Data Security Plan for Employee Termination or Resignation
Houston, TX January 11, 2013
“theft of proprietary information caused the greatest financial loss”
Unfortunately for employers, employees often try to take work product with them when they leave, even under amicable conditions. To prevent data security incidents of sabotage to company data (i.e. destruction, alteration or removal of proprietary information), businesses should make a Security Plan to help protect their hard fought proprietary information and trade secrets. Below, E-Investigations outlines a basic Security Plan that could help protect businesses.
1. Disable Employee Access – PROMPTLY
Employees who leave should have their passwords revoked immediately upon their departure – preferably on their last day of employment. Taking a longer time to secure this step could become a costly mistake if the employee leaves only to access the company’s information to destroy or steal from a remote site. Studies have shown that it is quite common for employees to share passwords, which could possibly lead to illegal access. Disabling the password could prevent other unauthorized personnel (who could still be working for the company but may not originally have access to certain sensitive information) from getting into confidential data. Because of the prevalence of password sharing in corporate America, it may also make sense to force a company-wide password change on a regular interval; including the day access is revoked from an employee.
2. Maintain Information on Employee Access
With information stored in a variety of security levels and locations across the network, access rights are numerous. To leave the margin for error as close to nil as possible, it is advisable for a company to maintain a document that lists each employee’s access to the company’s information systems. The company is then in a position to disable all of the access rights, limiting the error of leaving any access codes untouched. Having a manager make sure that all access rights are disabled with a checklist that has to be signed for confirmation is another measure to take to guarantee safekeeping of proprietary information.
3. Conduct Exit Interviews
Businesses that did not possess the foresight to have employees sign a non-compete or non-disclosure agreement in the initial employment stages should conduct exit interviews to remind the employees that company information is confidential and should not be revealed to an outsider. Of course, this practice should be facilitated by a company policy already in place about the prohibition of disclosing company information to outsiders or competitors.
4. Safekeeping or Imaging Hard Drives
Continued use of the computer includes risk of changing file dates of creation, alteration, access or deletion. Also, any of the following actions could alter evidence of an employee’s fraudulent activities or theft of corporate electronic property: turning computer on/off, entering new data, loading new software, compressing data, defragmenting disk and moving data from one system to another. it may be good measure for businesses to keep the hard drive(s) of any employee who has access to sensitive information when they leave. This practice will ensure that activities on the computer are not inadvertently erased and should there be a need to investigate a suspect’s hard drive for questionable activities, the evidence would not have been tampered with by anyone else.
Another alternative is to image the employee’s hard drive. Computer forensics experts can obtain a “mirror-image” of a hard drive and businesses can keep a copy of the imaged drive for a period of time. This recourse will allow continued usage of the original hard drive and still afford employers a copy of the original. If there is a need for electronic evidence discovery in the future, a computer forensics expert can perform the investigation on the imaged drive.
As Gary Huestis, Director of Digital Forensics at E-Investigations, a Houston-based computer forensics and electronic discovery firm, says, “Imaging a computer just on the off-chance that a company may someday need the copy of the hard drive may seem like an unnecessary step, but it is a relatively cheap insurance for any company that has proprietary information that, when leaked out or tampered with, could possibly cost the business great financial loss.”
5. When An Employee Is Suspected Of Foul Play
When an employee who has left the company is suspected of foul play, (i.e. stealing company data, deleting files, sharing information with outsiders), the first thing to do is to turn off the suspect’s computer. Activities that occurred on the computer can be traced but the chances of finding evidence could be limited by continued usage of the computer. Companies should hire a computer forensics expert, like Gary Huestis, who is certified in the latest EnCase forensics software, to discover evidence on the computer that could prove that the employee did indeed perform illegal activities on the computer.
It is essential to hire third-party experts like E-Investigations rather than using the internal IT department personnel because that way they can ensure that the evidence is handled appropriately. Computer forensics experts can maintain a proper chain of custody, avoid data spoliation and authenticate the evidence. Additionally, an important factor to consider is that, unlike internal IT staff, third-party experts do not usually know the suspect personally, reducing the risk of them sabotaging the hard drive to help or to incriminate the suspect.
E-Investigations has the tools and experience to perform logical, physical, file system and password extraction of data from digital devices. By the incorporating the latest hardware and software technologies, E-Investigations has one of the most thorough capabilities for computer and mobile device investigations in the industry – with the ability to image thousands of computers, tablets, mobile phones, smartphones and portable GPS devices, and all major mobile OS: iOS, Android, BlackBerry, Nokia, Symbian, Windows Mobile and Palm.
E-Investigation’s Computer Forensic Investigators follow the trail and decipher the information regardless of whether the evidence is digital, such as electronically stored information found on computers, tablets, mobile phones or other devices or if the investigation requires traditional private investigative services. E-Investigations’ tools and techniques include surveillance, undercover work and detailed record searches. The final product helps our clients gain a deeper understanding of what has happened or what is occurring. The gained clarity and discovery of truth allows our clients to quickly respond and recover.
Gary Huestis is the Director of Digital Forensics at E-Investigations. Mr. Huestis is an EnCase certified examiner and a licensed private investigator.
Call us toll-free at 877-305-4935