Best Practices for Tackling Internal Investigations in the Era of Remote Work
- Cyber Breach
- 5 min read
In a time where it seems like everyone is working remote, at least to some degree, it is more challenging to navigate internal investigations. When the pandemic struck, many organizations did not have time to create a comprehensive work from home plan, which put sensitive business data at risk for compromise or accidental deletion. Now, it is clear that increased remote work will ensue, as many industries have realized the cost-saving and productivity benefits of virtual or semi-virtual business models. As such, it is crucial to implement strong data policies, security protocols, and supervision around remote working to improve data management and better prepare organizations for internal investigations.
Internal investigations come in all shapes and sizes. Many are small and confidential, like a harassment claim, but there can be cases that threaten the future of an organization and turn into a full-blown litigation, like an inquiry from a regulatory body. No matter the scope of an internal investigation, it differs greatly from standard discovery efforts, which are largely focused on finding answers to questions or try to identify every possible relevant document or message. Internal investigations also typically have smaller budgets and shorter timelines than standard discovery efforts. While this can vary, internal investigations should be quick, thorough, and ideally inexpensive.
Due to the nature of these investigation, they generally result in a frenzy of actions like issuing legal holds, conducting interviews, and a deep dive into where potentially relevant data that needs to be collected and reviewed resides.
When dealing with a triggering event, it is of the utmost importance to preserve all relevant data. Preserving relevant data provides better insight into case strategy during the initial investigation, prevents eDiscovery roadblocks, and limits the risk of relevant information getting deleted. This information is important to prove or disprove a claim, find out if someone is violating the law, or simply finding the truth. Strong information governance practices and oversight streamline the internal investigation process. Below are some helpful suggestions:
Consider all the data sources: Key information may not reside on the company network. For example, harassment may occur via text on a personal device. Trade secrets could be sent from personal email accounts or work could be saved on a personal computer. Illegal activity is not generally done on company computers, so obtaining all the data is not always simple, but understanding the gaps is critical.
Know where data resides: Knowing where documents are located, who is generating business data, and on which devices, is crucial for operational purposes, but also make an organization better equipped to handle internal investigations. Data mapping is a key tool. Data mapping is the process of identifying, understanding, and plotting what information an organization has, how the data flows through the organization, who has access to the data, and where the information is stored. Data maps help quickly determine sources and potential custodians relevant to an investigation. This also enables the investigation team to be more efficient about data collection and review, which is advantageous as remote working expands.
Increase oversight to monitor internal compliance: When an organization goes remote, it should implement new policies and protocols accounting for appropriate device and app usage, data retention, security safeguards like VPNs or company-monitored remote desktops, regulatory restrictions, and more. An important thing to address with all remote employees is whether there is a ban or restriction on using personal devices to conduct business, and if it this is allowed what security measures need to be enacted. Can the employee only do work when connected to a company server? What communication methods are allowed and when is it appropriate to use ephemeral messaging applications? When privileged information is involved, what extra security measures should they deploy? These are just a few questions to ponder when creating remote policies. Remember that information governance plans will differ for each organization.
After establishing expectations, focus on enforcement. Do this by conducting employee meetings, reviewing file sharing and communication workflows, restricting access to certain servers where necessary, and updating policies when technology changes occur. Management should carry out the appropriate disciplinary action when violations are identified. Focusing on oversight and enforcement promotes better data management and storage, which makes it easier to identify relevant data sources and documents in the event of an internal investigation.
Clearly define internal investigation protocols: It is a good idea to establish an internal investigation framework and factor in how remote work affects the process. Some considerations include:
- Deciphering who makes up the investigatory team (which may differ from the legal team).
- Proper documentation of things like data collection or custodian interviews to ensure defensible methods.
- When to utilize the services of an eDiscovery vendor.
- Whether offsite devices can be accessed virtually or need to be physically shipped.
- How to obtain hard copy documents located remotely.
- Secure ways to conduct virtual interviews.
If the investigation is to be handled in-house, having the right tools available with well documented processes and procedures can save valuable time. If outsourcing, having pre-negotiated contracts with providers and a playbook in place can also be crucial to getting to the crux of a matter expeditiously.
Enlisting help from technology vendors and consultants may be beneficial when dealing with complex matters that are data heavy, require quick turnarounds, or involve specialized expertise. An organization’s eDiscovery provider is the first place to start, as there is already an established relationship with cost predictability and trusted workflows. Just make sure that the chosen vendors are equipped to handle the unique demands of remote working when virtual collection is involved. Some other ways to leverage technology for an internal investigation includes remote assisted collection kits, secure communication platforms for custodian interviews, and consultants familiar with collecting unstructured data. Tapping into resources like these can help simplify investigations and promote efficiency.
When it comes down to it, adequate preparation and auditing are the two vital components of successful internal investigation workflows. When investigations hit an organization utilizing remote working, the response should mirror what would happen if everyone were in the office. While there will need to be tweaks to the process, following the suggestions listed above can help accomplish this goal and allow for swift resolutions with minimized risk. Investigatory teams should also monitor how any new internal investigation protocols perform so they can make any needed changes.
For more information on Epiq investigation services, click here.