In this Issue:
Digital Forensics – Is Your Company Ready?
Is your company’s electronic information secure? Do you have an action plan in place if something were to happen to your data? Digital or computer forensics is an area that many businesses don’t think about until they have an immediate need, but things are starting to change. Recent news stories highlighting companies like Monster.com and its public relations nightmare are bringing this area to the forefront of business practices.
Edward Stroz, a Fordham graduate and leader in digital forensics, talked with us about his experiences in digital security and evidence retrieval at the Federal Bureau of Investigation and at his own company. “The legal community is usually the one most interested in digital forensics,” Stroz states, “but businesses should take precautionary measures now that will help if they have a breach in electronic data or enter into litigation.”
Stroz has seen first-hand the damage electronic breaches and inadequate electronic policies can do to companies of all sizes. Anything from an employee taking information when he or she leaves the company and using it for competition to social security numbers being copied can generate a need for an established plan and crisis management strategy. “You really need to talk to your attorney about how the company will preserve and retrieve material if in a legal proceeding,” Stroz says. “Companies need to do this before there is a problem. You don’t want to face a crisis without a plan.” He cautions that companies should ensure their attorneys are qualified to “manage and organize electronic data for legal purposes” before using them to establish a plan of action. “This is not like having something stolen from a store. There is no depletion of inventory. Digital evidence is still there in the morning. You need to know what got copied and what didn’t, or it is going to be a nightmare.”
Electronic data protection and crisis management plans are only two components of digital security. Computers are so fully integrated into corporate lifestyles that companies need to be proactive in their electronic policies. “Many people don’t realize that computers carry a lot of personal actions and impressions about employees and their company.” Stroz explains the importance of letting employees know that their computers are not personal machines. It is useful to include this information in employee orientations and handbooks to reduce the likelihood of miss-sent emails and unauthorized information sharing. “If a company is under investigation or in litigation, computers will be examined under a microscope. It will be like going to a doctor’s office – digital forensics experts will see the company with its "clothes off.” Communicating company policy on computer usage can save time and resources should they need to be examined for litigation. It can also keep the company out of hot water based on standards imposed from recent changes to the Federal Rules for Civil Procedures, which went into effect in December of last year.
In talking with Ed Stroz, we only scratched the surface of data security and the implications of computers and electronic files in business law. Simply put, it is crucial for businesses to understand where and how their data is stored; to outline computer usage to employees; and to be prepared should the worst happen to their data.