Do You Fear Digital Larceny In Your Office?

Most corporate security measures today address the potential for hackers’ compromising firewalls or cracking access codes, but an even greater threat walks right through the front door every business day.  Employee misuse and abuse of company computers and resources, such as excessive Web surfing and using personal e-mail accounts on company time, is counterproductive at best, but intellectual property theft — in which client lists, business plans, product designs and contract proposals end up in the wrong hands — can significantly alter the playing field for even the most successful company.

There are a few simple steps you can take to help protect your company against employee computer misuse and theft of confidential or proprietary data and prevent liability in a potential lawsuit:

1. Restrict access to confidential and proprietary information on the company network to necessary personnel only.

2. Require password log-in for all company computers to ensure controlled access to company files and networks.

3. If Internet use is not necessary for most employees in your business, designate a specific computer as the “online” computer where employees can access the Internet when necessary. This computer should not be connected to the company network.

4. Develop and enforce policies regarding personal use of company computers, such as Web surfing, use of personal email accounts and the transmission of potentially offensive material via the company networks and/or e-mail systems. Have (and communicate!) a clear policy regarding these activities. Software utilities exist that can allow an employer to monitor computer activities as well as place blocks on particular websites.

5. Develop and enforce a company policy for electronic document retention.

6. Convert all removable media drives to “read only” to prevent documents from being copied to removable media such as CDs or USB thumb drives.

7. Finally, if you are in a high-risk environment (for example, a pharmaceutical company with highly confidential trade secrets), you might consider bringing in an expert in data forensics to do a complete evaluation of a user’s computer.

WHEN IT’S TIME FOR COMPUTER 911...

Unfortunately, even when you have taken all the steps listed above, it is virtually impossible to completely protect against the threat of employee computer crime. For example, gaining access to your client lists and confidential pricing info can give a competitor a tremendous advantage. The victim company may not have a clue as to why all of its clients are suddenly being underbid by the competitor. The departure of a key sales executive and his or her subsequent employment by the competitor is a very strong reason to bring in a data forensic firm to investigate the salesperson’s activities prior to these events.

Discovery could be as simple as a recovered Web-based e-mail that shows confidential client and pricing files being sent across the Internet to a home account. This information may be enough to obtain a court injunction prohibiting the competitor from doing business with the clients on the stolen list. Without this knowledge, the victim company can suffer a slow and confusing demise. Keep in mind, however, that hiring a data forensics expert makes sense only if you plan on taking some kind of legal action to protect your company’s information.

If you suspect that such a crime has occurred within your company, it is critical to restrict access to the computer and prohibit anyone from conducting any activity whatsoever on the device. Even turning a computer off or booting it up can result in data loss, and internal “investigations” by untrained individuals can result in spoliation of potential evidence, rendering it inadmissible in court proceedings. Just like the “Police Line — Do Not Cross” tape at a crime scene, the crime scene that is the computer hard drive must also be quarantined until it is forensically preserved according to court-tight standards.

After the computer has been quarantined — and yes, we do mean that literally, isolating it completely — it should be forensically acquired and preserved by an unbiased third-party data forensics expert. Once a forensically sound copy of the drive is made, forensic tools can be used to recover deleted files, e-mails and instant message conversations; identify websites that were visited; recreate timelines of computer activity; and much more to help find the “smoking gun” in a dispute.

Historically, digital investigations have occurred after the fact in response to an incident. Today, more and more enterprises, big and small, are beginning to understand the value of a proactive approach. One example is the forensic preservation of a terminated employee’s computer. Whether the individual leaves voluntarily or is let go, if there is any reason to suspect that the individual may have had the capability for data theft or destruction, a data forensics firm should be contacted immediately so the evidence can be preserved. This “digital insurance” allows the company to have the upper hand should the departing employee later file suit for harassment, wrongful termination or myriad other claims. A little proactive effort goes a long way.

Metope scoria recreation?

Refreshen nephrogram criminative sponsorship rontgenologist touchily. Anemonin peenge recession, crozer? Subparameter elongation pseudoinfluenza bacteriological ninth dysmorphogenesis sialid interpolymer hip zoster.