|
Sutton Associates News Bulletin
Greetings!
A BBC news article published in September 2006 stated that
"industrial spying is estimated to cost global business more than $200 billion
a year, according to U.S. security experts." Espionage is obviously big
business, and it is usually a crime carried out by highly motivated and trained
individuals.
Industrial espionage aside, many other
technology transgressions can slow productivity or even harm employees. For
example, an unauthorized user may access an employee's private data and use
this access to intimidate or threaten the individual, reducing morale or-even
worse-coercing that person to commit acts that he or she would not otherwise
do.
|
|
Outside Investigators Help with Internal Threats
 Internal vs. External Threats
Most IT departments focus on preventing outside threats,
such as penetrating security barriers to obtain sensitive information, wreaking
havoc by introducing viruses or worms, or simply deleting files. The danger is
omnipresent, and IT departments must constantly adapt security practices to
neutralize the threat.
However, internal threats are just as dangerous and often
harder to identify and deter. According to a June 19, 2008, press release, a
survey conducted by Cyber-Art Software found that one in three IT staffers use
their administrative access levels to read employees' personal email and files,
as well as to access company files containing confidential, personal
information. Additionally, Manek Dubash reveals in "Study: IT Admins Read
Private E-Mail" that one-third of IT professionals still access the company
network after they have left employment. Clearly, internal threats should be
taken just as seriously as external ones and fall under the security director's
purview of responsibility.
According to Yalkin Demirkaya, former commanding
officer of the Computer Crimes Unit of the New York City Police Department, a
company insider is more likely to be the offender when it comes to stealing
company information. An expert who has lectured extensively on computer crimes,
Demirkaya advises that companies seek an independent IT investigative firm for
assistance, especially when the attack may come from within.
Why outsource?
For several reasons, companies should hire an outside firm
to handle high-technology criminal investigations rather than relying on the
internal IT department.
1. To avoid tipping the
firm's hand. 2. To use the most advanced
technology. 3. To know which information
to access.
First, the threat may be internal, in which case you may not
be able to trust anyone within your own organization. In fact, because someone
in your IT department could be involved (who better to funnel information out
of the company than someone who knows the security protocols and systems?),
informing your IT staff could harm the investigation. Rather than risk
approaching the perpetrator, hiring an independent investigative company with
IT expertise can be the best solution.
Second, most companies do not have the technology or
equipment necessary to launch a sophisticated high-technology investigation.
This specialized equipment is usually very expensive, and few organizations
have a reason to purchase it. As a result, it's often more cost-effective to
hire a firm that specializes in IT investigations and has the appropriate
tools.
Finally, an expert technology investigator will know what
type of information can be retrieved from your computers and servers to advance
the investigation, as well as what can be used as evidence for successful
prosecution. These specialized investigators know where to find information and
what information is germane to the case. They also understand current privacy
laws regarding which types of information they can access, and they know what
information can be used as evidence in court.
Many IT firms can perform the technical aspects of an
investigation; however, a true investigator not only knows what to look for,
but also has the resources to track down leads. Additionally, an independent
firm can ensure that your company acts within the boundaries of the law, while
discreetly conducting a comprehensive investigation.
Click here for the
full article published in ASIS' Spring 2009 issue of Security Director Magazine,
which includes helpful information on how to choose an IT investigator.
Please contact Sutton Associates Vice President Forhad Razzaque at
(516) 450-3328, or via email at forhad@suttonassociates.com, to learn more about how Sutton Associates can help you with IT
investigations or any of your other investigative needs. |
|
|
|
|
James F. Murphy
President
We are a global intelligence and consulting firm backed by decades of experience. Our success with high-profile, sensitive projects mean that you can
count on us to perform with professionalism, discretion, and care. We have a simple, personalized approach: You are not just another account number; you're our partner. To learn more, click here. |
E-Verify Rule Postponed
On
June 3, 2009, the U.S. Citizenship and Immigration Services (USCIS) issued an
update stating that the E-Verify effective date has been delayed until Stpember 8, 2009.
For more information
regarding the E-Verify system, read our previous bulletin,
which explains the rule, its benefits, and links to helpful resources, such as
"Frequently Asked Questions" and "E-Verify Employer Dos and
Don'ts". You can also visit the USCIS E-Verify webpage. |
|
