Preventing and Mitigating Risk in the Workplace - PowerPoint PPT Presentation

1 / 36
About This Presentation

Preventing and Mitigating Risk in the Workplace


Case Studies: Employee Stalking/Harassment. Upset employee leaves the company. Rumors that the employee was being stalked and harassed by a co-worker ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 37
Provided by: hanshvan


Transcript and Presenter's Notes

Title: Preventing and Mitigating Risk in the Workplace

Preventing and Mitigating Risk in the Workplace
Business Resumption Planners Association Meeting

July 17, 2007
Our Overall Organization
  • Aon Corporation
  • 46,000 employees
  • 500 offices 120 countries
  • 10B revenue (NYSE AOC)
  • Fortune 250 Company
  • A global leader in
  • Risk Management
  • Insurance and Reinsurance Brokerage
  • Human Resource and Management Consulting
  • Aon Consulting
  • 6,500 employees
  • 117 offices -- 22 countries
  • 1.25B revenue
  • Areas of Service
  • Financial Advisory Litigation Consulting
  • Employee Benefits/Exec Compensation
  • Talent Solutions
  • HR Outsourcing
  • Employee Communication

Information Technology Risk
  • E-Discovery/High-Tech Investigations/Information

IT Risk The Facts
  • Computer evidence is fragileit can easily be
    compromised or erased without special handling
  • The majority of documents exist in electronic
  • The proliferation of computer incidents require
    proper methodologies for investigation

IT Risk Legal Requirements
  • Courts mandate that computer evidence be
    collected in a forensically sound manner (Gates
    Rubber Co. v. Bando Chemical Indus., Ltd.)
  • Proper preservation and chain of custody of
    computer evidence must be established
  • Sufficiently familiar with process used to obtain
    subject computer evidence (People v. Lugashi
    1988 205 C.A. 3d 352)

  • Where to locate and identify CyberRisk?
  • What is computer forensics and why is it
  • What types of digital evidence might you face
  • How is a computer forensic examination conducted?
  • Review of example cases

Where to locate the CyberRisk?
  • Employee use of a computer
  • Communications
  • E-mail
  • Chat Programs
  • Letters - Memos - Documents
  • Storage of Data
  • Local Hard Drive
  • External Hard Drive
  • Network Storage
  • Remote Storage Location

What is Computer Forensics?
  • Computer forensics is the use of computer
    investigative and analysis techniques to
    determine potential or relevant data (evidence)
    in a manner that will preserve the evidence and
    allow its admission into court or other legal

Types of Electronic Evidence
  • Hard drives (Workstations, Servers, Laptops)
  • Memory cards
  • Thumb drives
  • Cell phones
  • Organizers (BlackBerry, Palm, iPAQ)

Case Studies Theft of Company Assets
  • Six employees working on multi-million dollar RD
    project leave your company and go to work for a
  • Investigation focuses on
  • Communications (e-mail)
  • Workstation and laptop activity

Case Studies Theft of Company Assets
  • Communications (E-mail)
  • Workstation activity
  • Laptop activity
  • Everything looks cleanat first glance

Case Studies Theft of Company Assets
Case Studies Theft of Company Assets
  • Conversation started on 2006-1-10 165211
  • Jones (165211) how did you copy your data?
  • Smith (165224) hard drive copy and paste
  • Jones (165239) .pst file too?
  • Smith (165242) yeah
  • Jones (165252) my .pst are 1-2 GIGs
  • Jones (165325) do you have an external drive
    or something that you put it on?
  • Smith (165327) 2.2G drive
  • Smith (165330) external
  • Jones (165338) may I borrow it, or is it full

Case Studies Theft of Company Assets
Case Studies Employee Stalking/Harassment
  • Upset employee leaves the company
  • Rumors that the employee was being stalked and
    harassed by a co-worker
  • Non-trained IT employee is asked to search by HR
  • Evidentiary problems
  • Evidence overwritten
  • Suspect employee claims evidence was planted

Case Studies Confidential Information
  • Administrative assistant is inadvertently given
    access to confidential patient medical records
  • Investigation
  • Tip leads to revealing that administrative
    assistant has gang-related ties to the outside
  • Administrative assistant stealing personal
    information for ID theft

Case Studies Destruction of Data
  • On November 29, 2004, the company receives notice
    that an employee is being accused of stealing
    trade secrets from another company
  • Court order is attached to turn over the
    employees computer for inspection
  • Investigation
  • Preserve the employees data
  • Begin to look for stolen data on hard drive

Case Studies Destruction of Data
  • E-mail
  • Personal files
  • Again, everything looks cleanat first glance

Case Studies Destruction of Data
Case Studies Destruction of Data
Case Studies Can You Trust Your IT Staff?
  • IT employee goes undetected for several months
    while stealing data from key employees
  • Investigation
  • Tip comes from administrator who detects
    keylogger installed on his laptop
  • Outside investigators are brought in since IT
    staff is no longer trusted

Internal Corporate Investigations
  • Fraud/Whistleblower/Harassment Investigations
  • Workplace Violence Prevention
  • Internal Control Assessments

Fraud/Whistleblower/Harassment Allegations
  • Under Sarbanes-Oxley, public companies are
    required to provide employees with hotlines to
    report allegations of wrong-doing
  • Identifying the nature and extent of the
    wrongdoing is necessary to mitigate any loss
  • Before taking any action against the purported
    suspect(s), allegations must be impartially
  • The types of fraud most frequently experienced by
    organizations include
  • Embezzlement
  • Theft of proprietary information
  • Vendor fraud/kickbacks
  • Inventory theft

Fraud/Whistleblower/Harassment Allegations
Resolving the Issues
  • Conduct investigations in compliance with federal
    and state laws to provide companies with an
    opportunity to understand the facts and attempt a
  • Depending on the nature and extent of the
    problem, assemble mix of experienced
    investigators, forensic accountants,
    investigative researchers and computer forensic

Harassment Claims
  • Organizations are obligated to respond to all
    allegations of harassment, sexual and otherwise
  • Due to the sensitive nature of such claims,
    referring investigations to a third party is a
    wise decision for problems involving
    inappropriate conduct that, if substantiated,
    would result in severe discipline, termination,
    litigation or raise issues about systemic
    problems within an organization

Harassment Claims Resolving the Issues
  • A proper investigation helps ensure that
    organizations are responding to allegations in an
    appropriate and timely manner, helping to reduce
    the risk of discrimination or wrongful
    termination concerns
  • Conduct sensitive interviews with external
    support to increase the likelihood that
    individuals involved will discuss the details of
    the matter
  • By focusing on the key individuals involved,
    uncover the facts necessary to help organizations
    understand what really happened and the parties

Workplace Violence Prevention
  • All organizations are susceptible to workplace
    violence incidents or threats of violence
  • Sources of threats may come from disgruntled
    employees, customers, stockholders or an outside
    party with no known connection
  • It is critical for organizations to provide
    appropriate response, investigation, and
    prevention of threats and workplace violence
  • Organizations may also have legal/ethical
    responsibility to provide additional security
    measures, fully investigate incidents and train
    staff/management to recognize early warning signs
    of potential violence

Workplace Violence Prevention Resolving the
  • Assist organizations in proactively designing
    tailored workplace violence prevention programs
  • Programs establish appropriate policies and
    procedures for responding to, investigating and
    reporting concerns can also provide key
    personnel with the necessary training
  • In the event of an incident or threat, have
    action plan ready to immediately respond to and,
    when necessary, investigate the incident
  • Consider use of on-site security to advise on how
    to manage threat and/or serve as a liaison with
    law enforcement

Internal Control Assessments
  • In an effort to prevent, or at least mitigate,
    loss that can result from employee mistakes or
    intentional misconduct, organizations often seek
    a third-party review and assessment of internal
  • These controls may relate to supervision,
    handling of financial transactions,
    vendor/customer selection, internal procedures
    for reporting concerns, and physical and IT

Internal Control Assessments
  • In an effort to prevent, or at least mitigate,
    loss that can result from employee mistakes or
    intentional misconduct, organizations often seek
    a third-party review and assessment of internal
  • These controls may relate to
  • Supervision
  • Handling of financial transactions
  • Vendor/customer selection
  • Internal procedures for reporting concerns
  • Physical and IT security

Internal Control Assessments Resolving the
  • Use of financial experts, security experts and
    investigative experts to evaluate an
    organizations existing controls, taking into
    consideration both the unique needs/concerns of
    the business as well as applicable industry
  • Assessment and review focuses on developing
    appropriate policies and procedures by which the
    organization can be guided

Investigative Due Diligence
Investigative Due Diligence
  • The globalization and consolidation of
    businesses requires organizations to more
    frequently undertake a proactive evaluation of
    potential acquisitions, business partners,
    business opportunities and proposed key hires
  • Preliminary information provided on a subject
    person or business entity is often incomplete or
  • It is often critical that a more exhaustive
    review be performed by an experienced third party
    to make an informed decision

Investigative Due Diligence Resolving the Issue
  • Consider use of investigative researchers who are
    experienced at uncovering the information most
    relevant to clients
  • Research may include an analysis of information
    such as
  • Criminal/civil litigation history
  • Business affiliations
  • Regulatory findings
  • Media references
  • Business history

Thank You
  • Daryk Rowland
  • Office 213.630.3231
  • Cell 213.798.6508
  • Kathleen Seebert
  • Office 312.381.5024
  • Cell 312.282.5919
Write a Comment
User Comments (0)