An online investigation is becoming more and more popular as technology is taking over. Since times are changing, employees have moved to remote work and many now use their own devices when they come into the office. Nowadays, 75% of employees use their personal mobile phones for work-related purposes. It highlights the big shift from company-provided equipment to staff using their own personal devices for their work tasks. Technology, and employees bringing their own devices to work, have led to the majority of investigations having online elements. This could mean the evidence being stored online, or that the action investigated happened through the internet. 

The complexity of an online investigation

Whenever we need information, we go online. However, the place that people look to is constantly changing. People used to just Google their questions but now internet users go on YouTube, Instagram or LinkedIn, depending on what they are looking for. For this reason, an online investigation could be very complex. The places investigators will need to look at for evidence are expanding and they need to keep track of emerging social media and spaces where employees interact.

BYOD can initially seem beneficial; fewer costs for the employer and less monitoring for the employee. What happens when employees misuse devices?

Employees can be bullied at work but outside of work hours or locations. This can still count towards workplace harassment as it is connected to work. If staff complete their job duties outside of the office, they still need to comply with company policies and procedures. Just because they are not at the office, it does not mean that the rules do not apply to them. A lot of companies have developed BYOD policies to protect the organisation and its employees from incidents related to remote work, misuse of the device or situations outside work hours.

In an online investigation, the people involved in the incident may be in different locations. This will require interviews to be conducted remotely and evidence gathering can take longer than what is usually required.

To assist our clients with their online investigation, Polonious has Simple2Connect integration which allows investigators to schedule and record interviews. Our customers can rewatch the interview if they need to and write down any points they might have missed.  Interviewees are given a link via text and they receive all the necessary details to join the call. Setting up the interview is very easy as the interviewer can set the date, start time, end time and description through Polonious. Once the interview is finished, the file is attached to the relevant case so investigators can access all files from one single place. 

How to approach the online investigation

An online investigation should be treated as any other investigation. Confidentiality needs to be prioritised and managers need to prevent any information from leaking to external parties. With most components of the investigation taking place online, there are increased risks of compromised emails and outside participants joining private meetings. Some issues are:

  • Protecting investigators from hackers
  • Managing remote interviews
  • Keeping emails safe
  • Mitigating risks

Protecting investigators from hackers

Cyberattacks are becoming increasingly popular. Many major companies have been victims of cybercrime and this is a reminder that we can never be too relaxed or lenient when it comes to cybersecurity. In an investigation, a lot of sensitive information is gathered by the investigator. As most evidence will be stored online, the investigator needs to be aware of their actions and activities and avoid keeping all copies in one device. 

They must refrain from using public Wifi, especially if they do not have a strong VPN. One of the biggest mistakes people make is leaving their house with their Wifi setting still on. Hackers usually have public networks in certain places where devices connect automatically since no password is required. While the device is connected, it is vulnerable to being compromised.

Investigators should ensure that their Wifi is off when leaving their house or work. They should also turn off their data when they are not using them. Using a VPN is highly recommended but investigators should stay away from private or public networks they are not familiar with even when using a VPN. This is because a VPN does not guarantee anonymity, it only offers protection up to a certain level. It is advisable that investigators use different devices for work matters and different devices for personal use. This will not indicate to criminals that they might be an investigator if their internet usage has been exposed.

Managing remote interviews

During COVID, instances of third parties joining virtual meetings increased. This could hinder an online investigation if interviews are taking place in insecure software. One way to avoid this incident is to set a password for the interview that only the parties involved know. It is better to share the password verbally rather than in a written format. This decreases the chances of the link and the password falling into the wrong hands. If the program you are using allows it, set the emails that can join the meeting or set that organisation-linked emails can only join.

Ensure that the employees join from a quiet place and they have a working camera so the investigator can see their facial expressions and body language. While it is beneficial to record the meeting, the interviewer should seek consent from the interviewee. If it has been decided beforehand that the meeting should not be recorded the interviewer should clearly emphasise to the employee that they are not allowed to record it either.

In the case that screen sharing is required, the investigator must not have other information open, only data relevant to that specific interview. Notes from previous interviews or emails should be closed.

online investigation

Keeping emails safe

Sometimes, an online investigation is the result of a phishing email. Email filters should be implemented to protect the investigation and those involved in it. Recently, a new approach hackers have adopted is to create an email address that is very similar to that of the CEO of the company. They then send emails to employees and telling them to reply as they have an urgent task to give them. In some cases, it asks employees to send money. If there is an investigation underway and people respond to these emails it could lead to sensitive data being leaked to third parties. 

It is crucial that employees are warned about these kinds of incidents so they are more careful when they receive a suspicious email. They should be trained on how to recognise sophisticated attacks and report them immediately. An additional measure investigators can take is to tell everyone to encrypt the content that is sent through emails. Using a password to protect evidence can make it harder for outsiders to access it. Again, it is advisable that the password is shared verbally rather than in writing.

The organisation must make it mandatory that all accounts have two-factor authentication to increase their security. Employers should also emphasise the importance of strong passwords and preferably the use of passwords they are not using for other platforms or services.

Managing risks

During an online investigation, a lot of the evidence will be social media posts, remote interviews and recordings or email content. On social media, the information can be edited. Plug-ins, extensions and software can be very useful in providing information on when a post was published, when the image was taken and if the post had been edited. The investigator has to find the tools specific to the incident that can assist them in finding previously edited or deleted social media posts. It will prevent people from lying and provide the evidence needed to establish credibility.

While a harassment investigation is underway, communication between the main parties should be terminated to prevent further issues. If it does not have to do with harassment, then it is preferred that any communication is done through written means. This will create an accountable environment where people will not be able to allege that ‘he said, she said’ incidents took place.

If it is discovered through the online investigation that there are gaps in company policies concerning investigation procedures, BYOD and handling of complaints, these policies should be updated. This will help the company improve and assist in preventing similar situations or generating better results if another incident occurs.

A few things to remember

Like it was mentioned before, an online investigation should be treated as any other investigation. All evidence must be stored securely and the investigator must conduct a legal, fair and ethical online investigation. It is important that an experienced investigator is chosen who is familiar with online investigations so privacy laws are not breached.

If employees are uncertain about specific parts of the process, the investigator and the managers are responsible for clearing up any confusion. Overall, an online investigation may be riskier but most information is now stored online so it is a matter of being safe and staying updated with the latest security measures.

Polonious takes information security seriously. We are ISO 27001 certified and we undergo regular audits to that check our compliance with the framework and reinforce our commitment to providing a high-quality service. Polonious offers a place for employees to upload all evidence securely without the need for emails. Parties in the investigation only have access to information that is relevant to them and they receive updates on the progress of the case automatically. Do you want to learn more about how we can help you with your online investigation? We are happy to show you!