|
 
|
In This Issue:
They might seem like typical employees, but they're not. They're criminal insiders, using their professional authority to access and steal confidential data or cause mayhem on a company's IT systems. What can companies do to protect themselves against thieves who have access to their most sensitive information? There are many types of insider crimes. The most common examples of insider crimes include cases where an employee leaves the company and takes confidential information (such as client contact information) or where an employee steals proprietary information for personal gain. Other common incidents involve disgruntled individuals who delete, destroy or compromise information. In many instances of insider crimes, criminal and civil laws are broken and the information obtained through the investigation ends up as evidence in a court proceeding. There are a few steps an organization can take to prevent insider crimes. First, organizations should establish an auditing process to monitor employee computer use and limit access to restricted information. While it may seem sneaky to monitor the activities of your trusted employees, the first step in protecting against information leakage is determining whether or not information is being lost. In addition, regular audits can insure compliance to the organization's computer use policy and can aid in reducing the likelihood of an insider event. Second, external audits of an organization's computer infrastructure can be used to ensure proficiency and to prevent wrongdoing within an IT department where the "keys to the kingdom" are held. Further, it is prudent to establish and maintain a strict set of password requirements, thereby decreasing the likelihood that someone is able to gain access to restricted information by mere luck and immediately disable access to restricted information upon termination of employment. This is extremely important in the case of IT personnel that share administrative passwords. This is an ill-advised practice that complicates an internal investigation and compromises computer security. While preparation is definitely a key step, a prudent team will also incorporate procedures to manage incidents of insider crimes within the organization's incident response plan. The first step will be to document the date, time, location, people involved, items involved, manner and any other relevant information. As this information may end up in court somewhere down the road, it is important to sufficiently document the event and establish a secure chain of custody, including an identification of the conditions of the collection. Next, be sure to identify all possible sources of electronically stored evidence involved. Once your team begins collecting the information, be sure it is properly secured, packaged, marked and identified. Lastly, be sure to preserve the chain of custody and protect the information from conditions that may damage the data. The least-suspicious employees may be the ones who commit insider crimes against their employers. Therefore, corporations must take steps to prevent criminal activity and be prepared to respond quickly so as to minimize the impact to the organization. In certain circumstances, you may need to call on an expert who has the training and experience necessary for proper preparation and response to insider crimes. Thus, it is perceptive to establish a relationship with a reputable computer forensics expert and/or a high tech investigative consultant prior to a need for their services. Special thanks to Terry D. Willis, Kroll Ontrack Consultant, for his contribution in writing this article. Mr. Willis specializes in computer forensics and high technology investigative consulting. Prior to joining Kroll Ontrack, he was a Senior Detective and headed the Los Angeles Police Department's Computer Crimes Unit. Mr. Willis can be reached at twillis@krollontrack.com for questions or comments. Meet our representatives at the following events:
Visit www.krollontrack.com/upcoming-events/ for more information on these events and others.
This newsletter was written by Regina Jytyla and Joni Shogren, Kroll Ontrack staff attorneys, with assistance from Kelly Kubacki and Meridith Socha, Kroll Ontrack law clerks. We value your input and feedback! Please send your questions or comments to Ms. Shogren at jshogren@krollontrack.com.
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||
From the Investigator's Notebook: Insider Crimes – From Preparation to Response
9023 Columbine Road | Eden Prairie, MN 55347 | 800 347 6105
Subscription Information
Recently you provided us with permission to send you updates via e-mail. Your information is exclusive to Kroll Ontrack Inc. and is used only to provide information that may benefit you. Kroll Ontrack Inc. does not supply customer information to other third party marketers.
If you would like to change your subscription options, including choosing not to receive any newsletters or sign up for additional newsletters, please visit the link below to access our newsletter service center and follow the easy, on-screen instructions.
www.krollontrack.com/newsletter-center/login.aspx
This document does not provide legal or other professional advice and should not be relied upon as anything other than a starting point for research and information on the subject of electronic evidence.
© 2009 Kroll Ontrack Inc. All material contained within this publication is protected by copyright law and may not be reproduced or transmitted, in whole or in part, without the express written consent of Kroll Ontrack Inc.