Of all the corporate cases a computer forensics consultant might be called upon to investigate, data theft, or theft of proprietary information, is the most common, says Richard Morochove of Morochove and Associates, a computer forensics firm in Toronto.
“One thing that has been fairly common is suspicion that an employee or former employee has gotten access to proprietary company data and has either sent it to a competitor or is using it to compete with the company,” says Morochove. “So this would be data such as customer lists or proprietary price lists, that sort of thing.”
Inside Jobs Most Common
“If you look at Hollywood and what’s on TV there’s a great emphasis on someone who hacks into a company system and extracts the information,” says Morochove. “In real life, it’s most common that an employee or former employee is the one who steals the information, because the employee is someone who generally has access to the information and also knows what information is very valuable to the company. It’s generally an inside job rather than an outside hacker.”
When there is suspicion that a data breach has occurred and that it has likely originated from within the company, a computer forensic expert may be called upon to examine electronic files and recover any lost information. Morochove could be called in by the manager of human resources, the head of IT, a chief information officer, a chief financial officer, a company president or a firm’s in-house counsel.
Suspicious Behavior Raises Flags
Morochove narrows down his search by meeting with the client to discuss their suspicions and then comes up with a focused plan for the data search.
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
“In one particular case… the employee was seen at work on the weekend in the office and she normally did not work on the weekend. Someone said she was shredding papers like mad. And Monday morning she left a resignation letter on the desk of her superior. She did not come into work. And when they got suspicious and tried to look at her computer, it looked as though everything had been erased on her computer.”
Morochov was able to recover most of the deleted data and hand it over to the company.
Lax Security Systems Hamper Investigations
Sometimes it’s impossible to trace the steps an employee has taken when there is suspicion that proprietary information has been taken.
When an employee left her company to join an arch rival, her employer suspected she may have either emailed some information to her new employer or copied it onto a memory stick.
“While I was able to analyze the email and give them information about that, unfortunately the way their systems were set up it was not possible to determine whether or not data was copied onto a USB stick,” says Morochove.
“If the information was on paper and somebody was walking out the door with three or four banker’s boxes full of printouts of customer lists, that would certainly raise suspicions. But you can fit the equivalent of 100 banker’s boxes on one USB stick and flip it into a pocket or purse.”
He stresses the need for companies to implement proper security procedures, including restricting the use of outside data storage devices in particular.
“After my report they said they planned to put in such a system,” says Morochove. “Unfortunately that’s kind of like locking the barn door after the horses are out.”
Learn about the security procedures you can put in place to prevent data theft before it happens. Check out these Data Theft Prevention Tips.