Employee Theft Prevention and Digital Forensics

7/31/2019 Employee Theft Prevention and Digital Forensics

1/39

[email protected]

www.greenwaldllp.com

630 Third Ave. 15 th Fl.

New York, NY 10017212-644-1310

30 Ramland Rd. Suite 201

Orangeburg, NY 10962845-589-9300

Methods for PreventingEmployee Theft & Embezzlement

in the Digital Age Presented by:

Joel J. Greenwald, Esq.

June 12, 2012
http://www.rvminc.com/


2/39

Non-Compete IssuesMore Prevalent

Employee turnover Voluntary and involuntary much more likely now

Especially with sales personnel

Legal trends Restrictive covenants are more prevalent

especially for salespeople (depends on state law)

Enforceability, however, often depends oncustomization and how narrow

Technology

Theft is as easy as push of button2


3/39

Non-Compete Agreements and Other Restrictive Covenants

Non-compete agreements Reasonable in geography, duration, scope Must be in writing and protect legitimate business

interest Should only be in writing and signed by key employees

Non-solicitation agreements (employees andclients) More enforceable prevents most harm Should only be provided to and signed by key

employees

Confidentiality agreements Should be signed by all employees Defines proprietary information (trade secrets)

3 * Boilerplate vs. specifically tailored agreements


4/39

What is the Remedy?

Injunction TRO

Money damages Hard to quantify

Lost business

Lost profits

4


5/39

Additional Causes of Action Available to Employer

Examples of other causes of action againstemployee

Misappropriation of Trade Secrets Common Law Duty of Loyalty Legal right to Protect Against Unfair Competition Protect Against Conversion of Property Protect Against Outright Theft

5


6/39

Computer Protection

Have a snapshot taken incertain circumstances asemployee leaves

6


7/39

Monitoring Your Employees

I can read any email my employeesends or receives

True or False

7


8/39

Why Do Employers Implement Electronic Monitoring and Workplace

Surveillance Systems? To prevent theft

To improve productivity

8


9/39

How Does Employees Legal Right To Privacy Interact With An Employers Right

To Monitor Workplace Activity? Courts balance the employees expectation of privacy against the employers need for control and

operation in the workplace

Courts often distinguish between the employeeswork-related activities (less privacy), andemployees private and personal activities in theworkplace (greater right to privacy)

9


10/39

How Much Privacy Does An EmployeeHave A Legal Right To Expect In

Electronic Communications on the Computer?

Under federal and most state law,employer can monitor:

Activity on Company-owned equipment (URLs/ e-mail addresses contacted, times spent) for allcommunication

Content of business-related e-mail on Company-owned equipment

10


11/39

Email/Internet Policy

What an email/internet policy should contain: Email procedures

All email is property of employer no expectation of privacy

Employer has right to monitor (get consent) Offensive, harassing emails are prohibited

Passwords shall not be made available to others

Internet procedures Not for personal use Careful about postings Offensive or harassing messages are prohibited

11


12/39

What Are The Legal Limitations On Employers Use Of Video Cameras For Surveillance In The

Workplace? Under many state laws, it is illegal (without a courtorder) to make any video recording in any restroom,locker room, or other area that has been designatedby the employer for changing clothes

Dont record audio!

Selective surveillance e.g., positioning a hiddencamera over the desk of one individual employee may be discriminatory

12


13/39

Can An Employer Monitor The Movement Of Mobile Employees Via Global Positioning

Systems (GPS)? Generally is OK however, should beadvised through policies and get consent!!

(some states require)GPS monitoring should probably not beused to track employees during off-dutyhours

Use only on company equipment it at all

Consult legal counsel before attempting touse any info collected via GPS

13


14/39

Independent Background Checks

Consent and initial notice required (FCRA)

Notice of reason for adverse decision

Taking action requires care

14


15/39

Getting References

Another source of background information

Get them? Give them? Defamation concerns?

15


16/39

Preventing And Preparing For Theft

Electronic monitoring, GPS andvideo surveillance

Avoid concentrating too muchauthority in one individual particularly in accounting,bookkeeping, purchasing, andreceiving areas

Hope for the best but plan for the worst purchaseinsurance

Hire smart use background checks, interviews and testingto screen out dishonest applicants

16


17/39

Investigation Concerns

Investigation report: Be thorough, detailed, factual;include documents, photos, interview notes, everypage marked confidential (perhaps get outsideagency)

Be careful about your threats to thief! - Extortion

17


18/39

Taking Action

Internal discipline/termination;Cooperate with law enforcement/press criminalcharges;

File civil lawsuit;

Seek restraining order to prevent use of stolen

information/trade secrets

Do Not withhold wages!!!

18


19/39

Disclaimer

The foregoing is a summary of the laws discussed abovefor the purpose of providing a general overview of theselaws. These materials are not meant, nor should theybe construed, to provide information that is specific toany law(s). The above is not legal advice and youshould consult with counsel concerning the applicabilityof any law to your particular situation.

MMXII Greenwald Doherty LLP

All rights reserved. These materials may not bereproduced without permission.

19


20/39

Visit us online at RVMINC.com

For more information
http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/


21/39

rvminc.com

Gregory M. CancillaPresented by
http://www.rvminc.com/http://rvminc.com/http://www.rvminc.com/http://rvminc.com/


22/39

Digital Forensics - The application of science to the identification,collection, examination, and analysis of data [Electronically StoredInformation (ESI)] while preserving the integrity of the information andmaintaining a strict chain of custody for the data.

SOURCE: Special Publication (SP) 800 series (SP 800-86)

Forensic Specialist- A professional who locates, identifies, collects,analyzes, and examines data while preserving the integrity andmaintaining a strict chain of custody of information discovered.

SOURCE: Special Publication (SP) 800 Series (SP 800-72)


23/39

Information created, manipulated, communicated, stored,and best utilized in digital form, requiring the use ofcomputer hardware and software.

- Kenneth J. Withers, Managing Director, The Sedona Conference NORTHWESTERN JOURNAL OF TECHNOLOGY AND INTELLECTUAL PROPERTY

Spring 2006


24/39

Computers Custodian local & home drives

PrintersServers

Network shares Collaboration software & tools Cloud

Dropbox

Mobile devices e.g., iPad, Android, Blackberry,

iPhone

Back up tapesUSB drives

Memory cards PDAs Smart phones Digital cameras

Any storage device


25/39

Email servers Microsoft Exchange GroupWise Lotus Notes Web hosted email

Gmail Hotmail

Email archives Symantec Enterprise Vault FrontBridge

Zantaz EAS

Files downloaded/uploaded Audio and video files Digital images Cloud

Dropbox

Internet History Websites visited Social media communication

Facebook posts Twitter tweets

Any other type of electronic files .doc, .xls, .pdf, .jpg, .cad


26/39

www.rvminc.com

Mobile devices are ubiquitous wellsprings of ESI including:

Emails Text messages Contacts Calendars Pictures

Taken or stored Videos Call Logs

Websites visitedDownloadsSocial networking posts


27/39

Take a snapshot in certain

circumstances as employeeleaves

Should the computer be usedafter incident occurs?

What is a forensic copy?


28/39

Self Collection (i.e., IT personnel) Lets let the IT staff do it

Why invest in a forensic expert over IT personnel for data

collections? Verifies complete, defensible data collection

Preserves metadata

Maintains chain of custody Neutral third party

Least invasive and disruptive to business operations


29/39

Self-Collection Pitfalls-Data that is not properly handled can

result in:

Inadvertent evidence corruption (spoliation )

Lack of proper chain of custody

Improper judgment call by custodian as to what is responsive

Going too broad or narrow with data collection


30/39

Why choose a forensic expert over IT personnel for data

collections?

Ghost Image Preservation of metadata Maintaining chain of custody Logging


31/39

Meet and Confer Consultation

Forensic Harvesting(on-site, off-site, or remote)

Preservation of metadata Maintenance of chain of custody

Handheld Forensics

Targeted Collection

Forensic Analysis Filters, Boolean, Keywords Date range File specific Data Reconstruction Event Recreation

Expert Witness Testimony


32/39

Certifications

EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE) Safe Harbor Certification

Software Open Source vs. Closed Source

Training Experience Tips for retaining a forensic expert


33/39

Covering all the Bases

A forensic expert can properly evaluate clients current practices for storing,archiving, and accessing digital data in light of evidentiary rules and bestpractices

Engaging a forensic expert ensures clients data collections are conducted in aforensically sound manner

A forensic expert can formulate a collection plan which would consider clientse-Discovery workflow, budget and time constraints


34/39

forensic experts use cutting-edge technology and follow strictprocedural guidelines to ensure the accuracy of the preservation ofevidence

Some of the key forensic tools experts use and are certified in

include: Guidance Softwares EnCase AccessDatas Forensic Toolkit (FTK) Parabens Network Email Examiner Kroll Ontracks Power Controls Cellebrites Universal Forensics Extraction Device(UFED)


35/39

Forensic experts can assist clients in responding to litigation via:

Consulting clients counsel on Meet and Conferappointments

Preemptively preparing forensically sound data collection Developing models for legal hold preservation

Bolstering defensibility Satisfying best practices standards and legal

requirements Devising practices and implement technology for

communication and enforcing legal hold compliance Assisting client counsel in preparation for depositions Serving as an expert witness


36/39

Commercial litigation Product Liability Corporate and transactional

Regulatory SEC

Mergers & AcquisitionsSecond Requests

Intellectual property Trademark infringement Theft of intellectual property Temporary Restraining Order (TRO) Permanent Injunction


37/39


38/39

Greg Cancilla, EnCE, ACE is a Certified Computer Forensic Engineer and theDirector of Forensics at RVM. He is experienced in the preservation, identification,extraction, documentation and interpretation of computer data. Greg hascompleted computer forensics training programs from renowned industry outfits,such as New Technologies, Access Data, and Guidance Software (thedevelopers of Encase Forensics Software) among others. As a certified forensicengineer, he has performed countless computer forensics investigations since

entering the field in 2003. Additionally, Greg has offered testimony in numerouscases, including presenting a key piece of evidence in Ronald Luri vs. RepublicServices, Inc., et al. , which rendered the largest verdict in the State of Ohios history. Greg holds a Bachelors Degree in Business Administration and Computer Science from the University of Toledo.

Certifications: EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE) Oregon State University Computer Forensics Training


39/39

RVM New York (Headquarters) [email protected] 80 Pine Street, 10 th Floor New York, NY 10005 RVM Chicago

RVM Cleveland 212.693.1525

rvminc.com
mailto:[email protected]://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/mailto:[email protected]

Documents

Employee Theft Prevention and Digital Forensics