You wouldn’t be the first business owner to use their work email address for non business related tasks. Sometimes it might make sense to use your business email account during online orders, quote applications, etc. However, this might not be the smartest move. When you send an email anywhere the email will move through various networks. If the company your dealing with has lax daisy network security system you could in fact be asking for malware to be directed right back at your own network via email responses.
There are other scenarios to consider as well. How many users and what type of privileges to the users on the business network have? Can they also send emails and if so are the emails monitored? If you wonder why this matters then look no further than the Ashley Maddison hack a few months back for all the evidence you need to be on the lookout for emails on your network. It is not uncommon for employees attempting to hide marital infidelity from their spouses by using their business email accounts to aid in their discreet affairs.
Working Together With Our Clients To Create The Scope of the Investigation
In cases of federal crimes or situations involving child pornography, we are legally (and morally) bound to turn over any and all evidence to proper authorities. However, a case involving private matter such as extramarital affairs remove this legal necessity and allow us to keep the matter as private as the client wishes in order to limit the devastation and embarrassment. Likewise, in cases involving a private business matter we can limit the scope of the investigation according to the clients’ needs.
We provide a scope to the computer forensic investigations based on each and every case which can vary significantly based on the subject matter. Narrowing the focus of the case also speeds up the forensic data recovery process. If we can narrow the search terms, the time taken during this step can drop exponentially. Also, since there are less files being analyzed then the digital forensic analysis process is also completed much quicker.
If a user on the network is browsing indecent websites then the business network could come under even more attacks. Investigating these websites, however, does not usually require the computer forensic investigations to search each and every individual website visited by the user. Instead, the search can be completed using a few filters that attempt to locate only unauthorized website accesses.
Having guidelines in place for employees is a good start to protecting your network. The next step would be to educate them on the risks and consequences of using the business network for personal use and also the dangers of approaching other businesses via electronic communication over the network especially when the other company has weak network security. Simply policing employee behavior in an attempt to prevent potential malicious network attacks is not enough. In the end, having an ethical digital forensics team such as is your best bet.
You can count on us to get to the truth.
-Brenda McGinley, CEO, All in Investigations, All in Investigations