DIERCKX & ASSOCIATES LTD

Suppose an employee leaving your company to go and work with the competition. How much damage would be caused if confidential information ended up with the competition as a result of the actions of this employee? Client lists, strategic plans, research and development reports, financial information or designs?

Several sources indicate that the larger part of exiting employees take confidential information upon leaving the company. Data theft at large, including existing employees and outsiders,  appears to be an under reported matter in New Zealand businesses and one that needs serious attention. The largest threat, sad as it may be is still coming from the inside. Movable storage devices (usb-sticks, i-pods, palm computers, removable hard drives) and email appear to be the method of choice.

The difficulty with data leakage and especially theft is that the loss of data does not (necessarily) mean a physical loss of the data or access thereto. Signs that your confidential data may be in the wrong hands are often more subtle: loss of clients, missing out on tenders, competition launches similar products or services just before you, competition continually seems tocome up wioth slightly better deals than you do, loss of staff members, and these are just a few of the potential indications.

While data theft can not be prevented entirely, similar to fraud in general, there are certainly a number of things you could consider to reduce your risks and to be better prepared when incidents of data theft are suspected and/or identified.

PREVENTATIVE MEASURES

• Employ suitable data-loss technologies and policies, which are appropriate to the size of your organization and the information held. There is a vast array of options here.
• Ensure that access to confidential data is limited and functional. (Your HR Manager does not need access to the accounts data an vice versa). Consider principles such as NEED TO NOW v NICE TO KNOW and adequate separation of duties to be reflected in your information systems.
• Ensure that all access to the system is blocked for exiting employees (and don’t overlook remote access options), that all hardware is handed in upon exit and signed off, an that all employee accounts are immediately canceled.
• Communicate clearly that theft of confidential information is not tolerated, using clear and concise IT-policies that are to be spread AND READ by all employees, investigation of incidents or suspected incidents and strong and consistent action when theft is identified.
• Scan computers of staff that pose a higher risk periodically and  at all times in case of an exiting staff member.

WHAT IS INFORMATION THEFT IS SUSPECTED?

• First and foremost: DON’T DO A DIY INVESTIGATION, unless you are fully aware of what you are doing and have the required equipment to do the investigation. CONTACT A COMPUTER FORENSIC SPECIALIST  as soon as possible. Electronic evidence is easily corrupted and you may end up undermining your own case making mistakes with the evidence in a later procedure. Approach this matter at all times with in the back of your kind that a procedure will follow.
• Ensure that the IT-department or IT-service provider turns on all the logging facilities. There is a tendency to turn logging off or to not activate it where this is required. Sure from their perspective the logs may not be relevant but they are from an audit/investigative perspective. Sure these logs take up space but they more than once have been a key to investigation of suspicions or the reconstruction of a case.
• Make sure that employment contracts, internal handbooks, policies, practices adequately provide for appropriate penalties including termination.

Filed under: INFORMATION SECURITY, TECHNOLOGY