Businesses are being forced to drop criminal prosecutions against hackers, losing compensation battles in civil courts, and missing out on insurance claims, because they have little idea how to gather computer-based evidence, an influential public-private sector think tank has warned.
Many organisations have contingency plans for fire, floods, or acts of terrorism, but few know how to react when faced withincidents that require computer-based evidence, a report by the Information Assurance Advisory Council reveals
The report argues that businesses should put contingency plans in place, so staff know how to preserve digital evidence if companies need to investigate employee malpractice, business disputes or computer crimes.
"One of the clich‚s of computer crime is that companies don't report it because they are afraid of publicity. In my experience companies begin by feeling they would like to bring the perpetrator before the courts.
"But they start to look at the evidence and they realise they have either not got it, or it is not going to be worth the trouble," said the report's author, Peter Sommer.
Businesses will face increasing pressure from compliance regulations, such as Sarbanes Oxley, Basel II, and the UK Combined Code of Corporate Governance, to ensure they maintain reliable archives of e-mails and business documents, IAAC warns.
It advises businesses to develop a forensic evidence plan, by identifying the potential risks they face, identifying what evidence they will need in each scenario, and how to produce it.
"You also have to consider legislation such as data protection. There are privacy and human rights law for e-mails, which you can overcome if you have the right contract of employment," said Sommer.
Without advanced planning, businesses can find themselves facing the dilemma of having to choose between continuing normal business operations, or shutting down systems to preserve digital evidence. Investing in back-up systems which preserve data to legal standards is one potential way of avoiding this problem, said Sommer.
Businesses do not necessarily need to employ forensic IT specialists, but they should make sure that their staff are at least aware of the issues, and line up external specialists that could be called in an emergency, the report suggests.
Directors and Corporate Advisor's Guide to Digital Investigations and Evidence:
Why preserve digital evidence?
- contractual disputes
- fraud investigations
- allegations of breach of duty
- online defamation
- theft of source-code or piracy
- legal claims resulting from failures of computer systems
- hacking, denial of service attacks
- misuse of computers by employees