Feb 23

HR digital evidence – is your company prepared?

The media focus on external cyber criminals targeting the data of individuals and corporates is a definite concerning risk of 21st-century business. That data could be damaged, destroyed or misappropriated by insider threat brings the danger much closer to home for HR professionals. As the wardens of workplace investigations, HR is increasingly faced with the challenge of safeguarding sensitive personal information and critical digital information and evidence.

Whether alleged fraud, employee misconduct, bullying or harassment suits, allegations of discrimination, wrongful termination claims, IP theft, or computer/mobile phone misuse to name a few, today it is inevitable that workplace investigations will involve potential digital evidence of one sort or another.




Digital evidence in a workplace investigation

While an employee’s computer is usually where most HR investigators think they should go to, it may not provide the whole picture to determine the extent of a suspect’s access and use. They may well use several devices (other computers, a tablet, mobile phone and storage media like memory sticks), as well as having access and means to other important systems. A thorough investigation should also consider if other suspects are involved who can access systems using the same method. Establishing who is responsible for any suspected or compromising act can be a difficult and complex technical task.

Employee unauthorised file copying to portable storage devices is an increasingly easy and serious threat, especially with constant advancements in device capability that can also be disguised in many novel ways. It’s a key source of information leakage that many companies categorise as a major risk, yet even with enterprise network vulnerability and behaviour monitoring many make no attempt to deter such activity. It is also a common investigator misconception that although it is possible to determine if data was copied to a portable device, it may not possible to determine what the copied files were. Forensic techniques and specialised tools can do this, they may also often find and extract embedded data thought to be deleted or masked either by a suspect aware they maybe under suspicion, or a tech savvy employee believing they are covering their tracks.


Importance of using a trained digital forensics specialist

Because digital investigations can be highly complex, HR will usually ask their internal IT department to undertake the task. Although well meaning and with genuine intentions, most IT departments are not equipped with the necessary expert skills or tools to carry out intricate forensic examinations and extract valuable evidence without compromising its quality. Furthermore, if the investigation does become a legal matter it is unlikely that internal IT will be best placed or confident to defend their actions in court.

If the search and analysis are not performed by a trained digital forensics specialist, data can be easily altered and manipulated inadvertently, (even by a well-meaning amateur ‘having a quick look’), it could likely be lost or compromised, and if required for litigation also be inadmissible at tribunal or court. Consequently, to avoid costly mistakes and ensure evidential integrity, having a digital forensic specialist is becoming an essential to part of an HR (and IT) practitioner’s toolkit.


The best preparation for tomorrow is doing your best today

Although it’s important to act quickly with a focus on preserving evidence, all too often the expert will get called in when it is almost too late – when preserving the evidence has come in second place amidst the pressure of trying to deal with the live event.

When you suspect something you can either reactively call an expert at the outset, or proactively make contact to have a expert as a sanctioned supplier in place today, this way they can assist you to be prepared with issues before they arise as well.


HR digital evidence webinar

To find out more, register for our webinar on “HR digital evidence – is your company prepared?” Which is taking place on Friday 4th March 2016.

During the webinar the speakers will discuss the following:


  • The increasing complexity of workplace investigations – convergence of devices & convergence of data
  • Rising digital workplace crime – the ‘insider threat’ – both malicious and ignorant
  • Effective handling of workplace investigations involving digital devices and evidence (Corporate and BYOD*)
  • EU GDPR* principles relating to cyber defence notification requirements
  • Pre-investigation digital forensic readiness and why it’s important?
  • Insource vs Outsource – The risk of confirmation bias in investigation
  • Post investigation recommendations & preventative measures
  • Provide an opportunity for Q&A




LGC’s expertise in digital forensics

Digital forensics plays a vital role in helping organisations to lower risk and save unnecessary expense, assisting to identify and secure evidential data that may be pivotal to your investigation.

LGC have a highly skilled team of forensic investigators who work extensively with corporate clients, legal firms, and law enforcement. By giving experienced technical insight and guidance and following strict data handling principles we ensure that any evidence discovered is admissible in a court or tribunal.


If you have any questions, please do not hesitate to get in touch.



*BYOD = Bring Your Own Device i.e. employee personal digital devices in the workplace
*EU GDPR = European Union General Data Protection Regulation – imminent reform governing the protection of personal data and sensitive personal data within any organisation.

Leave a Reply

%d bloggers like this: