Immutable e-mail archives reveal ‘gold mine’ of fraud information
Immutable e-mail archives hold a ‘gold mine’ of information relating to white collar crime and corruption, enabling organisations to discipline, prosecute and root out the culprits.
This is according to experts addressing a webinar hosted by iOCO’s forensic business, XTND, and the Mimecast security platform, of which iOCO is an elite partner.
Forensic experts outlined how iOCO’s XTND uses Mimecast email archiving to delve into years of email archives, searching email attachments and using various keyword combinations to index and investigate suspicious communications, supported by XTND’s ExposeIT whistleblowing app.
Leon Towsen, co-founder and Head: Cyber and Digital Services at XTND, explained that finding evidence in email archives could be hugely costly and time consuming if carried out manually. “When you’re mining emails for data, it should be noted that 1MB of data is around 71 pages of mails. The average email subject has around 10GB of data, so you could potentially search two million pages on one email subject, which could take people up to 2,200 working days. Paying people to review email subjects would cost millions. Many organisations give up, thinking they will never find the information they are looking for.”
However, XTND uses expert fraud investigators and Mimecast email archive features to make the process quick and easy. Towsen said: “XTND starts with a keyword or phrase list we construct as we go, and builds up a library to support the investigation. A critical component is the whistleblower app, which is responsible for up to 80% of our success. Through whistle blowers and audit teams, we find lots of keyword and phrase lists to support the investigation. While we are reviewing the emails, we look at attachments, which are a great source of information for us and often contain big nuggets of key information. We export the relevant information and index emails and data chronologically to build a timeline and draft an evidence report.”
Stephen van Coller, Group CEO of EOH, outlined how EOH used Mimecast e-mail archiving to root out corruption and support the company’s turnaround: “Our new leadership team came in expecting to do a normal corporate turnaround, but ended up uncovering a mass of corruption. E-mail archiving and whistleblowing tools were key for uncovering and rooting out the fraud and corruption,” he said.
“In many organisations, corruption gets swept under the carpet, but as a new leadership team we focused on breaking this mould, working to lead with transparency and deal with allegations to rebuild EOH’s credibility and reputation. We needed as much credible and defensible evidence as possible to cut the cancer of corruption out.”
Mimecast and XTND had been crucial in supporting investigators and legal teams, Van Coller said.
Fraud and corruption happens in any business... Like any cancer, if you don’t root it out, it does spread.Stephen van Coller, group CEO of EOH.
“In our situation, anonymous whistleblowing was important, so we used the XTND whistleblowing app to enable anonymous whistleblowing. If you support people and they have no fear of a comeback, you’ll be surprised at how they come forward. It’s also quite amazing what you can find in e-mail and this is really where Mimecast comes into its own. Because it is immutable, criminals can’t cover their tracks and it is easy to find and secure evidence that stands up in disciplinary proceedings and in court. Mimecast proved its value in multiple real cases – at the Zondo Commission and the SIU. We were able to gather enough evidence together to fire or discipline all the individuals involved, and make progress in cutting the cancer out. We have now solved most of our problems, all because we had the right tools to protect ourselves. Fraud and corruption happens in any business, and if you don’t catch it early it does spread. Like any cancer, if you don’t root it out, it does spread,” he said.
Brian Pinnock, senior director: sales engineering, UK and EMEA at Mimecast, said there was a growing trend across EMEA for organisations to take their e-discovery in-house to reduce costs and time involved in e-mail discovery.
“Most organisations are starting to manage at least portions of their e-discovery in-house, which has been enabled by improvements in the e-discovery market. Having self-service control and being able to do a high degree of case management in-house allows organisations to control their output and the volumes of data being handed over to legal and investigation teams.”
He noted that the e-mail data handed over to investigators had to be trusted: “You must have a tamper-proof third party independent archive and the results need to be consistent and defensible in court.”