Connect with us

Tech News

How employees can steal your sensitive data and try to mask the theft

Whether your client list or client files, you have sensitive data on hand – how could an employee steal it, and how can forensic specialists recover it?

Published

on

backspace delete button

You and your team have data that must be protected

No matter your industry, you likely have information somewhere, be it a smartphone or laptop, that is sensitive. Maybe it’s credit card transaction data, perhaps it is client contracts or applications, maybe it’s something as simple as a confidential document shared casually between coworkers.

What happens if one of your employees leaves and takes your entire client list or attempts to cover up mistakes by altering documents? The good news is that all of this can be traced.

bar
To find out how, we talked with Chuck Snipes, a computer forensics examiner at DSi, one of the nation’s leading providers of advanced electronic discovery and digital forensics services. As a former cybercrime detective and consultant in outside investigations and criminal cases, he often serves as a testifying expert witness and has extensive experience in cybercrime investigations, digital evidence and data recovery.

In his own words below, he will explain why not even deleted documents are unrecoverable, how forensic specialists like him find altered data, and how to handle the tricky topic of employees using their own devices at work:

Anything typed can be recovered

Did you know that almost anything you – or your employees – type on a computer or device can be recovered? Sure, you can delete files, but digital forensic experts can retrieve fragments of documents and use them to reassemble the information. Scary, right?

It’s not always a bad thing. For example, sometimes employees take confidential information – such as contact lists, accounting spreadsheets with proprietary formulas or organizational documents – with them to a new job. As a worried business owner, you can rest assured. That information is often retrievable, even if the former employees rename or hide the documents, and it makes for sound evidence in court.

So, what do you need to know to safeguard your company’s data? Let’s take a look.

What ways can data be altered or deleted?

  • The most common attempt to get rid of information is to rename a data file or change the file extension (i.e., from .doc to .jpg).
  • One can also alter data by compressing the file and password-protecting it, which renders the file almost impossible to access without the password. Key word: almost.
  • Those who are more technology-savvy might alter data by embedding text in a string of data or using encryption software.
  • Regarding deletion, many think that emptying the recycle bin on their computers permanently discards unwanted data. That’s not actually the case. Even if you run a deletion program, data may be retrieved, especially if your company keeps a log of emails and data at the server level to retain a trail of communications.

How can digital forensic specialists find the altered or deleted data?

  • Computer forensic consultants use a combination of sophisticated hardware tools, software programs, training and experience to retrieve and unlock data, including password-protected files.
  • Even if users try to overwrite files on a hard drive, some fragments of the file may remain at other locations on the drive. Experts can take apart a forensic image of the drive and identify file fragments to reassemble the information.
  • A lot of information is stored in computers, and forensic professionals can usually see what a computer was used for, when it was used, what documents were accessed and when, as well as changes to the metadata (such as the title, subject or authors).
  • When a file is deleted, many people think it’s gone forever. It’s not. What’s erased is merely a pointer to the files, which tells the operating system to no longer include that information in file listings that the user sees. The content still exists on the hard drive until it is overwritten. This is also often true for items on mobile devices, like text messages.
  • If a wiping program is used, it still can’t account for backup services, so forensic specialists can use software to detect if these wiping programs were installed and/or used. If so, backed up copies of the deleted file can be accessed.
  • Even if the device is protected by thumbprint, forensic professionals can often access the corresponding iCloud account through legal process. The account typically has copies of everything.

What steps can you take to prevent employees from taking information with them when they leave your company?

  • Create a written agreement that lists the owner(s) of the data and provides guidelines for what data can and cannot be taken by an employee.
  • Be selective on who is granted permission to company data – and segregate your data for different levels of access privileges. Keep a detailed log in place that includes who accessed which computer or device, what was done while using the device, when it was done and more.
  • Put written security guidelines in place that detail how data is to be stored and transmitted. Don’t forget to include guidelines for portable items that contain data, such as USB devices, laptops and smartphones.
  • Create and enforce an information governance (IG) policy, outlining what data to preserve and how to maintain it. Your IG policy should also specify a defensible deletion process for the data you don’t need. Information can’t be stolen or mishandled if you don’t have it, so don’t collect and retain sensitive information that you don’t need.

Can employers collect business information accessed by employees via personal devices, and vice versa?

  • Employers have the right to see what is on company devices. Yet, if a company wants to access personal information on company computers, it’s best to consult with an attorney before taking any action. To avoid complications, many businesses implement a policy that states there should be no expectation of privacy for anything accessed via a company-owned device.
  • Company information on personal devices can be accessed by the company, too. And many businesses have employed a specific policy for dealing with the Bring Your Own Device (BYOD) phenomenon.

How can companies manage BYOD issues?

  • Implement a data ownership policy that fully discloses company procedures and ramifications. For example, implement a policy that all devices must be controllable from within the organization. This grants the employer the right to monitor employees’ activities on the device, and it ensures that, should a device be stolen or an employee terminated, the IT department can remotely lock or wipe the device.
  • Allow only devices that will actually be used for company purposes to connect to the corporate network.
  • Ensure that all devices granted access to the corporate environment meet established security and policy requirements. For example, companies may require that portable hard drives or flash drives be inspected before leaving the premises to make sure no company data is removed from the building.

Creating and implementing a well-documented strategy for maintaining confidential information and having technological safeguards in place will make it much harder for an employee to steal data. In the event that an employee is able to sneak out data, the right logging and backup systems will enable forensic personnel to prove theft. When used as evidence in court, the proof of a theft may allow for retrieval of the information and sanctions against the person(s) who stole it.

The takeaway

Chuck Snipes outlines above the sensitive nature of data, and highlights just some of the ways experts like him can prove theft. If you suspect a former employee is or has accessed, altered, or taken data, you’ll need to call in the experts. Contact Chuck at DSi to find out how they can strengthen your position and keep your data safe.

Remember that everything typed, saved, altered, transferred, or deleted, isn’t gone forever – forensics experts know how to find it.

#DeletedData

The American Genius is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Continue Reading
Advertisement
1 Comment

1 Comment

  1. Pingback: Retailers struggle as theft rises (and it's not kids pocketing things) - The American Genius

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Making Slack actionable makes you productive

(TECHNOLOGY) Slack is an amazing productivity tool, but of course can add more to your plate – this feature puts you back on track.

Published

on

slack

You know when you’re using Slack and you’re having a conversation with your teammate about whether or not you should grab lunch or go to Soul Cycle, but before you can answer, your editor Slacks you about deadlines and your design partner messages you proofs and suddenly you snap back to reality and remember that you’ve been working on a blog post for an hour and your concentration is completely shattered? You know, the exact moment when your productivity is officially derailed?

Well, Slack now offers Actions to help make sure that doesn’t happen. Your day may get busy, but at least nothing will slip through the cracks, work-wise.

Integrated with project management tools like Asana, Zendesk, and Jira, Actions allows users to create and comment on tasks, tickets or issues within conversations. That means no clicking through tabs or apps until you can no longer remember why you started clicking in the first place. More importantly, Actions keeps track of the work you need to do and when you need to do it.

So, how do Actions work?

1. Need to create a deadline or set up an appointment? Anything you see in Slack that needs a follow-up can be turned into an action when you click the ••• icon and choose an “action.”

2. When you’ve completed an action, a message appears in your Slack channel and lets your team know you’ve flagged it for follow-up.

3. Whichever app you’ve integrated with will alert Slack at which point you and your team can determine the next steps.

Bottom-line, Actions help keep your workflow moving. While it may not stop the onslaught of Slack messages from breaking your concentration, at least you’ll know what you should to be concentrating on.

If you’re curious to know more about Actions, the company has ample info on their API pages for your perusal.

Continue Reading

Tech News

Freezetab streamlines how you save tabs in Chrome

(TECH NEWS) Freezetab is the newest chrome extension that allows you to organize saved tabs in a myriad of ways.

Published

on

freezetab

Internet made easier

With the browser becoming more and more of a workspace than merely an application, the built in bookmarks tool may leave you a bit hungry for more.

bar
Chrome users who need better tools to organize and manage bookmarks may find the power they need in Freezetab.

Bookmark’s cooler, hotter younger brother

Freezetab seeks to answer the questions of “what if I could organize my bookmarks by website” or “I only want to save all but two of these tabs on zen office designs.” It seeks to give you more options beyond the “one or all” choices in chrome. Here is the lowdown:

  • The calendar feature remembers WHEN you saved a tab – so if you can’t remember the title you can just go back to the day.
  • Chrome either lets you save one or all tabs. Freezetab expands those options to include: all, current, everything but current, right of, left of, or pick and choose.
  • If you are sharing a collection of tabs with a workgroup or a partner, it exports as a nice textbox that is easy to share in integrated messaging, IM, or email. Or even social media!
  • Sorting is robust, and there is a solid search feature that searches as you type.
  • That quick save feature saves all the tabs and closes them – and you can adjust that quick save feature to meet your needs.
  • There is a handy little star feature to note important bookmarks (i.e. recipes and excel techniques).
  • Enhances your close tab capability to close everything to the left and specific tabs – this great if you work in chrome and have 75 tabs open that have one letter names.
  • It is easier to sort tabs after you save them – you can search for them and then sort into folders you create rather manually organizing them into folders.
  • As a bonus: for those who don’t want to have to sort bookmarks – unlike Chrome which requires you to pick a folder or risk turning your bookmarks to an unorganized mess, the extension automatically organizes it for you.

Freezetab findings

After spending a few moments with Freezetab, it does fit in nicely with a workflow. Solidly reviewed, the developer did solve an issue with “pinned” tabs in the 1.2 update. – so it doesn’t remove or add them. The features are nice and easy to use, and it doesn’t require more than five minutes of playing around.

One complaint – if you choose to the right or left of the current tab to close, it did close the active tab as well – which was a little funky. But once you get comfortable with the nuances, it’s easy to use.
The interface is function over form, but you won’t have any problem using or customizing this extension. Now Bookmark smart y’all!

#FreezeTab

Continue Reading

Tech News

We’ve all seen job listings for UX writers, but what exactly is UX writing?

(TECH NEWS) We seeing UX writer titles pop up and while UX writing is not technically new, there are new availabilities popping up.

Published

on

writers net neutrality twitter facebook outlook email drag

The work of a UX writer is something you come across everyday. Whether you’re hailing an Uber or browsing Spotify for that one Drake song, your overall user experience is affected by the words you read at each touchpoint.

A UX writer facilitates a smooth interaction between user and product at each of these touchpoints through carefully chosen words.

Some of the most common touchpoints UX writers work on are interface copy, emails and notifications. It doesn’t sound like the most thrilling stuff, but imagine using your favorite apps without all the thoughtful confirmation messages we take for granted. Take Eat24’s food delivery app, instead of a boring loading visual, users get a witty message like “smoking salmon” or “slurping noodles.”

Eat24’s app has UX writing that works because it’s engaging.

Xfinity’s mobile app provides a pleasant user experience by being intuitive. Shows that are available on your phone are clearly labeled under “Available Out of Home.” I’m bummed that Law & Order: SVU isn’t available, but thanks to thoughtful UX writing at least I knew that sad fact ahead of time.

Regardless of where you find a UX writer’s work, there are three traits an effective UX writer must have. Excellent communication skills is a must. The ability to empathize with the user is on almost every job post.

But from my own experience working with UX teams, I’d argue for the ability to advocate as the most important skill.

UX writers may have a very specialized mission, but they typically work within a greater UX design team. In larger companies some UX writers even work with a smaller team of fellow writers. Decisions aren’t made in isolation. You can be the wittiest writer, with a design decision based on obsessive user research, but if you can’t advocate for those decisions then what’s the point?

I mentioned several soft skills, but that doesn’t mean aspiring UX writers can’t benefit from developing a few specific tech skills. While the field doesn’t require a background in web development, UX writers often collaborate with engineering teams. Learning some basic web development principles such as responsive design can help writers create a better user experience across all devices. In a world of rapid prototyping, I’d also suggest learning a few prototyping apps. Several are free to try and super intuitive.

Now that the UX in front of writer no longer intimidates you, go check out ADJ, The American Genius’ Facebook Group for Austin digital job seekers and employers. User centered design isn’t going anywhere and with everyone getting into the automation game, you can expect even more opportunities in UX writing.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!