Companies send valuable time, resources and intellectual capital to make themselves successful. Much of that success is in the form of customer data, design documents, financial and research data and a variety of strategic information. In short, information is the life blood of many companies and losing or having such data stolen is a serious threat to the prospects or even survival of companies. In addition data theft can cause issues to the reputation of companies and provide competitors with advantages they have not earned or worked for.
IS Decisions, an Infrastructure and Security Management Solutions supplier, recently released a report indicating that 36% of desk-based workers within the UK and the US have continued access to a former employers network systems and/or data. The report further indicates that 10% of ex-employees actively accessing the data for their own use. But where does this data go? Safely in ex-employees computers? Or more worryingly, directly to a competitor.
Many companies have substantial and varied systems and IT infrastructure, and this complexity is increased through the advent of BYOD (bring your own device) policies. The complexity of monitoring networks, protecting data and information assets from internal and external threat increases as the complexity of systems increases. Given the many ways in which data can be transferred out of an organization, the IS Decisions research should give pause for thought to IT and HR managers in companies throughout the world.
The risk of the young and reckless
The report goes further, indicating that 58% and 48% of 16-24 and 25-34 year olds respectively, have awareness of having access to these systems and data post-employment. Following on from this trend, they state that 16-24 year olds are most likely to share their password with employees, further increasing risk to confidential data. Additionally, those with stricter policies and those more likely to be handling sensitive data are more likely to inadvertently promote “work arounds” in the face of these policies.
The continued worry of IT professionals – the ex-employee. Surprisingly, no matter which department your employee may be a part of, the results may be considered shocking. With the Marketing department being most likely to access ex-employer data (at 68%), with direct access to marketing information systems. While Sales (46%), finance (41%) follow suit, statistics show that legal employees (at 56%) are second most likely to have direct access. But is this down to improper security measures?
The IS Decisions research provides a number of security measures to combat these issues.
However, when security fails – as it can on occasion – you may need to take effective, timely steps to identify and remediate potential damage that can occur. At IntaForensics we have worked with hundreds of clients who have been subject to illicit data access and theft. We have built up a substantial range of expertise and knowledge to investigate and assist companies facing (or potentially facing) such problems.
How can digital forensics help?
Using Digital Forensic techniques to discover what has occurred – who accessed or took what information, to whom have they provided that information etc. – is essential in employment and legal disputes. Whether utilizing computer forensics to prove, that a file was transferred, or mobile forensics to prove a telephone or SMS conversations with a direct competitor occurred, digital forensics can be essential for organisations.
In employment disputes, it pays to be proactive rather than reactive. While security policies are highly recommended, but often not enough to safeguard confidential data, and often vary significantly from company to company, meaning they’re rarely a comprehensive solution. By utilising a digital forensics investigation approach, companies can reduce the chance of future incidents by understanding exact details of vulnerabilities and how they were exploited, but have the means to react immediately.
IntaForensics have experience in hundreds of employment disputes, for both large multinational organisations, through to small-medium enterprises, you are guaranteed the same level of professional service. Consider ourDigital Forensic Consultation services, Forensic Assurance Services or even Digital Forensic Training to ensure you are prepared for anything.
Forensic Consultancy – IntaForensics’ Digital Forensic Consultancy services ensure you’re talking to the right person to secure your business forensically. The development and implementation of security plans stops the security problem from becoming a business problem. Visit the dedicated webpage.
Forensic Assurance – Digital Forensic Assurance is invaluable to any organisation, big or small. IntaForensics’ experienced consultants work with your organisation to understand your data and IT infrastructure and provide readiness planning and readiness training. Our additional technical response team can offer unique “on call” forensic investigators, or implement a Remote Forensic Service whereby IntaForensics can respond in as short as 4 hours from anywhere in the UK. Visit the Forensic Assurance Webpage.
Forensics Training – Our comprehensive training programmes ensure that our customers are secure in their understanding of digital forensics practice within the context of their organisation. Visit the webpage to find out more.
For more information, call 0247 771 7780, or email firstname.lastname@example.org.