Are you a victim of computer fraud? Be careful not to contaminate your evidence!

Have you noticed an anomaly in the activities of a computer or in a colleague’s behaviour? Have you observed fraudulent activities toward your company online? In all cases of computer fraud, every hour and every move make a difference… You need to respond quickly AND be extremely vigilant. The following should be your first reflexes when you suspect a case of computer fraud.

1. DON’T MOVE!

The first thing to do is to immediate stop all the activities on the affected data carriers. The incident may affect one or more computers or even your computer servers. Although this sometimes means putting a temporary halt to part of your company’s operations, it is an essential step to ensure that you preserve the integrity of the evidence.

2. QUICKLY REPORT THE INCIDENT TO THE RIGHT PEOPLE

You need to share the information about the questionable situation with company management as quickly as possible! Important decisions are made in the moments after the suspicions are raised. Then some other departments (legal or human resources, for example) may be brought in, depending on the nature of the incident.

3. CONDUCTING THE INVESTIGATION

At this stage, it’s best to call in expert investigators who will ensure that the integrity of the evidence is protected at all times. It’s important to work with a team that has recognized expertise, that can work with authorities, adequately document the process, and use appropriate discretion. Its mandate will be to:

• copy the data;
• analyze the data;
• make recommendations.

4. BE PATIENT

If no threat has been detected and the fraud has been identified, the investigation may continue from the data copied and saved on a device outside the organization’s network. The company may resume its normal activities while the investigation continues.
Where a threat is detected (such as a virus or outside access that has not been deactivated), a parallel work environment must be created and an emergency plan established. This means the affected data carriers will be unavailable for use for an indefinite period. Although the wait can be painful, the results are worth the pain!

Do you suspect a case of computer fraud in your company? Ask our team for advice.