With the prevalence of companies providing employees with mobile phones & computers, there may be a possibility that misuse of the equipment may create additional costs to the employer. Examples of these may be:
• Using hand-held devices to access the internet and email, for personal use and time-wasting, during working hours. This may involve accessing social networking websites, such as Facebook, or monitoring online auctions on sites such as Ebay.
• They may be viewing or/and downloading inappropriate material, images or videos using a computer or hand-held device.
• Downloading pirated media files and software.
• Receiving an unacceptable quantity of personal telephone calls and text messages via mobile phone. These will not be displayed on the phone bill.
• Removing sensitive company data from the workplace using the digital device.
• Bullying or using unacceptable language within generated emails and text messages.
All of the above examples can bear a financial cost for the organisation as well as a possible negative effect on company reputation and credibility:
• If an employee was caught by relevant authorities downloading illegal software, for example, then the company could suffer bad publicity and loss of credibility in the marketplace.
• If an individual was caught downloading illegal pornographic images on a company hand-held device or computer then there is a strong possibility that law enforcement would confiscate all company digital equipment for forensic analysis. This would cause possible temporary business closure and bad publicity along with loss of business and reputation.
• Distractions and time-wasting by web-surfing, spending time in chat rooms, online social networking, watching streaming video and emailing.
• Excessive mobile phone bills by unreasonable amount of personal calls and text messages.
Forensics can provide a regular audit of digital devices that would help reduce company operating costs and help preserve company reputation. We provide a spot-checking service to companies to:
• Help control costs and increase productivity.
• Reduce time-wasting.
• Improve computer security – illegal downloading can often attract malware and viruses and therefore compromise company security and increase downtime.
• Help preserve company reputation and business continuity.
To enable this process our recommendation is that a spot-check of devices is carried out by us, rather than an analysis of all equipment which would prove expensive and impractical. The number of devices analysed would be relative to the size of the business. For example, for a business with, say, 12 mobile phones and 8 laptops we could analyse 2 phones and 1 laptop for instance, but there is no hard and set rule for this. We would produce a forensic report for each device after analysis. The forensic equipment we use is equal to some of that used by law enforcement agencies and we work to the Association of Chief Police Officers Guidelines with regard to laboratory procedures, handling of evidence, audit trails and report generation.
What is particularly important is that the company employees are fully aware that an audit of devices is being carried out and that it will happen again in the near future.
• This will make employees more vigilant and less likely to misuse company equipment.
• There should be a reduction in phone bills, in particularly for the staff that are possibly making excessive personal communications.
The fact that an audit process, that appears random to employees, is being carried out periodically should help regulate use of company computers and hand-held devices. The fear of being “found out” may make employees think twice about how they use equipment, maintain focus on work and reduce distractions. We recommend that audits are carried out at least once a year and that they are not done on the same date each year to help increase the element of surprise.
