The latest industry news and insights
It is well-publicised that companies are now having to tackle threats to their confidential information. Not only externally, but also internally. Departing employees with malicious intent (also known as ‘bad leavers’) and those considering starting up their own rival businesses, at all levels of seniority, are costing organisations large sums of money. In recent news, electric vehicle maker Canoo claimed data theft when former executives joined the business just so they could steal intellectual property with the intent of starting a rival company. Often there is no proactive legislation in place to combat or deter these actions. A proactive risk management policy that incorporates digital forensic expertise could assist a business in dealing with these threats.
Instructing a digital forensic provider is often seen as a reactive measure, following suspected or observed unauthorised activity within an organisation. It is often seen as a covert action, and for the uninitiated, can come across as intrusive and speculative. In reality, the skillset of a digital forensic investigator can uncover a hidden audit trail of actions on a digital device, whether it be a mobile phone or computer. Skilled investigators can piece information together to understand what digital evidence may be available.
The critical step to any forensically-sound investigation is the ‘forensic image’. This is essentially the creation of a digital copy of all the information held by a digital device, such as a computer or mobile phone. Devices are powered-off to preserve all metadata (such as time and file creation date) and the forensic image is then created. This ‘image’ is then uploaded onto a dedicated computer and booted up through specialist forensic software for all analysis and investigation to be undertaken.
Often, companies will seek to pursue a digital forensic investigation, months after the unauthorised access has occurred whether it’s an employee announcing their new position at a rival company, or clients calling to voice their confusion over being approached by an ex-Director, who has started his own company in the same line of business. Companies are predominantly reactive in their nature. During this time span, computers are likely to be reallocated and used daily by other employees, and any deleted evidence that was once retrievable is no longer retained by the device.
What if, as part of a risk management policy, there was a proactive mandate in employment contracts or data protection/preservation policies? This could specify that upon being made aware of an employee exiting the company, any work-designated digital device is to be collected by a digital forensics expert and a digital forensic image created. The device is then returned to the office and can be re-purposed for a new user – all in under 48 hours.
This essentially creates a holistic overview of the device at the earliest possible opportunity, and allows a greater level of control, while minimising business disruption. The forensic image can then be stored in a secure evidence room on a physical storage device, freely available for continued investigation, at any point in the future, at immediate notice.
CYFOR’s Corporate Forensic Retainers are designed to identify business threats with intelligent cyber security solutions and apply remediation with court-approved digital forensic expertise.
After submitting an enquiry, a member of our team will be in touch with you as soon as possible
Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.