Insurers and other organizations need to develop systems to protect the authenticity of electronic documents, or risk losing valuable evidence that could support a legal case, said a risk expert from Kroll.
His comments came during a panel discussion on risk titled "New Reality of Risk," broadcast over the Web and sponsored by Marsh & McLennan Companies.
Alan Brill, a member of Kroll, a subsidiary of MMC, discussed electronic risk. He noted that despite the investment in electronic security, the average loss per security breach incident is greater than $200,000. For financial institutions and insurers, the two major incidents concerning them are loss of proprietary information and unauthorized access to networks.
If an incident does occur, and a corporation begins to develop a legal case, it will increasingly find the need to turn to electronic records. There is also the growing "CSI" phenomenon (named after the popular TV program), where juries expect to see forensic evidence in order to back up a litigant's claims, adding to the demand for such records, he said.
One problem with those records is lack of redundancy, or logs, within the computer systems. Each time a record is opened, explained Mr. Brill, the record is altered, damaging the authenticity of the records. He recommended that corporations create storage facilities within their networks to record and copy records tracking changes, who made them, and when.
"The relevant records in criminal and civil cases are likely to be some form of digital log or digital record on a computer, server or storage network, or some form of back-up media," he said, adding that it is imperative that companies understand the importance of protecting electronic evidence.
"The real key is this: you don't wait for a crisis to do your planning," Mr. Brill said. "Just as we all hope and pray that our organizations will never be hit by a natural disaster, we do back-up and recovery planning; we do business continuity planning."
Failing to do so, he emphasized, can "hurt you when you are trying to win a criminal case" and it can hurt a civil case as well.
He said corporations need to face reality and understand that litigation happens. Plans need to be put in place to preserve information for the long term and ensure it is not inadvertently destroyed.
On the subject of identity theft, he recommended that corporations keep information only for as long as needed. "And if you want to get rid of it, make sure it is safely gone," he said.
He remarked that there is a phenomenon called Vampire Data. This is data that is thought to be dead and gone, but which resurrects itself years later "and bites your company in the neck."
"Remember, too, that computers don't steal; people steal," he said, and advised that background checks are needed on all employees–permanent and temporary–who handle data.
"This is an area that continues to evolve; it continues to cause people problems," said Mr. Brill on electronic security. "But the good news is that if you think about it in advance, you can minimize a lot of those problems. You can't eliminate them, but at least you can have some plans in place."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.