puter. This is not so far fetched. If one of your employees is doing something he or she shouldn't be (say, downloading child porn or spamming people with your servers for a side business), your company is on the hook. If you are suddenly confronted with this situation, don't panic. A good disaster plan can protect you from just about any unforeseen catastrophe, be it a direct meteor hit or criminals in your own lunch room. Here are some steps to follow to protect your business, both before and after you get served with the warrant.1. Call Your Lawyer. Hopefully the firm you use has an attorney experienced in cybercrime. If not, the firm probably has people they can talk to. It's a good idea to talk to an attorney before the cops are at the door. You should also screen current and prospective employees. If they have criminal proclivities, chances are these tendencies have surfaced before. Check references and run actual background checks. If the federales are already in your lobby, don't say anything and call your lawyer fast.
2. Implement Written Computer Policies. A written policy is crucial to your ability to handle whatever comes up from civil suits to criminal charges to employee complaints about your computer policies. Any policy must include clear directives on Fair Use, document retention, privacy policies and e-mail. A comprehensive and well-drafted policy will also discourage employees from doing naughty things in the first place or being confused when they are sacked for violating the policy in the second place. Once you have a policy in place, do not deviate. Creating exceptions and looking the other way can cause worse problems. Here again, if you have a policy, have your attorney look it over. If you don't have one, have your attorney help you draft it. It is money well spent. As part of the policy, include a comprehensive document retention and archiving policy for all electronic documents, records and e-mail. Don't delete users from the system who have left the company until all their e-mails and documents are fully preserved. Only then can you purge them from the system.
3. Do Not Destroy the Evidence. As some of my prior posts have noted, missing electronic evidence is potentially more damaging and costly than the evidence would have been in the first place. The Federal Rules of Civil Procedure contain harsh penalties for failing to comply with discovery requests. Criminal rules are just as harsh plus they have the added incentive of jail time if you destroy evidence. If they've gotten a warrant, chances are your rotten employee is already under investigation and has been for some time. Your fingerprints on the missing files will implicate you.
4. Be Honest with the Heat. If you and your company get pulled into something like this, honesty is the best policy. Again, talk to your lawyer FIRST, but if he gives
his blessing the best approach is to come clean. The cops (federal or otherwise) don't generally like to shoot you without good reason and they don't like to shut down legitimate businesses. They just want to catch the rats. They will generally work with you if you haven't tried to hide anything. Remember what happened to Martha Stewart. She was convicted not of shady stock deals, but of lying to the Feds. They really don't like that. Lie to them and they will tase you, then shoot you, and then throw you in jail just for fun. Remember, if you have nothing to hide, you probably have nothing to hide.5. Have a Comprehensive Disaster Recovery Plan. If the Feds march in and haul off your network servers and all your workstations, that qualifies as a disaster. It's no different than if a meteor hits your server room or if a tsunami washes your hardware out to sea. Every business needs to have a comprehensive backup and recovery system in place. Backup all software on at least a weekly basis. This way, if you lose the servers (for whatever reason), you've only really lost a week of payroll, data, and e-mail.
And just as importantly, make sure your backup system is usable. Just because you are carefully backing up all your data to tape on a nightly basis and meticulously storing it off-site does not mean you are ready to set up shop across the street in the event of a disaster. Have you ever tried to recover data from a backup tape? It ain't easy. To do it, you need a server running the same b
ackup software as the one that made the backup tape and an identical (working) tape drive to retrieve it. Plus you need the other software you use ever day (be it Outlook, MS Word, Excel, or your time and billing program) just to read the data after the catastrophe. Be absolutely certain that you can access the precious data you have taken such great pains to save. Remember all those post-apocolyptic movies where some poor guy is trying to get a 2,000 year-old DVD to play in a 2,000 year-old machine with no power while giant, mutant bugs or talking monkeys close in for the kill? Okay, that's you after a computer disaster where you can't access your data. Without a plan, the monkeys will win.Schedule a drill with your IT people a couple of times a year to see if you can actually retrieve the data off-site. Absolutely do a drill every time you change your backup or other important software. Use a laptop or isolated workstation for the test. If it doesn't work, you have a problem. Get with your IT folks and fix it.
And lastly, make sure the non-guilty employees (or, in the alternative scenario, those employees who survive the meteor hit) have the ability to continue working, off-site if need be. The disaster plan should include access to a remote server where your data can be stored. You should also have web access of some kind so your employees can get to the data and telecommute for a while if need be.
Computers are incredibly powerful tools that can be used for good or for evil. Employees come in all flavors, too. A good, comprehensive contingency plan can protect your business from almost any disaster, be it a meteor hit or a criminal hiding in your midst.
