Your former boss may be spying on you

MUMBAI | NEW DELHI: Companies are hiring forensic experts to detect and stop data leaks by disgruntled ex-employees who were sacked after the Covid-19 pandemic disrupted business. In the past few months, apart from corporate data being leaked to competitors or the media, negative comments about companies have been posted online and there have even been extortion attempts, say insiders. Forensic investigators are being hired to bar remote access, undertake surveillance, scour the dark web for any leaked company data and also delete social media posts of employees who were sacked or shortlisted for firing.“Companies are struggling with instances of data pilferage by employees leaving their organisation,” said Jayant Saran, partner, forensic, financial advisory, Deloitte India. “In many instances, due to the lockdown, company-provided machines continued to be in the possession of these employees even after they ceased to be employees.While there were contracts for top executives regarding stealing of data, this is a real fear, especially at this time as it’s difficult to monitor every employee.” One sacked startup employee, for instance, got hold of the international travel plans of about 1,000 customers and passed it on. “This incident could lead to fines for the company under GDPR (General Data Protection Regulation) as about 100 customers were from Europe,” said a person close to the development. 76655767In another case, an IT company based in Pune was hit by malware. A forensic team discovered that a disgruntled employee, who had been shortlisted for sacking, was responsible for installing the bug. “Full-fledged digital forensic investigations are being carried out remotely in cases where companies have sensitive data and the fear is that disgruntled employees sacked during Covid could harm the company,” said Amit Jaju, senior managing director, FTI Consulting. “In many cases, we have even seen that companies want to put employees under the scanner and check any data-theft red flags during the notice period.”Companies such as Swiggy, Zomato, Paytm and MakeMyTrip are stepping up data protection, said people aware of the matter. Swiggy declined to comment. Zomato and Paytm didn’t respond to queries. “We have robust processes built for data protection at all times, including one button de-provisioning of all access. We have built-in automated processes to take care of all such situations,” said a MakeMyTrip spokesperson. For information technology companies such as Infosys and Wipro, the problem is a little different, experts said.“Many companies in the IT space have hired contract staff as a risk-mitigation measure in areas such as capital market operations and fund accounting,” said Nikhil Bedi, partner and leader, forensic, financial advisory, Deloitte India. “Ensuring that contract staff working from home have adequate data security measures in place while working with organisational data remains a concern.”Some of the companies also want forensic experts to keep tabs on the gadgets of sacked employees to check data leakage.

from Economic Times https://ift.tt/2Bem1ry