Investigating Incidents in the Age of Isolation
Our workplace devices often are well-traveled under normal circumstances. Our phones, with work email accounts installed on them, go with us wherever we go, and our work-issued laptops are often our traveling companions to conferences and client meetings.
Today the professional world is working remotely, moreso than ever the past few weeks, which means our devices are stuck at home with us on consumer-grade Wi-Fi networks and possibly vulnerable to more threats as a result. Additionally, as we all adjust to managing new and different responsibilities within our homes while also attempting to get meaningful work done, forgetfulness and mistakes can happen.
As your corporate network extends to remote employees’ home Wi-Fi, visibility is critical to stopping or responding to security-related events. Whether the attack originates from hackers as a result of a vulnerable network or within from the activities of a malicious insider or negligent employee, it’s easy for one error or one breach to lead to total corporate catastrophe—including financial and reputational damage, loss of customer confidence, regulatory repercussions, and litigation.
Traditional Investigation Approaches Fall Short
Now is a great time to implement a response and investigations strategy that mitigates the increased risks associated with remote work and provides a crucial pivot point for your investigations team going forward. It’s only through this combination that you will reduce the time to resolution and move forward efficiently with any associated steps including disciplinary action, termination, and litigation.
In fact, corporate investigators face several challenges when approaching investigations with traditional methodology alone. Do any of these common issues resonate for your organization especially in this new, remote frontier?
- Evidence of wrongdoing. Often, a suspicious email exchange is not enough evidence to confirm employee wrongdoing, but investigators struggle to find and correlate evidence in an orderly and defensible fashion. A solution using agent-based monitoring at the endpoint and having the ability to collect from it at any time is the best chance investigators have to amass data that can be correlated and contextualized as evidence.
- Manual searches. While it’s not a waste of time if it ultimately assists an investigation, hunting through spreadsheets to find a phone number or poring over thousands of emails to find a couple key details causes unnecessary delay for the investigation. This could be easily handled with an end-to-end investigation solution with the ability to do PII keyword searches, either directly on the endpoint or within a case.
- Depth of investigation. When companies conduct internal investigations, they’re often walking a fine line between performing such a thorough investigation that the evidence inundates prosecutors and whitewashing the investigation by doing a perfunctory job due to factors like internal politics or lack of resources. An investigations platform that culls evidence quickly and makes crucial POLE connections with push-button ease can help strike the right balance.
- Time, resource, and cost implications. At times, a cost-benefit analysis can result in a decision not to investigate—but upfront investment in a solution that amounts to preparedness in the face of any security incident is virtually priceless.
- Complexity. Internal investigations in a global enterprise can straddle regions and jurisdictions, concern more than one regulatory body, involve multiple products and systems, and involve teams of connected but co-located and differently skilled analysts, experts, and technologists. The ideal end-to-end security and investigation software tackles these complexities head-on, enabling prompt remote endpoint access no matter the location, encourages case data collaboration between analysts, legal teams, and beyond, and processes into evidence virtually any file types.
Every organization has different needs, but the big-picture challenges tend to be constant. With a trove of forensic investigation experience, Nuix deeply understands the universal challenges and answers them with a solution offering unfettered views of your endpoint along with real-time response, remote search and evidence collection, and seamless data ingestion for deeper analysis, collaboration, and more informed case resolutions.
Something Old, Something New
We are living—and working—through an unprecedented time. Asked to stay connected, be productive, and continue to serve our internal and external customers, we must rely on dependable methods while inviting innovation to bridge the gaps between old ways and new.
Traditional forensics methodology will always have a place in enterprise investigations. The depth of insight associated with these workflows provides dimension to a case, making it more robust and more defensible.
Now is the right time to introduce new investigative approaches, connecting your security and investigation teams with an integrated approach that includes monitoring, response, collection, and investigation in one platform. Even with employees scattered and remote, you can take back control of your organization’s data.
Photo by: Sean MacEntee