Digital forensics: corporate information leaks

NFIR beeldmerk kleur
NFIR beeldmerk kleur

Digital forensics: corporate information leaks

Do you suspect employees are leaking company information? Then set up a digital forensics investigation. Often employee contracts contain clauses that reduce the chances of leaks of, for example, information about customers or sales figures, namely confidentiality, relationship, and competition clauses. Unfortunately, sometimes departing, disgruntled or extorted employees do leak company information. If you notice or suspect that your company information is being leaked, there can be very unpleasant consequences. Company information is very valuable information that can be used by unauthorized people to make a lot of money, to your detriment. You may be extorted with this, but the information may also be sold or used for your own gain.

Digital forensic investigation at NFIR

What can I do (besides confidentiality, relationship, and competition clauses) to prevent the leakage of company information?

First, it is always good to stay in touch with your employees. Know what is going on in the workplace and identify behavioral changes in your staff. In addition, it is important to screen your staff before hiring them. This will give you a better picture of your potential employee. So-called “forensic readiness” is also important. Many digital systems keep logs of all actions performed within those systems. It is important that these log files are kept for a longer period of time (about one year), so that it can be seen which persons have performed which actions. While this does not prevent the leak, it does make investigating the leak easier. Finally, always ensure that you work according to the “need-to-know” principle; your employees only have access to information they really need to do their jobs.

What can I do if information has been leaked anyway?

In any case, it is important to act quickly; this can prevent further damage. First, a (pre-)notification to the Data Protection Authority is necessary. It is also important to have NFIR conduct an investigation into the data breach. If you already know who leaked your company information, you can go to court. For example, the latter may authorize an evidentiary seizure; retrieving your business information from the person who unlawfully possesses it. NFIR, as a technical expert, can provide support in this regard.

Can it be determined who leaked data?

It is possible to have your company’s automated work examined by a party such as NFIR. For example, it is possible to find digital traces that may indicate data extraction from the corporate network. It is also often possible (depending on the log files present) to find out which employee logged in at what time or viewed certain documents. Finally, NFIR’s digital researchers are also able to conduct interviews with your employees to find out more information.

Digital forensics?

Use our report in court or when you make a report to another
official body (such as the Data Protection Authority).

Also check out our other Digital Forensics services

Digital Forensics

NFIR specialises in the collection, identification and validation of digital information. We can find out whether (un)conscious actions have led to the consequences you experience.

SECURITY INCIDENT BIJ UW ORGANISATIE?

De volgende 30 minuten zijn van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal, omdat een snelle en adequate reactie de schade kan beperken. Daarnaast kan verdere verspreiding van de aanval worden voorkomen en kan essentieel bewijsmateriaal veiliggesteld worden voor nader onderzoek.

Ons Computer Emergency Response Team (CERT) staat 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Heeft uw bedrijf professionele hulp nodig bij een beveiligingsincident? 

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage.
In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

Does your company need professional help with a security incident?