Support through your toughest HR challenges: A network of 285,000 HR professionals.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
A digital forensics investigation can expose employees’ misuse of technology.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
If an employee slipped out of your company with enough confidential paperwork to fill 16,000 inch-thick books, surely someone would notice.
But an employee carrying a 16-gigabyte thumb drive holding that amount of information could walk out unnoticed with the 2-inch device in his pocket. And a company's trade secrets, client lists, pricing information or other sensitive data could walk out with that employee.
"More and more, a company's value is not contained in physical things, it's in intellectual property," says Rich Plansky, senior managing director of business and intelligence investigations for Kroll, a risk consulting company.
Advances in technology that make work easier also make it simpler to steal information, harass co-workers, spend the workday looking at pornography or engage in other misdeeds.
Brett Barson, SPHR, human resources director of Wadman Corp., a construction management company in Ogden, Utah, says his employer has experienced data breaches as a result of these technology advances. "Data was leaking out of our company like a sieve," he says. The breaches prompted stiffer rules on personal use of work computers and on taking information out of the office.
New technology is also being deployed by Barson and other HR leaders to investigate employees who engage in illegal, unethical or inappropriate conduct.
"The forensic evidence is often so compelling that the accused doesn't really stand a chance in court," says Glenn Dardick, director of the Association of Digital Forensics Security and Law. Dardick also conducts investigations and is an associate professor of information systems at Longwood University in Virginia.
A growing field called digital forensics is offering employers an enticing menu of options to investigate problems with employees. Not long ago, the field was known as computer forensics. But with smart phones, networks and other devices besides computers holding so much information these days, it's now called digital forensics.
In the early 1990s, there were no college programs to train students in digital forensics. Now there are dozens, says Mark Pollitt, retired FBI chief of the Computer Analysis Response Team. Today, he's an associate professor teaching digital forensics and security at Daytona State College in Florida.
Pollitt says companies collect and store more information electronically than they ever did on paper. He points out, for example, that instead of one final report, multiple drafts are now stored electronically.
The demand for digital investigations has grown because of the surge in the amount of information, as well as federal court civil procedures that now require electronic data to be included in the discovery process at the beginning of lawsuits.
Specialists in digital forensics can help with a range of issues, but one of the most important is when confidential information is involved.
Dardick once investigated a financial services manager who left for a competitor, taking company data with him. The investigation found that the manager was e-mailing client information and company forms to the competitor from his personal account before he quit. Dardick showed that the manager had taken his old employer's forms and changed the logo to that of the new company. The case was quickly settled out of court.
Employers can get to the bottom of fraud problems with computer investigations. Pollitt says there's a wealth of information available for cases such as travel voucher fraud and procurement scams.
Plansky's investigators even found one employee with a tidy Excel spreadsheet of his kickbacks on his work computer. "It made for a very interesting interview," Plansky says. In another case, a female employee was suspected of having an inappropriate relationship with a vendor. Investigators helped prove she lived with the vendor by showing she had created her resume on his home computer, Plansky says.
A digital investigation helped Barson when an employee came back from vacation and soon found the gossip mill churning with private information about her. Barson asked the co-worker who had covered for her during the vacation—and who had had access to her e-mail—whether she was still reading the employee's e-mails.
The denial only lasted until Barson showed her that someone was reading the absent employee's e-mails while she was out of the office and on lunch breaks.
"We pretty much caught her red-handed," Barson says. Key to the investigation was his ability as HR manager to present evidence.
Harassment cases can also lend themselves to digital digging. Rachel Womack, vice president of Stroz, Freidberg law firm in Dallas, says her team investigated an employee who denied stalking a colleague. But his Internet history log showed he had searched for the woman's home address, which helped the employer resolve the case quickly.
Forensics experts can see far more than what pops up on the screen for an average user. Even deleted files often aren't truly gone. Each computer has unallocated space; when something is deleted, it lives on in that area. When the unallocated space runs out, something else will write over it, so managers must quickly investigate.
Investigators have access to metadata about electronic information, which shows when a file was created, how long a person worked on it and when it was deleted. Sleuths look for spikes in deletions that could indicate a worker trying to cover his tracks.
Plansky says the economic downturn has created more motivation for employees to commit fraud and theft, so HR executives need to be prepared.
Digital investigations often start with a tip to the HR department. But even before that, HR leaders have a crucial role: They need to make sure their companies have policies on how employees use their electronic devices and on what sort of privacy, or lack thereof, workers can expect when using them.
"Set the expectations upfront," says Alec Yasinsac, dean of computer and information systems at the University of South Alabama.
Digital investigators say that managers in many organizations warn workers that any information on their work-owned computers or phones can be accessed, for any reason, by the company. That includes texts sent on a work phone and personal e-mail sent through a company network.
Spikes in deletions could indicate a worker trying to cover his tracks.
Roy A. Ginsburg of Dorsey & Whitney law firm in Minneapolis adds that HR professionals should train managers not to undermine policies by giving employees a different message about what's allowed.
Steps and Tools
When trouble brews and a digital investigation can help get to the bottom of the case, where do you start? Here's a step-by-step guide to launching a digital forensics investigation:
Hire Outside Experts?
Whether to do an investigation with in-house IT staff or hire outsiders depends on many factors. Is your company big enough to need forensic experts on staff because of frequent problems or because of the value of the information being protected? Is the case likely to end up in court and thus benefit from the impartial testimony of outside experts? Are company officials comfortable with a contractor having access to confidential information? Is the IT department already overbooked?
Cost represents a major reason to use in-house workers. Making a forensic image of a single computer can cost from several hundred dollars to $2,000, Womack says. The overall cost of an investigation depends on the complexity and type of information involved.
Key reasons to opt for outside experts: They have the tools and experience to make sure all possible data are found and aren't accidentally corrupted along the way.
Outside investigators also prepare reports at the end of investigations. If the case ends up in court, the company needs a report that sums up the bad behavior in a way that judges and juries—who may not be computer-savvy—can understand, Yasinsac says.
Pitfalls of digital investigations include the cost, the impact on employee morale if cases aren't handled correctly and possible violations of employee privacy.
Barson got complaints when he barred gambling, pornography and social media from company computers. But within seven months, people were accustomed to the rules.
Plansky, at Kroll, says HR professionals are key in smoothing over any morale problems that crop up during investigations.
"There is definitely a human management side," Plansky says. "An investigation can't be so disruptive you can't do business."
The clash of company rights vs. employee privacy is being sorted out in state and federal courts. The U.S. Supreme Court, in
City of Ontario v. Quon, said it was loath to make too broad a ruling on the topic because of the "rapid pace of technological change. … It is uncertain how workplace norms, and the law's treatment of them, will evolve."
That case involved a California city SWAT team officer who used his work pager to text lewd messages to his wife and his paramour, a fellow officer. He claimed his privacy was violated when the police department went through everyone's text messages. The justices sided with the employer.
But the biggest pitfall for HR professionals is to not conduct digital forensic investigations at all, Pollitt says.
"Don't think of digital forensics as someone else's problem," he says. "You can either plan for it or have it hit you over the head" when something goes bad.
The author is a freelance writer in the Washington, D.C., area.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Talent Attraction Study: What Matters to the Modern Candidate
HR Education in a City Near You
SHRM’s HR Vendor Directory contains over 3,200 companies