Comment: Exit strategy - How forensic ready are you?

Duncan Garner
Duncan Garner

Knowledge is power, and the growing power of technology means that employees may be privy to a good deal of a company's key information. There is much commercial value in a company’s data – for instance, customer details, pricing information and business plans. These are often the types of information that departing staff may seek to take with them.

The multiplicity of technological devices that are now given to employees means that this has become a greater risk than ever before. It is now common for staff to be provided with company laptops, BlackBerries and web-based platforms, or to be allowed remote access to company servers. A company recognising the benefits that this technology affords it, will provide the employee the tools to work from home, the airport lounge or hotel room, and expect the person to use that technology within agreed boundaries.

While these technologies improve the productivity of your staff, they also increase the risk of sensitive data being taken by exiting staff without their employers' knowledge, often realising it only when its too late. In a flexible environment it is common to see employees using company resources for their own private needs. While this may do little harm, abuse can occur once a person has decided to leave the company. The technology becomes the means to transfer sensitive company information or organise a team defection.

The access to information afforded employees is typically backed by contractual obligations or company information security policies. However these documents may be drafted by individuals who have little technical IT knowledge and may not be au fait with the ongoing changes in a company’s IT infrastructure and the new security risks that technology may present.

The situation is further complicated by the fast pace at which new technologies are devised and implemented. This makes it hard to keep track of which individuals have access to particular technologies or data sets. Consequently it is a challenge to keep track of the information that a departing individual might take with them.

Employee exit

The vast majority of misappropriated information is discovered well after an employee has departed, often having already made use of the data. Company resources such as laptops, BlackBerries and server space are valuable. Normal commercial pressures mean they need to be recycled. Consequently, a person’s key data is often inadvertently destroyed when (for instance) a laptop is handed to a new user. Before such transfers occur, it is crucial to take steps to preserve an employee’s information to some less expensive medium.

Even if data is collected from departing employees, all too often the collection task is delegated to individuals with little or no investigative experience and insufficient understanding of the forensic impact of their actions. This is dangerous, since data is vulnerable to inadvertent change if care is not taken during its collection and review. Legal advisers have to meet tight deadlines sanctioned by financial penalties (for instance a response to the regulator) and can place technologists under extreme pressure during the data collection exercise. Individuals lacking experience in this process may rush to provide data for review without taking the proper precautions to protect its evidential weight (chain of custody) and so risk key evidence being thrown out by the court. Preparation and process is the key to ensuring a company does not fall into this trap.

Prevention check list

Here are a few preventative steps your company can take to protect company information.

  • Make sure you understand the risks any newly introduced technology presents.
  • Review information security policies regularly to ensure they stay current and fit for purpose.
  • When employees are exiting your company, backup their data and store it for a reasonable period. This will enable you to recycle any equipment immediately but still be in a strong position should an issue arise.
  • Compensate for any lack of internal skills by indentifying external help. If you follow these steps prior to an actual incident you will reap the benefits of being properly prepared.

Duncan Gardiner is Director of Forensics at Epiq Systems. He brings over eight years of forensics experience. Epiq Systems is a leading provider of integrated technology solutions for the legal profession, enabling clients to streamline the administration of bankruptcy, litigation, financial transactions and regulatory compliance matters. For further information please visit

What’s hot on Infosecurity Magazine?