Damage limitation
With economic predictions for the professional services sector looking increasingly bleak as the year draws to an end, it would have come as little surprise to any observer of the legal market that almost a quarter of the UK's top 50 law firms are considering making redundancies - as reported by Legal Week on 6 November. So, what issues should those managing this sensitive issue be thinking about? With more and more information being held electronically by law firms, the scope for acts of workplace computer sabotage and vandalism by disgruntled employees, as well as the destruction of incriminating evidence, has dramatically increased. Consequently, it is vital for firms to implement sound procedures when employees are laid off.
December 10, 2008 at 08:33 PM
6 minute read
In the web 2.0 age, redundancy programmes carry a new level of security risk. Martin Baldock explains how to minimise the threat of grudge-bearing former employees
With economic predictions for the professional services sector looking increasingly bleak as the year draws to an end, it would have come as little surprise to any observer of the legal market that almost a quarter of the UK's top 50 law firms are considering making redundancies – as reported by Legal Week on 6 November.
So, what issues should those managing this sensitive issue be thinking about? With more and more information being held electronically by law firms, the scope for acts of workplace computer sabotage and vandalism by disgruntled employees, as well as the destruction of incriminating evidence, has dramatically increased. Consequently, it is vital for firms to implement sound procedures when employees are laid off.
It is important to remember that many of those employees being laid off will see the consultation period as an opportunity to make copies of assets such as client lists, customer price agreements and employee contracts that could be useful to a competitor. The same thought process is often evident when an employee chooses to leave of their own accord.
First and foremost, firms need to consider the 'what if' scenarios. What if this associate has access to our client database? What if the finance manager has copied out passkeys to our bank accounts? There should also be consideration of what digital evidence recovery techniques might be required if an investigation follows at some stage.
When recovering digital evidence, the initial step is to capture the entire contents of a user's PC. This process is known as imaging. It usually involves removing hardware from the target computer and hosting that hardware in a controlled environment, such as a secure workshop. The process goes far beyond capturing visible files from the PC, recovering deleted files, partially overwritten files and potentially much valuable incident-related information, such as registry entries, temporary internet files and internet email – all of which could become important to prove or disprove an allegation at a later date.
Obviously, the earlier the imaging is carried out, the less the chance of spoliation. It makes sense to do this as part of the exit procedure: the 'image' does not have to be searched, but can be stored with the personnel file just in case something needs investigation in the future. The cost of this is minimal compared with the cost, time and potential damage to reputation that could be caused if there is no evidentially secure data to fall back on in the event of a later dispute. The process also does not take very long. In fact, after only a few hours the user's PC can safely be rebuilt and returned with all data – both visible and deleted – preserved.
Exit procedures
While the exit policy should be run by the human resources (HR) department, it needs absolute support from partners and management. Indeed, it may be a good idea to obtain further support from external specialists in order to provide a level of independence. Here is a checklist of steps that should be taken as soon as the employee is notified of their redundancy, or indeed as soon as possible after a resignation:
- Before final selection is made one has to consider cases that the relevant lawyer has worked on, and where client communication could be stored. Historically there would be a paper file, not so in the electronic age.
- Where the employee is being removed from the workplace, accompany them at all times until they leave the premises.
- Ensure the employee surrenders all company-owned laptop computers, notebooks, personal digital assistants (PDAs), mobile telephones or other electronic devices as soon as they are informed that they are being made redundant. It is important to ensure that the employee is not given an opportunity to tamper with or wipe such devices clean before returning them.
- HR must make the IT department aware of any imminent departures. Employees' computer accounts should be deactivated immediately, including any remote access and database accounts.
- Particular care is needed where the disaffected employee is a network or systems administrator. Such employees may implement unauthorised 'back doors' into the systems they administer or maintain, which they can use to obtain remote access regardless of whether their official dial-in account is deactivated.
- Home working and remote users pose additional risks and difficulties – all the more so if employees use their own computers, PDAs, mobile telephones or other devices to connect to company networks. The company will normally only have a legal right of access to these devices if they are its property. In many jurisdictions, the unauthorised inspection of a computer system (e.g. one purchased by an employee) constitutes a criminal offence – in the UK, for example, such inspection constitutes an offence under section one of the Computer Misuse Act 1990. If possible, the organisation should stipulate a 'right of access' to computer systems used by any employee for business purposes at home as part of the standard employment contract. This 'right of audit' is rarely written into employment contracts, and it is normally not possible to access people's home computers without a court order – even when the employee is in possession of company data.
- The return of any company equipment used at home should be done in the presence of the employee at the earliest possible opportunity, and preferably on the day of their being notified of redundancy or dismissal. In the UK there is need for a consultation period prior to an employee actually leaving the company. This is a high-risk time during which companies should be particularly vigilant.
- Check whether the employee's internet or broadband service is being funded, as you may wish to terminate any such arrangement.
- Ensure data from all computer systems (including laptops) is secured in a forensically sound manner. The data need not necessarily be reviewed, but it should at least be archived in the event that the employee brings a tribunal claim.
- Ensure remote access server and network audit monitoring are effective to record any attack on the systems – without audit trails and event logging, it will be difficult to prosecute for computer misuse.
- Security passes should be deactivated and returned, but in some cases it may also be appropriate to advise security staff and receptionists that the employee is to be denied access, should they attempt to return to the building.
- Finally, telephone answering systems and voicemail should also be secured against tampering or the unauthorised re-recording of answer messages.
Martin Baldock is general manager at Data Genetics International.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All'Almost Impossible'?: Squire Challenge to Sanctions Spotlights Difficulty of Getting Off Administration's List
4 minute read'Never Been More Dynamic': US Law Firm Leaders Reflect on 2024 and Expectations Next Year
7 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250