Data Security and B...
 
Notifications
Clear all

Data Security and Business Perception.

5 Posts
4 Users
0 Likes
540 Views
(@obev0098)
Posts: 3
New Member
Topic starter
 

Hello fellow professionals

This is my first post in this forum, and I’m looking forward to being a valued member of this community.

I oversee a team that manages the termination of employees that are classed as Legal Hold, Legal Hold being a term we use for employees that have been terminated and that we receive instruction from HR and our legal teams to retrieve and backup all hardware and devices of said employee. Anything that's deemed a financial or reputational risk. US based

Although our team should not receive details of the termination, we understand that many are due to gross misconduct including corporate espionage and data breaches with many cases being escalated to LE.

Whilst examining, recovering and backing up data from workstations etc is a relatively easy task for the team, one challenge we continue to experience is Mobile Devices. The decision was made, by the business, that employees are to be provided with apple iPhones only as Android devices are less secure or so it was deemed.

Whilst I may agree that IOS offers a more secure environment than Android, it does introduce further challenges to my team. Many phones that are sent to us are remotely wiped whilst in transit, although we provide clear instruction to turn off the device and place it in cases we provide in each location that blocks mobile phone signals.
But this is only one of many challenges, the CIO called mid last week asking for our team to review a particular case and retrieve all Call Logs, Images, SMS and WhatsApp data since for the last 12 months including everything that has been deleted.

The phone was recovered and not wiped, however its password protected. The phone itself is an iPhone XR provided to the user in November, obviously less than 12 months ago, god only knows where the previous phone is. But anyways, besides the point. I explained that It simply is not possible, whilst we do have access to particular forensics software, we cannot jailbreak ios 12.3 and even if we managed to image the device there is no possible way to recover deleted WhatsApp conversations and deleted encrypted images, call logs yes. The CIO was not happy with this response at the least, to the point of pure anger, obviously under a lot of pressure and apparently received information from legal that the employee shared sensitive data in an image format.

I guess my point is, for a company that is obsessed with the protection of its corporate data, what options do we have. The business will not consider android devices and it’s not my place to question that.
I’m interested to hear your thoughts, has anyone else experienced a similar situation?

Kind Regards – CJ

 
Posted : 31/07/2019 12:22 pm
(@rich2005)
Posts: 535
Honorable Member
 

I'm far from an expert in this but the simplest solution would seem to be your corporate iPhones should be set up in supervised mode when they are bought/configured before giving to a user. You (or via the IT administrator) could then prevent the wiping of it and get back into it. So no need to jailbreak or "hack" into them in any way.

 
Posted : 31/07/2019 1:56 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Wow, just wow. 😯

I thought that cases like this were once or twice in a lifetime, and that they were carried on by external forensics specialists, the fact that you have a dedicated team for this should mean that the company is really huge and that there are a lot of "defections" by employees.

For a company with such a size (and mindset) it would be probably make more sense to have some dedicated control software installed on the phones and have it make copies/backups periodically, allow remote control by your team. etc.

jaclaz

 
Posted : 31/07/2019 2:12 pm
(@obev0098)
Posts: 3
New Member
Topic starter
 

Wow, just wow. 😯

I thought that cases like this were once or twice in a lifetime, and that they were carried on by external forensics specialists, the fact that you have a dedicated team for this should mean that the company is really huge and that there are a lot of "defections" by employees.

For a company with such a size (and mindset) it would be probably make more sense to have some dedicated control software installed on the phones and have it make copies/backups periodically, allow remote control by your team. etc.

jaclaz

The company is indeed huge and global, it's also rather aggressive in the method it expands by acquisition.

Myself and some members of the team was with another company that was acquired three years ago, and we actually did have much more control over our phones with regular backups. The problem is this company doesn't seem to have any software standards, it can be chaotic at times.

 
Posted : 31/07/2019 2:23 pm
(@athulin)
Posts: 1156
Noble Member
 

… the simplest solution would seem to be your corporate iPhones should be set up in supervised mode when they are bought/configured before giving to a user.

For future users / phones, this is probably the simplest. The problems are those hundreds or thousands of existing users who have to be migrated to the new model, as well as educated on what this means, compared to the current situation. In bad cases, they may have employment agreements that make this difficult or even impossible.

But it is the way to go the company need to take control of the devices as well as information that is owned by the company.

Any solution based on 'jailbreaks' or 'hacks' should be avoided you want a solution that survives for at least ten years, as well as survives software updates and patches. This may be impossible, in which case any solution provider must have a strategy that isn't basically '… and when we can't do it anymore, we'll fold.'

And … as part of this effort, it may be time to look to forensic readiness in general, especially identifying it as a important requirement for IT and IS policy / departments / … etc.

 
Posted : 31/07/2019 4:11 pm
Share: