Digital Sherlock

Using technology to avoid being the next #MeToo casualty

When looking at various cultural movements affecting businesses, it feels like they appear out of nowhere and then organizations are racing to play catch-up. Take the current #MeToo movement. Since going viral in October 2017, a day hasn’t gone by where there isn’t another startling announcement.
Unfortunately, I’ve heard too many in leadership dismiss concerns within their own organization, saying “that can’t happen here” or “no one has brought it up — it must not be a problem.” The mistake these organizations make is, while it may seem that these problems have just materialized, it’s clear that the underlying issues have been brooding for years.
In our work as digital forensic investigators, we are frequently brought into internal investigations and litigation involving allegations of inappropriate behavior. As these investigations unfold, there is often a “he said, she said” situation. Digital forensic investigators are then brought in by human resources, the legal team or even the board of directors to help determine the validity of those accusations. Today, organizations are better at understanding how much digital evidence exists to help in these cases. Most IT professionals can share a story about the salacious e-mail thread that they were asked to investigate. If you are shocked by what is communicated within the corporate e-mail account, you really won’t believe what shows up in text messages, pictures, movies, social media and individuals’ web-browsing history — oftentimes right on the corporate-owned devices.
The success of thousands of cases clearly validates the utility of digital evidence. Unfortunately, if you’re at the point of a formal investigation, it’s already too late. Progressive organizations are using digital evidence in a proactive manner to catch potential problems earlier.
Clearing the legal hurdle
Check with your own legal staff. The major legal consideration you need to address is the expectation of privacy. In Ohio, employers have a fair amount of leeway in accessing data traveling the corporate network and found on corporate-owned assets, as long as the organization has not created an expectation of privacy. Many organizations have established acceptable use policies that explicitly state that employees do not have an expectation of privacy. This is good practice and provides warrant to examine the data.
What’s it look like?
Once legal issues are cleared, the organization should focus on establishing an ongoing program whereby the entire organization’s corpus of emails is analyzed. By indexing the entire email store, searches can be conducted for suspicious activity. Lists are derived that include targeted keywords, phrases, and in this day and age, text and chat abbreviations. Some organizations even calculate a grade or risk factor based upon the number of hits and compare that to industry and organizational norms to determine if there are individuals or even the organization’s culture that are putting you at risk.

This approach doesn’t have to stop there. Imagine using the same approach for identifying potential leakage of intellectual property or even identifying potential fraud within the organization. Once you realize the unbiased nature of this approach, it is very easy to see the value in creating a proactive program designed to be your early warning system.

Damon Hacker is president and CEO of Vestige Digital Investigations, a leading digital forensics and cybersecurity firm combining technical and legal knowledge to help organizations manage and protect their digital environment.