One of the most common forensic investigations we conduct often follows the departure of employees who say they have resigned and moved on to a 'new opportunity' or 'just to have a break'.
Even though the employee states that leaving has nothing to do with moving to a competitor or starting their own business, the truth emerges some months later.
When it becomes clear the departure was more than a simple and amicable parting of ways, it takes on a different light and poses a significant threat to the former employer’s confidential information. Has the employee given themselves a 'free kick' by taking confidential business information (Intellectual Property) such as pricing, client lists, designs, etc? What can be done about that after they have gone?
Once, this scenario most commonly resulted in forensic analysis to build a circumstantial case demonstrating access to documents and the use of USB devices and webmail to take the confidential information. These days there are smarter solutions that allow for employee behaviour to be continually monitored for evidence of risk to the business.
If the employer had deployed an 'Insider Threat Monitoring' tool, we would be monitoring employee activity in real time to identify certain risk behaviours. The system alerts us when it sees those behaviours, so we can advise the employer to act before the employee walks out the door.
Examples of employee risk behaviours can include:
Accessing and copying business documents
Attaching business documents to personal webmail accounts
Copying text from documents into emails
Copying documents to USB devices
If an employer knows exactly what suspicious activities an employee has been up to, they will be in a better position to recognise the risks and take appropriate steps to prevent damage to the business. It's that old adage about prevention versus cure....