Your employees, contractors and consultants represent the human firewall guarding corporate information assets. On occasion, an authorized user overextends their authority and perhaps misuses corporate resources or worse. In these situations, your company may need to conduct an investigation that goes beyond traditional interviews and inquiry -- you may need to conduct a digital investigation to determine the actions taken and mitigate the risks of an insider threat.

At other times, you may find that an information security breach has occurred -- or may have occurred -- and your organization needs help containing, recovering and tracing the sources of the compromise.

In these (and similar) situations, The Carolina Computer Forensics Group can help you navigate the digital investigation process, perform the technical work necessary and find the relevant information needed to bring an inquiry to rapid closure while maintaining a legally defensible process -- something to contemplate when considering the use of internal or inexperienced technical resources. (Sometimes too, confidentiality is a prime consideration in a sensitive internal investigation.)

What is an Insider Threat?

Acts of commission or omission by an insider (current or past employee, contractor or consultant) who intentionally or unintentionally compromises or potentially compromises an organization'€™s ability to accomplish its mission. These acts include, but are not limited to, espionage, unauthorized disclosure of information, and any other activity resulting in the loss or degradation of departmental resources or capabilities. These acts can include employee misconduct, unauthorized remote access and Intellectual Property theft or negligence.

What is an Intellectual Property matter?

Most businesses have financial, manufacturing, business, patent or process information that if mishandled or intentionally released to competitors could have a significant negative impact on the business. Carolina Computer Forensics is an experienced and capable partner for businesses that need to find out everything involving intellectual property that is at risk and who is involved.

How should Human Resources be involved?

Human Resources is an integral part of handling cases in determining the rights of the employer and employee. Additionally, Human Resources must closely document all relevant activity and communication with employees and former employees.

What is the correct response to an Incident when things go wrong?

Experienced and qualified assistance should be sought immediately upon knowledge of an insider threat to assist with incident triage and analysis, evidence handling, chain of custody and preparation for the next steps.

How can digital security consulting help?

The massive amounts of data residing within corporations drive every level of the business including communications, finances, processes, intellectual property, contracts and employee information. It is the legal responsibility of every organization to take appropriate steps to secure the data and the environment in which it is stored. The Carolina Computer Forensic Group can help determine the current state of your information systems, strengths, weaknesses, level of security and potential risks.

Who should be involved?

Involvement should consist of as few people as possible when reacting to an incident so as not to risk a compromise of information by affected parties. Supervisory (management), Human Resources, Legal, and Technical expertise will need to be involved in the most discreet manner possible under the circumstance.

What things should I NOT do?

There are a number of things that should NOT occur when dealing with an incident. Predominantly this involves any changes to the environment or the deletion of data until it can be archived and imaged for future analysis.

What are Keyword searches?

Keyword searches involve looking for information specific to a particular thing like an email address, name, destination, or business.