Protecting corporate information
A successful startup will quickly develop data and/or trade secrets that are unique and vital to its business. This information must be safe-guarded, but unfortunately not just from competitors. Most thefts of data and trade secrets actually come from individuals inside of a company, and approximately 85 percent of corporate data theft is committed by people known to the company.
Employers should be on the lookout for the following behavior pattern by their employees: (i) coming into work early or staying late; (ii) accessing folders where there was no previous access; (iii) slowly cleaning out his or her office; and (iv) resigning, citing a new job with a competitor, a desire to take time off or go back to school. If you suspect that an employee is committing theft you should begin to monitor network activity, secure all data on any company devices, and investigate/interview other employees in order to recreate an employee’s last few weeks.
How can you use digital forensics to protect corporate information?
Digital forensics can be used to determine if data was copied by an employee, what devices may have been attached to company computers, what files/documents were accessed as well as what applications were run by an employee. Digital forensics enable employers to preserve evidence against an employee, can assist with the investigation and analysis process, and can be used as a tool to report to internal management and/or in litigation proceedings.
Do not undertake a digital forensics exercise without the support of a seasoned professional. It is possible that you will inadvertently alter metadata, retrieve incomplete information, damage source drives or delete the electronic footprint left by the employee.
What are the best human resources practices to protect company information?
By undertaking preventative measures you can save yourself time and money, both of which are invaluable to startup companies. Helpful strategies include:
- Obtain confidentiality agreements–separate from non-competes–from all employees
- Conduct trainings on confidentiality
- Put in place clear policies on computer use that are regularly circulated to employees
- Ban cell phones/cameras/flash drives in sensitive areas like research and development
- Lock-up hard copies of formulas
- Employ badges and swipe cards and log all visitors into facilities
- Conduct exit interviews and remind outgoing employees of confidentiality obligations in writing
- Conduct yearly audits of all offices/branches to avoid inadvertent disclosure of sensitive information.
Questions? Email us at firstname.lastname@example.org.