Field Notes: Employee Departures

August 27, 2017


It’s Friday afternoon and the conversation goes a little like this, “Wait, what?  They’re leaving?  Where are they going?  Is there any opportunity to help them reconsider?” 


When a key employee departs an organization, it can take a toll on clients and colleagues, productivity and morale.  What follows is a rush of activity: current projects are reviewed, transition plans are quickly drawn up and put in place, and decisions are made about how to replace the departing employee and how to communicate the departure to the rest of the firm and clients. 

Unfortunately, this can also raise questions of concern for the organization, such as, “Did they take any electronic documents with them and, if they did, how can we tell?”  Today, employees have easy access to more information than ever before and even greater opportunity to walk away with company data.  While most don’t, too many make the choice to take something.  Despite best efforts and safeguards, the prevalence of mobile devices, cloud storage, USB devices, etc. provide several possible avenues for a misguided employee to take sensitive company data with them when they depart. 


Assessing a single avenue (e.g., USB devices) is not very complicated and can be very insightful. One of my iDS colleagues, Arnold Garcia, recently wrote about USB devices [TW2] and how we can determine the history of their usage on a computer.  This can be a big help in understanding if an employee took electronic documents upon departing an organization.  Along with USB issues, some other questions to consider are:

  • Did the employee have access to any valuable company assets (client lists, pricing, designs, etc.)?

  • Did the employee visit any cloud storage and/or personal email websites recently and/or frequently?

  • Was there any recent abnormal network or file access?

  • What’s the risk to the business? 

  • What are the recommended next steps (if any) for further investigation?

Assessing the overall risk of data theft across a variety of potential data sources has historically been time consuming and expensive. The right experts, like those at iDS, armed with proven methodologies and proprietary tools, can quickly assess all the available evidence, paint a detailed and reliable picture of the departed employee’s last days or hours, and determine the potential risk involved. With this assessment, you can make an informed, evidence-based decision on how to proceed. 

First appeared in The iDS Forensicators Blog as "KEY EMPLOYEE DEPARTURES & RISK ASSESSMENT"


Share on Facebook
Share on Twitter
Please reload


Ethical Hacker

Featured Posts

The Ethical Hacker: Technically Speaking, Cybersecurity Isn’t About Speaking Technically

September 24, 2017

Please reload

Recent Posts

August 27, 2017

Please reload

Please reload

Search By Tags

I'm busy working on my blog posts. Watch this space!

Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2017 Biscope Consulting, LLC