This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
Human Resource Departments are responsible for many company-wide functions, including internal investigations of employee misconduct. In the digital age, these tasks can take considerable resources and pose challenges due to the sensitive nature of many workplace issues. The following scenario demonstrates how CyFIR Internal Investigation Services can assist Human Resources staff by dramatically improving the process for conducting internal investigations.
John’s appointment as CEO came on the heels of a messy (and all too public) discrimination and harassment lawsuit that had resulted in the resignation of his predecessor. For John and the company to succeed, he needed to implement some real change, which is why he hired Brenda as the new Vice President of Human Resources.
Brenda had a reputation for tackling thorny issues like sexual harassment, and after six months, she had made significant progress – the company was now conducting regular supervisor training, a formal non-retaliation policy was on the books, and new procedures for investigating complaints had been rolled out company-wide.
Soon after, an employee approached Human Resources through the company’s open-door policy. Employee A, a worker from the corporate headquarters location, lodged a formal complaint that she had been subject to sexual harassment from Employee B, a senior executive who managed a remote office on the other side of the country. Employee A submitted a written statement that alleged Employee B had been sending her unwanted and unsolicited text messages, inappropriate jokes in company emails, and had made unwanted advances during a corporate retreat last month.
Given the company’s zero-tolerance policy for sexual harassment, Brenda followed protocol to initiate a formal investigation into the matter. However, Brenda knew how much time and effort went into thoroughly investigating each complaint. She also recognized that, given the extreme sensitivity of the matter, she needed to validate the substance of the allegation as discretely as possible to avoid harm to the reputation of either Employee A or Employee B.
With a small HR department and 25,000 employees, a serious investigation would be a significant drain on her limited resources. In previous companies, investigations of this nature had taken months or sometimes years to complete. To understand what tools were at her disposal, she contacted the company’s Chief Information Officer. He advised her to leverage CyFIR – the company’s new digital forensics tool – to conduct the first phase of the investigation.
Operating with complete discretion, the company’s security professional began the investigation by executing a remote, live keyword search of Employee B’s email on both the company Exchange server and on the employee’s company-assigned computer. Using CyFIR, the investigator was able to acquire results in a matter of minutes. The next point of analysis was a remote examination of material on Employee B’s computer. Evidence contained in email and screenshots of his in-progress chats confirmed that there was a foundation to Employee A’s complaint. These findings led to a more in-depth investigation of Employee B’s activities.
Utilizing the ability of CyFIR to remotely investigate live internet history and track user activity, the investigator determined that Employee B was also visiting inappropriate websites, downloading inappropriate pictures, installing unauthorized programs on his company computer, and actively searching for employment with the company’s direct competitors.
Once the investigators identified these artifacts of investigative interest, they leveraged the forensic imaging capabilities of CyFIR to preserve the evidence and produce a report in the event that legal action would be required. Once the evidence was presented to company leadership, Employee B was terminated for cause. The entire investigation was conducted in less than six hours.
Superior Speed and Scalability
In many companies, internal investigations can drag on for weeks or even months, tying up valuable resources and disrupting normal operations no matter the outcome. Brenda’s story demonstrates the value the CyFIR Enterprise Platform can deliver to Human Resources Departments when conducting sensitive internal investigations due to its ability to quickly and comprehensively gather and store evidentiary data.
Some of the key takeaways of this use case include:
- Conducting an internal investigation can negatively impact the personal reputations and the job performance of individuals involved, even if they are innocent of wrongdoing. CyFIR allows investigators to gather evidence with complete discretion, minimizing workplace disruptions and preventing employees from sabotaging the investigation or destroying evidence.
- Traditionally, internal investigations are time- and labor-intensive tasks. The CyFIR Enterprise Platform enables investigators to remotely capture images of networked devices to collect evidence that would otherwise be prohibitively resource-intensive or unduly disruptive to workplace operations.
- Human Resources Departments have many other responsibilities besides conducting internal investigations. The ability of CyFIR to accelerate the investigative timeline allows for HR staff to more efficiently manage investigative needs across large and geographically disparate organizations.
- Sometimes employee misconduct is suspected, but there is insufficient evidentiary data to take action. CyFIR allows investigators to monitor selected individuals and triangulate multiple sources of potential investigatory data. By doing so, the likelihood of identifying misconduct early is greatly increased.
- Since almost all business processes are now conducted electronically, CyFIR’s digital forensics capabilities provide a powerful tool to comprehensively harness digital information for a wide range of HR application, including harassment investigations, resource misuse, intellectual property protection, termination backup, and many other applications.
