employee theft prevention and digital forensics
TRANSCRIPT
-
7/31/2019 Employee Theft Prevention and Digital Forensics
1/39
www.greenwaldllp.com
630 Third Ave. 15 th Fl.
New York, NY 10017212-644-1310
30 Ramland Rd. Suite 201
Orangeburg, NY 10962845-589-9300
Methods for PreventingEmployee Theft & Embezzlement
in the Digital Age Presented by:
Joel J. Greenwald, Esq.
June 12, 2012
http://www.rvminc.com/ -
7/31/2019 Employee Theft Prevention and Digital Forensics
2/39
Non-Compete IssuesMore Prevalent
Employee turnover Voluntary and involuntary much more likely now
Especially with sales personnel
Legal trends Restrictive covenants are more prevalent
especially for salespeople (depends on state law)
Enforceability, however, often depends oncustomization and how narrow
Technology
Theft is as easy as push of button2
-
7/31/2019 Employee Theft Prevention and Digital Forensics
3/39
Non-Compete Agreements and Other Restrictive Covenants
Non-compete agreements Reasonable in geography, duration, scope Must be in writing and protect legitimate business
interest Should only be in writing and signed by key employees
Non-solicitation agreements (employees andclients) More enforceable prevents most harm Should only be provided to and signed by key
employees
Confidentiality agreements Should be signed by all employees Defines proprietary information (trade secrets)
3 * Boilerplate vs. specifically tailored agreements
-
7/31/2019 Employee Theft Prevention and Digital Forensics
4/39
What is the Remedy?
Injunction TRO
Money damages Hard to quantify
Lost business
Lost profits
4
-
7/31/2019 Employee Theft Prevention and Digital Forensics
5/39
Additional Causes of Action Available to Employer
Examples of other causes of action againstemployee
Misappropriation of Trade Secrets Common Law Duty of Loyalty Legal right to Protect Against Unfair Competition Protect Against Conversion of Property Protect Against Outright Theft
5
-
7/31/2019 Employee Theft Prevention and Digital Forensics
6/39
Computer Protection
Have a snapshot taken incertain circumstances asemployee leaves
6
-
7/31/2019 Employee Theft Prevention and Digital Forensics
7/39
Monitoring Your Employees
I can read any email my employeesends or receives
True or False
7
-
7/31/2019 Employee Theft Prevention and Digital Forensics
8/39
Why Do Employers Implement Electronic Monitoring and Workplace
Surveillance Systems? To prevent theft
To improve productivity
8
-
7/31/2019 Employee Theft Prevention and Digital Forensics
9/39
How Does Employees Legal Right To Privacy Interact With An Employers Right
To Monitor Workplace Activity? Courts balance the employees expectation of privacy against the employers need for control and
operation in the workplace
Courts often distinguish between the employeeswork-related activities (less privacy), andemployees private and personal activities in theworkplace (greater right to privacy)
9
-
7/31/2019 Employee Theft Prevention and Digital Forensics
10/39
How Much Privacy Does An EmployeeHave A Legal Right To Expect In
Electronic Communications on the Computer?
Under federal and most state law,employer can monitor:
Activity on Company-owned equipment (URLs/ e-mail addresses contacted, times spent) for allcommunication
Content of business-related e-mail on Company-owned equipment
10
-
7/31/2019 Employee Theft Prevention and Digital Forensics
11/39
Email/Internet Policy
What an email/internet policy should contain: Email procedures
All email is property of employer no expectation of privacy
Employer has right to monitor (get consent) Offensive, harassing emails are prohibited
Passwords shall not be made available to others
Internet procedures Not for personal use Careful about postings Offensive or harassing messages are prohibited
11
-
7/31/2019 Employee Theft Prevention and Digital Forensics
12/39
What Are The Legal Limitations On Employers Use Of Video Cameras For Surveillance In The
Workplace? Under many state laws, it is illegal (without a courtorder) to make any video recording in any restroom,locker room, or other area that has been designatedby the employer for changing clothes
Dont record audio!
Selective surveillance e.g., positioning a hiddencamera over the desk of one individual employee may be discriminatory
12
-
7/31/2019 Employee Theft Prevention and Digital Forensics
13/39
Can An Employer Monitor The Movement Of Mobile Employees Via Global Positioning
Systems (GPS)? Generally is OK however, should beadvised through policies and get consent!!
(some states require)GPS monitoring should probably not beused to track employees during off-dutyhours
Use only on company equipment it at all
Consult legal counsel before attempting touse any info collected via GPS
13
-
7/31/2019 Employee Theft Prevention and Digital Forensics
14/39
Independent Background Checks
Consent and initial notice required (FCRA)
Notice of reason for adverse decision
Taking action requires care
14
-
7/31/2019 Employee Theft Prevention and Digital Forensics
15/39
Getting References
Another source of background information
Get them? Give them? Defamation concerns?
15
-
7/31/2019 Employee Theft Prevention and Digital Forensics
16/39
Preventing And Preparing For Theft
Electronic monitoring, GPS andvideo surveillance
Avoid concentrating too muchauthority in one individual particularly in accounting,bookkeeping, purchasing, andreceiving areas
Hope for the best but plan for the worst purchaseinsurance
Hire smart use background checks, interviews and testingto screen out dishonest applicants
16
-
7/31/2019 Employee Theft Prevention and Digital Forensics
17/39
Investigation Concerns
Investigation report: Be thorough, detailed, factual;include documents, photos, interview notes, everypage marked confidential (perhaps get outsideagency)
Be careful about your threats to thief! - Extortion
17
-
7/31/2019 Employee Theft Prevention and Digital Forensics
18/39
Taking Action
Internal discipline/termination;Cooperate with law enforcement/press criminalcharges;
File civil lawsuit;
Seek restraining order to prevent use of stolen
information/trade secrets
Do Not withhold wages!!!
18
-
7/31/2019 Employee Theft Prevention and Digital Forensics
19/39
Disclaimer
The foregoing is a summary of the laws discussed abovefor the purpose of providing a general overview of theselaws. These materials are not meant, nor should theybe construed, to provide information that is specific toany law(s). The above is not legal advice and youshould consult with counsel concerning the applicabilityof any law to your particular situation.
MMXII Greenwald Doherty LLP
All rights reserved. These materials may not bereproduced without permission.
19
-
7/31/2019 Employee Theft Prevention and Digital Forensics
20/39
Visit us online at RVMINC.com
For more information
http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/ -
7/31/2019 Employee Theft Prevention and Digital Forensics
21/39
rvminc.com
Gregory M. CancillaPresented by
http://www.rvminc.com/http://rvminc.com/http://www.rvminc.com/http://rvminc.com/ -
7/31/2019 Employee Theft Prevention and Digital Forensics
22/39
Digital Forensics - The application of science to the identification,collection, examination, and analysis of data [Electronically StoredInformation (ESI)] while preserving the integrity of the information andmaintaining a strict chain of custody for the data.
SOURCE: Special Publication (SP) 800 series (SP 800-86)
Forensic Specialist- A professional who locates, identifies, collects,analyzes, and examines data while preserving the integrity andmaintaining a strict chain of custody of information discovered.
SOURCE: Special Publication (SP) 800 Series (SP 800-72)
-
7/31/2019 Employee Theft Prevention and Digital Forensics
23/39
Information created, manipulated, communicated, stored,and best utilized in digital form, requiring the use ofcomputer hardware and software.
- Kenneth J. Withers, Managing Director, The Sedona Conference NORTHWESTERN JOURNAL OF TECHNOLOGY AND INTELLECTUAL PROPERTY
Spring 2006
-
7/31/2019 Employee Theft Prevention and Digital Forensics
24/39
Computers Custodian local & home drives
PrintersServers
Network shares Collaboration software & tools Cloud
Dropbox
Mobile devices e.g., iPad, Android, Blackberry,
iPhone
Back up tapesUSB drives
Memory cards PDAs Smart phones Digital cameras
Any storage device
-
7/31/2019 Employee Theft Prevention and Digital Forensics
25/39
Email servers Microsoft Exchange GroupWise Lotus Notes Web hosted email
Gmail Hotmail
Email archives Symantec Enterprise Vault FrontBridge
Zantaz EAS
Files downloaded/uploaded Audio and video files Digital images Cloud
Dropbox
Internet History Websites visited Social media communication
Facebook posts Twitter tweets
Any other type of electronic files .doc, .xls, .pdf, .jpg, .cad
-
7/31/2019 Employee Theft Prevention and Digital Forensics
26/39
www.rvminc.com
Mobile devices are ubiquitous wellsprings of ESI including:
Emails Text messages Contacts Calendars Pictures
Taken or stored Videos Call Logs
Websites visitedDownloadsSocial networking posts
-
7/31/2019 Employee Theft Prevention and Digital Forensics
27/39
Take a snapshot in certain
circumstances as employeeleaves
Should the computer be usedafter incident occurs?
What is a forensic copy?
-
7/31/2019 Employee Theft Prevention and Digital Forensics
28/39
Self Collection (i.e., IT personnel) Lets let the IT staff do it
Why invest in a forensic expert over IT personnel for data
collections? Verifies complete, defensible data collection
Preserves metadata
Maintains chain of custody Neutral third party
Least invasive and disruptive to business operations
-
7/31/2019 Employee Theft Prevention and Digital Forensics
29/39
Self-Collection Pitfalls-Data that is not properly handled can
result in:
Inadvertent evidence corruption (spoliation )
Lack of proper chain of custody
Improper judgment call by custodian as to what is responsive
Going too broad or narrow with data collection
-
7/31/2019 Employee Theft Prevention and Digital Forensics
30/39
Why choose a forensic expert over IT personnel for data
collections?
Ghost Image Preservation of metadata Maintaining chain of custody Logging
-
7/31/2019 Employee Theft Prevention and Digital Forensics
31/39
Meet and Confer Consultation
Forensic Harvesting(on-site, off-site, or remote)
Preservation of metadata Maintenance of chain of custody
Handheld Forensics
Targeted Collection
Forensic Analysis Filters, Boolean, Keywords Date range File specific Data Reconstruction Event Recreation
Expert Witness Testimony
-
7/31/2019 Employee Theft Prevention and Digital Forensics
32/39
Certifications
EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE) Safe Harbor Certification
Software Open Source vs. Closed Source
Training Experience Tips for retaining a forensic expert
-
7/31/2019 Employee Theft Prevention and Digital Forensics
33/39
Covering all the Bases
A forensic expert can properly evaluate clients current practices for storing,archiving, and accessing digital data in light of evidentiary rules and bestpractices
Engaging a forensic expert ensures clients data collections are conducted in aforensically sound manner
A forensic expert can formulate a collection plan which would consider clientse-Discovery workflow, budget and time constraints
-
7/31/2019 Employee Theft Prevention and Digital Forensics
34/39
forensic experts use cutting-edge technology and follow strictprocedural guidelines to ensure the accuracy of the preservation ofevidence
Some of the key forensic tools experts use and are certified in
include: Guidance Softwares EnCase AccessDatas Forensic Toolkit (FTK) Parabens Network Email Examiner Kroll Ontracks Power Controls Cellebrites Universal Forensics Extraction Device(UFED)
-
7/31/2019 Employee Theft Prevention and Digital Forensics
35/39
Forensic experts can assist clients in responding to litigation via:
Consulting clients counsel on Meet and Conferappointments
Preemptively preparing forensically sound data collection Developing models for legal hold preservation
Bolstering defensibility Satisfying best practices standards and legal
requirements Devising practices and implement technology for
communication and enforcing legal hold compliance Assisting client counsel in preparation for depositions Serving as an expert witness
-
7/31/2019 Employee Theft Prevention and Digital Forensics
36/39
Commercial litigation Product Liability Corporate and transactional
Regulatory SEC
Mergers & AcquisitionsSecond Requests
Intellectual property Trademark infringement Theft of intellectual property Temporary Restraining Order (TRO) Permanent Injunction
-
7/31/2019 Employee Theft Prevention and Digital Forensics
37/39
-
7/31/2019 Employee Theft Prevention and Digital Forensics
38/39
Greg Cancilla, EnCE, ACE is a Certified Computer Forensic Engineer and theDirector of Forensics at RVM. He is experienced in the preservation, identification,extraction, documentation and interpretation of computer data. Greg hascompleted computer forensics training programs from renowned industry outfits,such as New Technologies, Access Data, and Guidance Software (thedevelopers of Encase Forensics Software) among others. As a certified forensicengineer, he has performed countless computer forensics investigations since
entering the field in 2003. Additionally, Greg has offered testimony in numerouscases, including presenting a key piece of evidence in Ronald Luri vs. RepublicServices, Inc., et al. , which rendered the largest verdict in the State of Ohios history. Greg holds a Bachelors Degree in Business Administration and Computer Science from the University of Toledo.
Certifications: EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE) Oregon State University Computer Forensics Training
-
7/31/2019 Employee Theft Prevention and Digital Forensics
39/39
RVM New York (Headquarters) [email protected] 80 Pine Street, 10 th Floor New York, NY 10005 RVM Chicago
RVM Cleveland 212.693.1525
rvminc.com
mailto:[email protected]://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/mailto:[email protected]