Keeping the world safe from digital intrusion and maintaining regulatory compliance for Cobb County businesses
Since 1998, a small Cobb County tech company — working out of an otherwise nondescript office park just off Windy Hill Road, has unearthed key evidence for legal matters and provided IT support and cybersecurity across a variety of business verticals. That company is Discovery Computers and Forensics (DCF); they provide a unique combination of Internet security services, digital forensic examinations, and staff training.
Cybersecurity increasingly is at the forefront of business leaders’ minds. Digital forensics is playing a role at the local, national and even international level, with major hacking stories regularly appearing in news headlines. What is commonly known as, E-discovery (discovery of evidence in legal proceedings where the information is sought in electronic format) is playing a bigger role in legal matters from corporate litigation that can expose corporate espionage, embezzlement, and fraud.
Today, nearly everything we do online is traceable, from network threats at work to our personal phones. Users often think that they simply can delete their browser history or files and the data is erased, but that’s not the case; there are methods for retreiving this information. The electronic documents and the devices themselves are more dynamic and contain metadata that captures time/date stamps, author and recipient information, and file properties. A forensics examination preserves the original metadata to eliminate claims of tampering with evidence later in the litigation. As our business environment continues to increase regulations for data protection requirements (such as the General Data Protection Regulation [GDPR] that has been making headlines this year) DCF helps its clients manage day-to-day business operations. Dr. David Woodsfellow, a clinical psychologist, specializing in couple’s therapy, has been a customer for 10 years. Woodsfellow says DCF checks in once a month and is there whenever he needs them.
“They keep all of our computers and networks up and running, plus any other related technology we’ve got going,” Woodsfellow says. “We haven’t had any data breaches, in large part because DCF has helped us design an encryption and security system that keeps us safe.”
According to official Google statements, more than 50 percent of search queries globally now come from mobile devices, so the need to secure both personal and business use is more important than ever before. “The mobile device we all carry in our pocket tells a history of where we go, not only through cell towers but also GPS locations,” says Rod Mac Kenzie DCF president. “Phones can be used to prove negative or positive character flaws. I can’t think of anything I don’t do on my phone now. It has my Uber Eats patterns, how many times I’ve worked out, et cetera. Businesses have client data on personal phones, and medical practitioners often have patient information on theirs. Data is everywhere, and the things you saw on investigative TV shows five or ten years ago, is real, and we can do it.”
“Cybersecurity management is replacing traditional IT support,” Mac Kenzie continues. “Even companies with ten or fewer employees are now required to maintain security protocols, which some might have thought was only for mid-sized or large corporations.” The game is rapidly changing.
For example, even single-person businesses, such as self-employed hair stylists, now must become PCI DSS compliant (The Payment Card Industry Data Security Standard) if they intend to accept credit cards. There are some serious penalties for non-compliance under this federal regulation. However, these consequences should not be the only factor to make business owners comply. Your first concern should be the protection of your customers’ sensitive data. It is important here to notice that you can be penalized as a merchant, even if you are fully in compliance with PCI DSS requirements. Since your compliance is supposed to protect cardholder data, if a breach still occurs, you still could be held financially liable. The penalties can start from $50 to $90 for each customer whose data has been stolen or manipulated. You also could be penalized in the form of suspension of credit card acceptance services. For these reasons alone, companies that accept credit cards should contact a company like DCF to certify they are compliant with PCI DSS requirements.
Corporate Digital Forensics
One recent case DCF handled began when a company in Arizona reached out with concerns that a former, high-level employee had raided company secrets, potentially with plans to start a competing firm. Once engaged, DCF was given the person’s company-issued laptop upon which it performed a forensics scan to find the history of which files had been moved over from the company server. Sure enough, several files — including customers’ lists and product catalogs — had been transferred over time to a USB drive, confirming the company’s suspicions.
“We achieved the goal of finding out whether or not there had been an internal breach of data,” said Mac Kenzie. “From there, the process evolved into looking at how the company could have prevented the situation.” Consulting is a large aspect of DCF’s business model, and with its help, the Arizona firm implemented new cybersecurity protocols.
One of the largest threats to any company’s data is simply the employees. Most data breeches are caused by staff errors — by clicking a phishing scam email, for example — or as a result of disputes with disgruntled workers. Because of the on-site and web-based training DCF offers, the company says its customers’ employees have become much more productive and are realizing signiﬁcant time savings for completing important tasks — simply by learning the “rules of the road” and preventing catastrophic data breaches.
For better or worse, cybersecurity is only likely to take on a bigger profile in the future, and Mac Kenzie warns that all businesses should be mindful of the implications. When businesses choose to partner with firms like DCF, which offer a combination of cybersecurity, staff training, digital forensic investigations and litigation support, they are insulating themselves from the potentially devastating consequences of a data breach.