As an employer, you have a responsibility to secure the private information you keep in your files about your employees. Fortunately, through simple and effective internal threat management procedures, you can help prevent employee information leaks from happening in your company. These procedures will protect the company's and employees' most confidential and valuable information from being exposed to unauthorized parties.
Right now, someone within your company may be accessing confidential corporate or employee information either dishonestly or by accident. In the news virtually every week, you read about large, well-known companies suffering from the loss of sensitive corporate information at the hands of employees. Given that Human Resource departments often hold the key to valuable corporate and employee data, the risk of breaches presents unique challenges.
Ways to Limit Exposure
Be aware of where critical employee information and corporate data are located and who has access to them. Then, develop an acceptable use policy for all employees that outlines the appropriate use of corporate assets and employee information. The policy should also outline who has access to this information. It should also detail the procedures when a violation takes place.
Having a policy is one thing, but you must consistently enforce those policies. Regularly review who has entered these sensitive files and if they were authorized to do so. Also, regularly review your policy to make sure it addresses the most current security best practices.
Ensure your company has an internal incident response plan and the appropriate resources in-house to handle an incident of employee information or corporate data loss or access by unauthorized employees or outsiders.
What Not to Do If a Data Breach Occurs
If the worst should happen and your company does experience a situation where sensitive data is leaked or lost, don't fall prey to common mistakes such as turning on an employee's computer to check around. Turning on the computer or any electronic device involved may destroy potential evidence.
Use a Computer Forensics Expert
Your company's IT department is not a computer forensics department. In fact, asking the IT staff to conduct even routine checks into a system's files can destroy potential evidence of a breach. A professionally trained computer forensics expert should be retained for the handling of all sensitive data.
There are several ways the evidence from a breach can be destroyed if you don't know how to approach the problem.
Boot Up the Computer
Turning on a computer that's relevant to a case can overwrite sensitive files that may be important to your company's case and change important timestamps. Compromised computers should not be used at all and should be stored in a secure location until they can be handed over to a computer forensics expert.
Turn Off a Relevant Computer
If a computer is running at the time it is discovered to be relevant to a data breach or investigation, it should be powered down in a way that will be least damaging to potential evidence. The only person that should turn off a suspected computer is a certified computer forensics expert or an IT employee under the supervision of such an expert.
Browse Through the Files on a Computer
Resist the temptation to snoop, even with the best intentions. HR may know exactly where to look, but it's the act of looking that causes problems for retrieving untainted evidence. Browsing through files may cause file times to change which may make it impossible to tell exactly when an important file was deleted or copied from your company's network.
Fail to Involve All Parties
In-house counsel, IT staff, and every business player involved with the case should be included when conducting electronic discovery. Failure to involve all parties can result in overlooked or lost data.
Fail to Learn the Lingo
Even tech-savvy support professionals may become confused by the expanded vocabulary used by computer forensics experts. It pays to become familiar with the new language.
Don’t Make a Forensic Image of the Computer(s) Involved
Imaging is the process in which you create a complete duplicate of a hard drive. This is done for the purposes of copying a complete and accurate duplicate of the original materials, with no risk of flawed or overlooked data.
Copy Data in “Cut and Paste” or “Drag and Drop” Methods
It is true that you can buy an $80 external USB hard drive and copy your data to it. However, this process does not preserve the unallocated space (where deleted files reside) and will change the file times and other data on the files that have been copied out.
Wait to Preserve the Evidence
The longer a computer is in operation without any preservation, the more likely that the data that is relevant to your company's situation may be permanently altered or overwritten. Always preserve your electronic data the moment you believe that litigation is possible.
Fail to Maintain a Proper Chain of Custody
Not documenting who had access to the electronic evidence after the alleged incident can lead to problems down the road. Opposing parties can poke holes in the collection and preservation process. They can argue that the data could have been altered on the device while the computer was not securely stored and unused.
You can protect the integrity of your corporate data and employee information for purposes of litigation, restoring and protecting against data loss. Just follow the rules shared here to maintain the integrity and not compromise the usability of your electronic devices and their stored data.