Small and medium-sized businesses need to have a better understanding of digital forensics and electronic evidence when processing data and information through mobile devices.
This was one of the key messages arising out of E RADAR's Mobile Enterprise Summit in London this month, held in partnership with the Digital Policy Alliance, ICT KTN and Bircham Dyson Bell LLP.
John Young, Laboratory Manager for CY4OR - a global services firm providing extensive knowledge and expertise in digital forensics, edisclosure and information security - suggested that businesses need to draw up their own forensics readiness plan to target potential crimes and disputes that may have an adverse impact upon the organisation. For example, if a police investigation suddenly swept into your business and took away all computer hard drives, what could you do? Similarly, how do you get hold of an email (to evidential and legal admissibility standards) sent over a mobile device, held on the cloud and crucial to help defend an employment tribunal?
We are all using our smart mobile devices to communicate and do business with each other. This is not just to access the Internet or send text messages. We also speak with each other. The fact that a contract can be made verbally makes it essential that businesses ring-fence who is authorised to make deals on their behalf and that the electronic evidence backs up this policy.
One of the concerns with mobile evidence is to make sure the costs of any forensics investigation is proportionate to the incident. Forensics investigators must minimise the interruption on the business to make sure that evidence collected makes a positive impact upon any legal action.
And then there is just the sheer size of data which businesses now create, store and use. Every time we travel with smartphones, make card purchases online and use social media we contribute to big data. It's been estimated that 99% of the world's data was created in the last 2 years. Preserving business critical data amongst the big data for when it may be required to protect the organisation, shareholders, employees, processes, technologies and other stakeholders is a herculean task. A task which has to be done.
Event delegates were also given a stark warning that organisations are responsible for the data they process. Even when the data is held on the cloud and could be anywhere in the world! The warning reflects the views of the UK Information Commissioner who can now fine companies up to £0.5 million for a serious breach of data protection law.