Connect with us

Tech News

How employees can steal your sensitive data and try to mask the theft

Whether your client list or client files, you have sensitive data on hand – how could an employee steal it, and how can forensic specialists recover it?

Published

on

backspace delete button

You and your team have data that must be protected

No matter your industry, you likely have information somewhere, be it a smartphone or laptop, that is sensitive. Maybe it’s credit card transaction data, perhaps it is client contracts or applications, maybe it’s something as simple as a confidential document shared casually between coworkers.

What happens if one of your employees leaves and takes your entire client list or attempts to cover up mistakes by altering documents? The good news is that all of this can be traced.

bar
To find out how, we talked with Chuck Snipes, a computer forensics examiner at DSi, one of the nation’s leading providers of advanced electronic discovery and digital forensics services. As a former cybercrime detective and consultant in outside investigations and criminal cases, he often serves as a testifying expert witness and has extensive experience in cybercrime investigations, digital evidence and data recovery.

In his own words below, he will explain why not even deleted documents are unrecoverable, how forensic specialists like him find altered data, and how to handle the tricky topic of employees using their own devices at work:

Anything typed can be recovered

Did you know that almost anything you – or your employees – type on a computer or device can be recovered? Sure, you can delete files, but digital forensic experts can retrieve fragments of documents and use them to reassemble the information. Scary, right?

It’s not always a bad thing. For example, sometimes employees take confidential information – such as contact lists, accounting spreadsheets with proprietary formulas or organizational documents – with them to a new job. As a worried business owner, you can rest assured. That information is often retrievable, even if the former employees rename or hide the documents, and it makes for sound evidence in court.

So, what do you need to know to safeguard your company’s data? Let’s take a look.

What ways can data be altered or deleted?

  • The most common attempt to get rid of information is to rename a data file or change the file extension (i.e., from .doc to .jpg).
  • One can also alter data by compressing the file and password-protecting it, which renders the file almost impossible to access without the password. Key word: almost.
  • Those who are more technology-savvy might alter data by embedding text in a string of data or using encryption software.
  • Regarding deletion, many think that emptying the recycle bin on their computers permanently discards unwanted data. That’s not actually the case. Even if you run a deletion program, data may be retrieved, especially if your company keeps a log of emails and data at the server level to retain a trail of communications.

How can digital forensic specialists find the altered or deleted data?

  • Computer forensic consultants use a combination of sophisticated hardware tools, software programs, training and experience to retrieve and unlock data, including password-protected files.
  • Even if users try to overwrite files on a hard drive, some fragments of the file may remain at other locations on the drive. Experts can take apart a forensic image of the drive and identify file fragments to reassemble the information.
  • A lot of information is stored in computers, and forensic professionals can usually see what a computer was used for, when it was used, what documents were accessed and when, as well as changes to the metadata (such as the title, subject or authors).
  • When a file is deleted, many people think it’s gone forever. It’s not. What’s erased is merely a pointer to the files, which tells the operating system to no longer include that information in file listings that the user sees. The content still exists on the hard drive until it is overwritten. This is also often true for items on mobile devices, like text messages.
  • If a wiping program is used, it still can’t account for backup services, so forensic specialists can use software to detect if these wiping programs were installed and/or used. If so, backed up copies of the deleted file can be accessed.
  • Even if the device is protected by thumbprint, forensic professionals can often access the corresponding iCloud account through legal process. The account typically has copies of everything.

What steps can you take to prevent employees from taking information with them when they leave your company?

  • Create a written agreement that lists the owner(s) of the data and provides guidelines for what data can and cannot be taken by an employee.
  • Be selective on who is granted permission to company data – and segregate your data for different levels of access privileges. Keep a detailed log in place that includes who accessed which computer or device, what was done while using the device, when it was done and more.
  • Put written security guidelines in place that detail how data is to be stored and transmitted. Don’t forget to include guidelines for portable items that contain data, such as USB devices, laptops and smartphones.
  • Create and enforce an information governance (IG) policy, outlining what data to preserve and how to maintain it. Your IG policy should also specify a defensible deletion process for the data you don’t need. Information can’t be stolen or mishandled if you don’t have it, so don’t collect and retain sensitive information that you don’t need.

Can employers collect business information accessed by employees via personal devices, and vice versa?

  • Employers have the right to see what is on company devices. Yet, if a company wants to access personal information on company computers, it’s best to consult with an attorney before taking any action. To avoid complications, many businesses implement a policy that states there should be no expectation of privacy for anything accessed via a company-owned device.
  • Company information on personal devices can be accessed by the company, too. And many businesses have employed a specific policy for dealing with the Bring Your Own Device (BYOD) phenomenon.

How can companies manage BYOD issues?

  • Implement a data ownership policy that fully discloses company procedures and ramifications. For example, implement a policy that all devices must be controllable from within the organization. This grants the employer the right to monitor employees’ activities on the device, and it ensures that, should a device be stolen or an employee terminated, the IT department can remotely lock or wipe the device.
  • Allow only devices that will actually be used for company purposes to connect to the corporate network.
  • Ensure that all devices granted access to the corporate environment meet established security and policy requirements. For example, companies may require that portable hard drives or flash drives be inspected before leaving the premises to make sure no company data is removed from the building.

Creating and implementing a well-documented strategy for maintaining confidential information and having technological safeguards in place will make it much harder for an employee to steal data. In the event that an employee is able to sneak out data, the right logging and backup systems will enable forensic personnel to prove theft. When used as evidence in court, the proof of a theft may allow for retrieval of the information and sanctions against the person(s) who stole it.

The takeaway

Chuck Snipes outlines above the sensitive nature of data, and highlights just some of the ways experts like him can prove theft. If you suspect a former employee is or has accessed, altered, or taken data, you’ll need to call in the experts. Contact Chuck at DSi to find out how they can strengthen your position and keep your data safe.

Remember that everything typed, saved, altered, transferred, or deleted, isn’t gone forever – forensics experts know how to find it.

#DeletedData

The American Genius is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Continue Reading
Advertisement
3 Comments

3 Comments

  1. Pingback: Retailers struggle as theft rises (and it's not kids pocketing things) - The American Genius

  2. Pingback: Tesla continues to deal with former employees and potential IP theft

  3. Pingback: How to safeguard your small company's data without distrusting staff

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Facebook deletes developer over ironic browser extension invention

(TECHNOLOGY) Think a muted week for a nipple shadow is bad? Facebook just permabanned this inventor for…helping others to use the platform less.

Published

on

African American hand holding iphone on Facebook's login page.

It must be true that corporations are people because Facebook is pulling some seriously petulant moves.

In a stunt that goes beyond 24hr bans for harmless hyperbole, and chopping away at organic reach (still bitter from my stint in social media management), Facebook straight up permanently banned one of their users for the high crime of…aiming to get people to use the platform a little less.

Developer Louis Barclay came up with Unfollow Everything, an extension that basically instantly deleted your feed without having you unfriend anyone or unlike anything. Rather than have users manually go through and opt out of seeing posts, they’d now opt IN to keeping who they wanted front and center.

In his own words on Slate: “I still remember the feeling of unfollowing everything for the first time. It was near-miraculous. I had lost nothing, since I could still see my favorite friends and groups by going to them directly. But I had gained a staggering amount of control. I was no longer tempted to scroll down an infinite feed of content. The time I spent on Facebook decreased dramatically. Overnight, my Facebook addiction became manageable.”

Since more time spent on Facebook means more ads that you’re exposed to, means more you spend, the add-on started slowly making headway. I myself pretend to be a ranch owner to keep ads as irrelevant to me as possible (though my new addiction to hoof trimming videos is all too real), and Unfollow Everything probably would have been a great find for me if it hadn’t been killed by a cease and desist.

Law firm Perkins Coie, representing the internet giant, let Barclay know in their notice that Unfollow Everything violated the site’s rules on automated collection of user content, and was muscling in on Facebook trademarked IP.

They also added, in what I can only assume was a grade-school narc voice, that the add-on was “encouraging others to break Facebook’s rules.”

Barclay, not having the resources to fight a company with the finances of a small country, promptly ceased and desisted. Practical.

Officially speaking, Facebook might have actually have some ground to stand on vis-à-vis its Terms Of Service. The letter and legal team may have been warranted, not that we’ll ever truly know, since who’s taking Facebook to court? But then they followed up with a ‘neener neener’ deletion of Barclay’s 15 year old account – which was still very much in use.

Look, Facebook is the only way I connect with some of my friends. I don’t take enough pictures to make full use of Instagram, I fully hate Twitter, my Tumblr is inundated with R-rated fanfiction, and any other social media platform I’m happy to admit I’m too haggish and calcified to learn to use. So a complete WIPE of everything there with no notice would be pretty devastating to me. I can only imagine how Barclay felt.

And in light of the fact that the browser extension wasn’t hurting anyone, taking money, or spewing hateful rhetoric, there’s really only one thing to say about Facebook’s actions…they’re petty.

Sure, they may have the legal right to do what they did. It’s just that when you notice every fifth post is an unvetted advertisement, their high ground starts to sink a little. I mean nothing says ‘We’re being totally responsible with user information’ like the number of add ons and user tactics popping up to avoid seeing the unnecessary. This isn’t the first time we’ve seen Facebook put up a fight against losing ad traffic.

We all know all those stores with amazing deals aren’t actually going out of business, or even using their own photos right? Right?

Barclay added in his article, “Facebook’s behavior isn’t just anti-competitive; it’s anti-consumer. We are being locked into platforms by virtue of their undeniable usefulness, and then prevented from making legitimate choices over how we use them—not just through the squashing of tools like Unfollow Everything, but through the highly manipulative designs and features platforms adopt in the first place. The loser here is the user, and the cost is counted in billions of wasted hours spent on Facebook.”

Agreed, Mr. Barclay.

Now I’m off to refresh my feed. Again.

 

Graffiti wall with image of Facebook founder, Mark Zuckerberg, with the saying "You've been Zucked."

Continue Reading

Tech News

Glowbom: Create a website, using just your voice

(TECH NEWS) Talk about futuristic! This app allows you to create quizzes, surveys, an online store, and even a website in minutes–without typing.

Published

on

Colleagues looking at Glowbom website homepage

In the past, we’ve discussed things like simplified coding and no-code app creation. Now, a San Francisco startup has taken the process a step further with no-type app creation.

Glowbom is a voice app that allows you to dictate steps to an AI – from adding information all the way to exporting code–in order to create a simple app, survey, or game. While the built-in options for now are limited to four simple categories, the power of the app itself is impressive: By asking the Glowbom AI to complete tasks, one is able to dictate an entire (if small) program.

It’s an impressive idea, and an even more impressive product. Glowbom founder and CEO Jacob Ilin showcases the power of Glowbom in a short demonstration video, and while he only uses it to create a simple survey, the entire process–up to and including the exportation of the API–is accomplished via voice commands.

Furthermore, Glowbom appears to process natural inputs–such as phrases like “Let’s get started”–in the context of an actual command rather than the colloquial disconnect one tends to expect in AI. This means that users won’t need to read a 700-page manual on phrases and buzzwords to use before jumping on board–something the Glowbom user base was probably hoping to avoid anyway.

As of now, the options one can use Glowbom to create include a quiz, a survey, an online store, and a website. It seems reasonable to expect that, as support for the app grows, those categories will expand to comprise a larger library.

Glowbom certainly opens a few doors for people looking to take their businesses or ideas from an offline medium into the digital marketplace. As coding becomes less centralized in computer language and more contingent on processes such as this, we can expect to see more products from folks who may have missed the coding boat.

Perhaps more importantly, Glowbom and products like it make coding more accessible to a wider base of disabled users, thus taking a notable step toward evening the playing field for a marginalized demographic. It’s not true equality, but it’s a start.

This story was first published here in October 2020.

Continue Reading

Tech News

4 ways startups prove their investment in upcoming technology trends

(TECH NEWS) Want to see into the future? Just take a look at what technology the tech field is exploring and investing in today — that’s the stuff that will make up the world of tomorrow.

Published

on

Woman testing VR technology

Big companies scout like for small ones that have proven ideas and prototypes, rather than take the initial risk on themselves. So startups have to stay ahead of technology by their very nature, in order to be stand-out candidates when selling their ideas to investors.

Innovation Leader, in partnership with KPMG LLP, recently conducted a study that sheds light onto the bleeding edge of tech: The technologies that the biggest companies are most interested in building right now.

The study asked its respondents to group 16 technologies into four categorical buckets, which Innovation Leader CEO Scott Kirsner refers to as “commitment level.”

The highest commitment level, “in-market or accelerating investment,” basically means that technology is already mainstream. For optimum tech-clairvoyance, keep your eyes on the technologies which land in the middle of the ranking.

“Investing or piloting” represents the second-highest commitment level – that means they have offerings that are approaching market-readiness.

The standout in this category is Advanced Analytics. That’s a pretty vague title, but it generally refers to the automated interpretation and prediction on data sets, and has overlap with Machine learning.

Wearables, on the other hand, are self explanatory. From smart watches to location trackers for children, these devices often pick up on input from the body, such heart rate.

The “Internet of Things” is finding new and improved ways to embed sensor and network capabilities into objects within the home, the workplace, and the world at large. (Hopefully that doesn’t mean anyone’s out there trying to reinvent Juicero, though.)

Collaboration tools and cloud computing also land on this list. That’s no shock, given the continuous pandemic.

The next tier is “learning and exploring”— that represents lower commitment, but a high level of curiosity. These technologies will take a longer time to become common, but only because they have an abundance of unexplored potential.

Blockchain was the highest ranked under this category. Not surprising, considering it’s the OG of making people go “wait, what?”

Augmented & virtual reality has been hyped up particularly hard recently and is in high demand (again, due to the pandemic forcing us to seek new ways to interact without human contact.)

And notably, AI & machine learning appears on rankings for both second and third commitment levels, indicating it’s possibly in transition between these categories.

The lowest level is “not exploring or investing,” which represents little to no interest.

Quantum computing is the standout selection for this category of technology. But there’s reason to believe that it, too, is just waiting for the right breakthroughs to happen.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!