How should managers prepare? - Establishing an IT environment and system for investigations
How can we make use of "digital forensics," which finds legal evidence of fraud in electronic data, in management? It's not enough to just have the relevant digital tools. I would like to explain the preparations in advance, including organizational aspects.
A fraudulent case is like a disaster caused by a person for a company. As long as people are involved, there will always be fraud, and it will not go away, although there are differences in scale and severity.
However, in many cases, it is possible to predict and prevent the occurrence of fraudulent cases in advance, and to solve them before they cause large-scale damage. People who manage companies need to understand this point.
For natural disasters such as earthquakes and typhoons, and man-made disasters such as arson and car accidents, minimize damage by carefully considering the location and structure of buildings, conducting evacuation drills and training, etc. There are many countermeasures for this.
The same goes for internal fraud. It is possible to create a system that makes it difficult for fraud to occur, and to build an environment that facilitates forensic investigations in the event of an occurrence. The most important of these is the handling of data, which contains a lot of information.
In modern society, information devices such as smartphones, tablet terminals, and personal computers are indispensable, but it applies not only to daily communication and work, but also to fraudulent activities. In some cases, information terminals are used directly, and traces of fraudulent acts remain as data. Therefore, it is no exaggeration to say that digital forensics investigations are conducted in almost all fraud investigation cases.
However, the results of digital forensics can vary greatly. What makes the difference is whether the IT (information technology) environment is built with an awareness of emergency response, and whether the response method in the event of an emergency is considered.
In digital forensics, the main purpose of which is to clarify the facts, the extent to which the data are complete has a large impact on the results. Although it is rare these days, 10 years ago companies used systems in which e-mail data was stored for only two weeks, and systems in which data could hardly be extracted for investigation even if data was accumulated. This has often been a significant impediment to conducting digital forensics.
In addition, regarding security countermeasure systems that were developed without assuming digital forensics, data that serves as evidence may be unintentionally tampered with, or it may become impossible to restore deleted data. On the other hand, there are also those that create an advantageous situation for the cheater.
There are many situations where digital forensics is required, such as overseas lawsuits and investigations by overseas authorities, as well as fraud cases. In order to proceed with these cases in an advantageous manner, the development of an IT environment that assumes digital forensics and the introduction of a data management mechanism are extremely important in terms of corporate risk management.
As the saying goes, "If you control information, you control the battle." Keeping in mind that those who control digital data also control all kinds of cases, we will reconsider the IT environment and data handling in companies. I would like you to