Preventing and Mitigating Risk in the Workplace

1
Preventing and Mitigating Risk in the Workplace
Business Resumption Planners Association Meeting

July 17, 2007
2
Our Overall Organization

• Aon Corporation
• 46,000 employees
• 500 offices 120 countries
• 10B revenue (NYSE AOC)
• Fortune 250 Company
• A global leader in
• Risk Management
• Insurance and Reinsurance Brokerage
• Human Resource and Management Consulting

• Aon Consulting
• 6,500 employees
• 117 offices -- 22 countries
• 1.25B revenue
• Areas of Service
• Financial Advisory Litigation Consulting
• Employee Benefits/Exec Compensation
• Talent Solutions
• HR Outsourcing
• Employee Communication

3
Information Technology Risk

• E-Discovery/High-Tech Investigations/Information
  Security

4
IT Risk The Facts

• Computer evidence is fragileit can easily be
  compromised or erased without special handling
• The majority of documents exist in electronic
  form
• The proliferation of computer incidents require
  proper methodologies for investigation

5
IT Risk Legal Requirements

• Courts mandate that computer evidence be
  collected in a forensically sound manner (Gates
  Rubber Co. v. Bando Chemical Indus., Ltd.)
• Proper preservation and chain of custody of
  computer evidence must be established
• Sufficiently familiar with process used to obtain
  subject computer evidence (People v. Lugashi
  1988 205 C.A. 3d 352)

6
Overview

• Where to locate and identify CyberRisk?
• What is computer forensics and why is it
  important?
• What types of digital evidence might you face
  today?
• How is a computer forensic examination conducted?
• Review of example cases

7
Where to locate the CyberRisk?

• Employee use of a computer
• Communications
• E-mail
• Chat Programs
• Letters - Memos - Documents
• Storage of Data
• Local Hard Drive
• External Hard Drive
• Network Storage
• Remote Storage Location

8
What is Computer Forensics?

• Computer forensics is the use of computer
  investigative and analysis techniques to
  determine potential or relevant data (evidence)
  in a manner that will preserve the evidence and
  allow its admission into court or other legal
  proceeding.

9
Types of Electronic Evidence

• Hard drives (Workstations, Servers, Laptops)
• Memory cards
• Thumb drives
• Cell phones
• Organizers (BlackBerry, Palm, iPAQ)

10
Case Studies Theft of Company Assets

• Six employees working on multi-million dollar RD
  project leave your company and go to work for a
  competitor
• Investigation focuses on
• Communications (e-mail)
• Workstation and laptop activity

11
Case Studies Theft of Company Assets

• Communications (E-mail)
• Workstation activity
• Laptop activity
• Everything looks cleanat first glance

12
Case Studies Theft of Company Assets
13
Case Studies Theft of Company Assets

• Conversation started on 2006-1-10 165211
• Jones (165211) how did you copy your data?
• Smith (165224) hard drive copy and paste
• Jones (165239) .pst file too?
• Smith (165242) yeah
• Jones (165252) my .pst are 1-2 GIGs
• Jones (165325) do you have an external drive
  or something that you put it on?
• Smith (165327) 2.2G drive
• Smith (165330) external
• Jones (165338) may I borrow it, or is it full
  now?

14
Case Studies Theft of Company Assets
15
Case Studies Employee Stalking/Harassment

• Upset employee leaves the company
• Rumors that the employee was being stalked and
  harassed by a co-worker
• Non-trained IT employee is asked to search by HR
  department
• Evidentiary problems
• Evidence overwritten
• Suspect employee claims evidence was planted

16
Case Studies Confidential Information

• Administrative assistant is inadvertently given
  access to confidential patient medical records
• Investigation
• Tip leads to revealing that administrative
  assistant has gang-related ties to the outside
• Administrative assistant stealing personal
  information for ID theft

17
Case Studies Destruction of Data

• On November 29, 2004, the company receives notice
  that an employee is being accused of stealing
  trade secrets from another company
• Court order is attached to turn over the
  employees computer for inspection
• Investigation
• Preserve the employees data
• Begin to look for stolen data on hard drive

18
Case Studies Destruction of Data

• E-mail
• Personal files
• Again, everything looks cleanat first glance

19
Case Studies Destruction of Data
20
Case Studies Destruction of Data
21
Case Studies Can You Trust Your IT Staff?

• IT employee goes undetected for several months
  while stealing data from key employees
• Investigation
• Tip comes from administrator who detects
  keylogger installed on his laptop
• Outside investigators are brought in since IT
  staff is no longer trusted

22
Internal Corporate Investigations

• Fraud/Whistleblower/Harassment Investigations
• Workplace Violence Prevention
• Internal Control Assessments

23
Fraud/Whistleblower/Harassment Allegations

• Under Sarbanes-Oxley, public companies are
  required to provide employees with hotlines to
  report allegations of wrong-doing
• Identifying the nature and extent of the
  wrongdoing is necessary to mitigate any loss
• Before taking any action against the purported
  suspect(s), allegations must be impartially
  substantiated
• The types of fraud most frequently experienced by
  organizations include
• Embezzlement
• Theft of proprietary information
• Vendor fraud/kickbacks
• Inventory theft

24
Fraud/Whistleblower/Harassment Allegations
Resolving the Issues

• Conduct investigations in compliance with federal
  and state laws to provide companies with an
  opportunity to understand the facts and attempt a
  resolution
• Depending on the nature and extent of the
  problem, assemble mix of experienced
  investigators, forensic accountants,
  investigative researchers and computer forensic
  specialists

25
Harassment Claims

• Organizations are obligated to respond to all
  allegations of harassment, sexual and otherwise
• Due to the sensitive nature of such claims,
  referring investigations to a third party is a
  wise decision for problems involving
  inappropriate conduct that, if substantiated,
  would result in severe discipline, termination,
  litigation or raise issues about systemic
  problems within an organization

26
Harassment Claims Resolving the Issues

• A proper investigation helps ensure that
  organizations are responding to allegations in an
  appropriate and timely manner, helping to reduce
  the risk of discrimination or wrongful
  termination concerns
• Conduct sensitive interviews with external
  support to increase the likelihood that
  individuals involved will discuss the details of
  the matter
• By focusing on the key individuals involved,
  uncover the facts necessary to help organizations
  understand what really happened and the parties
  involved

27
Workplace Violence Prevention

• All organizations are susceptible to workplace
  violence incidents or threats of violence
• Sources of threats may come from disgruntled
  employees, customers, stockholders or an outside
  party with no known connection
• It is critical for organizations to provide
  appropriate response, investigation, and
  prevention of threats and workplace violence
  incidents
• Organizations may also have legal/ethical
  responsibility to provide additional security
  measures, fully investigate incidents and train
  staff/management to recognize early warning signs
  of potential violence

28
Workplace Violence Prevention Resolving the
Issues

• Assist organizations in proactively designing
  tailored workplace violence prevention programs
• Programs establish appropriate policies and
  procedures for responding to, investigating and
  reporting concerns can also provide key
  personnel with the necessary training
• In the event of an incident or threat, have
  action plan ready to immediately respond to and,
  when necessary, investigate the incident
• Consider use of on-site security to advise on how
  to manage threat and/or serve as a liaison with
  law enforcement

29
Internal Control Assessments

• In an effort to prevent, or at least mitigate,
  loss that can result from employee mistakes or
  intentional misconduct, organizations often seek
  a third-party review and assessment of internal
  controls
• These controls may relate to supervision,
  handling of financial transactions,
  vendor/customer selection, internal procedures
  for reporting concerns, and physical and IT
  security

30
Internal Control Assessments

• In an effort to prevent, or at least mitigate,
  loss that can result from employee mistakes or
  intentional misconduct, organizations often seek
  a third-party review and assessment of internal
  controls
• These controls may relate to
• Supervision
• Handling of financial transactions
• Vendor/customer selection
• Internal procedures for reporting concerns
• Physical and IT security

31
Internal Control Assessments Resolving the
Issue

• Use of financial experts, security experts and
  investigative experts to evaluate an
  organizations existing controls, taking into
  consideration both the unique needs/concerns of
  the business as well as applicable industry
  standards
• Assessment and review focuses on developing
  appropriate policies and procedures by which the
  organization can be guided

32
Investigative Due Diligence
33
Investigative Due Diligence

• The globalization and consolidation of
  businesses requires organizations to more
  frequently undertake a proactive evaluation of
  potential acquisitions, business partners,
  business opportunities and proposed key hires
• Preliminary information provided on a subject
  person or business entity is often incomplete or
  inaccurate
• It is often critical that a more exhaustive
  review be performed by an experienced third party
  to make an informed decision

34
Investigative Due Diligence Resolving the Issue

• Consider use of investigative researchers who are
  experienced at uncovering the information most
  relevant to clients
• Research may include an analysis of information
  such as
• Criminal/civil litigation history
• Business affiliations
• Regulatory findings
• Media references
• Business history

35
Questions?
36
Thank You

• Daryk Rowland
• Daryk_Rowland_at_aon.com
• Office 213.630.3231
• Cell 213.798.6508

• Kathleen Seebert
• Kathleen_Seebert_at_aon.com
• Office 312.381.5024
• Cell 312.282.5919