Select Page

Employee Data Theft and a “Heureka” moment

Author: Nate Latessa, President



A recent posting on sparked numerous conversations regarding the ability of Heureka Software to be used as a proactive tool when applied to employee data theft. The article discusses using forensic tools to ascertain whether an employee has removed or stolen data from a computer “prior to, or immediately after, an individual’s termination or resignation from an organization.”.

A significant take-away from the article is the lack of discussion on proactive versus reactive approaches. While performing forensic investigations on surrendered computers will always remain critical, a key element to Heureka’s software is proactively knowing exactly what files are present on an endpoint prior to or immediately after termination or resignation. Additionally, as Heureka keeps track of moved or deleted files from their original location, it’s possible to search for files that have been moved or deleted on an endpoint in question at any point in the process.

When Heureka’s endpoint service is deployed the data becomes searchable both on metadata fields such as file name, extension, date, file owner, etc. as well as file content like email body and attachment (including non-Microsoft Office attachments). Critical and sensitive information is automatically discovered on a daily basis using a hands-off classifying engine offering high-level views of potential risk across the environment.

One of Heureka’s main goals is to help companies transition from being reactive to proactive. We do this by creating tools to categorize, identify and search for information at the earliest possible stages of the EDRM model. For HR departments, the “Heureka moment” is having a tool to view a computer, server or file share’s inventory including potentially sensitive information at the earliest possible stages. Further, in coordination with IT or management, files can be quarantined, deleted or collected from any endpoint which has significant impact on the ability for an individual to steal information.

The long-standing tradition of not having intelligence at the endpoint level is quickly changing. Having the ability to proactively gather intelligence at the earliest possible stages of an employee termination or resignation changes the game significantly. Lack of tools and technology can no longer be an excuse for not knowing where the most sensitive data is in within an organization. Knowing what an employee has on their device prior to any action provides the ultimate insight prior to any action such as termination or resignation.