Computer Forensics: Top 10 Considerations for HR Professionals


We have years of experience in working with HR professionals in the investigation of internal matters. Based on that experience, we offer these top 10 considerations:

  1. Have a clear computer usage policy, non-disclosure agreements, and trade secret policies.

  2. Consider whether to modify your document retention policy to preserve more data.

  3. If an event occurs, secure the hard drive immediately—without turning on the computer—and create appropriate “chain of custody” documentation.

  4. If your organization permits instant messaging, implement a policy to regulate its use and permit access, including after the employee leaves employment.

  5. Actively monitor VPN connection logs for suspicious activity, to the extent legally permissible.

  6. Actively monitor web access and ban inappropriate web sites to the extent legally permissible.

  7. Modify exit interview procedures to include questions regarding illicit use of company computers, such as if the employee copied any data to a thumb drive (or similar device) or have any company data on their home computer. Request authorization to retrieve or destroy such information.

  8. When an employee leaves, consider preserving his or her mailbox.

  9. When suspicious activity is discovered, be prepared to proactively monitor the suspected employees to capture evidence, after consulting with counsel.

  10. Remember that whatever you do, there will be some vulnerability and an employee may exploit it for personal gain.