ASB Law /asb/news/viewrelease.asp?newsid=323&hq=ratcliffe
The asb visionOverviewOverviewOverviewOverviewOverviewOverviewContact us
 
 Back

Using IT to Tackle Internal Fraud
Apr 14th, 2010

(Lyndsey Ratcliffe, Associate)

Amid fears of a double-dip recession, employee fraud and misconduct continue to keep us busy at asb law and the use of computer forensics has proved an invaluable tool in the majority of our cases. Even the most computer literate of employees have little idea of the electronic footprints that can be left on their computer and the trail of evidence that can be recovered.

KPMG’s latest Fraud Barometer found that fraud is at a record high in the UK and the boom in technology over the last 10 years is being cited as the catalyst for the significant increase. Over 60% of the UK fraud (by value) took place in London and the South East last year, costing the region in excess of £800 million.

KPMG’s 2009 Fraud Barometer found that 89% of fraud is committed by company employees, which is a frightening statistic for any business. What is more, employee fraud is thought to be largely under reported and often goes undetected as a result of lack of awareness and poor internal controls.

The global recession has put valuable company information at greater risk than ever before and theft of confidential information is a real issue faced by every business. The ease with which data such as customer or contact lists, pricing and product information, business plans, databases and intellectual property can be extracted and copied from IT systems is often too tempting for desperate jobseekers who believe that possession of such information will give them a competitive edge with potential future employers.

The use of email, memory sticks and other portable storage devices allows data to be taken surreptitiously and poor IT security, lack of audit trails and poor exit procedures often mean that this can be done without raising suspicion. Alarmingly, in the overwhelming majority of cases, employees have already left their employer before thefts are discovered.

In recessionary times, internal fraud could bring about the demise of a business. Fraud prevention should therefore form an essential part of any recession survival strategy.

It is essential that you appreciate the vulnerabilities of your business and that you protect your valuable data as best you can. Employment contracts and exit procedures should be carefully reviewed and you should consider immediately terminating access to your premises, systems and processes in the event that you have concerns over a departing employee in order to safeguard your business and preserve any evidence of wrongdoing.

In the event that you suspect a fraud, how you act in the first few hours is vital. One of the most common mistakes is to confront the suspect immediately. Once alerted about an investigation a fraudster will lose no time in deleting emails and files, in addition to warning any accomplices. You should therefore act quickly but only inform others whom you can trust or on a need to know basis.

We have a specialist and experienced fraud team that can advise you on handling the suspect, assist you with your investigations and increase your chances of recovery of any stolen data or money. The technical aspect of a fraud investigation is however best left to a specialist computer forensic expert as even the smallest mistake can cause significant damage in the evidential trail.

In the vast majority of cases, the evidence required to prove the fraud or assess the damage caused is contained on the perpetrator’s computer. In order to best preserve any evidence on the computer, it should not be touched as even turning it on or off will change the last boot up time and possibly delete items in the cached memory. Files should not be modified or even browsed as this will alter the time stamp of the file. Instead, the computer forensic expert will use a non invasive method to image the hard drive and will work from this image in order to preserve any evidence.

Once the computer has been imaged, the expert can investigate what is or has been on the computer, be it hidden, destroyed, encrypted or deleted. The expert can often identify what has happened to this data and whether, for example, it has been downloaded onto a portable storage device, attached to an email or saved under an alternative name. In addition to the recovery of any deleted emails or documents, it is possible to detect and view websites which were viewed by the perpetrator (including any personal email accounts) and analyse USB port activity, instant messaging, DVD burning and the use of external hard drives. It is also possible to recover temporary, back up or shadow files and files that have been processed in RAM or printed but which have not been saved. The expert might also be able to unlock password protected documents, translate encrypted files and roll back versions of a document to show the editing processes.

Similar processes can also be used to recover data stored on servers, back up files, mobile telephones and PDAs.

While technology can undoubtedly assist fraudsters in the perpetration of fraud, few are aware that their electronic footprints can so easily lead to their employer’s retribution.

For more information please contact Lyndsey Ratcliffe.

 
 
Site search HomeDisclaimerLinks

© asb law LLP, 2010. All rights reserved. asb law LLP is a limited liability partnership registered in England and Wales with registered number OC351354 and regulated by the Solicitors Regulation Authority under registration number 534420.