InfoSec Strategies

A Day in the Life of an SMB That Needs a Data Forensics Service Provider

Reading Time: 3 minutes

Last Updated on December 7, 2020

SaaS sad employee
Two engineers and a sales guy walk into a bar. They discuss how to launch a new business and compete with their current employer. Then the sales guy goes home and downloads everything in Salesforce while the engineers grab every contract and document template. It’s no joke.

Welcome to the world of a data forensics service provider—and the SMBs that hire them.

“We do a lot of intellectual property theft cases and employment law cases … where you are really trying to tell the story about [what happened on] the computer,” relates Brian Dykstra CISSP, CCFP and CEO of Atlantic Data Forensics. Brian recently joined an episode of The Virtual CISO Podcast, hosted as always by John Verry, Pivot Point Security’s CISO and Managing Partner.



Brian has no shortage of stories on tap: “Sometimes people actually form their own competing company while they’re working for their employer, which is also a ‘No, no don’t do that. Remember Brian said don’t do that…’ type of thing.”
“Or sometimes the person that hired them, they show up with slide decks and materials and client lists and they’re like, ‘Whoa, you weren’t supposed to bring any of that stuff with you,” states Brian. “Oftentimes companies do the right thing and inform the previous employer.”
Employment law cases range from wrongful termination to sexual harassment to hostile workplace environment issues. “Unfortunately there are a lot of ‘specious claims’ out there,” Brian remarks.
“So in any state in the US, you have about three years after you’re terminated or left your employer to go back and sue them for any one of a number of things or multiple things,” Brian continuesTypically what happens .. is an employment attorney will wait about a year, just long enough for you to get rid of the computer and the email accounts and everything else for that former employee. Then you get sued and there’ll be a dozen emails that make it look like you’re the Devil.”

If that happened to you, could you find the supporting data to deal with such claims?

As Brian says: “Most of the time a company that has to defend themselves against that, they’re like, ‘Oh geez, does anybody know? Do we still have that mailbox?’ Of course you go to IT. And they’re like, ‘Why would we have a mailbox for a person that was fired a year ago? Where’s the computer? We reformatted it and gave it to somebody else.’ So we end up doing forensics in those situations, too.”
Another common litigation scenario involves senior executives who are terminated for cause and subsequently sue their former employer; or where there are “hard feelings” about a departing exec’s new employer, dealings with customer, etc.
“We typically advise our clients that, especially if [a senior exec’s employment] ends in an unusual way, that it’s not a bad idea to actually freeze those drives,” Brian notes. “So even if you want to repurpose the laptop, if you take that drive you either directly forensically image it or you keep it in an evidentiary way.”
To streamline this process and make life simpler for HR and IT, Brian’s company has an offering called Safe Departure. “As soon as you know somebody is going to be terminated… we just stop in and make a forensic image of their laptop. We collect their mailbox and any network shares. If they have social media accounts associated with their job, we go ahead and pull all that material, too. … Nobody looks at it, nobody does anything with it. It goes into evidence storage … for that three-year period. And hopefully nothing ever happens, describes Brian. 
But we find about every twentieth one… Six or eight months later, or sometimes as little as three or four weeks later [the client] is like, ‘OMG, you still got that, right?’ And then they tell us some crazy story,” recounts Brian.
Tlisten to this informative (and surprisingly humorous) episode with Brian Dykstra all the way throughand peruse our other informative security podcasts, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you’ll find all our episodes here. 

ISO 27001 Roadmap ThumbnailISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know –
and things you may already be doing.

Get your ISO 27001 Roadmap – Downloaded over 4,000 times

Back to list

Leave a Reply

Your email address will not be published. Required fields are marked *