typical stolen data includes customer information, business plans, operational information, staff information, trade secrets, and proprietary software. When a company suspects that a departing employee might take, or already had taken company’s data, digital forensic methods can be used to review the employee’s computer or device.
A company can significantly reduce the risk of data theft by using digital forensic practices during corporate investigations and exit interviews. Digital forensic includes techniques and tools designed to capture, analyze and evaluate digital data as evidence, plus identify if something happened, what happened, when it happened, who caused it to happen or was involved, and evidence to prove it. The digital forensic investigation will examine:
- Personal webmail accounts, such as Gmail or Yahoo
- Portable storage media (USB flash drives are the most common)
- Instant messaging programs (including social media programs such as Facebook and LinkedIn)
- Cloud storage such as Dropbox or iCloud
- Secure websites
- Accessing corporate systems via remote sessions
- Personal devices (allowed by “bring your own devices” policies)
- Email exchanges between work accounts and secondary email accounts
- Taking pictures of important data with personal phones or cameras
Exit interviews help a company learn why employees are leaving and find ways to improve. However, it can also determine if departing employees might have taken company valuable data with them. HR staff can ask questions to learn more about where employees kept company data and if they took it home — and, if so, on what devices and when. While the interview is being conducted, and if warranted, digital forensic practitioners can discreetly review the employees’ company-owned device(s) — personal devices with a warrant— to look for any indicators of data theft.
To ensure that evidence isn’t permanently deleted, companies can periodically image the systems and devices of employees who have access to company important data. This safeguards any evidence, which might be required at a later date. It is suggested that digital forensics is done in daily workflows before employees resign and in exit interviews to prevent data theft rather than potentially be involved in litigation after they’re gone.
If a company discovers that an employee has left with company data, it can use digital forensics to determine when they took it, how they stole it, who they might have shared it with and other important elements. Digital investigators can then cross-reference areas of evidence and build a timeline of the facts.