make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

When Key Employees Depart

09/21/2018  |  By: Bill Dean, CCE, GCIH, GCFA, GPEN, Senior Manager

Share

Social Logo Social Logo Social Logo Social Logo

Nearly 50 percent of employees who quit a job or who are asked to leave are taking confidential information, according to Symantec. In addition, 42% do not feel it is wrong to reuse the information, and 53% feel it doesn’t harm the company. These stats are obviously bad news for company owners and managers who find their intellectual property is being used by former employers for new opportunities.
 
The reason for data theft is simple: a competitive edge against their former employer. Why start a client list from scratch when you can simply use one that has been very successful for the prior employer? How much value is there in price lists, product designs, and the launch date of the newest product line? With most business intelligence of a company stored in computer systems, examples of how valuable data can be stolen are infinite. 
  
Companies have typically taken the appropriate steps to protect themselves from employment litigation, but it is just as important to protect their own assets. Surveys show that one of the greatest fears of companies today is the "insider threat," or those employees who have access to business-sensitive information or the ability to cause disruption to a company's operation. With proper preparation, not only can digital forensics determine the theft, fraud, espionage, sabotage, etc., it can also be used to provide critical evidence against the perpetrator.

Regardless of the health of the economy, employees leave their employers for a variety of reasons. These employees likely had broad access to company intelligence: research and development information, customer lists and related information, financial information, or strategic plans and road maps. With all of this information stored digitally, data theft and destruction are easier than ever to conduct. With digital forensics, the capability is available to prove these acts if they occur. However, to be successful at proving wrongdoing, the proper measures must be taken. In matters involving intellectual property theft, computer forensics can determine digital information copied to USB drives, emailed to personal accounts, or transferred to cloud storage, just to name a few. In dealing with matters of sabotage, computer forensics can demonstrate the malicious actions taken against the computer system(s), methods used, and a precise timeline of the events.
 
For most employee exits, human resource departments have the adequate steps in place to prevent or prepare for employment litigation. These procedures are designed as a defensive mechanism. When the information that facilitates the success and competitive edge of a company is at stake, offensive steps also need to be taken as necessary. When key employees that have access to key company information leave the company, their computers and mobile phones should be properly preserved immediately. Any delay in proper preservation of the digital information may destroy critical information needed. In most instances, the actions of the departing employee are not immediately obvious. The timeline could be weeks, months, or even years before foul play is suspected when the employee's new company is suddenly being awarded contracts that their previous company should have received or when the new product line of their new company closely resembles what your engineers have been working on for years. The examples are limitless. When proper and timely preservation of digital evidence occurs, this information may provide all the information needed to prove the act of intellectual property theft or malicious activity. 
 
The act of preservation can be as simple as preserving the original hard drive used by the employee and deploying the computer with a fresh installation onto a new hard drive or consulting with a company that provides digital forensic services to create forensic images of the computers and mobile phones used by the employee. A paramount point to be made is that the integrity of the information is just as important as the timeliness of the preservation. Only properly trained and experienced computer forensic professionals should access digital information that needs to be investigated. Any attempts to review the information by anyone other than qualified professionals could render the evidence useless. The simple act of powering a computer on changes the access times on hundreds of files. Searching the hard drives for specific information, when not performed properly, will also change access and modification times of the files opened. These modifications could render the needed evidence useless, as the integrity of the information will be questioned.​

Recent Litigation Articles of Interest​

Recent Podcasts of Interest

eDiscovery Case Law Links of Interest

  • https://www.ediscoverylaw.com/2017/11/court-compels-production-for-plaintiffs-quick-peek-over-defendants-objection/​
  • https://www.ediscoverylaw.com/2017/10/citing-failure-to-cooperate-court-orders-use-of-specific-keyword-search-terms/​
  • https://www.ediscoverylaw.com/2017/08/supervision-trumps-speculation-court-denies-motion-to-compel-additional-search/​
Posted in: Security Consulting