Prepared for the snow? Prepared a forensic readiness plan?
3rd December 2010
In these snowy conditions that we are currently experiencing in the UK, we have all been very conscious of ensuring our cars are winter ready in preparation for getting stuck in a snow drift – boots, blankets, torch, spade…
…but are we so prepared in our organisations in the event of a incident involving electronic information such as eDisclosure requests, data breaches, commercial disputes or fraud?
I would anticipate that the answer is probably no.
A forensic readiness plan could be the answer…a review of your organisation’s readiness to respond to a compliance requirement, to support a digital forensic investigation, or as part of an internal investigation would enable a tailored plan to be developed.
Forward planning through adopting a forensic readiness policy can bring many benefits to your organisation:
- Maintaining proportionality of litigation and investigative costs
- Increasing the speed at which digital evidence can be produced
- Acting as a deterrent to computer misuse
- Reducing the occurences of digital technology abuse
- Assisting with internal security awareness training
Security breach avoidance
CYFOR recently received a call via our emergency number for an immediate response to a potentially serious security breach for a leading corporation. A laptop had been stolen from the corporate which contained unencrypted data of a sensitive nature. The laptop case also contained the login details. The laptop was found, however, they needed to establish whether the sensitive data had been accessed.
This was a potential disaster for the corporate and they were preparing to contact third parties to inform them of a security breach. They called our emergency number and within an hour CYFOR was able to dispatch two forensic investigators to their site to respond to the incident.
We created a forensic image of the laptop in order to preserve the data and were then able to establish whether anyone had logged onto the laptop. We were also able to investigate whether the sensitive data contained on the laptop had been copied to any external media.
The CYFOR investigators worked through the night to achieve a positive result for the client and as a breach had not occurred, were able to prevent the corporate contacting third parties which could potentially have damaged their reputation. Within 8 hours of receiving the initial call, CYFOR had completed the investigation and achieved a positive result for the client. If the client had a forensic readiness plan in place the situation could have been avoided.