Investigating Leaks of Sensitive Information
From Businesses or Organisations
“Information is like gold. If you don’t have it, you don’t survive.”
– Bruce Ferguson, former head of New Zealand’s foreign spy agency, the GCSB.
How do leaks occur?
In a competitive business landscape, competitors, hackers and others want to access confidential information held by companies, organisations, law firms and government departments. Some of the more common ways in which information is leaked from a business or organisation include the following:
- A physical covert listening device (dealt with by conducting a bug sweep).
- A bugged mobile phone (dealt with by a forensic examination of any suspect phone/s).
- A compromised computer network or compromised online account/s (dealt with by having a computer forensic technician perform an examination). Phishing, malware, ransomware and improper internal security protocols attacks are the most common causes of such problems.
- Interception of physical mail or documents coming into the business or a director’s residence (if a PO box is not used) or going out (if a shredder is not used and items are just placed in regular rubbish).
- A malicious or negligent employee (there are various ways in which investigations can be conducted into the behaviour of employees and these should be discussed taking into account the circumstances of the particular matter).
- Access control problems that enable persons and/or employees to access the office after hours or when unattended (dealt with by utilising a CCTV and back-to-base monitored alarm system).
- Physical surveillance and/or GPS monitoring of management outside of the office by a competitor or other party (dealt with by conducting counter-surveillance techniques and a bug sweep).
- A covert investigation by a government body (managed by endeavouring to ascertain whether such an investigation is taking place).
This is not intended to be a comprehensive list but these are the ways in which sensitive information is typically accessed improperly. In our experience, leaks of sensitive information are most likely to occur as a result of malicious or negligent employee behaviour. Managers and employers are often under a misapprehension as to the cause of a leak and often believe a covert listening device is responsible when there is in fact another explanation. This is not to say that covert listening devices are not improperly used but they are generally not as effective as a wayward employee who may have access to all manner of information.
Be wary of Ransomware.
Ransomware is a growing problem and lawyers especially have been targeted in recent years. Prevention is the best cure when it comes to hacking attacks so ensuring one has a managed IT service provider who are competent with security is a must. It’s also necessary to ensure staff are cognisant of the fact that links and attachments in emails can contain dangerous malware so one should only engage with such correspondence if one is certain it is from a trustworthy source. If one wishes to check the safety of an email, having an IT expert open it in a “sandbox” environment where it can be tested is a must.
Whatever the source of a leak, an experienced, broad-based investigator can examine the problem and propose a solution. The above information should help you gain a basic understanding of the elements involved in preventing, identifying the cause of and rectifying a breach.