Keeping a lid on what’s valuable - Safeguard your organisation from theft of confidential information
Forensic Focus - June 2010
Authors: Barry Foster and Jon Pearse
When an employee resigns and moves on to a competitor, do you check to see if valuable and often confidential company information, trade secrets or intellectual property is taken?
A survey run by the Ponemon Institute showed that almost 60% of exiting staff admitted to taking confidential company information with them when they left.
We are often called in to investigate these types of issues on a regular basis, so thought we’d highlight what your organisation needs to look out for.
How do they take it?
Back in the old days the options for taking confidential information were limited; removing information off site was usually accomplished using floppy disks or printed copies.
These days with the growth in the technology arena and the cost effective storage options available valuable data can be transferred from company systems within seconds.
The method we see most often is the use of USB thumb drives and portable hard drives. These devices include such innocent looking devices as digital cameras, cell phones or iPods, all of which can hold large amounts of data, equivalent to hundreds of floppy disks.
Another method encountered is the use of email. We regularly indentify confidential information being sent out of a company as an attachment; usually to an internet based email account (e.g. Hotmail or Gmail).
Both of these methods leave behind traces of the activities which can be located and identified by examining the suspect’s computer and network data.
A Deloitte ’Green Light‘ check provides information about user activity on the computer system, and can be very useful in confidentially identifying what an employee has been doing with your confidential information. The ‘Green Light’ check is particularly useful if senior staff or others with access to confidential information are leaving to join a competitor or setup in competition.
What can you do to reduce the loss of confidential information?
Like many things in life, it is generally preferable to proactively prevent problems from occurring than reactively responding to them once they occur. Protecting your confidential information is a balancing act of providing an adequate level of security and maintaining the access to data and systems that staff require to do their work. The key components that will assist you in minimising the loss of confidential information are:
- Have the right culture - Creating a positive team culture where employees feel strongly engaged is probably the best way of protecting your confidential information.
- Ensuring staff know you value confidential information - Best demonstrated by implementing information security policies into your organisation, this also requires training your staff on the policies and monitoring to ensure that all staff understand and abide by them. Part of these polices would include locking down user accounts so users only have access to the information they require, and conducting appropriate background checks of potential and current employees to make sure you are comfortable with them having access to your critical company information. Investigating suspected instances of theft of confidential information and taking appropriate action sends a strong signal to staff that protection of confidential information is important.
- Ensure there are channels for people to speak up - A recent case was successfully resolved after an employee reported that other members of an IT development team were planning on leaving and taking all the critical intellectual property of the firm with them. A quick response enabled the company to not only protect their IP but to also effectively dismiss the offenders. Confidential hotlines are popular and effective overseas, and we are now seeing increased use of these services, like the Deloitte Whistleblower service in Australia and New Zealand.
- Encryption - A large amount of confidential information is still lost through inattention as opposed to theft. Encryption of data is an important safeguard against this.
- Document Management Systems - More and more companies are implementing document management systems to keep track of their electronic information. These systems log and track access and activity (like editing copying and printing) on files. They can also be used to assist the company in the identification and disclosure of information for legal discovery requests and disputes.
- Content Management Systems - These systems can monitor and restrict the flow of information into and around your business network. They filter your incoming and outgoing internet and email traffic for inappropriate and confidential material.
If you have any questions about keeping the lid on your valuable information, ‘Green Light’ checks or implementation of an information security policy and protective measures please contact Barry Foster or Jon Pearse, from our Forensic Technology team.