Businesses are being forced to drop criminal
prosecutions against hackers, losing compensation battles in civil
courts, and missing out on insurance claims, because they have
little idea how to gather computer-based evidence, an influential
public-private sector think tank has warned.
Many organisations have contingency plans for fire, floods, or
acts of terrorism, but few know how to react when faced
withincidents that require computer-based evidence, a report by the
Information Assurance Advisory Council reveals
The report argues that businesses should put contingency plans
in place, so staff know how to preserve digital evidence if
companies need to investigate employee malpractice, business
disputes or computer crimes.
"One of the clich‚s of computer crime is that companies don't
report it because they are afraid of publicity. In my experience
companies begin by feeling they would like to bring the perpetrator
before the courts.
"But they start to look at the evidence and they realise they
have either not got it, or it is not going to be worth the
trouble," said the report's author, Peter Sommer.
Businesses will face increasing pressure from compliance
regulations, such as Sarbanes Oxley, Basel II, and the UK Combined
Code of Corporate Governance, to ensure they maintain reliable
archives of e-mails and business documents, IAAC warns.
It advises businesses to develop a forensic evidence plan, by
identifying the potential risks they face, identifying what
evidence they will need in each scenario, and how to produce
it.
"You also have to consider legislation such as data protection.
There are privacy and human rights law for e-mails, which you can
overcome if you have the right contract of employment," said
Sommer.
Without advanced planning, businesses can find themselves facing
the dilemma of having to choose between continuing normal business
operations, or shutting down systems to preserve digital evidence.
Investing in back-up systems which preserve data to legal standards
is one potential way of avoiding this problem, said Sommer.
Businesses do not necessarily need to employ forensic IT
specialists, but they should make sure that their staff are at
least aware of the issues, and line up external specialists that
could be called in an emergency, the report suggests.
Directors and Corporate Advisor's Guide to Digital
Investigations and Evidence:
www.iaac.org.uk
Why preserve digital evidence?
- contractual disputes
- fraud investigations
- allegations of breach of duty
- online defamation
- theft of source-code or piracy
- legal claims resulting from failures of computer systems
- hacking, denial of service attacks
- misuse of computers by employees