Theft and disclosure of a company’s confidential information is one of the most common incidents we investigate, with a very high degree of success.

When is confidential information often stolen?

We find that most cases occur when employees leave an organisation to work for a competitor or establish a competing business.

However it can also involve disgruntled employees, personal grievances, industrial action, media leaks, misuse of information by contractors or outsourced service providers and even disclosure for criminal gain such as through financial crime or identity theft.

What information is often stolen?

In our experience, any information that could be used for financial gain or commercial advantage, such as:

• Records of clients, customers, suppliers and employees
• Contracts, agreements, payment and transaction records
• Financial information including pricing, supply and production costs
• Intellectual property, research and proprietary details of products and services
• Details of existing or upcoming contracts
• Strategic plans, financial and board reports
• Policies, procedures and operational documentation
• Security information, passwords, encryption keys and details of computer systems access and configuration
• Upcoming tenders and proposals
• Backups of data including documents, emails, contacts or software programs.

How is information usually disclosed?

Our experience shows that disclosures can involve one or more individuals and occur through multiple channels, most often:

• Business or personal email accounts
• USB and other removable devices
• Copying to personal computers or external hard disk drives
• Internet transfer
• ‘Cloud’ file sharing
• Printing, scanning and photocopying.

Our expertise in investigating disclosures

One consideration when responding to disclosures is that staff often have access to the confidential information through the normal course of their business duties. Therefore an important focus of any investigation should be determining how evidence differentiates between normal and suspicious activity.

A forensic approach is therefore vital to ensure that valuable details such as “last accessed” timestamps on files are not inadvertently modified through handling by staff or investigators who do not apply forensically sound methods and tools.

We also find that encryption and other security methods are sometimes used in an attempt to hide a person’s actions, however these attempts can often themselves be reconstructed, adding considerable weight when proving the person’s knowledge and intent.

Our work also doesn’t stop at your organisation’s (fire)walls. We can assist in identifying how your confidential information has been used by competitors or third parties, or to recover and securely wipe it from their computer systems.

How we can assist

We can assist in all stages of the investigation process, including:

• Identifying potential sources of evidence that may exist both within your environment and externally, which may help to prove what information was disclosed, how it occurred and who was involved
• Locating and forensically securing potential evidence across your environment, such as from personal computers, email and file servers, application systems, backup tapes and devices, USB and other removable storage devices, CCTV footage, electronic access devices, printers, scanners, photocopiers, fax machines and other sources
• Performing forensic analysis of the collected data for evidence of the disclosure and details of when and how it occurred and who was involved
• Assisting with collection of evidence from third parties, such as preparation of legal requests and execution of search and seizure (Anton Pillar) orders
• Preparing detailed reports and providing expert evidence to assist in disciplinary or legal proceedings
• Liaising with internal and external parties such as audit, probity, IT, security, investigations, risk management, HR, compliance, legal counsel, regulators and law enforcement
• Supporting a wider investigation or legal proceeding including compiling information for staff interviews and corroborating statements made by witnesses against electronic evidence.

Why choose Klein & Co.

• We are widely recognised as a leading independent Australian computer forensic practice, providing the highest levels of technical skills, expert knowledge, commercial understanding, professionalism and integrity
• We have been engaged as a trusted advisor to hundreds of satisfied clients in Australia and overseas, including top tier law firms, iconic Australian and international companies and government agencies
• As an independent team, we are free of the conflicts and overheads of other providers, enabling us to provide the highest quality of service at the best competitive rates
• All of our work is performed by our own dedicated team; we do not advertise services that we don’t provide ourselves or outsource any aspects of our work to subcontractors
• All evidence is processed and analysed on our in-house, secure computer forensic platforms; we do not send your confidential information and data to subcontractors or overseas
• We are actively involved in the international forensic technology community, maintain cutting edge tools and techniques and enjoy strong connections with leading international experts plus local and international law enforcement.

We can help you confirm when and how your confidential information was disclosed, identify the individuals involved and help you recover the information and secure it from further disclosure.

To discuss how we can assist, on a confidential basis, please contact us on:

Phone: +61 (2) 9233 3400

Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it