This is one of the most common calls we get from business owners and management. It’s a classic example of what’s often referred to as the “insider threat.”
What to do first
Start by documenting everything you can about the departure. This includes:
Mental impressions: What were your immediate thoughts and observations at the time of their exit? Was it voluntary or a termination? Did anything seem off?
Practical details:
- Itemize company assets that were assigned to them (laptops, smartphones, external drives, etc.).
- Note any data sources they used, including cloud accounts.
Recent activity:
- List recent projects they worked on.
- Talk with current employees who might have insights or noticed red flags.
Outside signals:
- Did a client call to say “John from another company” just reached out? Those early warnings can be critical.
Lock down potential remote access
Make sure to secure or disable their ability to reach into your systems. This includes:
- VPN access
- Email accounts
- Online storage drives (Dropbox, Google Drive, OneDrive, etc.)
- ERP systems
Doing this helps prevent further access or data destruction.
What’s next?
In upcoming posts, we’ll go over how to properly document your evidence collection and when to bring in outside investigators or attorneys to protect your interests.#InsiderThreat
About Swailes Computer Forensics
Swailes Computer Forensics provides expert digital forensic services to law firms, corporations, and organizations nationwide. Our work includes investigations into intellectual property theft, employee misconduct, data breaches, and more. With decades of experience and a commitment to integrity and clarity, we help clients uncover critical evidence and take informed action.
If you’re facing a potential case of employee data theft or have concerns about unauthorized activity, contact us for a confidential consultation.