We’ve talked plenty about the dangers of USB drives when it comes to data theft (and we’ll talk about them again, they’re not going anywhere). But today let’s focus on the growing reality of employees taking or keeping data via “online” means.
The new normal: Business data moves to the cloud
More businesses than ever, small, medium, and large, are moving their data to the cloud. The reasons are obvious: cost savings, features, and convenience.
I won’t be a complete naysayer here. The business landscape has changed. The old days of everyone working in one building, all tethered to a local server, are largely gone. Especially since 2020, the modern “office” might be:
- A handful of employees in a physical location with others remoting in.
- Or a fully virtual setup with staff scattered across homes, coffee shops, even beaches.
No matter the shape of the office, the need to access shared data from anywhere is real. That’s where central cloud storage shines, making it quick and easy to:
- Spin up a new user in a web portal.
- Grant them access to key data, all without a dedicated IT person walking them through configuring local drives, network shares, or email clients.
Sounds great, right? But this hyper-focus on features and convenience often means security takes a back seat, especially in small and medium businesses (though the principles here absolutely apply to larger companies and even families managing personal data).
Where does forensics come in?
The overlooked side of all this is proper access control.
Most people stay up at night worrying about being hacked by some outsider. Meanwhile, they overlook the far simpler threat: the people inside who already have legitimate access.
Too many times, we’re called in after the fact, after someone downloaded sensitive data from their personal device at home, or from a computer we didn’t even know existed. They didn’t need to sneak it out on a thumb drive. They just logged into the cloud system your company helpfully set up to be accessed from anywhere.
Logging alone isn’t enough
Sure, these systems have logs. But if Bob has credentials and downloads “customer_contracts.pdf” from home, those logs just show that Bob accessed the file. They usually don’t tell you whether it was on his company-issued laptop, or on a personal machine you’ll never see unless compelled by a court order.
Even worse, many small businesses embrace BYOD (Bring Your Own Device) to cut costs. When that happens, you’ve got no clue what’s stored locally on that device when Bob leaves. Now you’re facing attorneys and potentially litigation to compel a handover for analysis, far more expensive than simply providing company-owned devices in the first place.
And then there’s the next step…
Once employees get comfortable with company cloud platforms: OneDrive, Google Drive, Dropbox, many think:
“Hey, why not just set up my own account and move data there?”
It’s absurdly easy. And we’ve seen it happen time and time again.
The forensic advantage
Luckily, all is not lost. With proper digital forensic analysis, we can:
- Correlate logs: If a system log shows Bob accessed “123.xls” on April 5th, but Bob’s laptop has no record of it, that raises a flag. Where did he access it from? His home PC? A colleague’s computer? Shared credentials?
- Analyze local caches: Many sync tools keep quiet records of what was downloaded, what was deleted, and what might still exist on local drives.
In many cases, we’re able to piece together enough evidence to show unauthorized access or exfiltration, or even prove a case where data was not taken, which can be equally valuable if an employee is wrongly accused.
The bottom line
If you’re a business owner or leader, here are the immediate takeaways:
- Monitor what is stored in the cloud.
- Ask if that data really needs to be online and accessible from everywhere.
- Know exactly who has access and regularly revisit whether they still need it.
- When someone leaves, make sure the door closes securely behind them.
It’s far easier (and cheaper) to do this up front than to deal with the fallout of data walking out the door.#InsiderThreat #SMBSecurity #DataTheft
About Swailes Computer Forensics
Swailes Computer Forensics provides expert digital forensic services to law firms, corporations, and organizations nationwide. Our work includes investigations into intellectual property theft, employee misconduct, data breaches, and more. With decades of experience and a commitment to integrity and clarity, we help clients uncover critical evidence and take informed action.
If you’re facing a potential case of employee data theft or have concerns about unauthorized activity, contact us for a confidential consultation.