1 / 38

Introducing Anthony Drake/Mike Spence Workplace CSI

Introducing Anthony Drake/Mike Spence Workplace CSI. Workplace CSI: what to do when your data walks out the door. Anthony Drake, Bell Gully Mike Spence, deCipher Ltd. A real NZ scenario. A trusted employee gives notice

courtney
Download Presentation

Introducing Anthony Drake/Mike Spence Workplace CSI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing Anthony Drake/Mike Spence Workplace CSI

  2. Workplace CSI:what to do when your data walks out the door Anthony Drake, Bell Gully Mike Spence, deCipher Ltd WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  3. A real NZ scenario • A trusted employee gives notice • Two days before resigning he remotely accesses the company’s computer network • He spends five hours downloading company information: product, price and client lists, strategic plans, forms etc WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  4. He applies to use up his annual leave during the notice period • He hands in his work laptop computer and other property • His manager asks: where are you going? what are you going to do? • Met with reticence, reluctance to reply WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  5. The manager suspects that the employee is off to a possible new competitor • A “reminder” letter about confidentiality is sent and undertakings sought • The response is unacceptable WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  6. Enter the forensics expert Computer forensics is:using computer investigation and analysis techniques in the interests of determining potential legal evidence WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  7. Steps in a computer forensic examination: • Acquire evidence • Analyse evidence • Produce report Provide ‘expert’ consultation and testimony WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  8. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  9. Acquisition • Search warrant and Anton Piller orders • Delivered to the Lab • On site • Overt and covert WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  10. Forensics explained Computer hard drive WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  11. Used Space Used Space Used Space Unused Space Unused Space A copy and a clone Computer Hard Drive A Copy A Clone 11 WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  12. A clone and a copy • A forensic clone has embedded digital signatures • Can be used in court as ‘best’ digital evidence WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  13. A matter of scale Average 80Gb Computer drive Printed A4 and stacked 4 Giga Bytes Printed A4 and stacked 13 WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  14. TODAY’S BIGGEST THREATTO INFORMATION SECURITY WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  15. The USB key Today’s biggest threat to information security WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  16. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  17. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  18. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  19. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  20. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  21. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  22. WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  23. This case • Laptop sent to forensics expert for examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  24. Forensics report: 1 Laptop computer • On day before leaves company, accesses several thousand documents on company server over 5 hours, 12 minutes, 26 secs • Has USB device connected to laptop (Oti USB device) • Has previously connected laptop to printer(Brother MFC printer) Sample of files accessed provided including marketing planning, sales profile documents WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  25. Demand for return of USB key made; not returned • Urgent application made to Employment Authority seeking return of all company information, USB key and preservation order for these • Authority convenes urgent hearing and issues orders • USB key is returned WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  26. Forensics report: 2 USB memory sticks • One company USB used to back up files • Personal USB empty and formatted – forensic software reveals 8434 deleted files • Search reveals company name appears 26,764 times in files • Evidence of yet another computer found WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  27. But wait there’s more • Another application made to the Authority seeking access to all and any personal computers • Orders granted • Home computer surrendered WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  28. Forensic reports: 3-5 Home computer • Correspondence with Australian competitor company • Emails show man’s wife purchases laptop and printer (type previously discovered) • Company spreadsheets • Folder called “Work” deleted with contents, several days before clone made Forensic report 6 - laptop of another previous employee working for competitor: nothing found WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  29. Another application to the Authority seeking access to wife’s laptop and USB key • Wife defends application, saying husband never had access to her laptop and it contained no company information • Authority order surrender of laptop and USB for examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  30. Forensics report: seven Wife’s laptop and USB memory stick • Personal undertaking to ERA on scope and confidentiality of search • Company name mention found 19,129 times • Competitor company name found 835 times • Laptop used by man to correspond with competitor company while his home PC removed WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  31. Final orders • Application for consent orders for restraint of trade for six months • Employee prevented from working for competitor company for that period • Employee ordered to pay company’s costs WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  32. Key legal principles • Common law duty not to use or disclose confidential information • English Court of Appeal: Faccenda Chicken v Fowler (1985) • express/implied duties of confidentiality • good faith and fidelity • post employment limits on information use • type and nature of information is relevant WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  33. Legal rights of employers • Issue a cease-and-desist letter and demand return of information • Seek a search and seizure order (Anton Piller) from the High Court • Apply to the Employment Relations Authority seeking directions: preservation, surrender, and examination WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  34. Legal rights of employers Complaint to Police • Crimes Act (2003 amendment) • taking, obtaining or copying trade secrets (section 230) – five years’ imprisonment • accessing computer systems for dishonest purposes (section 249) – seven years’ prison • damaging or interfering with computer systems (section 250) – seven years’ prison WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  35. Putting protections in place Consider • Placing limitations on how much information an employee can download without first having to seek approval • Disabling laptop ports • Carrying out an exit audit WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  36. Putting protections in place Act quickly • Confidential information issues naturally require immediate cooperation by employee; when cooperation is unlikely, compulsion by law to stop improper use of confidential and valuable company information WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  37. QUESTIONS? Anthony Drake, Bell Gully Mike Spence, deCipher Ltd WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

  38. ANTHONY DRAKE SENIOR ASSOCIATE DDI 64 9 916 8875 MOB 021 970 140 anthony.drake@bellgully.com Contact details MIKE SPENCE deCipher Ltd PH 64 9 445 3843 MOB 021 446 229 enquiries@decipher.co.nz WWW.BELLGULLY.COM | IFLR NZ LAW FIRM OF THE YEAR

More Related