Shared from the 5/1/2017 Chicago Lawyer magazine eEdition

INSIDER DATA THEFT What Lawyers Need To Know

Picture

Andrew Reisman is CEO of ELIJAH, a Chicago-headquartered company named “Digital Forensics Provider of the Year” by the 2017 Finance Monthly Law Awards and “U.S. Computer Investigations Provider of the Year by the 2017 ACQ5 Law Awards. Mr. Reisman has over 20,000 hours of investigative experience and has testified as an expert in computer forensics, eDiscovery, and data security in numerous federal and state courts. Prior to forming ELIJAH in 2003, Mr. Reisman was a partner in an international law firm, and was class valedictorian at the University of Illinois College of Law where he also served as Editor-in-Chief of the University of Illinois Law Review.

Picture

Hacking is sexy. Perhaps not the hackers themselves, notwithstanding Hollywood casting including Robert Redford in 1992’s Sneakers and more recently Chris “Thor” Hemsworth in 2015’s

Blackhat. Data breaches by cybercriminals regularly lead the evening news. After a litany of incidents involving a who’s who of corporate America, cyber security preparedness is on the radar in C-suites and board rooms across the country. Law firms have taken notice as well, as many companies now factor cyber security in assessing which outside counsel to retain.

In focusing on what grabs headlines, businesses often overlook a less exotic but highly significant information security danger – insider data theft. A recent survey of over 200 organizations found that 69 percent experienced data theft incidents involving insiders, a figure rising to 77 percent within technology and media companies. An Intel study found that nearly a third of such incidents involved theft of customer information, the lifeblood of many organizations.

Motives for insider data theft are varied, but common scenarios include at least one of the following:

Competition: In the classic scenario, a departing salesperson copies customer information to make it easier to compete. A single misappropriated spreadsheet could contain the proverbial keys to the kingdom.

Intellectual Property: Formulas, source code, or other intellectual property are copied to save the time and money associated with developing such materials independently.

Espionage: Both foreign and industrial, including direct actors and more commonly those looking to make a fast buck by selling stolen data.

Extortion: Using the threat of releasing embarrassing data to secure compensation.

Punishment: Not everyone likes being fired. Some people steal data to maliciously publish it without financial remuneration.

Use in Potential Litigation: For example, copying communication regarding romantic entanglements or instructions from supervisors also could include confidential company information.

Inadvertence: Many employees keep personal photos, videos, and music on company devices. Business documents accidentally could be included when copying personal files.

With so many potential motivations for insider data theft, one wonders if the survey responses more accurately could be expressed as 69% of companies recognizing that they have been the victims of such thefts, while the other 31% are blissfully ignorant!

Fortunately, despite the magnitude of the problem businesses can take several practical steps to minimize risks associated with insider data theft:

Perform Targeted Investigations: Digital forensic experts often can unearth evidence of insider data theft that otherwise would go undetected, discovering hidden artifacts that remain resident on company computers and mobile devices even after deletion. Proactively analyzing the equipment of higher risk personnel – for example, departing salespeople and senior executives – can result in early identification of data theft issues, mitigating potential losses.

Adopt and Update Computer Usage Policies: Adopting easily understandable computer usage policies, promoting awareness, and maintaining a culture of enforcement can deter insider data theft. Technology changes rapidly, and businesses should periodically revise policies to keep pace.

Improve End of Employment Processes: Exit interviews represent a perfect opportunity to request return of electronic storage devices, ask if business data is stored in personal devices or accounts, and seek written confirmation that such data has been returned.

Establish Digital Forensics Provider Relationships: Building a trusted relationship with a preferred provider can yield substantial dividends, providing an impartial source for guidance, analysis, reports, and testimony. Outside experts also can facilitate data remediation by reviewing and removing corporate data from personal devices that employees otherwise would be reluctant to supply directly to former employers.

Consider Endpoint Security Options: Many commercial tools exist that restrict the ability of employees to copy data, and that monitor such activity in real time. Companies should balance the need for data security against competing interests, such as privacy and productivity.

For lawyers, these are not simply tips to address with clients. Law firms routinely are entrusted with highly sensitive information, and are a target rich environment for insider data theft. Failing to adopt reasonable procedures can create significant liability, business risks and raise professional ethics concerns.

Bottom line, companies that invest significant resources in physical and cyber security measures to keep intruders at bay often leave the proverbial and literal back door wide open for data to exit along with departing employees. Making prudent investments in deterring, detecting and preventing insider data theft is crucial in safeguarding confidential information, reaping exponential rewards. And that is sexy.

See this article in the e-Edition Here