When an employee leaves the company, it's important to implement adequate security measures to protect the company's sensitive data. Unfortunately, employees sometimes take confidential information with them, which can have detrimental consequences for the company, such as loss of competitiveness, damage to reputation, or breach of confidentiality. Statistics reveal that 83% of data breaches involve internal actors. (source: Verizon). Furthermore, 95% of data breaches are financially motivated, representing a significant increase compared to previous years (+24% since 2019). (source: Verizon). These figures underscore the importance for companies to strengthen their security and awareness measures to protect their sensitive data, as well as to conduct digital investigations to verify if a former employee has stolen data before their departure.
Potential risks
Employees in departments with access to sensitive information, such as sales, IT, and marketing, are most likely to steal data as they have access to confidential information. For example, a former salesperson may leave with a client list, or an employee from the IT department could steal source code that they themselves wrote, mistakenly believing it belongs to them.
What are the warning signs?
Before leaving the company, some employees may conduct an "information gathering session," copying files or accessing sensitive and confidential data. To prevent this type of event, it can be detected early on by reviewing server event logs by the IT department to detect unusual use.
The cyber investigation procedure
When there is reasonable doubt, a digital investigation may be requested. For example, if an employee who has never accessed certain data suddenly does so just before leaving the company, this may be considered suspicious and should grab your attention. Similarly, a client's report or observation of contracts awarded to a competitor may be considered reasonable doubt, giving you the right to resort to a digital investigation.
What is the procedure for a cyber investigation?
When reasonable doubt is raised, the investigation can begin for a duration of approximately three weeks. It involves seizing the former employee's computer equipment and collaborating with a trusted member of the IT team to access server event logs. Once the analysis is completed, a report is created for human resources to decide on actions against the employee.
Conclusion
It is crucial for every company to take measures to protect its sensitive data when an employee leaves. By keeping the former employee's computer for at least three (3) months and following a digital investigation procedure in case of reasonable doubt, you can reduce the risks of data theft and protect the integrity of your company.
To learn more about our cyber investigation services, contact our experts.
