Digital Forensics is the application of analytical techniques on digital media. Forensic investigations can cover all areas of computer use and misuse including internet and email activity, file access, digital document destruction, fraud, and most all other activity and action taken on digital media. Here are three ways HR departments can identify policy gaps and implement a digital forensics strategy as part of their overall internal operating procedures.
1. Audit and Enforcement of Computer Use Policies
Most all corporations and government agencies have some type of Computer Use Policy, but few are effectively monitoring and enforcing it. For example consider this paragraph that would be commonly found in any Computer Use Policy:
Employees should not bring personal computers or data storage devices (such as floppy disks, CDs/DVDs, external hard drives, flash drives, smartphones,tablets, or similar devices, mobile computing devices, or other data storage media) to the workplace or connect them to Company electronic systems unless expressly permitted to do so by the Company. Any employee bringing a personal computing device, data storage device, or image-recording device onto Company premises thereby gives permission to personnel of the Company’s choosing to inspect the personal computer, data storage device, or image-recording device at any time, and to analyze any files, other data, or data storage devices or media that may be within or connectable to the personal computer or image-recording device in question. Employees who do not wish such inspections to be conducted on their personal computers, data storage devices, or imaging devices should not bring such items onto Company premises.
The intent of the example is to deter employees from bringing personal electronic devices to the workplace, thus preventing them from being connected to corporate computer systems. It does this by threat of examination of the personal device(s) to determine if any corporate assets or confidential information reside on it. Although this may be an effective deterrent, the company may not know if a personal electronic device was connected to a corporate computer system. Only upon visually identifying a device that is suspected to be personal, does the company require an inspection. Additionally, general inspection techniques would be unable to confirm if corporate data was accessed -or if it was accessed and deleted from the device prior to the company’s inspection.
While this policy example can suffice, it would be more effective if it were founded on Digital Forensics techniques. Adding the use of Digital Forensics to the Human Resources toolkit would evolve basic ‘Use’ policies into the digital age. Here is an enhancement to the above policy example:
“The Company reserves the right to conduct random and targeted digital forensic audits of all computer systems to determine if any non-corporate storage devices were connected to corporate computer systems or if any other corporate data was copied to any physical or logical (cloud or email) device or sent to an unauthorized party.”
The addition of the statement gives the corporation and HR department a much stronger policy on which to protect corporate data and computer systems. The company and HR has disclosed that not only will visual detection of a device result in an inspection, but the company will also proactively audit computers to determine if any physical media were attached to a given computer at any time, and obtain relevant information about the media (i.e. serial number, port it was attached to, and the date and time it was used). The company would also be able to identify any files that may have been copied to a device, without having the actual device in hand.
2. Protection Against Departing Employees
Corporations are at risk of data security breaches when any employee departs. Upon an employee termination, corporate data, intellectual property, customer contact information, and corporate policies and procedures can be stolen unbeknownst to the company. Another serious threat is the destruction of data from files and hard drives, as well as sharing corporate information with competitors. Whether the departure is initiated by the employee or the employer, each situation creates a unique risk to the company. Human Resources departments that implement effective departing employee strategies based on Digital Forensics practices are positioned to quantify and mitigate risk and prepare for potential future litigation.
You can learn how to recognize and protect your company from this very real threat by reading our article “Protecting Confidential Information from the Dangers of Departing Employees.”
3. Preparing for Potential HR-Related Litigation
In the Departing Employee section and the article referenced above, we discussed the risks of departing employees in the context of information assurance. There is also a need to prepare for HR-related litigation with both departed and active employees. Many HR departments have been involved in some type of legal action related to breach of contract, harassment, discrimination, unlawful activity, wrongful termination, or trade secret misappropriation. Often, a Digital Forensic investigation is a necessary response to such litigation. A Digital Forensic investigation can yield relevant facts and evidence by looking for digital clues related to the alleged activity. However, we have seen examples of companies receiving the notice of pending litigation after computers have been internally recycled to another user, at which point, critical digital evidence is lost. Implementing a sound policy based on Digital Forensics practices will ensure data is preserved proactively either at the first sign of employee misconduct or immediately upon knowledge of a departing employee situation. Closely monitoring when valuable company information is accessed and by whom will help HR departments identify if questionable employee activity is occurring before permanent damage can be done. Digital Forensics can also be used to retrieve data surrounding employee communication within the context of a harassment or discrimination charge. These practices will help corporations be prepared for potential litigation and better yet, gather critical information to avert litigation before it happens.
In this article we’ve discussed the various ways HR departments can implement policies and practices that are supported by Digital Forensics to establish a foundation of Information Security. Any company which allows employees access to its computer system and sensitive information must be aware of the risks to its data and how to prevent misuse and destruction.
About the Authors:
Michael Miguelez is the CEO of OPTiMO Information Technology LLC and OPTiMO Digital Forensics. He can be reached at firstname.lastname@example.org or 877-564-8552 x701.
Heather Stenglein is the Director of HR at OPTiMO Information Technology LLC. She can be reached at email@example.com.