It’s Friday afternoon and the conversation goes a little like this, “Wait, what? They’re leaving? Where are they going? Is there any opportunity to help them reconsider?”

When a key employee departs an organization, it can take a toll on clients and colleagues, productivity and morale. What follows is a rush of activity: current projects are reviewed, transition plans are quickly drawn up and put in place, and decisions are made about how to replace the departing employee and how to communicate the departure to the rest of the firm and clients.

Unfortunately, this can also raise questions of concern for the organization, such as, “Did they take any electronic documents with them and, if they did, how can we tell?” Today, employees have easy access to more information than ever before and even greater opportunity to walk away with company data. While most don’t, too many make the choice to take something. Despite best efforts and safeguards, the prevalence of mobile devices, cloud storage, USB devices, etc. provide several possible avenues for a misguided employee to take sensitive company data with them when they depart.

Assessing a single avenue (e.g., USB devices) is not very complicated and can be very insightful. One of my iDS colleagues, Arnold Garcia, recently wrote about USB devices [TW2] and how we can determine the history of their usage on a computer. This can be a big help in understanding if an employee took electronic documents upon departing an organization. Along with USB issues, some other questions to consider are:

• Did the employee have access to any valuable company assets (client lists, pricing, designs, etc.)?

• Did the employee visit any cloud storage and/or personal email websites recently and/or frequently?

• Was there any recent abnormal network or file access?

• What’s the risk to the business?

• What are the recommended next steps (if any) for further investigation?

Assessing the overall risk of data theft across a variety of potential data sources has historically been time consuming and expensive. The right experts, like those at iDS, armed with proven methodologies and proprietary tools, can quickly assess all the available evidence, paint a detailed and reliable picture of the departed employee’s last days or hours, and determine the potential risk involved. With this assessment, you can make an informed, evidence-based decision on how to proceed.

First appeared in The iDS Forensicators Blog as "KEY EMPLOYEE DEPARTURES & RISK ASSESSMENT"