HR Executives are faced with greater risks than ever before when it comes to data security and employee behaviors. This is an overview of processes and emerging risks. Presentation Highlights:
KEEP passwords and data private
Greatest risk is from the inside
Spoliation risks in legal matters
Security Analytics and Employee Monitoring
2. p@SSw0rDz
Facebook
LinkedIn
Match.com
• Less is More, hire a professional
This line of questioning could open discrimination issues
3. Concepts of Security are
Changing
• The only thing you should be secure about is that
nothing is secure
• Organized Crime
• Random
• Employees
• Hacktivists
4. Greatest Risk to
Business?
• Employees, Contractors, Vendors & Partners
• Inside vs. Outside
• Don’t stop protecting outside…..
5. Virtual Machines & Child
Porn
• The virtual world is going virtual
• CP (or CSAI – See-S-eye) is an addiction
• Pirated media a (profitable) hobby
• High bandwidth, “ghost” (vmware)
The only thing you need to know:
Liability is HUGE.
6. Digital Forensics &
eDiscovery
• 2 Step Process
• Capturing and preserving everything
• Preparing the “Useful” information
7. SMILE!
Digital Forensics
Digital Forensics Using a 35mm Camera
Create a Forensic Image (Preserve Data) Take a Picture
Restore the Forensic Image Develop the Film
Analyze the Information Choose the Pictures you want
Report (and Testify) as necessary Build a Scrapbook
8. E-Z eDiscovery
1. Convert paper to electronic images
2. Combine images with Digital Forensics results
3. Filter out Unnecessary Info
4. Review Results
5. Submit
9. SPOLIATION
• The alteration and/or destruction of data
• Examples:
• Resending an email
• Opening a Word document
• Deleting a picture
• Turning on a computer
10. Litigation Hold
Legal Notice
Starts the moment litigation becomes reasonably possible
Requires parties to preserve all potential evidence
Failure to abide could bring sanctions, fines, dismissal of case, &
criminal charges
11. The IT Department –
Your BEST Friend… and WORST Enemy
• Digital Forensics is all about 3 things:
• Process
• Experience
• Defensibility
• CAN IT do some/all of it? Maybe.
• SHOULD IT do some/all of it? NO.
12. Any time…
You think internal is better/cheaper/faster…
• Remember:
• Legal, Financial, & Criminal Liability
• IT fear of public speaking
• Interpersonal relationships…… (ask about this)
13. Employee Monitoring
• It’s not Big Brother, it’s SMART Business
• Improves Data Security Exponentially
• Mistakes
• Desperate
• Criminal
• Makes Compliance Easier
• Can provide Productivity metrics
• Termination Justification
• Training Needs
• Resource Allocation
• Cost Saving Opportunities
Examples:
Lockheed, Fidelity, USPS, Kaiser Permanente
16. ADA
• EU says websurfing is an addiction
• What does the US say?
• REALLY????
17. Thoughts
Social Media is good
Acceptable Use Policies are required
Detailed Background Checks are better than FB
pages
Ongoing Training & Reminders are critical
18. Thank You
Rob Fitzgerald
The Lorenzi Group
866-632-9880 x123
www.thelorenzigroup.com