BYOD Investigations: Take Charge and Develop a Plan
/GUEST BLOGGER
Walt Manning, CFE
President of Investigations MD and Breakout Session Speaker at the Upcoming 24th Annual ACFE Global Fraud Conference in Las Vegas, June 23-28
A recent NBC article, Use your personal smartphone for work email? Your company might take it, serves as a wake-up call to fraud examiners about the types of evidence that is potentially available in Bring Your Own Device (BYOD) investigations. Many articles discuss the problems caused by BYOD programs, but fraud examiners need to focus on the idea that BYOD can also create new career or business opportunities for investigators who know the possible challenges with BYOD investigations and have developed plans to deal with them.
Consider this scenario:
An employee named John connects to the Internet at a coffee shop with his BYOD tablet. John bought the tablet, and he also pays for the cell data plan that he uses when Wi-Fi is not available. The company has no policy regarding the use of public wi-fi. John uses the free coffee shop wi-fi, which has no security and requires no login, to connect to the office to check email and download files needed for a project team meeting.
When the team John is working with arrives to discuss a company project, John activates a personal hotspot on his tablet, providing other team members with access to the Internet and also to his connection to the corporate network. The company has no policy or training regarding how the personal hotspot should be configured to ensure a secure connection, and provides no Virtual Private Network (VPN) capabilities for security.
All five team members are connected to their cloud-based personal email accounts on Gmail, Yahoo or Outlook. Not all team members are full-time employees – two are independent contractors hired for this project only.
Does this scenario sound familiar? If you were assigned an investigation related to the expense reports submitted by this project team, would you know where to start looking? The scenario above contains potential problems, and an investigation may be more challenging because of them. Knowing where to find the evidence you need and how to preserve it may just be the keys to breaking the case.
The red flags are there with the lack of security, lack of policies and training and general lack of protocols for using personal devices for business. But, with those challenges comes the opportunity to dig into more data and find more evidence.
Learn about BYOD programs and develop your own game plan that will make you the “go-to” person for these investigations. I will discuss this and more in more detail during my breakout session “BYOD (Bring Your Own Device), BYON (Bring Your Own Network) and the Evolution of Digital Forensics” at the 24th Annual ACFE Global Fraud Conference in Las Vegas, June 23-28. I hope to see you there!