Integrity Headless CMS Integrity Indonesia (/id)
forensik digital digital forensic
Articles

Digital forensics to address data theft

BOT Automation
• 3 min read
CMS Editor Preview

forensik digitalOne of the unwanted things about departing employees is that they leave with the company’s valuable data and intellectual property. Studies show that half of departing employees leave with confidential company information — either deliberately or unintentionally. Though there are several factors that motivate employees to steal company’s data, financial gain is the most common.

Checklist in Digital Forensics

Most organizations nowadays store data electronically, and employees have access to it via company or personal digital devices. The typical stolen data includes customer information, business plans, operational information, staff information, trade secrets, and proprietary software. When a company suspects that a departing employee might take, or already had taken company’s data, digital forensic methods can be used to review the employee’s computer or device.

A company can significantly reduce the risk of data theft by using digital forensic practices during corporate investigations and exit interviews. Digital forensic includes techniques and tools designed to capture, analyze and evaluate digital data as evidence, plus identify if something happened, what happened, when it happened, who caused it to happen or was involved, and evidence to prove it. The digital forensic investigation will examine:

  • Personal webmail accounts, such as Gmail or Yahoo
  • Portable storage media (USB flash drives are the most common)
  • Instant messaging programs (including social media programs such as Facebook and LinkedIn)
  • Cloud storage such as Dropbox or iCloud
  • Secure websites
  • Accessing corporate systems via remote sessions
  • Personal devices (allowed by “bring your own devices” policies)
  • Email exchanges between work accounts and secondary email accounts
  • Taking pictures of important data with personal phones or cameras

Steps to Mitigate Risk

Exit Interviews

The final interview with departing employees can provide valuable insights regarding the potential for data theft. HR staff can ask:

  • Is the employee storing important data on personal devices?
  • Are there any devices taken home that contain sensitive information?

During the interview, an investigation can be conducted to determine if there are indications of data theft.

System Monitoring

To ensure that evidence is not permanently deleted, companies should monitor the systems and devices used by employees to access important data. This includes:

  • Data access audits: Checking access logs to detect suspicious activity.
  • Evidence preservation: Storing data that may be needed for future investigations.

Periodic Investigations

Conducting periodic investigations before employees leave can help companies identify potential risks of data theft. This also facilitates the collection of evidence before the employee no longer has access to the system.

Actions After Theft Occurs

If a company discovers that an employee has stolen data, the next step is to conduct a digital forensic investigation to understand in detail how the theft occurred. The investigation involves:

  • Analysis of stolen data: Determining the type of data taken and its potential impact.
  • Identification of theft pathways: Understanding the methods used to steal the data.
  • Legal action: If necessary, the company may take legal steps against the involved employee.

Facing the risk of data theft by employees is a complex challenge, but it can be managed with the right approach. By implementing digital forensics and effective preventive measures, companies can protect their valuable information and minimize the impact of potential data theft.

 

Resource:

Fraud Magazine