Employers today are armed with more technology than ever before—with state-of-the art tools that improve productivity, enhance communication, and ultimately help to boost our bottom lines. But the more we rely on digital tools to create, store, and share data, the more vulnerable we become to employee digital data theft. Similarly, digital methods of communication can often open the door to inappropriate or dishonest employee behavior.

For these reasons, employers are, more and more, faced with addressing allegations of digital misconduct. In fact, according to dozens of studies, upwards of 25% to 50% of employees have admitted to stealing proprietary information from their employers. Cyberbullying, harassment, and other forms of inappropriate workplace behavior are also a significant and growing problem, with incidents ranging from the transmission of inappropriate texts and online comments to attempts at jobs sabotage and threats of physical violence.

The Consequences of Employee Data Theft and Workplace Cyberbullying

Employee data theft, such as the stealing of customer lists, intellectual property, or other confidential information, and inappropriate online behavior can do serious, if not fatal, damage to an organization. The potential fallout of just a single incident is very serious indeed, with a wide range of disastrous outcomes:

• Lost customers
• Lost revenue
• Lost intellectual property
• Legal costs
• Damage to reputation
• Loss of consumer confidence and trust
• Negative publicity

Similarly, a single employee’s bad online behavior can wreak havoc on your organization, resulting in any the following:

• Poor employee morale
• Decreased productivity
• Increased employee absenteeism
• Increased workers’ compensation claims
• Increased turnover
• Legal costs
• Damage to reputation
• Loss of employee trust

Responding to a Digital Security Incident in the Workplace

When you, as an employer, are faced with a potential insider breach or possible incident of employee misconduct, there is much at stake. How you respond can have a dramatic impact on the outcome of the situation. Simply put, navigating the complex process of investigating employee data theft or digital misconduct is a job best left to outside, objective experts. 

The Advantages of Working with a Digital Forensics Team

In the majority of cases, not even the most robust IT teams have the necessary experience, training, and equipment required to properly conduct the necessary digital forensics investigations. Furthermore, assigning internal IT staff to conduct a review of another employee’s activities can cause many problems. Is the IT employee friendly with the employee under review? Will information that’s uncovered be shared with other staff? Will the investigation have even the slightest appearance of bias or impropriety? Does your team understand the legal implications related to chain-of-custody issues and privacy laws? Remember, the stakes are extraordinarily high, and the results of an investigation can be tossed out if not done properly.

Legal Considerations

When faced with a potential security incident, it’s important that you enlist the assistance of an attorney as well. He or she can carefully review your internal policies as well as advise you on the relevant laws to ensure that no steps are taken that may create an unlawful invasion of privacy or cause other legal problems. In fact, ideally, you should have an attorney work with you before a problem occurs to ensure your policies will enable you to launch a full investigation when necessary. For example, you’ll want to ensure all employees have agreed to company-wide policies allowing you to examine all company-owned equipment at any time.

A Digital Forensics Investigation: What to Expect

If you suspect an employee has stolen information or behaved inappropriately, contact a digital forensics company to conduct an investigation as soon as possible. Here’s what you can expect:

1. Establishing chain of custody: the first step is to ensure information is collected and preserved, with the chain of custody carefully documented. Place the equipment, such the employee’s computer, tablet, and (company-issued) cell phone, into a secure area until the forensics team arrives. Do not turn it on or attempt to log in. However, you should remotely disable the employee’s access to all networks and files. Once the digital forensics team takes custody of the equipment, the hardware, including the hard drive, must be forensically imaged.
2. Once all the data has been verified and preserved, digital forensics specialists will carefully analyze the following:
   1. USB activity
   2. Files accessed
   3. Cloud storage
   4. Internet history
   5. Email files and chat history
   6. Printing history
   7. Call history
3. If you have any specific suspicions or knowledge of the theft or inappropriate behavior, you should share all concerns, as well as any complaints from other employees, with the investigators. However, you need not have specific ideas about what was taken in order for an investigation to be successful.
4. The complete results of the investigation are delivered in the form of spreadsheets, data reports, and written reports , which can take anywhere from one to two weeks under normal circumstances. Complicated embezzlement and intrusion cases may take longer. Your digital forensics team will take all the time you need to review the findings of the investigation, explain what they mean, and answer your questions.
5. As needed, the digital forensics team will be available to testify to the authenticity of the investigation’s findings during related depositions and trials.

As you can expect, it’s absolutely essential that all aspects of an employee data theft or workplace cyberbullying investigation be conducted with the utmost sensitivity, discretion, and care. Careers, reputations, and livelihoods are on the line, so it’s vital that the advice and guidance of legal and forensics experts be carefully followed at every stage. All evidence must be funneled through the proper channels, and all steps must be aligned with internal policy as well as state and federal law.