Connect with us

Tech News

How employees can steal your sensitive data and try to mask the theft

Whether your client list or client files, you have sensitive data on hand – how could an employee steal it, and how can forensic specialists recover it?

Published

on

backspace delete button

You and your team have data that must be protected

No matter your industry, you likely have information somewhere, be it a smartphone or laptop, that is sensitive. Maybe it’s credit card transaction data, perhaps it is client contracts or applications, maybe it’s something as simple as a confidential document shared casually between coworkers.

What happens if one of your employees leaves and takes your entire client list or attempts to cover up mistakes by altering documents? The good news is that all of this can be traced.

bar
To find out how, we talked with Chuck Snipes, a computer forensics examiner at DSi, one of the nation’s leading providers of advanced electronic discovery and digital forensics services. As a former cybercrime detective and consultant in outside investigations and criminal cases, he often serves as a testifying expert witness and has extensive experience in cybercrime investigations, digital evidence and data recovery.

In his own words below, he will explain why not even deleted documents are unrecoverable, how forensic specialists like him find altered data, and how to handle the tricky topic of employees using their own devices at work:

Anything typed can be recovered

Did you know that almost anything you – or your employees – type on a computer or device can be recovered? Sure, you can delete files, but digital forensic experts can retrieve fragments of documents and use them to reassemble the information. Scary, right?

It’s not always a bad thing. For example, sometimes employees take confidential information – such as contact lists, accounting spreadsheets with proprietary formulas or organizational documents – with them to a new job. As a worried business owner, you can rest assured. That information is often retrievable, even if the former employees rename or hide the documents, and it makes for sound evidence in court.

So, what do you need to know to safeguard your company’s data? Let’s take a look.

What ways can data be altered or deleted?

  • The most common attempt to get rid of information is to rename a data file or change the file extension (i.e., from .doc to .jpg).
  • One can also alter data by compressing the file and password-protecting it, which renders the file almost impossible to access without the password. Key word: almost.
  • Those who are more technology-savvy might alter data by embedding text in a string of data or using encryption software.
  • Regarding deletion, many think that emptying the recycle bin on their computers permanently discards unwanted data. That’s not actually the case. Even if you run a deletion program, data may be retrieved, especially if your company keeps a log of emails and data at the server level to retain a trail of communications.

How can digital forensic specialists find the altered or deleted data?

  • Computer forensic consultants use a combination of sophisticated hardware tools, software programs, training and experience to retrieve and unlock data, including password-protected files.
  • Even if users try to overwrite files on a hard drive, some fragments of the file may remain at other locations on the drive. Experts can take apart a forensic image of the drive and identify file fragments to reassemble the information.
  • A lot of information is stored in computers, and forensic professionals can usually see what a computer was used for, when it was used, what documents were accessed and when, as well as changes to the metadata (such as the title, subject or authors).
  • When a file is deleted, many people think it’s gone forever. It’s not. What’s erased is merely a pointer to the files, which tells the operating system to no longer include that information in file listings that the user sees. The content still exists on the hard drive until it is overwritten. This is also often true for items on mobile devices, like text messages.
  • If a wiping program is used, it still can’t account for backup services, so forensic specialists can use software to detect if these wiping programs were installed and/or used. If so, backed up copies of the deleted file can be accessed.
  • Even if the device is protected by thumbprint, forensic professionals can often access the corresponding iCloud account through legal process. The account typically has copies of everything.

What steps can you take to prevent employees from taking information with them when they leave your company?

  • Create a written agreement that lists the owner(s) of the data and provides guidelines for what data can and cannot be taken by an employee.
  • Be selective on who is granted permission to company data – and segregate your data for different levels of access privileges. Keep a detailed log in place that includes who accessed which computer or device, what was done while using the device, when it was done and more.
  • Put written security guidelines in place that detail how data is to be stored and transmitted. Don’t forget to include guidelines for portable items that contain data, such as USB devices, laptops and smartphones.
  • Create and enforce an information governance (IG) policy, outlining what data to preserve and how to maintain it. Your IG policy should also specify a defensible deletion process for the data you don’t need. Information can’t be stolen or mishandled if you don’t have it, so don’t collect and retain sensitive information that you don’t need.

Can employers collect business information accessed by employees via personal devices, and vice versa?

  • Employers have the right to see what is on company devices. Yet, if a company wants to access personal information on company computers, it’s best to consult with an attorney before taking any action. To avoid complications, many businesses implement a policy that states there should be no expectation of privacy for anything accessed via a company-owned device.
  • Company information on personal devices can be accessed by the company, too. And many businesses have employed a specific policy for dealing with the Bring Your Own Device (BYOD) phenomenon.

How can companies manage BYOD issues?

  • Implement a data ownership policy that fully discloses company procedures and ramifications. For example, implement a policy that all devices must be controllable from within the organization. This grants the employer the right to monitor employees’ activities on the device, and it ensures that, should a device be stolen or an employee terminated, the IT department can remotely lock or wipe the device.
  • Allow only devices that will actually be used for company purposes to connect to the corporate network.
  • Ensure that all devices granted access to the corporate environment meet established security and policy requirements. For example, companies may require that portable hard drives or flash drives be inspected before leaving the premises to make sure no company data is removed from the building.

Creating and implementing a well-documented strategy for maintaining confidential information and having technological safeguards in place will make it much harder for an employee to steal data. In the event that an employee is able to sneak out data, the right logging and backup systems will enable forensic personnel to prove theft. When used as evidence in court, the proof of a theft may allow for retrieval of the information and sanctions against the person(s) who stole it.

The takeaway

Chuck Snipes outlines above the sensitive nature of data, and highlights just some of the ways experts like him can prove theft. If you suspect a former employee is or has accessed, altered, or taken data, you’ll need to call in the experts. Contact Chuck at DSi to find out how they can strengthen your position and keep your data safe.

Remember that everything typed, saved, altered, transferred, or deleted, isn’t gone forever – forensics experts know how to find it.

#DeletedData

The American Genius is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Continue Reading
Advertisement
1 Comment

1 Comment

  1. Pingback: Retailers struggle as theft rises (and it's not kids pocketing things) - The American Genius

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Beautiful new wellness app takes a more holistic approach

(TECHNOLOGY) Using tech to help with wellness is nothing new, but this app takes a more holistic approach to help you balance.

Published

on

wellbody wellness app

There are thousands of health and fitness apps in various marketplaces, so what distinguishes between them is often a matter of personal taste. Much like the variety of organizational apps, I find that picking a wellness app involves much the same process – what works for you? What do you need? What are your wellness goals? And so on.

I spent a few days with the new wellness app, Wellbody, and I will say I am fifty/fifty. I love the approach and philosophy of Wellbody. Take a look at their fundamental tenants:

  • We believe in progress over perfection
  • We believe in small, simple, and sustainable behavior change
  • We believe that with mindful practice, people can do amazing things
  • We believe that real change starts with being mindful…and is maintained through creating healthy habits
  • We take a holistic view across the five major pillars of health: nutrition, exercise and movement, sleep, stress management, and connection
  • We believe everyone deserves access to better health and wellness
  • We want to help you live life well

As a person who is incredibly engaged in their own wellness and trying to figure out how to do that, I believe fully in this model. Holistic perspectives on health are important for anyone.

However, a holistic perspective may mean some people perceive this app as having a lack of focus. It is foundational, so it is not a workout plan, or calorie counter, etc. It’s primarily educational. And the content is actually good. The foundation series are well narrated, and I think it does a good job of level setting and providing information.

It does have a daily quote and a little daily experiment (which I think is a good add). The content library is growing, and the sessions outside of the foundational session are great (I loved the “Mindfulness vs. Meditation” piece)

However, there are a few challenges I have right away.

First, the sessions don’t have any good visuals, summaries, or much of anything else.

Also, the daily experiment has been rather vague. Yes, I understand that it is a mindfulness app, but the challenges are more pondering and less practice.

Most critically – without an internet connection you can’t listen to this. So if you are on a plane, or on a limited reception subway, or are away from Wi-Fi, you can’t listen to any of the content. That’s a glaring issue, and it is too easy to turn to other podcasts or apps who we can listen to the content without an active internet connection. It makes it harder to open this app everyday, which is important for the way it works.

I think Wellbody has the concept down – what’s missing is more content. There needs to be more specific content, maybe a journaling feature, etc. I would recommend this app for anyone who is starting a wellness journey, or maybe is re-evaluating what kinds of health changes they are trying to make. If you need a diet tracker, or exercise plan, this is going to be less helpful. However, if you are trying to change the way we look at wellness, this is a great place to start.

Side Note: I love the visual design of this app, which is a weird cross between Zen and an episode of Fixer Upper (I love all of the designs at Target, y’all).

Continue Reading

Tech News

What’s TikTok, why’s it so huge, and why is Facebook scared of it?

(TECH) TikTok has taken the internet by storm – you’ve probably seen the videos floating around, so here’s the context your business needs to know.

Published

on

tiktok

Jimmy Fallon challenged his viewers to his version of a #sharpiechallenge. That’s where you toss a sharpie into the air, catch it, take the cap off and draw a mustache on yourself with it. He requested that viewers use TikTok to record it and upload it.

As of this writing, the hashtag boasts 8.2 million views in TikTok alone – if it wasn’t big before it gained Fallon as a fan, it is now.

What Is TikTok?

The TikTok app is the brainchild of Bytedance, a Chinese company that once owned Muscal.ly, and it launched in September 2016 as Douyin (it’s Chinese moniker). When it launched internationally, a year later, they branded the social media app TikTok. When Musical.ly shut down, users had to switch.

The app lets users view, create and share 15-second videos (kind of like Vine, RIP). It’s estimated that there are over 500 million users worldwide. The app has been highly ranked in the charts for number of downloads over the past few months, with a spike when Fallon had his first challenge, #tumbleweedchallenge. (For the record, Fallon and The Tonight Show do not have a business relationship with Bytedance.)

Users can lip-sync, do duets, record a reactions video and has some excellent tech in the app for video editing. Users can comment on videos and create video memes. It’s pretty fascinating. And wildly appealing to the masses.

One of the best things about TikTok is that the app doesn’t have advertising or monetization capabilities, even though it has a broad audience. With an estimated 500 million users, it’s just a matter of time.

Facebook launches a TikTok-clone.

Facebook doesn’t want to be late to the game. In classic follower fashion, they have launched their own short-video app, Lasso.

I played with both apps, and Lasso just doesn’t have comparable content.

What Facebook does have is its user base. By integrating with Facebook itself, Lasso may outdo TikTok eventually, but it will need to increase its capabilities.

Why should your business take notice?

Small businesses should be aware of these apps. Online videos are driving social media engagement. Content is king, and you’ve been reading here for years that video is a powerful component of any social media strategy.

TikTok and Lasso give you video-making and video-sharing tools that could increase your online presence.

Continue Reading

Tech News

Hardware tokens are what folks serious about avoiding hackers use

(TECH) Hardware tokens have been around for a while, but people most serious about avoiding hackers swear by them.

Published

on

hardware token

How many passwords do you have? How many sites do you use each of your passwords for? Information Today research estimates over half of all adults have five or more unique passwords, while one in three adults have 10 or more unique passwords that have to be remembered.

This particular study was from 2012. I’d wager that most of us use many more passwords today than we did just six years ago. With the risk of your accounts being hacked increasing, you might be wary – you might not even trust an online password manager.

If you struggle with remembering all of your passwords and want to make sure you are managing passwords and protecting your accounts, you might want to consider a hardware token.

What is a hardware token?

This piece of hardware is a physical device, similar to a USB drive, that lets you gain access to an electronically restricted resource. It’s actually a simple two-factor authentication source.

Once your account is set up to accept the hardware token, you log in to the account with your user ID and password. You’ll be asked to insert the hardware token into the device, which gives you access to your account. It’s another layer of protection and authentication.

Hardware tokens have been on the market since 2002. Although many use the USB port on your device, Bluetooth tokens and smart cards are other types of hardware tokens. Setting up a hardware token is fairly easy. You can use your hardware token with most websites that have two-factor authorization.

The challenges with hardware tokens is that they are very easy to lose and can easily be stolen. That’s a pretty significant downside.

The YubiKey, one of the current offerings on the market, costs about $50. It could be expensive to have a hardware token for everyone in your organization. Google Titan, another brand of hardware key, costs about the same.

Some argue that not everyone needs this much security, but those people probably have never been hacked. If it protects your accounts, it might be worth taking a look.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!