Organisations are starting to realise their employees are not only their greatest asset, but also their largest risk, as Clare Brett and Sophie Gilkes explain.
There was an 81 per cent increase in the cost of employee fraud over the past two years. A factor could be that fidelity is no longer key with today's increasingly mobile workforce, and technology and user competence is gathering pace at an astonishing speed. This creates a challenge for organisations in terms of their desk-top/digital security procedures and the mechanisms they must consider in order to combat computer misuse issues in the future.
'Is it worth it?' Recent findings suggest the cost of computer-enabled financial fraud in 2004 was £622 million, with an average of 35 incidents of financial fraud per organisation. Scratch under the surface, however, and you will find that stolen intellectual property and criminal court cases against employers could hide a much greater cost.
Digital forensics has historically been a reactive response to the problem. However, many organisations are now becoming proactive in their fight against employee digital crime and misuse.
Time spent on personal internet/e-mail usage The most common reason for disciplinary action in the UK is the sending of unauthorised e-mails. Studies show that 27 per cent of Fortune 500 companies have fought e-mail harassment claims, yet most do not realise the consequences of e-mail and internet misuse. Renfrewshire Council learnt the hard way; it was recently in the headlines after dismissing nine employees for inappropriate use of e-mail.
By instructing a digital forensics expert, you are ensuring the collection of digital evidence in a forensically scientific manner. Unlike internal IT departments, forensic experts are dedicated purely to digital forensics and conduct all investigations following Association of Chief Police Officers guidelines for the collection and preservation of digital evidence and, of course, their impartiality can never be questioned by a court or tribunal.
Using specialist forensic software the analyst can access information, such as the last internet site visited, and user and internet history. Investigations can focus on a specific period of time, running key words to identify documents pertaining to the client's objectives.
Nearly two thirds of organisations are taking action against the misuse of e-mail and internet by restricting the use of private e-mail accounts and internet usage, including banning certain sites. The number of e-mail and internet misuse cases reaching tribunals is ever-increasing and digital forensics companies see the need for organisations to understand the importance of preserving evidence, just as a police officer would at a murder scene.
Intellectual property theft has never been easier Intellectual property is the backbone of any organisation. Many companies risk losing sensitive data because of a failure to secure or restrict electronic devices used by their employees. Currently, 40 per cent of organisations do not apply the same security processes to digital devices as they do to a laptop, yet a PDA can now contain just as much relevant information!
So what can be done if an organisation suspects an employee of stealing intellectual property? A forensic analyst can examine the suspect's computer to determine if the information has been downloaded to removable media (CD, DVD, USB sticks etc) and determine times when this occurred. This information can then be used to commence proceedings.
To view the entire article, click here
By: Clare Brett