We were recently tasked to investigate an individual suspected of harassment within the workplace. As part of the process, our team preserved the individual’s mailbox and analysed the emails, and we identified emails of harassment. However, what we further discovered came as quite a shock to our client. We discovered the individual was forwarding private and confidential emails to their personal email account. On identifying this, HR and the General Council requested a digital forensic report from Valkyrie, and they asked if the investigator could sit in on the interview process with the individual. When questioned about the emails the individual admitted to harassment; however, the reason he gave for forwarding the email was shocking. He said he didn’t want to carry his laptop to and from the office, so; he forwarded documents to his personal email account to work on the documents at home.
The Valkyrie investigator explained to the individual the implications of his actions. He took private and confidential data from the company outside of the secure infrastructure and placed these on insecure devices such as his personal laptop. Not only that, but the documents are also stored on the email service provider, thus, creating multiple sources for someone to breach. We are imaging his personal devices (given consent) to identify our client’s commercial documents, delete them from his system and then securely wipe them so they are unrecoverable.
This is another timely reminder for everyone that the insider threat is real and that it’s not just external parties you must be aware of. Sometimes, an employee’s minor convenient behavioural issue can have significant consequences. They are doing things for convenience without being aware of the risks. Valkyrie is a key awareness advocate and would recommend that employers speak with their employees (provide training) about security policies regularly and review and update these policies. We are currently assisting our client with revamping these and doing desktop exercises on security breaches, which we will post in the coming weeks.